Frost and Sullivan on Data and Disaster Recovery – An Australian perspective

Introduction

In the 20 year period between 1994 and 2013, EM-DAT, The International Disaster Database recorded a total of 6,783 natural disasters around the world. 1.35 million people lost their lives in these events and a further 218 million people per year were affected. Of note, while the rate of geophysical disasters (such as earthquakes and volcanic eruptions) has remained largely constant, the rate of climate-related disasters (such as storms and floods) has seen a significant increase.1

As we head into one of the strongest El Ninos since records began, with predictions of drier and warmer than usual conditions across Eastern Australia2, it’s a good time to assess your organisation’s disaster recovery and business continuity readiness. Most businesses affected by disasters don’t survive – and those that do, are the ones that have taken precautions, limited their exposure and put the right preventative controls in place.

Disasters don’t need to be catastrophic to have significant detrimental impacts on businesses. Non-disasters and outages can take a heavy toll too. Particularly in today’s data-dependent organisations, extended power outages or critical systems being offline can cause expensive disruptions that many businesses would find difficult to recover from. While you may encounter issues building the business case to prioritise Disaster Recovery planning, the alternatives can be much worse – for your operations and reputation.

In a recent discussion with Mark Dougan, Managing Director of Frost and Sullivan for Australia and New Zealand we discussed:

Mark’s observations on the Australian context and advice make invaluable reading for anyone considering Disaster Recovery and Business Continuity planning for their business.

How important is data to organisations today?

The Oxford dictionary defines data as, “Facts and statistics collected together for reference or analysis.” This definition remains true for the modern organisation as well, with much greater emphasis on the reference/analysis dimension. Modern organisations are highly data driven when it comes to business decision making. Data helps organisations drive business model innovations and transform established industries. This has given rise to ‘big data’ – organisations are capturing and analysing the right data points, whether structured or unstructured, in order to make informed decisions. In short, it has become the life-line for the modern organisation to stay competitive, profitable and sustainable.

Access to data and applications is increasingly critical for today’s organisations. According to EMC’s Global Data Protection research in 2014, protection of data is critical to 64% of organisations3. However, whilst ongoing access to data is critical, it is important to note that access to applications (such as e-mail, CRM, finance & accounting, sales order processing, etc.) is equally critical. You may have created great back-ups of your data and stored them safely and securely offsite but if in the event of a disaster you can’t access your critical business applications, your business will remain at a standstill.

About two-thirds of organisations globally have experienced some kind of unexpected disruption to data or applications over the past 12 months. In Australia, research conducted by Frost & Sullivan identified that about 20% of organisations have recently suffered disruptions due to natural disaster, while in New Zealand that figure is 31%.

A significant proportion of organisations in Australia still host all data and applications in-house (for example, in an in-house server or computer room) with limited external back-up. Over 60% of all organisations in Australia still host all applications and data in-house – making them extremely vulnerable to any disruption of their business premises. Not only would staff be unable to access the premises, they would also lose all access to data and applications.

How do organisations calculate the true value of their data?

Data has a quantifiable impact on three aspects of modern organisations:

      • Revenue growth – having the right insights from the right data can help organisations identify patterns and changes in demand trends. This allows organisations to take the right decisions to grow faster than the industry. Also, responding faster to market dynamics and new threats can help ensure business sustainability.
      • Profitability – by making available useful and relevant data to employees, most organisations can help improve employee productivity by cutting down time spent on searching for data. Furthermore, having a clear understanding of the utilisation or under-utilisation of all assets allows organisations to improve their Return on Assets. Both these aspects combine to offer greater profitability for organisations.
      • Return on Investments – data can provide modern organisations with an understanding of how to reduce the risk-reward trade-offs for their investments. By reducing the risk factors, the organisation is able to improve ROI. For example, a marketing campaign can be highly personalised towards a very specific group of potential customers based on their personal preferences thereby, reducing the cost of investments in the campaign and also improving its success rate.

Globally, the business cost of disruptions is estimated at $1.7 trillion, with data loss accounting for $750 billion and downtime $950 billion (source: EMC Global Data Protection Research). In Australia, the cost was estimated at $55 billion in 2014.

What are the biggest threats to the modern data-driven business model?

