General discussion

Locked

How do I "sell" disaster recovery to the exec's?

By TomSal ·
Here's my problem...we have ZERO disaster recovery. Should an act of God happen tomorrow we face the liklihood of being done as a business.

+There are no co-location plans

+We backup, but tapes are stored locally

+Only SmartUps for our UPS -- a whopping 4 - 7 1/2 minutes of backup juice depending which server you are talking about

+Personnel wise there does not exist a contingency plan for who does what task should someone in a critical position be killed or get hurt in such a way it prohibits them to work

+Its so pathetic we had a prospective client (representing a HUGE Pharmacy chain -- if I said the name you'd know them right away) come in and ask our CEO , "So what kind of disaster recovery do you have here?"...our CEO said "Well we are fully insured."

Despite all this I just can't get these guys to invest some dollars into DR. I have typed up basic documentation on the why its needed and the "what-if" scenarios...but I guess either my explainations suck or they are just stubborn. The top execs have this fatal case of "If it doesn't make us money we don't want to invest into it!".

I have told them we need a professional disaster recovery consultant to come in this place and assess everything and then write a report. They'd go for this if the guy was free. maybe.

Its so frustrating. This is a battle I've been fighting over and over for 3 years now. They won't listen.

Recently in our area there was major rainstorms, which did considerable flood damage to surrounding areas -- this made me think on the topic again (our server room is ground level).

Any help or direction would be greatly appreciated.

This conversation is currently closed to new comments.

107 total posts (Page 5 of 11)   Prev   03 | 04 | 05 | 06 | 07   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

Can it be that DR is only a fashion of our time?

by DanBl5 In reply to Yes, it is....

Yes, I know that in US the laws are quite strict, and probably better this way. But remember that, on one hand not all companies are public, which makes them harder to sue, and the rest of the world does not have laws strict as in US.
But this is not the point.

First, we should distinguish between BC and DR. I would expect every company to have a BC solution, but BC is way cheaper to implement and to maintain then a DR solution.

Second, I'm not saying a DRP is not necessary. After all, most of my income comes from planning DR solutions. But even thou I make a living out of DR planning I still try to be a "trusted advisor" to my clients and not only take their money, so what I'm saying is this:
- The IT people tend to see only the technical aspects and risks; they are not always "allowed" to see the bigger picture as the management does. An IT has to accept the fact that there are additional reasons to the way a business is run, not only technical aspects.
- In the end everything is about money. I always advice my clients to implement a DR solution, but I advise them to make it as simple and as cheap as possible according to their critical business needs.
- A good insurance is a perfectly good solution, as long as the owner of the business is aware that he might not be able to reopen the business in the future but only pay his debts and damages.
- And to the fashion aspect: neither my parents nor my grand parents had a life or a house insurance and they lived well without it. So why do I have both? Is our life more at risk these days? No, the longevity today is way longer than 100 years ago, the houses are build much better, so why do we pay for life and house insurance when many generations before us lived well without both? One can ask the same question about DRP.

Again, I'm not saying the DR is not needed, I'm saying that one must consider all aspects of a business not only the technical ones.

Collapse -

Take The Initiative. Become the "Hero"

by MobileIT In reply to How do I "sell" disaster ...

This will only work if you have some level of control over your own operating budget, and some middle management powers over your own department. But, with careful setting aside of a bit of your operating funds you can start your own DR contingency, even if its at first as simple as mirroring your backups and storing them in a secure offsite facility (even a safety deposit box will do in the short term).

It does carry some risk as the Execs might question why you are allocating some of your funds to such a venture, however so long as you can demonstrate to them that it carries little or no impact on their profit margin nor your operations they may be inclined to leave you alone. A project started is less likely to be shot down than a proposal.

Also, in the rare event that something dramatic does happen to your assets, you then have the enviable ability to become the "hero" when you save their butts by presenting your carefully stored backups and spares. You will see that suddenly you have gained some Exec converts..

Collapse -

Do it Yourself - what you can

by unixdude In reply to Take The Initiative. Beco ...

I agree with most of the previous comment, but lets go a little further. First get the backups offsite. Take them home with you, arrange to store them at a friends workplace, etc. Second, get some parts or an old unused server and get it functional.. it will never be what your current servers are, but if it works at all, it is the difference between saving your business and losing it. Test it periodically to make sure yiou can get it up from the latest backup. Take it home with you, store it at a friends workplace, or arrange a reciprocal DR storage with another company for free. There will be no glory or heroism coming from management, just your own sense of pride. And you might still have a job.

Collapse -

Backup Core data/systems if possible

by Pipe Guy In reply to Do it Yourself - what you ...

Every company has spare computers that come out of service for one reason or another. Build a NAS out of one of these machines with a few harddrives. Its not the way it should be, but if you manage to do regular backups to it with the core data and any software programs that your company needs to survive. Do it. It doesn't matter if its half baked or if anyone knows about it or not. When the core systems fail.... and they will, they always come back to you to get it up and running again. You will be responsible for rebuilding the system so anything you can do to make your job easier... like a complete backup.... will make your job easier. If you have a backup from yesterday or last week everyone will be happy. Of course if its from 6 months ago your better off not having it! Since part of an IT guy's job is to play with technology. If anyone asks about the box you have in the corner that you carry home everyonce in a while... just say you are evaluating Linux for a corporate application.
But to recap... no matter what anyone says... you will be the guy fixing it eventually, so prepare yourself and do what you can. Even if you have a fully budgeted DRP it sometimes isn't enough.

