IT managers and business executives have very different opinions about how safe their
companies would be in the face of a disaster.
And industry analysts say that difference in opinion is affecting companies’ continuity
plans, leaving them at risk of being unprepared for or even ignorant of the business
interruptions that a disaster could cause.
”I’m not sure business, even today, understands the depth of the problem,” says Dan
Woolley, a vice president with SilentRunner, a network security company out of Virginia.
”Disaster recovery and business continuity are huge issues but it’s often overlooked
because technology is pretty reliable. The business guys can get on the network and get
their email and do their thing pretty reliable, so they fail to recognize the significance
of what would happen if we did take a major hit.”
And a study released this week shows that IT leaders aren’t feeling nearly as safe as their
colleagues on the business side.
Fourteen percent of business leaders surveyed said their important business information is
very vulnerable to being lost in the event of a disaster, according to a report released
jointly by EMC Corp., a network storage solutions company, and RoperASW, a marketing and
consulting firm. However, 52 percent of IT managers at the same companies said their data
was very vulnerable if a disaster were to strike.
The study, which surveyed 274 executives at major U.S. business, also showed that 9 percent
of business execs think it would take three days or more to resume normal business
operations after a disaster. That number is compared to 23 percent of technology executives
who said the same thing.
”The gaps were surprising considering all the recent attention focused on preserving and
gaining access to business information and the need, in general, to be able to effectively
respond to any sort of disruption in business,” says Edward Keller, CEO at RoperASW.
”There’s also a general feeling that the focus on corporate governance and regulations in
the area of business continuity are going to bring issues like this even more into the
forefront. Once compliance and reporting is on the table, it’s clear that the business
leaders and their IT counterparts are going to have to get in sync with exactly what their
capabilities are.”
Gordon Haff, an analyst with Illuminata, an industry analyst firm based in Nashua, N.H.,
says disaster recovery efforts — such as offsite backup, secondary energy sources, backup
ISPs and mirrored systems — gained a lot of attention after the terrorist attacks of Sept.
11, 2001. But that attention didn’t necessarily transfer into money being spent and plans
being put into place.
”Thoughts of disaster recovery didn’t really start on Sept. 11 but that certainly very much
elevated its visibility,” says Haff. ”But this isn’t a new idea for the financial services
industry, for example. But across all the industries as a whole, it’s relatively new in the
scheme of things.”
And Haff points out that IT leaders need to sit down with business executives and do some
heavy calculations. Figure out what information is most business critical. Figure out what
part of the system is most in danger of going down? How much down time could the business
handle without suffering too much? How much would it cost to put specific business
continuity systems in place? Is the risk greater than the cost of implementation would be?
”These are all important questions,” says Haff. ”The answers are going to be different
for every different company… A financial services company in California arguably has a
need for a more expensive disaster recovery plan than another company does. How much you are
willing to pay will depend on what degree your business as a whole needs to be up and
operating.”
And Haff points out IT managers won’t know any of these things until they spend some serious
face time with the suits.
”It’s a matter of IT understand what the CEO’s and CFO’s business-level requirements are,”
says Haff. ”It’s a matter of sitting down and talking.”
And it’s IT’s responsibility to make sure that these talks happen and that the business side
is clear on the risks associated with a major disaster, according to SilentRunner’s Woolley.
”The thing is that people have been complacent,” says Woolley. ”We haven’t had any major
take downs or viruses that have really shut people down. Combine that complacency with the
current business climate. But if business executives don’t think they’re at risk, it’s
because there’s so much they don’t know.”