The modern data-driven business model faces three key challenges:

      • Lack of skillsets – that ensure the right data is being collected, stored and analysed. Data science is a niche skill set and with lack of talent, organisations risk making full use of the benefits created by data-driven business models.
      • High investments – a very high focus on data may translate into high levels of investments into databases, software and hardware. While investments are essential, they should be in line with the organisations’ end goals. Over investment in big data and analytics tools can impact the return on investments and adversely affect the profitability and business plans.
      • Blind spots – a data-driven organisation should continue to be aware of its market and expect competition to come from unexpected quarters. High dependence on data may lead organisations to base their decisions on the available information and ignore market trends and innovations that may not be represented in their data.

For businesses that manage their own data and application needs end-to-end in-house, there is an approximately 50/50 split between logical or cyber threats and natural or physical threats. This model also places the entire risk for both types of threats on the shoulders of the business. They need to manage and account for both the risk derived from threats to data, applications and infrastructure from both virtual and physical sources.

However, when businesses outsource their data centre needs, the risk of a physical threat to this critical infrastructure is significantly diminished. Companies that provide outsourcing services for data centres then carry the risk for physical threats such as natural disasters. These data centres are designed to endure these types of threats and this essentially reduces this risk. If the provider uses multiple facilities in multiple locations, this additional redundancy reduces this risk to negligible levels, as the likelihood of adverse conditions affecting more than one location is remote. This type of arrangement also offers the best solution for maintaining the operation of critical business applications as well. Should your physical office or primary site fail for some reason, this added redundancy means that staff can still access and utilise critical data and applications. In many cases, the switching from primary to secondary site can occur almost instantaneously, leading to little if any effective business downtime.

Of course, virtual or logical threats, such as cyber attacks, will still pose risks to businesses that outsource their data and application hosting needs, but by essentially outsourcing the risk from physical threats, these businesses can focus attention and resources on limiting their exposure to such attacks.

How should data centres be considered during planning?

Data centres are becoming increasingly important for organisations today given the growth in data. Data transmitted on corporate networks has increased ten-fold in the past seven years and real-time access to information through a myriad of business applications has become a source of competitive advantage for many organisations. This rapid growth in data traffic has led to a significant increase in demand for data centre space. Furthermore, the emergence of new requirements in business continuity and regulatory compliance, necessitating storage of data for longer periods of time, has accelerated investments in data centres.

Over the past decade, the number of global internet users has more than quadrupled, growing at a rate in excess of 300% from 2001-2010. Apart from the sheer growth in number of users, usage of the internet has also changed dramatically. One-to-one text-based messaging and content browsing has given way to use of online social networks that share blogs, photos and videos, thereby increasing the need for data storage and computing. All these trends are making data centres an integral part of the modern organisation.

While most large organisations understand this relationship between success and the data centre, many SMBs are still struggling to find the right skills sets, understanding and capital to make full use of the power that data centres bring to them. With the age of digital disruption upon us, we are starting to see a shift as more and more start-ups leverage data centres, albeit by using cloud computing, to drive the next phase of innovations. We have seen businesses like online streaming, food delivery, cabs and even education move online, and this is just the beginning.

Hosting of applications and data in a fully-resilient data centre is an increasingly important aspect of disaster recovery / business continuity plans. However, most organisations still do not fully appreciate the potential impact of a disruption. 60% of Australian organisations still host all applications and data in-house. Use of specialist external data centres is increasing, but many organisations are still yet to make that important transition.

What are the potential impacts of a natural disaster on data infrastructure?

The digital transformation we have seen over the last five years has increased the emphasis on an ‘always on’ and ‘always available’ IT environment. Natural disasters can have a significant impact on the availability of data centres, and by extension the data infrastructure, due to their impact either directly or indirectly.

The direct impact of natural disasters, such as hurricanes, tornados and floods can lead to downtime of the facility itself by either making it unsafe to operate or by impacting its critical power, cooling or IT infrastructure. In terms of indirect impact, natural disasters may affect the safety of employees, reduce or stop domestic and/or international telecoms connectivity, and affect the power grids supplying power. Both these scenarios make the data centre unavailable for use and can have a direct impact on business today.