Collapse -

This will only set you up worse...

by ScubaBoy In reply to Take The Initiative. Beco ...

Having any level of DIY disaster recovery will likely turn around and bite you on the butt. You cannot implement a proper DR mechanism by yourself, and when the execs see that you can do it yourself, you have NO hope of getting a real system into place. It's all about the money.

If you do little things like taking the backups offsite, etc, all the execs will see is that they are covered. They will not see the need to pay for a proper DR plan, since you seem to be doing just fine doing it yourself.

As I said in any earlier post, if I were you, I would get out unless you get the funding you need. For your professional existence, it is a bad idea to implement half-baked solutions. So you take a tape offsite, so what? Are you aware of the failure rates of tape when you try to restore? A very scary percentage.

At least when the failure happens now, you can point to the fact that there is no DR, and you tried your best to get a DR plan in place. Maybe you keep your job, maybe not.

But if you do little half-measures that in the grand scheme of things don't actually provide disaster recovery, you will look twice as incompetent when it all falls apart. Your pathetic attempts to provide a little security will be interpreted by those that don't know better (e.g., the execs) as blathering incompetence. Once the crash happens, they will talk to other IT experts, and eventually it will come about that you didn't know what you were doing. Goodbye current job, and have fun dealing with the reference they would give to another potential employer.

So don't give these execs ANY false sense of security. Little DIY projects in this area will allow them to justify in their minds that the company is safe, and doesn't need to invest to do it right. As the adage goes about pregnancy, there no such thing as being half-prepared for Disaster Recovery!

Collapse -

So do you let it fail, and say "told you so"?

by MobileIT In reply to This will only set you up ...

I am not sure what course of action you are recommending. Would you advise he do nothing and let the system fail? How would that make him appear any more competent than if he were able to recover, even partially, some of their empirical data?

I am not suggesting he proceed with a "band-aid" solution within his budget and means, and advertise that fact. That should be for his own piece of mind. He should certainly continue with his "official" proposals to the Executive, along with statistics, case studies and examples of what other 'successful' companies have adopted, along with cost estimates. He should also continue to document the responses.

In my situation for example, a policy of simply letting a system fail with no plan for hardware or data recovery is not only unacceptable, its downright dangerous for the personnel I serve with in operational theatres! Let the politics be sorted out afterwards in the inqueries (where the documentation comes into play).

At that point, if it turns bad and they try to turf him, he might very well have a "wrongful dismissal" suit on his hands. But I don't really think it will come to that.

Collapse -

Disaster Recovery Options

by johnhood In reply to How do I "sell" disaster ...

You may try to get some free advice from several Disaster Recovery companies that will come in and evaluate your systems and propose disaster recovery options.
Another way is to look into disaster recovery information exchange groups locally that offer free seminars and free advice on disaster recovery.
Both of these options can be researched on the internet search engines.

Collapse -

recovery disaster

by aequitas1211976 In reply to Disaster Recovery Options
Collapse -

by chinrich In reply to Disaster Recovery Options

Sounds like you have quite the entrepreneurs that you work for. This is a really good thing but in this case I can see how it is troublesome.

Here is a simple tip, a possible new way to approach your problem. This is not a psychology or philosophy but just another way that you may address the problem to get results.

It sounds like they are very much looking for possibilities and opportunities to improve their business. Typically when people opportunity minded they are sometimes called "moving toward" style. And when they are cautious and looking for ways to stay proteced they are "moving away".

I suggest this, approach the problem by connecting the problem to their "moving toward" mind set. Approach the problem like this.

If a distaster hits and wipes out %X percent of our functionality, we will not be able to sustain the positive growth we have over X amount of months/years without a distaster recovery plan to get our shop up and running again.

Avoid talking about loses at first until you see them bite on what you are saying and it begins to sink in. Then I think you can freeling talk about all they will lose as you will have a captive audience. But watch their expressions and reactions to be sure.

Try it, hope it helps or leads you in a better direction.

Collapse -

NYSE Rule 446; SOX, BASEL II; BS7799

by zthr2000 In reply to How do I "sell" disaster ...

BUT PRIMARY RESON IS THE DEFENSE OF COMPANY IMAGE, as that's first thing to think bout and defend with a good BCP/DRP. Just look at the Coke, what they sell is themselves,their name, image. Everythign else is secondary in comparesment to that. So your CEO and his managers are in general stupi* jerkof*s if they are playin with company image, as without him, there's no money, no good loans, no invesment, and the bancrupcy is just a question of whan, not the if subject. Rule 446 is all bout image, it demans from any company present on the NYSE to have functional BCP! While DR is a (primitive form) base on technology, Business Continouty is based on (business) processes. There's also SOX to think bout, and brr Basel II in 2006. >If your company is a client of one from the top 20 US banks, within EU all the banks will become forced to accept Basel II from 2006. In general 446, Sox and Basell II demand BCP/DRP/Operational Risk Managment in the accordance with ISO 17799 (BS 7799) standard.
To cut the cra*, it's not up to you to do anything, as you would not be held responsable for anything if shi* happen. Likely company brass will end on the NYSE "black list" (read as no jobs anywhere in the States, likely in the world also) if they are stupid nuff to ignore 446. just say 446 few time, and you'll get nuff money, time understanding or support, belive me! If not, please get off corporate Titanic before 2006, and Basel II iceberg.

Back to IT Employment Forum
107 total posts (Page 5 of 11)   Prev   03 | 04 | 05 | 06 | 07   Next

Related Discussions

Related Forums