Fall World 2016

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 29, Issue 2

Full Contents Now Available!

DRJ Blogs

This is some blog description about this site

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form
Recent blog posts

By Brian Zawada, Avalution Consulting
Originally posted on Avalution Consulting’s Blog

Similar to other management systems standards, ISO 22301 is based on the ‘Plan-Do-Check-Act’ model that seeks to improve – in a continual manner – the effectiveness of the organization’s performance through proficient planning, implementation, supervision, review and maintenance.

As such, it is only proper that we discuss the relationship of ISO 22301 with other management systems standards.  The following summary offers a high-level comparison between ISO 22301 and another widely-adopted management systems standard, British Standard (BS) 25999-2 (2007). 


Virtualization technology has helped IT organizations of all sizes reduce costs by improving server utilization and reducing application provisioning times. However, this produces two new problems that most people do not account for when choosing a data protection solution. First, the cost savings offered by virtualization can disappear quickly in the face of virtual machine sprawl. Second, the link between physical and logical devices becomes harder to map and track, making a virtual environment more complex than most can imagine.

Data protection can become a unique challenge in these environments. For example, backing up and restoring data for a dozen or more virtual machines residing on one physical server can bring all other operations on that server to a complete halt.

 ll that being said, when searching for a data protection solution, be sure to investigate whether the product provides an effective solution to this challenge by eliminating the burden of running backups on a virtual machine and instead off-loading backup workloads from a VMware ESX or ESXi-based server to a centralized vStorage backup server. The solution must improve the frequency of protection and enable faster recovery of data, helping increase the business value of virtualization. The solution should also help organizations reduce license management costs by removing agents from the individual virtual machines.


Ah June, the month when people start thinking about vacation plans, summer camp and getting away from the office for a bit.... Well, for us at DRJ, we've got something else on our minds - Fall World 2013.

To say that we're excited and looking forward to this upcoming conference would be an understatement. If you're a regular reader of this blog then you'll likely have read about our new venue (Hilton San Diego Bayfront) and you've probably visited our blog to learn more about the changes we have planned.

But what about the sessions, workshops and learning tracks? We want you to get the most you can out of Fall World 2013- so to help you, here is a synopsis of our Sunday Workshops:

Tagged in: Fall World

IT organizations can drive up the cost of storage unnecessarily by treating all data the same and storing it all on the same media. I have said many times that all data is not created equal. When looking for a data protection solution, managing the ones and zeros from the time they are created to the time you can delete them is very important.

Long-term archive and hierarchical storage management (HSM) allow organizations to store data on different tiers based on specific policies, enabling administrators to migrate and store data on the most appropriate tier. For example, older and less frequently accessed data can be moved to a slower, less-expensive storage platform, such as tape, leaving more expensive disk storage available for more high-value data. Automated data archiving also helps organizations ensure compliance with data retention policies and reduce the costs associated with compliance.

When making a decision about data protection, look only for solutions that help reduce costs by providing automated, policy-based data life-cycle management, moving data to the most cost-effective tier of storage while still meeting service level requirements. This will help ensure recovery objectives are met while enabling transparent data access. Do not be fooled by vendors who tell you that backup and recovery are enough.


Posted by on in DRJ Blogs

If you work within the Human Resources department at your organization, it is highly likely that you have witnessed a transition from traditional web hosting to the cloud over the past few years. Cloud technology provides numerous benefits to a corporation’s HR department besides hosting a website. 

Perhaps the most important benefit of cloud technology is the fact that subscribing to such a service is extremely budget-friendly. With cloud hosting, you are not held responsible for updating the hardware and maintaining the software—the provider handles all this. These are features that you would normally be charged for in a traditional solution. 

Updating software and keeping up with licenses is a hassle. But with a cloud solution, your HR department will no longer need to worry about keeping such software up to date; again, the provider is the one held responsible. 


There are many data protection products on the market today, and all of them have features and functions that make them stand out. But, one of the major items you need to consider is how easy the solution is to use. When it comes down to “brass tax,” ease of use is one of the most important items. After all, the person responsible for data protection may not have a huge skill set or the time to spend on managing the solution on a day-to-day basis.

When choosing a data protection solution, look for the ability to manage the system from a single pane of glass. The user interface also needs to be so simple that within a few minutes all daily tasks can be completed. As a bonus, look for a solution that sends alerts to your email and mobile device, including everything you need to know about the previous night’s activity and the status of those activities in a report that’s simple to read and understand. 

