DRJ's Spring 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 32, Issue 1

Full Contents Now Available!

On Sept. 10, 2001, contingency planning, business continuity processes, and disaster recovery procedures were, in one way, shape, or form a part of many companies’ overall business strategy. On Sept. 11, 2001, those plans, processes, and procedures reached a level of priority and urgency never seen before.

As the life-blood of most firms, maintaining connectivity to telecommunications infrastructure is as critical and essential to staying in business as maintaining electricity to their building(s). Because of the events of 9-11, what was once considered an acceptable level of network diversity is now being seriously reviewed. What was once considered to be a redundant platform is now seen as only partially redundant.

And what was once considered survivable and self-healing is now exposed and limited as single points of failure. What was once considered sufficient protection from a plethora of natural disasters (flood, fire, hurricane, etc.) is no longer considered by many an acceptable level of protection from the very real threat of even more pervasive accidental or purposeful man-made disasters.

So what has changed? Not necessarily the way existing networks are configured, but the awareness level of customers, property owners, and telecom service providers has reached new heights. Many companies have now experienced first-hand the inherent vulnerability that exists within the connection to their local telecom infrastructure, creating a single point of failure.

Clearly, the focal point has changed to identify and rectify those vulnerabilities.

For many years now, corporate contingency planners have been agonizing over the questions,

“How can I get the attention of senior management?” and “Why are our (pick one) disaster recovery/business continuity/emergency planning/crisis management initiatives always at the bottom of the budget allocation list?”

Virtually every industry conference has at least one speaker confidently instructing attendees on “how to get management commitment” or “how to guarantee funding for your planning needs,” or something similar.

Often times overlooked in this wailing and gnashing of teeth are the more serious and fundamental questions: (a) Is what we are trying to “sell” to our executive “buyers” what they actually want; (b) If not, what do they in fact want; and (c) If it is what they want, why is it often so difficult for us to “sell?”

We are consultative salespeople, trying to sell a product that in all too many instances is ill-defined, using outdated sales tools and frequently failing to make the connection to prospective buyers between spending scarce budget dollars on our products and achieving their corporate goals and objectives. We as an industry reached a “plateau” years ago, and we will not achieve our goals and objectives until we acknowledge the root causes of this semi-stagnation and fix them, thereby putting us back on the path onward and upward to status as a true and critical component of sound corporate governance.


In an ideal world, IT managers would have unlimited budgets to ensure that employees, customers, and suppliers always had access to business systems and important information. Indeed, many organizations allocate significant portions of IT spending each year to build up operational resilience. However, organizations that have never been victims of a natural disaster, security threat, or human error struggle every year to justify spending on disaster recovery projects. The prevailing mindset is “the issues have never happened to us … other companies have those issues.” But as we see from news reports daily, these issues can happen to anyone.

Many individuals carry insurance policies for life, health, auto, and home, but spending premiums compete with other expenditures, making the decision to purchase insurance difficult.

The same is true with companies. Disaster recovery spending is insurance against the risks of user downtime, data loss, and business interruption. Although every organization knows they need disaster recovery, deciding how much to spend is the issue.

Today’s IT budgets are under intense financial scrutiny, and IT managers are being asked to do more and more with less and less. In 2000, IT spending peaked at more than $1 trillion in the U.S. and almost $2 trillion worldwide. However, many of these investments did not deliver promised returns.

A recent survey of IT executives indicates that more than 90 percent of all projects now require a return on investment justification. Disaster recovery solutions are competing with new business applications, security solutions, migrations and upgrades, operations, and maintenance and IT cost reduction projects for a share of the diminishing IT budget. Disaster recovery managers must ensure that spending adequately covers unlikely events and important new technology, training and processes are implemented to mitigate and recover quickly from realized internal and external threats. The dilemma then is how much insurance is needed and how much to pay for it.


Is it the probability or the consequence of an outcome that drives our actions? Often, when trying to introduce awareness of the need for a business continuity program we are confronted with such responses as:

- What is the probability of that ever happening?
- We have never had a disastrous event in our history! What makes you think we will have a disaster in the future? And so forth …

Have you ever stopped to think about the legitimacy of these questions? Are they merely a test of our resolve and understanding of human logic, or are they something more? Let’s look at each of these views and their relationship to business continuity.


The probability of an outcome is a very important principle in our business continuity program (BCP). Our BCP comprises two agendas – protection and continuity. Protection consists of putting into place viable measures to defend us against known threats that exist in our environment. To do this we evaluate the probability of specific events occurring that could disrupt or destroy our operating environment. If the probability is high, and the effect (consequence) is high, we look at cost-effective measures to shield us against incurring the possible effect. Of course, the cost of our mitigation measures cannot be greater than the estimated cost of the possible effect. The cost of providing 100 percent protection against all possible threats is usually prohibitively expensive. Additionally, the resulting measures would probably encumber our ability to carry out day-to-day operations in an efficient and cost-effective manner.


Your company has decided to build a backup data center and it is your responsibility to lead the project team. Now, there is pressure to get the project under way.

Your first inclination might be to consider possible locations. Stop! Planning will save you a lot of time and stress.

Before we talk about the issues and what your plan or program should look like, let’s review the benefits of having a well-defined program.

A program improves decision-making. Potential locations and decisions are measured against established criteria, not criteria that change with time or as your team looks at different locations.
A program accelerates the decision making process. Some key decisions become apparent during this exercise. On-going decisions are made in the context of how they meet the needs of the program.
A program enables faster response to opportunities. Inevitably, there will come along a “sweet deal” that, if acted upon quickly, has real advantages. Those with a program will be able to respond. Those without will stress the team trying to make a decision. This may not be the best decision.
A program ensures all project participants are “on the same page.” Wasted effort and time will be reduced because participants will not be pursuing divergent objectives. Be flexible enough to change the program if it warrants, but do not make your criteria a moving target.
A program will improve your real estate deal. Requirements for your site will be discussed and negotiated before a contract is executed when you have the greatest leverage to generate results.