The impact of natural disasters can also affect the viability of many organisations. Research on businesses that had been affected by the Queensland floods in 2011 indicated that over 50% of organisations had experienced either a moderate, significant or critical impact on their business viability. Many organisations in Queensland found that their server rooms were affected by inundation and consequently they were unable to carry on normal operations, even from external locations.

A key aspect of effective crisis management is to ensure that staff can continue working (often from home or other locations), however if staff are unable to access the data or applications that they need to perform their roles then this will not occur and productivity will be significantly impacted.

About 10% of data or application disruptions are directly caused by natural disasters such as fires or floods, but a further 40% are caused by power loss. Hence, in Australia, we can estimate that up to about $5 billion of costs are incurred each year as a direct result of natural disasters.

Based on industry data, we estimate that IT outages can cost organisations US$5,000-$10,000 per minute in terms of loss of revenues and/or productivity. The losses can reach millions of dollars in highly sensitive industry segments such as high frequency trading, or online retailing/eCommerce. While this is the financial cost, there could be non-financial costs to the business as well in terms of lost reputation amongst customers, loss of employee productivity and morale.

Building the best business case and practice for DR and Business Continuity Planning

It has been difficult for organisations to justify the significant time, effort and money on disaster recovery and business continuity. These organisations could look at the flipside to justify the need to ensure data centre availability by bringing forth the impact of downtimes and performance issues with data centres on the organisation. For example, the impact on the banking or ecommerce website of downtime or lack of data centres.

There are a number of key areas to consider when creating your disaster recovery and business continuity plan, including:

  • Be Smart About Site Selection – data centre site selection should be free from the risk of natural disasters.
  • Expand Cloud/hosting – leveraging on third-party service providers and off-site data centre facilities, organisations can diversify the risks as well as put in place effective DR/BCP plans.
  • Improve Employee Protections – Organisations should utilize strict access control (such as biometric pass cards, uniformed security, and monitored entrances and exits) and immediately cancel passes belonging to terminated staff.

Apart from IT DR/BCP, also ensure that you have access to workplace redundancy to ensure availability and eliminate/reduce any impact on customer experience.

There are a number of key measures and practices that are of critical importance when it comes to protecting your business. I’d rate the following measures highly:

  • Active-Active disaster recovery sites that avoid single points of failure and ensure high availability
  • Regular testing of disaster recovery and business continuity plans to ensure smooth failovers in time of actual disasters
  • Backing up data to some sort of physical asset, such as tapes, drives, or servers, and then storing separately/remotely
  • Measuring the right parameters – Recovery point objective; Recovery time objective; and ensure your SLAs will meet them.

You can’t control for every risk in your business but you do need to make plans and take appropriate precautions in order to limit your exposure and ensure that you are prepared for the most likely eventualities. In the data-driven business of today, these measures become even more important. Increasingly, your data, how it flows and the applications that consume it IS your business.

About Nextgen

Nextgen Group offers a complete range of data centre services across Australia including low density co-location, high density rack space and wholesale space.

Nextgen can help with the critical task of Disaster Recovery and Business Continuity Planning, partner with you and even share the risk by providing services and best-of-breed network and data solutions. Nextgen provides a range of services including Disaster Recovery Suites that can be used as secondary data facilities should your primary facilities fail. This kind of dual-facility disaster recovery service can provide you with the assurance you need to avoid the possibly detrimental consequences to your business from an extended outage.

NextGen can also provide:

Internet Shadow Services – Provides a backup Internet connection for service continuity in the event of failure or interruption in the primary link.
Nextgen VPN – Premium grade data services that deliver carrier grade Quality of Service (QoS) and network availability.
Connected Data Centres – Selected intra-city data centres capable of providing high capacity transmission grade, low latency services; mandatory for business continuity applications such as synchronous mirroring and replication.
Data Centre Connect – A managed service that provides connectivity for replication for business continuity and disaster recovery applications.
Data Centre Colocation – Carrier grade co-location facilities such as racks, secure cages or private suite areas.

1Report on Human cost of Natural Disasters. A global perspective.
http://cred.be/download/download.php?file=sites/default/files/The_Human_Cost_of_Natural_Disasters_CRED.pdf
2http://www.bom.gov.au/climate/enso/
3http://www.emc.com/collateral/presentation/emc-dpi-key-findings-global.pdf