This simple to use requirement dovetails into historical reporting. If you know what the solution is doing on a day-to-day basis, then you should also be able to tell what the system has been doing for the last few days, weeks, months or even longer. This allows for planning the future with little to no hands on work. For example, if you have a report that gives you weekly growth for the last 26 weeks, you would be able to predict when you are going to run out of space in your solution or when you need to purchase more tapes. It is a very simple example, but it shows that the solution should help you plan for the future as well as operate today. And, following this example, you would be able to budget six months or more in the future for growth—a great advantage when budgets are tight.


Everyone knows that cloud computing allows users to access information instantaneously and lifts the burden of continuous server maintenance, but there is another benefit that many have not thought about: the “living approach” to product development. 

Through the living approach, cloud hosting providers develop system enhancements and upgrades based on communicated customer needs and are released to users as soon as they become available. This allows clients to receive new features faster than they would with a normal product development environment, and these features are more closely linked to their personal needs. 

Inherently, the living environment fosters communication among users and potential customers, creating close relationships both amongst themselves and with the provider. Through online forums built directly into their software, users can request new necessary improvements that may not have been noticed by others. Once these improvements have been developed, cloud providers release them as soon as they possibly can, making their customers happy and talking about their company. 


At the end of the day, the real value of a data protection system lies in its ability to restore data when and where needed. If data fails to restore successfully, some part of the business is going to suffer, possibly with costly consequences. As a result, reliability is a key measure of a solution’s ROI.

 You could have the best, most expensive, fastest data protection solution in the world, but if your data cannot be retrieved and used in a timely fashion, the point is moot.

When choosing a solution for data protection, look for experience in the data protection market—years spent protecting the business critical data of some of the largest organizations in the world. This is not a professional sports draft and you are not looking for the diamond in the rough that can be molded into the perfect player (solution).


By Jacque Rupert, Avalution Consulting
Originally posted on Avalution Consulting’s Blog

We see a lot of confusion specific to the topic of force majeure. Often, executive management has the belief that force majeure clauses in their contracts protect them from a wide variety of disruptive events, and thus they may not invest appropriately in business continuity plans and strategies. However, the concept of force majeure is somewhat convoluted and often includes many variables. As a result, if an organization does not plan appropriately, it may actually be left unprotected and vulnerable to claims of breach of contract in the event of a disruption.

This article explores the history of force majeure and its current state application in contract law. Avalution developed this perspective to help inform organizations about the potential issues associated with force majeure clauses and the need for additional preparedness activities to adequately protect the organization in the event of a disruptive incident. However, please keep in mind that we are not lawyers, and nothing in this article should be construed as legal advice (be sure to consult with legal counsel regarding this topic and appropriately balance contractual protections with business continuity planning strategies).


Are you tired of calling your data protection vendor and having them tell you that your issue is a hardware problem only to have the hardware vendor point the finger back to the solution provider? Finger pointing is a huge waste of time and can actually cause major disruptions in service.

When choosing a data protection solution, look for one that offers peace of mind through world-class customer support as well as subscription and support (maintenance) contracts, which provide enormous financial value to customers.

For example, all improvements made to a solution in the past three years as well as the planned improvements for the next three years should be taken into consideration, such as source and target data deduplication, the eight-fold increase in scalability and substantial improvements in reliability, performance and ease of use.


Posted by on in DRJ Blogs

As you know the more resources and information you have easily accessible, the easier it is to make smart, educated and informed decisions. Articles, research studies and case studies do go a long way in providing this information but sometimes you just need to see the plain and simple details.

This is where the DRJ Business Continuity Glossary comes in very handy. Our comprehensive and recently updated glossary gives you all of the tools and knowledge you need to better research, analyze and understand the business continuity space.

For those of you who are new to business continuity, this glossary is a great way to learn about key terms such as:


Posted by on in DRJ Blogs

There was once a time when we could leave our doors unlocked without fear of losing our prized possessions, and there was once a time when we could type credit card numbers into our browser without fear of identity theft. Sadly, this is no longer the case; we must take extensive security measures every day, even when using the cloud. 

When analyzing the security of your data, it is important to remember that your information is only as safe as your weakest password. So, if your password for your favorite social networking site is “password123,” it is safe to assume that your other personal information can be easily compromised. Make your passwords impossible to guess, mix them up with a combination of letters, numbers, and special characters and change them on a regular basis. 

Authentication is a great way to deter would-be hackers. Add a few security questions for each person with access to your cloud hosting programs so that you can ensure that these select few are the only ones that will get into the application. 


Posted by on in DRJ Blogs

When keeping pace with growing data, a major concern for IT organizations, in terms of both storage and data protection is how the data protection solution will handle the growth.

