Disaster recovery is vital - so what's on offer?

After the 11 September terrorist attacks, US businesses scrambled to institute or upgrade their disaster recovery plans. The...

After the 11 September terrorist attacks, US businesses scrambled to institute or upgrade their disaster recovery plans. The scale of the disaster exposed the inadequacy of some companies' plans, with workers unable to reach alternative sites to handle manual tasks or make phone calls to reorganise their businesses.

"Before 11 September, we had a few [disaster recovery planning] calls a week. Now we are getting a few calls a day," said Ken Boyd, director of advanced disaster recovery solutions at IBM in the US.

"One of the lessons that customers learned from 11 September is that it was a regional disaster - not just a floor or a building, but all of the infrastructure around the World Trade Center."

As a result, IBM now stresses to its customers the importance of automating data backup.

"You have to ask how automatic is your disaster recovery," Boyd said. "How much are you depending on people to make decisions? Because you may not have a scenario that lets that happen."

Since the attacks, IBM has set up a technical design council that examines the disaster recovery proposals the company makes to its clients, checking that they will work in real-world conditions. IBM engineers examine the bandwidth connecting primary and recovery sites, for example, and evaluate hardware products to ensure those will work together as well in practice as they do in theory.

In the year since the attacks, businesses in the New York area have added heavy-duty data centres outside the region as an extra safeguard, said David Palermo, vice-president of marketing for SunGard Data Systems, a major provider of disaster recovery and business continuity protection services.

The severity of 11 September spurred many companies to improve their protection plans, but other businesses' plans are still shrouded in talk, according to Palermo.

For large enterprises, particularly those in heavily regulated industries, such as financial services, emergency planning is a routine part and cost of doing business.

Small and medium-sized businesses are less likely to have plans in place, but even those that do have them struggle to recover from a catastrophe. Analyst group Gartner estimates that two out of five companies that experience a disaster go out of business within five years.

The New York Shipping Association (NYSA) had a complete plan for both data backup and an offsite emergency work site for its employees. This allowed it to be fully operational two days after the attacks that destroyed its World Trade Centre office.

But such plans are expensive. SunGard's price tag for keeping a physical office backup on tap starts at several hundred dollars per month, per seat.

Data backup can be less expensive - low-end prices for a single server are a "couple of hundred dollars per month", said SunGard's Palermo - but even those costs can be hard to squeeze into the budget for a small business.

Some businesses accept they have to pay the price. Ten years ago, disaster recovery was about retrieving mainframe tapes and rebuilding data centres. A typical enterprise could expect to spend 48 hours regrouping.

Now, many businesses "can't go more than several minutes" without sustaining major damage, Palermo said, but online storage systems and other new technologies are aiding them in creating failover systems and other backups to minimise downtown.

Read more on IT for small and medium-sized enterprises (SME)