Customers should ask ASPs:
- Who will be responsible for keeping track of, and maintaining an inventory of, the technical environment in which my applications are being supported?
- How will the modifications to my database be accounted for and backed up on an ongoing basis?
- What is your ability to scale up capacity, network access and processing capability should my site get a surge in visitors?
- How quickly can you scale to accommodate such surges and how do you charge for this?
- Assuming that critical data is being backed up, where are the backups being stored and on what medium?
- How safe and accessible are these backups?
ASPs should be able to keep track of the technical environment in which their customer's applications reside. Unless ASPs can record and manage these environments, they will be unable to recover them. This is why it is essential that e-continuity plans they develop have a method to document what is installed and how to rebuild it.
With customer environments changing so rapidly, the ability of an ASP to provide scalability in case of emergencies is a highly important factor. Emergencies can come in the form of surges of user demand or more traditional disasters (storms, fires, etc.). But regardless of the type of emergency, customers should not make the assumption that backup sites can be scaled up to take over when needed. They must make sure in advance that there is a documented contingency plan in place on how these backup sites will be scaled up.
It also is essential that ASPs be able to back up information regularly. The backups must be kept in a safe place and be accessible in a contingency situation.
In e-continuity (or any continuity plan for that matter), the greatest challenge is how to protect customer applications against widespread disruptions (from natural disasters, telecommunications outages, accidents, etc.). ASPs must be able to ensure that customer data is accessible and be able to transport that data either physically or electronically (via tape backups, electronic journaling, or mirroring technologies that capture transactions as they occur). Because of this, it is important for customers to select ASPs that understand the physical infrastructure needed to support their applications. ASPs must be able to recreate the customer's actual physical systems and connectivity if needed. This is critical, because as virtual as applications have become, they all have to run somewhere.
ASPs also must plan for and protect against risks arising from the fact that no one is actually in charge of the Internet. While the Internet's worldwide reach and easy access to corporate IT infrastructures provides virtually unlimited business opportunities, this degree of access also opens the door to risks from malicious or unintentional acts that can cause major interruptions. Companies must have assurance that the e-continuity provided by their ASP will include effective policies, technology and oversight to deal with these potential risks.
Planning for and protecting against these risks is no small task. Internet transactions take place on systems scattered across the world with no single responsible party. Tape restoration methods for data synchronization are more difficult in these environments. Companies should look for ASPs that use newer methods such as database journaling and system mirroring over wide area networks and for those with a hybrid between hosting applications at multiple sites and traditional recovery methods that can backfill for hosting sites that experience disruptions.
Today's distributed environments also contribute to management challenges. The IT patchwork of these environments means that often no one person within a company has a complete inventory of the distributed infrastructure. Part of developing a good e-continuity plan for a distributed environment is determining early on the applications a company has, so they can be managed and recovered.
Once customers have determined that an ASP can effectively address their key questions, they can take the first step. This is to assess their needs and communicate this information to the ASP. This assessment will provide a guideline for designing their e-continuity plan. The plan will assess the degree of availability customers require for their e-business applications, develop a strategy to reduce and mitigate the effects of disruptions to their e-business environments, and implement the strategy in an ongoing program.
A good assessment by the customer regarding the business value of their various data and applications is primary to the success of any e-continuity plan. Because of this, one traditional continuity planning element applies to e-continuity, even though e-business exists in a fundamentally different environment. That element is the Business Impact Analysis (BIA). Conducting a BIA study provides the all-important first step. The study can be used to determine the business value of applications being considered, to prioritize critical business functions and to determine the financial and intangible effects of disruptions. This helps customers make informed decisions about the level of investment necessary in their e-continuity planning- thus enabling them to define specific requirements to their ASP. Armed with this information, ASPs will be better able to design overall e-continuity programs that meet exact customer needs.
Unless customers perform this assessment and then communicate the information to the ASP, there can be a mismatch between the ASP's idea of what is required and the actual customer need. That mismatch can result in e-continuity plans that provide less coverage and support than required or, conversely, in plans that are overdesigned and costly.
Overall, customers should be looking for ASPs that can offer a range of services at different price points. The reason for this is twofold. First, not all data and applications have equal business value for customers. Second, the application's value to the customer may change over time as the website becomes more important to their business.
For instance, a traditional brick and mortar company may have started out in 1998 with a website offering basic information on products. In 1999, the same company may have added an online catalogue. For 2000, the plan may be to enable direct buying as well as online customer service. In this case, the value of that website is increasing with time. If the ASP offered only one way to do data backups at one price level, the ability to protect the data would not necessarily keep up with the increasing value of that data to the company.
Companies also need to make sure that ASPs do not overdesign their e-continuity plans. For instance, an ASP may offer only a complete duplicate image of customer applications. This can be very expensive for customers who only require one-day data back up or the ability to get back up and running within a day. Customers with such requirements might want to find an ASP that offers a range of less expensive e-continuity options.
With e-commerce growing more competitive by the day, there is little doubt that more and more companies will outsource applications to ASPs. If these customers are to avoid costly disruptions to those applications, they no longer can afford to assume that e-continuity planning is covered as part of the base agreement with the ASP. Asking the tough questions up front is the best way to ensure that the ASPs they select not only can provide e-continuity planning, but can provide it in a way that is best for their business.
Michael Solter is the Solution Manager for Continuity Services for e-business in IBM's Business Continuity and Recovery Services Unit. He has been working for the past three years on bringing continuity solutions to customers conducting e-business across most major industries.
This article Printed in Volume 13, Issue 1