Monday, March 31, 2008

ComputerWorld: New Strategies For New Disasters

# 1840


The scribes at ComputerWorld have been urging preparation for a flu pandemic for at least a couple of years. Recently they added my buddy Scott McPherson to their blogging role, and he too bangs this drum loudly.


Other articles, many by Patrick Thibodeau, covering IT's preparation for a pandemic, have appeared in that trade magazine. Today, an new article by Mary K. Pratt appears.


New strategies for new disasters

Events like 9/11 and Hurricane Katrina have brought disaster to ITs doorstep. But many companies are still applying old strategies to new disaster scenarios.

By Mary K. Pratt


March 31, 2008 (Computerworld) Here's a tricky question: Could your company operate during a flu pandemic?


Nearly 3,000 financial services organizations tested their answers to that question with a disaster drill last September. The exercise showed that the financial sector could continue to operate during a pandemic, but it also revealed stress points throughout the industry. For instance, many recovery plans laid the groundwork for employees to telecommute -- a smart move in a scenario that could leave thousands homebound -- but the existing infrastructure couldn't handle the increased traffic.


"When you have [so many more] people working from home, the Internet is going to slow to a crawl, and that's if it's even recoverable in all parts of the country," says Nick Benvenuto, managing director and global head of business continuity at Protiviti Inc., a risk management consulting firm in Menlo Park, Calif.


That drill highlights the status of many companies vis-a-vis disaster recovery: They have disaster plans, but those plans aren't adequately designed to handle an actual event.


Instead, many business executives, including top IT managers, are relying on old procedures and technologies that might work for small-scale, brief disasters -- a regional power outage, for example -- but would fall woefully short during a catastrophe like another major hurricane or terrorist attack.

(Continue reading . . . .)



An interesting article on a serious problem:


It isn't enough to have a disaster plan, the plan must be realistic in its scope and recovery protocol. Often, plans are poorly designed, or may be adequate for a short term disruption, but fall apart quickly during a major crisis.


While problems exist in the IT sector, at least most of the big players have some kind of plan, even if it may not be adequate. For millions of medium and small businesses, disaster planning isn't even considered.


Many disaster plans are a product of `due diligence. A company or an agency is told they must have a disaster plan, and so they create one, but they never test it, and they pray they never need to implement it.


Many suffer from gaps, where success is based on the hope that `a small miracle will occur' along the way. Even some of the State pandemic plans suffer from this mindset.


Last year FEMA declared 63 major disasters within the United States -Floods, Tropical Storms, and tornadoes mostly- proving it doesn't take a pandemic to ruin your whole day.


The ability of companies to weather these events is based largely on how well they prepared. Serious disaster planning is crucial, and all too often ignored until it is too late.


Does your company have a serious disaster recovery plan? Has it been tested? Does it include a pandemic scenario? Is it realistic?


The time to find out is now, before a disaster strikes.