By Loraine Lawson
With Dave Palermo, vice president at SunGard Availability Services, an information availability/business continuity company.
This interview originally appeared in the IT Business Edge weekly report on Aligning IT & Business Goals. To see a complete listing of IT Business Edge weekly reports or sign up for this free technology intelligence agent, visit www.itbusinessedge.com.
Question: How is information availability/disaster recovery now an alignment issue?
Palermo: There's some interesting data that we've found in the last year that shows there's a substantial disconnect between the business side and the IT side. We did a Harris poll late last year and asked business executives how long they thought it would take them to get their most critical applications back online, and they said on average, about 10 hours. We did a similar study with IDC, with the C-level IT people. They were telling us about 35 to 40 hours. The people who actually have to do it estimate it's about four times as long as the people that rely on it. I think the business entities are beginning to take a little bit more control of their own destiny. Business people can't tell you how to do it, but they can certainly tell you the need for it. They'll go to the IT department and say—and e-mail compliance is a perfect example—"Hey, we've got to be compliant. We don't have a clue as to how you do that, but you need to make sure that you're living up to the Sarbanes-Oxley regulations, etc. Make sure our e-mails are archived, get rid of the ones that we're not legally responsible for keeping but make sure the ones that we are responsible for are there and available for whatever period of time the regulations say." And then it's up to the IT department to go off and architect that.
Question: What should CIOs be saying to get business managers to close that disconnect about how difficult it is to get the business systems up, running, and accessible?
Palermo: If they do have a number of hours in mind that it's going to take them to get back up and running, they need to go to the business side and say, "It will take us 40 hours, in the event of a disaster, to get the business up and running." The business side clearly thinks it's a lot less. I think IT's aware [of the disconnect], but they're having a hard time getting the business people to understand it. It's a pretty simple formula: "Whatever our revenue is per hour, times 40, is what it's going to cost the company if we're out with what we have in place today."
Question: Before 2000, most companies went through a disaster recovery plan. Then there was 9/11. What's different about what's going on now?
Palermo: What probably is prompting it more so today is actually the economy picking up—budgets coming online. Because capital budgets are coming back online this year, as they're doing these technology refreshes, they also have to reexamine their disaster recovery plan as they swap out equipment. There was also a very interesting thing that came out of 9/11—very little, if any, data was actually lost because that was in the financial district and the regulations have been in place for years that they had to be backed up, and they were. They'd backed it up in New Jersey, Connecticut, elsewhere. What those companies found was that the real issue was people—not only the people that died, but also the people that were displaced in the surrounding buildings. They couldn't get out of Manhattan to get to secondary centers, if they even had them. So the data was very protected and usable, but nobody could get at it to use it.
In a study that we did a couple of years ago, we asked two very basic questions. Ninety-eight percent of all companies were backing up data—that's just a given these days. About a third of them had redundant equipment, redundant network, etc. Only about 19 percent of them had a place for employees to go to access all of the data. We asked them, how many people on average do you need to be connected with your most critical applications for you to consider yourself back in business. The answer was, on average, about 54 people, but less than 20 percent actually had a place for those people to do that. At SunGard, we provide the facility, the equipment, the network and the end user seats. We've got, in the U.S., over 35 facilities that are in what we call NFL cities—the larger cities.