Acts of God–air conditioning failure–arson–Blackouts–blizzards– boiler explosion–bomb threats–bridge collapse–brownouts–brush fires–Chemical accidents–civil disobedience–communications failure– computer crime– corrosive materials–Disgruntled employees–denial of service–Earthquakes– embezzlement–explosions–extortion–Falling objects–fires–floods–Hardware crash–high winds–heating or cooling failure–hostage situations–human error–hurricanes–Ice storms– interruption of public infrastructure services– Kidnapping–Labor disputes–lightning strikes–Malicious destruction–military operations– mismanagement–mud slides–Personnel non-availability–plane crashes– phishing–public demonstrations–Quirky software–Radiology accidents– railroad accidents–Sabotage–sewage backups–snow storms– software failure–sprinkler failure–Telephone problems–theft of data or computer time–thunderstorms–tornadoes–transportation problems–Unexpected, the–Vandalism–viruses–Water damage–worms–Xenon gas leaks–Yellow fever outbreak–Zombie, attack of the (yes, that really is a hacker attack!)
Examples of disasters, A-Z. Very real threats. Not just possible but plausible. So corporations take out “insurance policies” in the form of DRP, or disaster recovery plans, for hundreds of thousands or even millions of dollars per year. Engaging in contracts with disaster recovery providers checks a check box on the IT manager’s success checklist and satisfies the auditors.
But will the solution work? Is the money well spent? Too often DR is a charade. I find it hard to recall any companies I worked for or consulted with that had it together with DR. Their DR configuration either hasn’t been updated in years or its never been truly tested or it’s been tested as an end to itself rather than a means to an end. IT managers pretend they are prepared, but deep in their heart of hearts know they are not.
I have come to believe that successful DR requires focus only brought to bear by “a seat at the table”. In addition to the big dollar contracts, IT has to invest in a staff that is dedicated to the function. SunGard recently pitched to me a managed DR service, where an IT manager “outsources” their DR. SunGard commits to maintain a staff schooled in how to restore Your environment and they place a full time resource in your organization to ensure that DR plan stays current. Regardless of whether SunGard is the mechanism, I think this is the only way IT can successfully handle a DR program. Regardless of the money thrown at a vendor for hot site readiness, there has to be an onsite resource that is accountable for DR and has near-equal political power to Production managers.
Unfortunately, like with all good processes, not every company has the discipline to make this happen.