To Outsource or Not Outsource
- Published on January 31, 2008
- Written by Mike McClain, Senior Web Designer & Site Manager
As the menu of options grows for companies pressed to improve business recoverability, the decision to outsource or to go in-house becomes less clear. Mobile computing has reduced clients’ dependency on BCP-provided office space, a significant bottleneck for BCPs offering regional disaster recovery services. Test time offerings have improved as well. The “standard” one week of test time per year goes quite a bit farther when recovery times are measured in minutes instead of hours or days. But when service level metrics dictate quick recovery, the overriding factor is proficiency. The ability to aggregate skills and maintain compliant recovery practices may be the biggest factor weighing in the BCP’s favor. The BCP’s only business is recovery: every hour of every day. The typical internal IT department may “practice” recovery two to four times a year at best.
For those looking to pursue an in-house strategy it makes sense to take some of your leads from the BCP model:
- Review your remote recovery. A successful recovery plan should incorporate an offsite capability for data and application recovery, and that the center should be substantially removed from your production sites. This sounds basic, but most firms today still only have sufficient practices in place for local recovery and offsite tape storage. Accordingly, implement a three-tier geographic plan for where, when and why data protection and recovery will take place: local protection and recovery at your production site(s) to maintain operations in the event of data loss, establish an offsite disaster recovery capability for site or infrastructure loss, as well as an archive (the bunker) for certification of records retention.
- Consolidate protection and recovery operations where you can. Putting your eggs in one basket may sound counter-intuitive but it does make sense. The biggest challenge to compliant recovery is solidifying your operational practices. Consider creating a center or centers of competency and move your data to sites where you can achieve better control through centralized management, leverage key skills, and gain economies of scale.
- Build a hardware-independent framework. One CIO told me he thinks of data protection and recovery as a business application, not infrastructure. “We used to buy data protection for the hardware. It should be the other way around. No one ties their business applications to specific hardware platforms,” he said. This approach will drive greater flexibility in meeting evolving service level requirements and allow deployment of more cost-effective infrastructures.
- Automate with care. These days there is a lot of “buzz” from the vendor community about automated recovery. Automation can be a very good thing and works well when things go as planned, but it is not a replacement for human judgment from skilled administrators when things go “bump” in the night. Think about automating discrete process steps first, before tackling end-to-end processes. The sequence of recovery steps may vary, depending on the events leading up to and following a partial, rolling or complete loss of processing at the production site.
- Know your RPO. Today, emphasis is still placed on recovery times (RTO). But the currency of your recovered data (RPO) is equally as important. For both, define service levels for not only your financials and transactional data but also data essential to the business such as e-mail, supply chain data, CRM and lead generation databases. And be prescriptive; build a basic menu of service levels that you offer, and know you can deliver with confidence.
When choosing between outsourcing
to upgrade your disaster recovery capabilities, or building out your
own infrastructure, the primary consideration is skills. In either
case, a flexible service delivery framework, based on a utility model,
can provide the foundation for success.
Chris Hyrne is vice president of marketing at Topio, a global provider of software for data replication and recovery across the spectrum of locations, platforms, and storage that support the enterprise. Topio is based in Santa Clara, Calif
"Appeared in DRJ's Summer 2006 Issue"