Volume 6, Number 24 -- June 13, 2006

Smaller Companies are Preparing for Disaster Too, Study Shows

Published: June 13, 2006

by Alex Woodie

A recent study of companies' disaster preparedness by SteelEye Technology found that smaller companies are implementing business continuity plans complete with remote hot sites almost at the same rate as larger companies. The software vendor's study also found that terrorism barely registers as a concern among North American companies, which are much more concerned with power outages. European companies, on the other hand, consider terrorism a greater threat.

SteelEye Technology is a Palo Alto, California, developer of data replication and clustering solutions for Linux and Windows servers. The vendor and a high availability-related Web site, Continuity Central, teamed up late last year and in early 2006 to ask 184 executives and IT technicians about their companies' business continuity (BC) plans and their views on the potential disasters most likely to strike.

The survey included a mix of big and small companies from a variety of industries in all parts of the world. About half of them are based in North America; about half of them are in the finance, technology, government, insurance, or healthcare field; and more than half had less than 1,000 employees, although about 13 percent of the respondents worked for organizations with more than 25,000 employees.

The study found that disaster recovery (DR) hot sites may be more common than you thought they were. In Europe and North America, 87 percent of respondents said they had a hot site. However, the results suggest that the European hot sites were closer to their operators' main data center than the American hot sites--they are in the same city 40 percent of the time for the Europeans--which raises the question of whether these organizations are prepared for a wide-scale disaster.

Somewhat more surprisingly, according to SteelEye and Continuity Central, is the effort smaller businesses have put into preparing a disaster recovery hot site. According to the survey, 75 percent of the companies with less than 500 employees and a business continuity (BC) plan have a remote disaster recovery site, "a significant achievement on generally much tighter budgets," the survey states. "This group is all the more impressive because nearly 40 percent of these disaster recovery sites are genuinely remote: beyond the same city, county, or state, but within the same country."

Bob Williamson, vice president of product management with SteelEye, says the survey shows that small businesses are getting the message. "It didn't seem to matter that much how big the organization was," he says. "It wasn't the case that bigger companies were spending more" on BC and DR plans, as a percentage of their revenue.

Cost was the most common reason for not implementing a BC plan, Williamson says. "When we asked how much they spend on their business continuity plans, 40 percent said they were spending less than $100,000," he says. About 10 percent of the companies surveyed are spending more than $1 million per year. "Companies think it has to cost a lot of money, but they don't understand" that it doesn't have to cost a lot. The basics of a business continuity plan--including a server, a network link, and replication software--"certainly can be done for under $50,000." (This is also becoming true for iSeries DR strategies.)

The survey also highlighted the most important applications that companies want to have working during a disaster. "They made it very clear that services that they need to communicate with customer--e-mail, customer support, Web sites, phone systems--were the most important," Williamson says. "It was very clear that companies prioritize serving their customers above keeping their company running. Manufacturing products is a very low priority" during an emergency, he says.

When asked if they had invoked their business continuity plans, 45 percent said yes and 52 percent said no (about three percent didn't know). The survey found a correlation between those that invoked their plan and those that tested it. "Companies that had to invoke the plans tested it much more frequently," he said. "Forty-seven percent test only once a year. We feel that's not often enough."

The survey also shed light on what companies fear will cause downtime. The top of the list included software maintenance, network maintenance, network outages, application failures, hardware maintenance, and hardware failures. Interestingly, these are all things that IT shops can control, to some degree.

It's worth mentioning that about 79 percent of these shops ran Windows systems, with about 40 percent running Linux. So-called "legacy" systems, including Solaris, AIX, and HP-UX all were in use in more than 20 percent of the companies surveyed, while a mish-mash of z/OS, VMS, OS/400, and other vestiges accounted for another 20 percent in the "other" category.

Causes of downtime outside any companies' control--including natural disasters, power failures, and terrorism--ranked at or near the bottom of what companies fear. Some of these figures caught Williamson's eye. "I was surprised to find that power failures was such a large percentage. I always assume most companies have backup generators so if power goes out, they still have electricity. But now I'm not sure that's the case," he says.