If your business has grown its capacity by 40-60 percent in each of the past three years, and it now supports billions of data objects, you need a solution that grows with you. This growing of capacity may be outpacing your data protection solution and you may need to find a way to scale your protection.


IT organizations can drive up the cost of storage unnecessarily by treating all data the same and storing it all on the same media. Let’s face the fact: my resume is not as important as the payroll database or even the email database. So, why are you using the same storage policy for both?

Stop using one policy to rule all of your data. It might be simple, but it is killing your bottom line. When looking for a data protection solution, find one that allows you to use policies to treat data differently.

Important data should be prioritized as tier one data that gets backed up most often and most quickly. Perhaps that data can stay on disk for fast restore.


Posted by on in DRJ Blogs

When keeping pace with growing data, a major concern for IT organizations, in terms of both storage and data protection is how the data protection solution will handle the growth.

If your business has grown its capacity by 40-60 percent in each of the past three years, and it now supports billions of data objects, you need a solution that grows with you. This growing of capacity may be outpacing your data protection solution and you may need to find a way to scale your protection.

This growth can be handled, but the scaling must be done in a logical manner. There are three ways to do this:


When looking for someone to hire to add an extra bedroom to your home, you have to perform thorough research to find the perfect individual that will suit your personal needs. So, why wouldn't you do the same when it comes to searching for a web host? Before jumping into a contract with a company, you will need to do your homework. 

The ideal cloud hosting provider should be able to deliver a solution that is easily scalable with minimum effort at the most optimum price, resulting in lower costs and thus improved productivity. Still, selecting the perfect hosting provider can be difficult due to the vast amount of competitors on the market. How do you find your right match? 

One of your first concerns when researching hosting providers should be that of security. Without proper security measures, your website and applications can be at risk of infiltration from hackers with malicious intent. An appropriately secure cloud infrastructure will prevent these situations from ever happening. 

Tagged in: Cloud Hosting

Posted by on in DRJ Blogs

Do you have different products to protect different types of data or different systems? If so, you need to start thinking about standardizing on a single product.  Think of all the time, training and resources you would save.

Unified recovery management (URM) brings under one user interface the ability to manage data protection throughout the business, supporting different applications and types of data on different operating systems in different locations and with different policies and backup requirements. From a single point, administrators can manage multiple data protection and recovery tools, including diverse solutions that are dedicated to different tasks. It helps eliminate the costs and complexities associated with deploying and managing multiple point solutions.


Can two of the same things have two different prices? Heck yes! Not only can they have different prices, but they can also be dramatically different. 

In the last few years, data protection solution providers have started to offer something besides “core-” or “server-” based. When buying software you need to consider all the options. One of the new options is capacity. 

When purchasing data protection solutions, look for a company that offers pricing options that allow you to pay for solutions in the manner that makes the most financial sense for you. In the past, licensing models were based on the number and power of processor cores in the servers being protected. They also had cost advantages for organizations with a relatively large amount of data and  small number of servers or for organizations with other software products licensed this way.


By Rob Giffin, Avalution Consulting
Originally posted on Avalution Consulting’s Blog

Have you ever recommended additional redundancy for a process, department, or facility, only to be told that your organization couldn't afford it or have the project repeatedly delayed until next year? I have. It’s pretty common in our profession. 

Casey Haskins and Peter Sims recently wrote an article that you should consider a must read (and so should your senior leadership team responsible for continuity). It may just provide the viewpoint needed to help your organization be more resilient.


Posted by on in DRJ Blogs

Andy Osborne's blog from last week was truly timely: I've just been assigned a new task by my boss: Take a recovery management plan done for one company site, and sinter it down into a suitable "template" for other "small" company sites.  The task has already shown indications of Andy's experience: the work done by predecessors causing more work.  It's not that wrong things were written, but the document doesn't "flow" like a plan should.  I beieve a "plan" is like a recipe, only longer and without the rewarding aroma to savor at the end.  ;-)

Of the many kinds of plans I've seen over my years in this profession, few really read like a recipe, rather more like a cross between a dictionary with a mixture of random essays.  No flow.  But this time, I feel much better about the prospects, because the plan I'm to use as the starting point has, on one of the early pages after the Table of Contents, a FLOW CHART!!!  It has been my contention since my earliest months in this business, that recovery is a process, meaning it must flow - start at Square One and start marching until you're done.

Perhaps, if you've found yourslef feeling like your plan lacks something, maybe it needs some improvement in its flow.  Developing recovery plans can't (easily) effect a timely recovery without flow, because no matter how many people you throw at the disruption, the lack of flow will have them bumping into one another.

Hits: 1170