How to set disaster recovery plans for remote offices, branch offices

By Kristen Caretta, Associate Editor | Apr 1, 2009

0 comments

Delicious

Digg

Email

Print

Stephanie Balaouras, one of Forrester's principal analysts, talks about disaster recovery in remote and branch offices during a Q&A session with Kristen Caretta.

If a company already has a strong disaster recovery plan in place, how do they make that work effectively in their remote offices and in their branch offices?
Balaouras: One of the challenges with DR is that you have to make DR plans localized. So if that remote office is in another geographic region, they need to have local DR plans that address the risks for their region. You know, because it's not going to be the same potentially as the corporate location.

I mean, you do need to have the stuff in place for the usual stuff -- power failures, IT failures, human error -- but you know, maybe the remote office is in an area that's at high risk for certain types of natural disasters. And actually, interestingly enough, when I ask most companies what their biggest challenge is for DR, it's not technology at all -- it's people or process. So how do you develop effective plans, how do you keep the plans up to date, how do you test them, how do you coordinate with individuals, how do you keep everybody to a consistent plan, template and format and consistency and thoroughness. So the remote office is gonna have to also document the plans, test the plans, keep those plans up to date. And DR is more than just data backup and data replication: You've got to think about how you actually restore the actual applications themselves.

And then the piece that people often forget about is people and communications. If something actually hits that remote site, probably not a problem to restore the data and restore the applications, but you've got to figure out a way to get those people back to work. Are they going to show up at an alternate location? Are you going to assume that people are going to work from home with SSL and VPN technologies? You also need a way to do emergency communication, which is when the event actually happens, how do you blast out information to tell people, 'Don't come to work, go here instead, this is when we expect you back at work.' And you also want two-way communication to make sure everyone is OK, and you also want their updated contact information if they've gone someplace else, other than home.

What critical steps are midmarket CIOs taking to incorporate their remote offices or branch offices into their DR strategy?
Balaouras: It's always helpful to step back and do a business impact analysis.

I think we in IT, we always tend to focus on individual applications and we kind of lose site of the business process. So if you focus more on enabling the business and enabling certain business processes, like 'What is everything I need for order to cash, financial accounting and reporting, supply chain?' You know, if you focus on the business process, it gives you much broader perspective as to all the resources, and resources could be people, they could be physical assets, it could be IT assets. That kind of helps if you take it from a process perspective.

I do think from a technology perspective, it does make a lot of sense to consolidate remote office backup recovery and DR to some sort of centralized model; that gives you the insight as to what's actually happening there. I think from the plan perspective, a lot of people are sort of deploying resources so that they can share plans globally. And it could be simple resources like company portals, internal company websites. Some companies are choosing to deploy software that will actually help you create and manage plans online. It's also helpful to have all your plans in one central repository that everyone can see. And it's also helpful if corporate actually mandates, OK, these are the key components of a plan, this is everything they expect to see in it, they actually audit it, they actually put mandates around testing and reporting as well.

How much should a midmarket CIO plan on spending when it comes to creating, maintaining, testing and updating these DR strategies for their remote and branch offices?
Balaouras: I mean, some of these backup services are actually pretty inexpensive. They can be just a few dollars per gig, per server, per month, and that will actually give you data protection. One way to determine how much you should spend is to take more of a risk assessment approach, which is you look at the remote office and you do a risk assessment. What are the threats that we're expecting -- power failures, natural disasters like hurricanes. You assign a probability to it, you determine the impact of the actual threat scenario, you annualize it and that's basically how much you should spend on disaster recovery for that particular location.

For example, if you used a remote office in the northeast U.S., if you expect every winter there will be at least three to four snowstorms of six to eight inches or more and that means like half of your employees aren't gong to show up to work, they're all salaried, you're going to have to pay them their salaries anyway, and they at least make $50,000 a year, and you know that's going to happen at least three to four times a year and you know it's going to cost you $200,000 to $300,000 automatically, every year. So you know that you should at least be willing to spend that much on any kind of remote access technology to make sure that everybody's working from home.