When these fears were sliced by region, some other interesting tidbits popped up. For example, companies in North America fear natural disasters more than their counterparts across the pond. Meanwhile, the Europeans accounted more downtime to terrorism than natural disasters. The surveyors chalked up these findings to the fact that the United States has been terrorist attack-free since 9/11, while it has suffered severe natural disasters of late. The Madrid and London Al-Qaeda bombings, meanwhile, are still fresh in the European conscience.

This was the first time SteelEye has surveyed companies' BC and DR plans. The company plans to do another survey next year.

Sponsored By

Take Control of Securing Your Transactions

Take control of any secure FTP process with the most comprehensive FTP client/server solution available. truExchange FTP offers solid security, an abundance of encryption options and unmatched firewall navigation capabilities to give you total control of the way you exchange FTP transactions. truExchange FTP allows you to automate, control and manage FTP processes with any remote FTP server, as well as manage your internal FTP processes.

truExchange FTP's command-driven interface for FTP client scripting makes it possible to automate any FTP process through one script that includes user defined recovery within the session. The FTP Server can either replace, or run next to, the native iSeries server. The difference is that unlike the native server, truExchange FTP provides host-based control for file naming, formatting tracking, automatic application processing and features that allow you to run your FTP processes while allowing your iSeries to be as secure as possible.

truExchange FTP is perfect for connecting to EDI VANs, EDI trading partners, banks and other financial organizations, as well as healthcare related organizations who are mandating HIPAA compliancy. Also compliant with Sarbanes-Oxley requirements, the software offers add-on encryption bundles that keep transmitted information secure-critical for organizations trying to protect their own data, as well as guaranteeing security to customers and partners.

At nuBridges, security is a key component in the design and delivery of our solutions and services. Businesses that rely on digital exchanges depend on secure, reliable connections. That's why we take security so seriously. nuBridges' security software locks down information at every level in the pipeline.

Encryption Bundles
Encryption is a popular and effective method for providing security over the Internet. The encryption process alters data so only the intended recipient can read or use it. The recipient of the encrypted data must have the proper decryption key and program to decipher the data back to its original form. With the most encryption options in the market, our solutions secure businesses from losing valuable information and keeping it out of the hands of intruders. Our AS3 certification validates our approach to enhanced features such as built-in support for firewall navigation.

Do you need S/MIME (Secure/Multipurpose Internet Mail Extensions) to provide encryption and digital signatures for Internet mail messages? Perhaps SSL/TLS (Secure Sockets Layer/Transport Layer Security) provides the security encryption you want to secure message transmissions between two applications. The standard for a number of organizations, most notably financial services and healthcare is PGP (Pretty Good Privacy). And, SSH (Secure Shell) encrypts all traffic through secure tunnels between companies and their trading partners. Whatever encryption method suits your particular requirements, truExchange products offer the broadest range of options available.

About PGP and SSH
Written and ported specifically for the iSeries platform, truExchange PGP offers the same capabilities found in PGP Corporation's product line, but it has the look and feel that iSeries users expect. Many organizations adopt PGP as their encryption standard to secure confidential and critical transactions.

Offering customers the quickest, most cost-effective solution for implementing SSH on the iSeries platform, truExchange SSH fits directly into any environment. Our solution eliminates the need to understand encryption, easily addresses critical customer security mandates and provides immediate ROI.

Whether transacting with a financial services firm, complying with multiple mandates or connecting with your trading partners, nuBridges' FTP solution offers the one solution to fit your needs.

Contact nuBridges or visit our Web site.

Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

COMMON:  Join us at the Fall 2006 conference, September 17-21, in Miami Beach, Florida
New Generation Software:  Leading provider of iSeries BI and financial management software
Canvas Systems:  We build and deliver custom iSeries rental solutions


Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement