About Us  |  Search  | FAQ  | Contact Us
BCM Solutions
Risk Management
Human Resources
Smarts Cards
Optimise CRM
Data Warehousing
Disaster Recovery
Swift Messaging
BPM & Workflow
Capital Markets
Global Custody

Page last updated
February 15, 2003

ISSN No:1470-5494 All rights reserved. No part or portion of this publication may be reproduced or transmitted in any form without the express, prior and written permission of the publisher. Whilst every effort has been made to ensure accuracy, the publisher accepts no responsibility for any person acting as a result of the content herein.



Beyond Disaster Recovery:

Architecting a business continuance solution capable of yielding real business value




E-mail arrives day and night. The World Wide Web never closes. You're always on and you're always open. Your window to close out the day and begin anew is shrinking faster and faster.

Information and people are the cornerstones of your organisation -they are the only irreplaceable assets. And the ability to use that information, secure it, and share it inside and outside your daily operation can make or break the company. You must protect that data to ensure continuity or your company can be exposed to risks as never before imagined.

Since information is your business, you need a system to mitigate or even prevent damage that can be caused by both planned and unplanned events. Information availability and integrity are susceptible to human error, severe weather or disruptions of electrical or communications networks and even terrorist attacks..

Ensuring that your company can remain in operation is what business continuity is all about. The integrity of your information is the core of any solid business continuity strategy. People, structures and strategies that fuel your company all depend on this information. Exploring and creating ways to unleash this information can move your company from a reactive, passive disaster recovery state to a pro-active, productive continuous operation.

In the past, companies viewed disaster recovery plans as a necessary evil with little financial benefit. Instead of treating such plans as an insurance policy -that costs money but pays no dividends until a catastrophe occurs - companies today are identifying ways to create a more complete business continuity solution. The concept is simple but powerful. By establishing a foundation centred on information currency and accessibility, organisations can turn their information into an active asset.

The definition of 'always on' means different things to different companies.
Some industries have regulatory standards that require duplicate systems that work best with mirrored data and mirrored applications. Other companies have off-site facilities where employees go in case of emergency. The key in each case is having a solid, information infrastructure on which to build a flexible, adaptable and scalable business continuity program.

Conventional wisdom used to be that performing daily backups of company data to tape libraries was sufficient protection in case of emergency, but over the past few years companies' information growth and security requirements have far outpaced innovation in tape-based backup and recovery models. Some of the lessons learned from September 11th demonstrated the problem in the worst possible way - although companies expected to recover within 24 hours using tapes, many operations required extra hours or days.

Because companies backed up their data at different points during nightly backup cycles, information was out of sync and it took significantly more time to reassemble it in a coherent manner. If it takes a full day to recover from a blackout, hurricane, flood, or physical attack, that single day can affect thousands of customers and, in turn, a larger network of their downstream clients, suppliers and others. Recovery times of longer than 24 hours after an outage can put companies out of business.

Restart, Instead of Recovery
When trouble arises, companies need to resume operations from the moment of interruption. Making it happen requires more than just the IT staff. In fact, companies and people have come to expect certain industries to provide essential core services. Whether it 's financial services, electric utility, a phone company, or government agency, there is a critical infrastructure that cannot shut down. These industries offer insights when considering a sustainable business continuity strategy.

Hospitals have to operate around-the-clock; financial services now are on-call for cash or credit 24 hours a day; electricity for business is as critical as oxygen to the human body, and government agencies must operate without interruption.

Any business continuity plan assumes that all these resources are available.

Emergency plans may duplicate the physical assets of your company, with redundant office space, telephone switches and other equipment. But as companies grow, this option gets more expensive and less useful. There are simply too many people, phone lines, PCs, and unknowns to consider. For every question you can answer, there are others you may have overlooked.

If the power goes out at your company, there may be generators or fuel cells to run the computer network. But has enough alternate capacity been installed to run heating, ventilation, and air conditioning systems to cool workers and equipment within the data centre? If weather prevents people from getting to the office, are there contingency plans for diverting data or people to places that are accessible?

Worrying about how a business can be interrupted is not as critical as exploring how the operations will be affected -both internally across departments and externally to outside constituencies.

Gartner Dataquest estimates that two out of five companies that experience a disaster go out of business within five years. Their projection that by 2005 the market for information storage management will more than double means the issues will only get more complex. As the amount of data businesses need expands exponentially and as systems that address global customers must operate 7 x 24 x 365, more companies are recognising the need for quicker backup and data recovery. The kinds of data considered vital are expanding to include e-mail, intellectual capital, CRM (customer relationship management), ERP, e-Business, e-Commerce, supply chain and transaction records that are outside the normal production systems.

Updated business continuity plans with a state-of-the-art information infrastructure, or storage network, can offer a more effective redeployment of people and resources yielding savings that pay for the entire plan within a few budget-cycles.

