Is Your Business Ready For Disaster?
“At eHDF we see DR and BC as top priorities for organisations in this particular region. IT managers and CIOs allocate separate budgets due to the increasing pressure to maintain smooth business functioning for an enterprise. It is essential to plan accordingly for the potential likelihood of a disaster situation,” says Yasser Zeineldin, CEO of eHosting DataFort.
Even though the need is clear and understood, enterprises in the Middle East still have a long way to go.
“On a scale of one to ten, regional awareness of the need for DR is around six or seven, but actual levels of competence and maturity are still around three or four,” highlights Anthony Harrison, senior principal technical specialist, Information Availability Group, Symantec EMEA. “This can be attributed to the fact that there is a lot of turnover in terms of staff and job roles, and too many people see DR/BC as a medium to long-term job that they do not want to invest their time and effort in as they will have moved on by the time any programme is properly implemented.”
“The region is still less advanced than the UK and US on its focus on the wider issues of BC,” continues Lydon Bird, technical director and board member of the Business Continuity Institute (BCI). “It is a normal pattern for countries/regions/industries to concentrate mainly on technology recovery before expanding their horizons to crisis management, human aspects of BC and external continuity problems like supply chain management.
“The Middle East is following the same pattern but moving ahead much quicker than we experienced elsewhere — using learning from more mature regions in a very positive manner. Certain unique problems do exist in the Middle East, however, which make conventional resilience solutions more difficult to apply. These are often of a geo-political nature, which requires response solutions to be kept within countries, whilst because of the relative small size of some countries the causes might be from problems which are beyond their domestic geographical boundaries and political control.”
Unfortunately there is still a mindset of ‘wait until it happens’ to overcome as well, and vendors are trying to highlight the strategies enterprises should be using.
“The strategies adopted by most of the organisations are very complacent and superficial in nature,” highlights Boby Joseph, CEO of StorIT Distribution. “Of the ones who have some kind of setup, they have hardly rigorously tested them and have adopted a policy of ‘we are looking into it and developing in phases!’
“DR/BC should be planned at the inception phase of the company. As newer companies grow faster, this is one area that is neglected and when the company finally reaches its threshold, DR is reviewed and the cost of roll out during that time turns out to be high. Also the biggest issue of where to start is lost in the daily grind of running regular business. DR is a mandatory need of any business from a micro to a very large enterprise.”
On a positive note there is far more focus on DR and BC across the region than ever before, however there is also still some confusion between the two terms, which are actually quite different, and separated by how much an organisation is willing to invest to keep their service up and running in the event of a disaster.
“A DR strategy is expected to recover your business or service within a given timescale after an interruption to service or disaster. The time to recover would usually be predefined in a DR service level agreement (SLA). Depending on the criticality of the service, this may be set out in minutes, hours or even days for the less critical services,” explains Allen Mitchell, senior technical account manager, MENA, CommVault.
“A BC strategy ensures that the business and/or service seamlessly continues in the event of an outage,” he continues. “This strategy would typically require a considerable amount more investment in high availability infrastructure, for example, geographically dispersed data centres, high availability hardware and synchronous replication/failover software storage technology. The goal here is to ensure that the business and/or service in not impacted in the event of an outage and both the investment and associated SLA’s reflect this.”
Some technologies are changing the face of DR and BC; cloud being the most obvious example. UAE telecoms operator du found that 39% of corporate entities in the country were looking to invest in BC and DR in 2012, and to cloud-based solutions to help bring down the cost of delivery.
“Cloud had made it easy for organisations to uptake DR services,” says Hatem Bamatraf , executive vice president – Enterprise, du. “The dependence on the server is not there due to adoption of cloud services. The backup and storage can happen at any global location. Further, this leads to availability and delivery of services anytime anywhere. We have seen positive trends on cloud services-led DR uptake. The potential is quite high and the positive trend is likely to continue as organisations move towards the OPEX model and away from CAPEX.”
Decision makers view cloud computing as an attractive option, as Ahmed Marouf, Global Technology Services leader, IBM Middle East, Saudi and Levant highlights.
“They look to cloud-based disaster-recovery-as-a-service (DRaaS) for its reliability, scalability and ability to dramatically reduce recovery point objectives (RPOs) and recovery time objectives (RTOs),” Marouf said.
