Living Dangerously

By Paul Travis, January 13, 2009, NOON

I am always surprised when a new survey of IT managers or company executives shows that a significant percentage of them don't have a disaster recovery plan or that they don't have confidence in the plan they do have in place. I guess some people are just optimists and think lightening will strike someone else and not them. That is a dangerous way to live.

I was reminded of this when reviewing Symantec's second annual "State of the Data Center" survey this week for a story and saw that 9 percent of the 1,600 companies worldwide it surveyed described their disaster recovery plans as "informal or undocumented" -- meaning they don't really have a plan. And another 27 percent said their DR plans needed work. Only 35 percent described their DR plans as pretty good or excellent.

Protecting your company and its data from a disaster is one of the top responsibilities of a storage administrator, perhaps only second behind actually storing the data somewhere. It should be one of the top priorities of any IT department. And DR plans should be tested to ensure they work, so you don't discover the flaws as you are trying to get your company back up and running after something takes down your systems.

I know that I am preaching to the choir for most readers of Byte and Switch. Yet, even among storage professionals who read this site are many who don't have a DR plan in place. A survey we conducted late last year found that more than a quarter of respondents don't have a disaster recovery and business continuity plan in place. And 45 percent of those who do have a plan said they rarely test it.There are so many reasons why this is wrong, and why it will come back and bite the IT department. At some point you will need to restore data from backup after something bad happens. It may be hackers or a lawsuit or a regulatory action or a requirement of doing business with a new partner. It could even be a C-level executive reading about disaster recovery in an airline magazine and deciding one day to see if there's a plan in place and to run a test.

A report by InformationWeek Analytics indicates that IT professionals have lots of excuses for not implementing a DR and business continuity plan, including cost, complexity, other high-priority projects, lack of senior management buy-in, lack of internal skills, and not knowing where to start.

None of those excuses will hold water if the worst happens and you are unable to restore your company's systems and data. So if you embrace one resolution as we enter the new year, make it this one: I will have a disaster recovery plan in place, and I will test it to ensure that it works.