Information architectures using disk-based storage can free staff for more productive projects and cut the time for reviving critical business functions. Instead of waiting as long as two weeks to reload data, operations resume within hours or even minutes if designed properly.

For MasterCard International, which manages as many as 30 million transactions a day in 179 different currencies worldwide, information protection and continuous availability is at the core of its entire business strategy. The company is owned by its 20,000 member banks and is connected to 22 million merchants and the countless customers who use its credit, debit, Maestro and Mondex cards.

"We don't sell widgets. We sell transactions. So if customers can't make transactions, it's a problem for them, for our members and for us," states Brian Lock, MasterCard's Vice President for technology and architecture services. "We aim to be the global payments leader - available anywhere, any time, every time."

MasterCard has a dedicated inter-departmental team that prepares for any contingency and finds ways to manage it. The company has been perfecting its continuity plan since 1990 and tests it twice each year by shifting its critical workload to back-up operations and conducting comprehensive continuity exercises. MasterCard has standardised its information storage network on systems and software from EMC Corporation, the world leader in information storage and a leading provider of business continuity solutions. Given MasterCard's experience in contingency planning, we asked Brian Lock to list 4 key considerations when deploying an enterprise-wide business continuity solution. Here is what he came up with:

1) Tape as a medium of recovery is not effective
It has become clear that relying on tape as a means of backup and recovery of critical information leaves organisations vulnerable. Recovery time can be too slow for effective resumption of business processes. When files are accessed and restored from tape, they can also be found to be degraded or unreliable. Restore time often stretches to multiple days or weeks; and the process typically has to be done more than once.

2) Inconsistent backup is no backup at all
Backing up data is a necessary task not always executed with precision or regularity, leaving your business vulnerable to the loss of critical information. It is imperative to perform consistent backups. Different backup schedules and strategies for different applications mean that information necessary for broad-based business processes cannot be matched up or reassembled. Also, inconsistent backups of applications significantly increase data loss which leads to longer recovery times.

3) Distance is important
Who could have guessed that bridges and tunnels could become single points of failure in the IT infrastructure? The New York and Pentagon terrorist attacks changed the landscape by demonstrating that access to a second site can be restricted. The physical scope of a disaster can go far beyond the local facility, cutting off support people from the site and breaking site-to-site communications. Many people were unable to travel from their off-site storage vaults to the recovery site because of the unforeseen; many streets, bridges, tunnels, and all airports were closed.

4) People-dependent processes do not suffice
In a severe crisis, people think of their families first, and rightly so. And even when people turn to the work at hand, many of them are unable get to the recovery site to perform their duties, due to closed roads and safety considerations. In an ideal world, IT systems would be capable of automating the task of recovery, thus limiting the need for human intervention and manual activities such as tape transport and loading. Furthermore, fatigued, worried employees become prone to errors, leading to mistakes and extending the recovery process.

Making a Major Move
While most of the United States was celebrating the Memorial Day weekend last May, MasterCard was quietly migrating 60 terabytes of Unix, mainframe and Windows NT data to its new data centre. Using business continuity software products SRDF (Symmetrix Remote Data Facility) and TimeFinder from EMC, files were populated in new servers with no disruption in global service

"We conducted the move of a tremendous amount of information, with no disruption to our banks, retailers and cardholders. If we had chosen an alternative solution, the move would have taken months and resulted in significantly higher costs to our business and customers," Jerry McElhatton, President, Global Technology and Operations, MasterCard.

Now equipped with a 130-terabyte storage network from EMC, MasterCard has saved time and money with the new facility. The 18-hour daily back-up of its Oracle financial database was cut to 30 minutes, with complete system availability.

Prior to its standardisation on a storage network, if a card issuer wanted customer data or card activity, they would send a fax request and could wait as long as three days for a report. Now, they get the same data on-line in minutes. Card issuers used to be satisfied with 120-day history of card use to monitor purchases for fraud. Now, they are asking for 180-day detail and the amount is growing. Continuous information availability also lets banks and card issuers give customers much better, faster service for approvals, dispute resolutions, billing inquiries and more.

That preparation merely sets the table for mobile payments made from cellular phones, the fast-growing category dubbed M-Commerce; electronic wallets for remote payments away from a computer and without a credit card. Being ahead of the curve regarding industry innovations such as

M-commerce is a major part of Master Card's strategy to become the global payments leader.


Information protection and availability is at the heart of this strategy, says Lock. "As the demand for information grows, we have to move it from our network server to our data warehouse to make it usable. Information infrastructure isn't supporting our business -- it is our business."


Tim Schmidt
Managing Partner
Encore Consulting Group Inc






Board strategy
BCM Solutions
Business Continuity Management
Your BCM




Home  |  About Us  |  Search  | FAQ  | Contact Us