Disaster recovery in Turkey: Some businesses shine but many lag

Overall disaster recovery readiness is poor in Turkey and the Middle East, but some businesses buck that trend

As businesses become increasingly dependent on data, disaster recovery planning to maintain business continuity becomes more and more vital.

Nowadays, as businesses move closer to real-time operations, any disruption to the flow of business cannot be tolerated. Without a solid, proven disaster recovery plan, businesses are highly vulnerable to loss of customers and prestige because of work process disruptions.

According to a survey carried out by EMC in 2012, disaster recovery planning is in a poor state in Turkey and some other parts of the Middle East.

The survey found that 82% of organisations were not confident that they could recover after a disaster, that 64% said they had actually lost data and/or suffered systems downtime in the previous year. Some 52% of those surveyed still rely on backup tapes in case of disaster – a slower method than disk-based backup for data recovery and in some cases less secure.

Besides common disaster scenarios such as fire, flood, storms or sabotage, Turkey sits in an earthquake zone and has suffered some severe earthquakes in recent decades.

An effective IT disaster recovery plan for Turkish businesses is therefore vital. For that reason, the country's Banking Regulation and Supervision Agency (BDDK) has a binding requirement for banks to have business continuity plans approved by their boards and tested at least once a year.

Disaster recovery plan alternatives

The right disaster recovery plan for any organisation depends on many factors, such as the type of business, the amount and type of data generated, geographical constraints, and specific disaster risks.

Key targets in drawing up any disaster recovery plan are recovery time objective (RTO) and recovery point objective (RPO).

RTO is the time seen as acceptable by which key systems should be back up and running following an outage. 

RPO specifies the point to which data must be restored. This can range from zero data loss in the case of online financial transactions to minutes, hours or days, depending on the criticality of the data and the regulatory environment.

In making the optimum plan for a business, human factors, as well as IT infrastructure, are a critical component in achieving a resilient system. Therefore, regardless of the plan businesses choose, disaster recovery trainingshould be a top priority.

Another priority is to engage top management. A disaster recovery scheme can be costly, and it might be challenging to convince the organisation of the need to allocate budget to it.

Traditional backup has often involved magnetic tape, but disk-based backup has become popular for the rapid retrieval of data that it allows, and many organisations move data to disk for a period before committing it to tape.

That said, unless the backup device is sufficiently remote from the disaster location, the medium used offers no advantage when it comes to data recovery. For that reason, employing a cloud backup provider may be a sound alternative.

Meanwhile, server virtualisation has changed the face of disaster recovery and business continuity. By turning physical servers into virtual ones, applications and data become available regardless of physical constraints.

Previously, organisations needed to retain a duplicate hardware and software environment, at least in part, to which it could switch operations in the event of a disaster. With virtualised servers, it is now theoretically possible to re-start work using a duplicate of the virtual server environment on hardware that need not be a clone of the original datacentre.

Read more on disaster recovery

  • Setting IT disaster recovery policy and developing plans
  • Conducting a tabletop exercise for disaster recovery testing
  • Disaster recovery test frequency
  • Business continuity and disaster recovery policy statement templates
  • Choosing disaster recovery options that fit your virtual needs
  • Call centre disaster recovery planning best practices
  • Virtualising business continuity and disaster recovery activities

Another alternative is to employ cloud-based storage and disaster recovery provision. SMEs, in particular, can struggle to maintain secondary environments to which they can fail over after an unexpected outage. Cloud disaster recovery offers the use of IT services delivered by the cloud provider to any location with WAN access.

Disaster recovery in Turkey: Teknosa

Despite the overall poor showing of organisations in the EMC survey, some Turkish businesses demonstrate exemplary disaster recovery planning practices.

One of these is Teknosa, Turkey's largest technological products retailer. To create the “wow effect” in its stores, it analyses real-time customer data to generate customised offers, so the volume of data it must manage is huge and rapidly changing.

Teknosa has focused on attaining the ISO 22301 certificate, which covers business continuity, and has a disaster recovery plan in accordance with the standard's requirements.

Part of those requirements is regular testing, and Teknosa has a three-step process for testing its systems each year.

First, a dry run is carried out solely in the IT department with minimal involvement from business departments. If the results are positive, a complete test is performed involving all staff. Finally, any malfunctions and problems encountered during these tests are remedied, and a final run is carried out only for those systems.

For the time being, Teknosa uses a private cloud environment in its datacentre, where it has about 250 servers, mostly virtualised on Microsoft Hyper-V with some VMware. It has deployed virtualisation and cluster solutions for high availability and for disaster recovery.

Teknosa also works with telco Turkcell for e-trading applications and also with Bimsa datacentre.

Tunç Şenyol, CIO of Teknosa, says: “For the time being, our disaster recovery plan of using cross datacentres allows us a business continuity of 10 minutes of RTO and RPO. The critical data set that we specify by auto-tiering systems is stored in at least two different datacentres at all times.”

By the end of 2014, Teknosa plans to move all its data storage to Bimsa, an outsourcing move that its expects will cut the share of its total IT budget taken up by disaster recovery from 35% to 15%.

Instead of dealing with data storage in-house, Teknosa expects this transfer to achieve more with less effort, says Şenyol. “All in all, our core business is about improving our multi-channel technology retail business, not about infrastructure management,” he says.

Read more on Disaster recovery