Hurricanes
Disaster recovery plans for hurricanes usually differ from other disaster plans because there is a much longer period of time before you can physically access a data center again. Ben Weinberger, IT director at the Ruden McClosky law firm in Florida, says his company's disaster planning process is uniquely geared to the region. No data center in their multiple offices -- many of which are along the coast -- is positioned by exterior walls, and data centers are not situated on the lower floors (where flooding can occur) or on the top floors (where rain can seep in during a storm). Mission-critical data centers are situated off the coast, in Orlando and Chicago. The main replication site is in Chicago and would not be affected by a hurricane.
"We never put computers or servers near windows, and all servers are fully replicated now like they were in both Hurricane Wilma and Hurricane Katrina," says Weinberger. "If we had an imminent catastrophic event, we can switch over to Fort Lauderdale or Chicago using CA software replication with a few clicks. About 90 per cent of the time you can see a disaster coming and be preemptive."
Although replication is not a new concept -- many companies in New York have instituted a replication process since 9/11 -- it is becoming more common in areas where a different kind of disaster, such as a hurricane or tornado, is more of a concern than a terrorist attack. Weinberger said the costs are high for replication because it means running a secondary data center -- usually at a hosting provider -- but said the expense is worth it when data loss means a total long-term business outage.
Weinberger says one key problem with hurricanes, as opposed to another disaster, is the long-term power outage in the region. He says a data center could be left without any damage at all, but power might still be out for weeks or even months, which is why they replicate data to a facility in Chicago.
"A disaster has to be customized for the location and risks," says George Hamilton, an analyst at Yankee Group Research. "For example, little if any damage was done to the archived papers, tapes and backup materials stored in Iron Mountain's facility in New Orleans during Katrina. Pretty much everything was high and dry."
Despite that, it still took a long time for Iron Mountain to get access to the facility to recover everything. A lot of businesses had disaster recovery plans that they could not execute because they never planned for not being able to get to the protected storage facility, Hamilton said. "The decision on what to do is largely based on how likely it is that you'll face a natural disaster," he explained.
Terrorist attacks
Most companies have extensive plans in place for cyberattacks, but a physical attack against the US, such as what occurred on 9/11, requires a more specific plan. Martin Silverman, IT director at furniture distributor EvensonBest, has extensive plans that go beyond the typical methods used at other companies. He uses replication software -- again from CA -- from the company's headquarters to two different regional sites. The company runs replication services four times a day and verifies e-mail to use as documentation in case physical documents are destroyed. He also has a disaster plan in place (similar to a fire escape plan) so that employees know where and how they can work if the building is not available.