Many enterprises are taking a second look at disaster prevention and recovery efforts and planning in the wake of the Sept. 11 terrorist attacks.

According to a Gartner report, after Sept. 11“…enterprise decision makers understand why business continuity is important: The survival of the enterprise depends on it.”

How do you ensure continuity? Two options include duplicating and storing data at a second location and using a data backup service to prevent data loss when disaster strikes.

One strategy is to maintain two identical stores of your organization’s data, according to Steve Howitt, the CIO of BenefitMall, an employee-benefits exchange service.

Placing two stores in separate locations, or data co-location, requires that you duplicate and routinely back up your organization’s data and store it in a place other than the organization’s main office. Then if the organization’s main office is destroyed by fire, for example, users, clients, and customers in other locations can access the stored data and continue operating with your organization. Data co-location is a good way to be prepared for a disaster because in following the strategy, you are spreading your risk of loss on two locations, said Irene More, the Senior Manager for Secure e-Business, Enterprise Risk Services at Deloitte & Touche.

The strategy makes sense for small to medium-size organizations, More said. “Large organizations would either have multiple sites where most of the time they would provide (alternate sites) for themselves,” she said.

What have we done so far?

According to a January survey by IT consultancy Gartner and The Society for Information Management (SIM), few enterprises have written business continuity plans to follow in the event of a disaster or physical attack. Published in “Business Continuity Lessons Not Learned From Sept. 11,” the results showed that only 36 percent of the respondents have a plan for recovering from the complete loss of physical assets and workspace.

Distance is key
If you’re thinking about starting a co-location project, it’s important to place the second data center far enough away from the primary one to insulate it from damage that occurs at the primary center.

“The geographic distance between your two sites is important. Sept. 11 has proven that more than we would have liked for it to,” said More.

Howitt thought about what would happen if a series of tornadoes hit his organization’s locations in Dallas and Ft. Worth, TX, two cities that make up a major metro area. Howitt said he would be out of luck if both places were simultaneously damaged. ”There’s nothing you can do to quickly recover from that, so what we’ve done is to have two data centers, one in Dallas and one in Los Angeles,” he said. Howitt also uses a different communication backbone for each data store.

Based on this advice, it’s best to think spatially. Select a place to store data that is far enough away from your organization’s main office but not so far that transportation from the main office to the second site creates a problem.

If the organization is a medium-size enterprise with alternate locations, start building stores at the second or third location if you haven’t already. But remember that these alternate locations shouldn’t be in the same city or maybe even in the same state.

Using a data backup service
Co-locating your data will not help prevent a disaster, but it can help you recover and replace lost data if a branch of your organization suffers a catastrophe. “It will be helping in disaster recovery, but it wouldn’t be prevention at that point,” More said.

Smaller organizations without multiple locations are especially prone to the effects of a disaster and may want to employ a service provider to establish a second storage location.

There are several ASPs and outsourcers that can set up a second off-site data store for your organization. Most of the services run a second set of servers that house your data.

Before you select a service, be aware of what the service includes and the benefits available when a disaster occurs, said More.

A service that only keeps data backups is not enough if your users can’t network to the data when a disaster happens. “You will have to make some agreement with the provider of the data storage to build in some of your own procedures,” More said.

Keep these questions in mind when selecting a service:

  • How will the service store my data?
  • Will the service maintain servers that run my organization’s applications?
  • Will my organization have direct physical access to the second location?
  • Will my organization be networked to the data store when a disaster strikes?
  • Will the service help me recover data?
  • How much will they help when a disaster strikes?

The most important question you should ask is what are the service provider’s recovery procedures. After all, your organization will fork over good money for a storage service. You need to know what the service provider can do when faced with a disastrous situation.

How do you recover?

We want to know more about how small and medium-size organizations plan for disaster recovery. If you follow an interesting recovery plan, tell us about it by starting a discussion below or sending us a note.