Every manufacturer recognizes that its IT network and application infrastructure get more complex every day. At the same time, pressure mounts to make sure that critical IT projects run smoothly, are cost-effective and provide a higher-than-ever ROI. Manufacturers also know that disruptions and outages are inevitable — and they understand the costs when a disaster strikes.
For instance in March 2011, automotive manufacturers suffered after an earthquake in northeast Japan unleashed a savage tsunami. In October 2012, companies also suffered outages sparked by Hurricane Sandy along the New Jersey and New York seacoast. Though cyber attacks have been targeted primarily at other industries, manufacturers grasp what these intrusions can do to interrupt operations.
The Importance of Testing
Crises that can erupt without warning underscore the need by manufacturers to take a step back and execute a plan for assessing and testing their IT readiness. They also spotlight the necessity of a strong backup plan.
Several important reasons underline why regularly testing IT environments proves essential. Testing:
- Lets companies identify IT weaknesses and holes in their plans before they become a major issue.
- Provides an opportunity to educate and prepare staff for an actual disaster scenario.
- Determines the viability of readiness plans, processes and tools.
- Helps meet audit requirements and ensures that people and processes remain connected and in control no matter what the disruption.
Yet skills and staffing for IT recovery and testing can sometimes prove difficult and costly to maintain. Melding legacy systems with advanced technologies can prove problematic as well. Still, when all elements of an IT environment interact — including network architecture, physical infrastructure and myriad applications — readiness assessments become more important than ever.
Tips for Testing IT Readiness
The following are several tips for testing readiness:
Determine the likelihood of a disaster and the costs it might trigger. Often, the push to invest in better technology comes after a manufacturer fails an IT readiness test done by a third party, or even its own staff. Look at the latest solutions for recovery of data and finance systems as well as what is required to keep the IT platform running smoothly.
Remember how complex the entire IT environment has gotten since legacy systems and other technologies were installed years ago. The test can open executives’ eyes on how slow and difficult older systems — such as backup storage tapes — have become vs. newer solutions.
Examine the differences between legacy systems and highly virtualized environments in the cloud, especially given the explosion in data that must be stored by today’s manufacturers. Consider the data-recovery performance from a traditional model of recovery (when it can take three-to-five days) vs. the cloud computing environment (when it can require 12 hours or less). Contrast that with the price-and-performance gap; determine the tradeoff of how much it will cost if the recovery time from a crisis using an older IT system is ten times that in the cloud.
Consider creating a disaster recovery plan for IT applications. Establish tiers of application groups, assigning priorities to them based on how valuable they are to get back in operation. For a manufacturer, enterprise resource-planning systems are critical and should be assigned a higher target recovery time than, say, getting the internal phonebook up and running.
Then, using the tiers, assign the recovery time objectives and how to best achieve them. Tier-one apps used to run the day-to-day business functions should be assigned to the high performance cloud system storage. Supporting or ancillary apps could be placed in tiers three or four, where tapes are commonly used to back up the data. Also, make sure you understand all of the interdependencies of the apps — today’s apps have multiple tiers and if the database that’s tied to the app isn’t recovered, it won’t run.
Elements to Consider when Developing a Plan
When developing a disaster recovery plan, it’s important to determine answers to these questions: What procedures or run book will recover those apps and who’s going to do it? If those skills aren’t available in house, what’s the backup? What strategy should be used to secure a backup recovery process and a second storage infrastructure, preferably in a different location that will be unaffected by any natural disaster that strikes the main facility?
Also, be sure to practice your plan. It may look superb on paper, but if it’s been sitting in a drawer for years, it’s undoubtedly obsolete. Try out your plan and keep it up to date. Situations and times change, and if upgrades and new apps have been put in place, it’s necessary to update plans and procedures, accordingly.
Make sure, too, that senior leadership backs your readiness exercise and recovery plan. Provide the resources required to ensure the teams that developed the plan can actually exercise them. Also, ensure your team commits to the exercise and understands the time and resources needed to make it all happen. Finally, put special focus on the budget; the IT budget is often the first to be pared when reducing costs.
While even the most sophisticated disaster readiness plan cannot guarantee manufacturers will completely escape an outage or a data breach or crisis, a well-considered plan certainly reduces the odds of suffering a crippling data disaster. So make sure you are preparing through created a strong plan that is up to date and regularly tested.
Chris Cooley is vice president, Service Design and Realization at Sungard Availability Services.