“For many CIOs, the need for business resiliency is the entry point to get involved in cloud computing,” he highlights. “With cloud, customers can recover their data and applications in the matter of seconds, become more flexible, and scale their businesses to a global level.”
Indeed, vendors believe that cloud DR solutions will help to drive cloud adoption across the Middle East.
“In my view, we would see a ‘feeding off each other’ scenario where cloud adoptions would drive DR on the cloud/DRaaS options and vice versa where looking at DR on the cloud/DRaaS models could scale up the scope of cloud deployments within the organisation,” says Narayana Menon, lead – Marketing, APAC & Middle East, Sanovi Technologies.
DR is clearly being impacted by the growth in virtualised environments, both in a positive and negative way.
“Virtualisation touches everything in the data centre, the more virtualisation we see, the more efficiencies we witness. The same concept applies to DR as it does to any other element of the IT infrastructure,” explains Zaher Haydar, senior regional manager, Systems Engineers, Turkey, Africa and Middle East, EMC.
“Virtualisation enables proactive ‘disaster avoidance’ capabilities and also drives the creation of DRaaS models. On the other hand, this also means more costs on maintaining existing hardware due to increasing density of workloads or information on specific hardware that results from increasing virtualisation. With proper planning, virtualised environments can enhance DR infrastructure and the costs associated with it.”
“Virtualisation has been a game changer for many companies,” adds Mitchell. “It has enabled companies that previously were unable to afford high availability (HA) and DR to begin implementing HA and DR solutions.
“Virtualisation has also enabled companies to justify the cost of providing full HA and DR for additional applications. In addition, it has provided more flexibility and more options in providing the HA and DR solution. The business challenge is having the ability to create a cost effective, highly available, and protected virtual server infrastructure. This infrastructure must ensure that applications meet business defined service level agreements (SLAs) for HA and DR preparedness,” he concludes.
Is certification valued?
With BC becoming more important to enterprises across the region, companies are looking for professionals with the right skills. This is leading to a rise in certification, as individuals take the opportunity to stand out from the crowd.
“We do experience a high level of interest in consultancy services around BC certifications, which can be accredited to a higher level of attitude to risk,” says Nicolai Solling, director of Technology Services at Help AG.
“More and more people are opting to get certified under various functions within the ISO22301 and the BS25999 schema of standards surrounding BC and DR among other things,” notes Narayana Menon, lead — Marketing, APAC & Middle East, Sanovi Technologies.
Hatem Bamatraf of du also said that certifications are gaining popularity in certain sectors, such as banking and finance, oil and gas, manufacturing and the telco sectors: “Most organisations that are serious about BC and DR have dedicated practices and pursue the ISO 23201 and BS25999 certifications.”
However, at this stage certification is not a ‘must have’ for companies, and many are using recruitment of experienced professionals to meet BC/DR needs.
“We’ve seen BC certifications grow in regions where the professional services supply chain is growing in providers — however in this particular region, it seems that BC skills are being acquired organically as part of implementation projects or as part of the training delivered by the HA/DR partners,” highlights Henry Martinez, VP of Sales Engineering, Vision Solutions.
Self-governance pushing DR and BC forward
Currently there are no legal requirements for data movement and management in the region, however organisations manage their own data in accordance with their own policies and procedures.
“This part of the world doesn’t always wait for regulations – they do the right things on their own when they see the value and realise that it could give them a competitive edge,” says Henry Martinez, VP of Sales Engineering, Vision Solutions.
Initiatives to support DR and BC implementations are growing in number however.
“For example, in the Abu Dhabi public sector there has been increased requirement to have a DR strategy implemented,” says Anthony Harrison, senior principal technical specialist, Information Availability Group, Symantec EMEA.
“There has been much work in Abu Dhabi and Dubai on getting a regional BC standard that deals with regional specific requirements,” highlights Lydon Bird, technical director and board member of the Business Continuity Institute (BCI). “The use of many ‘ex-pat’ middle managers and consultants is also driving a greater awareness of the need and some ME governments have agencies which are increasingly interested in promoting BC best practice. For example the BCI has recently released its global best practice GPG2013 in Arabic at the request of the authorities in Dubai and Abu Dhabi.”