Where should a CIO construct a backup site? In a major disaster, backup sites can go down, too, so where to go? A USA Today feature, "Is There Anywhere Safe to Live?" (April 20, 2006), focused on the location of natural disasters for all 50 states, plus American Samoa, Guam, Puerto Rico and the Virgin Islands. But for a CIO, a better headline would be: "Is there anywhere that's best for a backup site?"
Disasters cost money, interrupt business operations and may cause the enterprise or government agency to cease operation, which makes planning a business issue, not just an IT issue. Disasters can interfere with or even terminate IT and communications services. It doesn't matter whether the disaster affects the enterprise, government or service provider. Floods, fire, volcanoes, earthquakes and other events can destroy a primary and backup site if they are too close together.
Telecom service providers can offer expert advice on where to locate a backup facility and should position themselves with CIOs to offer both consulting and services. After all, they have experience planning for their own primary and backup facilities, as well.
A CIO's selection of the backup site location will always have risks and liabilities attached to the decision. Adequate and reliable communications to the backup site and communications between the primary and backup sites are what most service providers can successfully offer to the CIO.
- Building closed/evacuated
- Loss of power
- Loss of communications
- Facility damaged/destroyed
- Community disaster (10-to-30 mile range)
- Regional disaster (30-to100 mile range)
Where service providers can help
Service providers can be beneficial in helping with disaster planning in categories three through six and has different services to sell:
- High speed communications between the primary and backup so the two sites can have synchronized, duplicate data. This is required for good customer support but may also be required to meet compliance regulations and security requirements.
- Communications access for all users with a rapidly implemented and seamless connection to the backup site including: Multiple media access such as WiFi, Metro Ethernet, fiber optic services, DSL, ISDN, etc.
- Wireless WAN
- Laptop connectivity for mobile users
- VPN services
- Access to the service provider's site as a substitute for the enterprises backup site. This can
- Hosting services
- Provider-managed storage service
- Replication and data mirroring
- Redundant geographically diversified communications routing for site access and synchronizing communications between the primary and backup sites
- Contact/call center call rerouting, network queuing and contact center services
- Conferencing and collaboration services.
The service provider's credibility is of utmost importance in planning and providing disaster/recovery services. To win enterprise business, a proactive service provider should meet with the CIO about the following issues:
Telecom service providers can offer expert advice on where to locate a backup facility.
- The service provider's own plans for its internal disaster/recovery (DR).
- How the internal DR plans help the enterprise in its DR planning.
- How conferencing and collaboration services can be beneficial tools during disaster and the subsequent recovery.
- Security, compliance issues and regulations that will influence DR plans for the enterprise or government agency.
- Participating in the enterprise's disaster/recovery drills. Unfortunately, few enterprises actually try out their disaster/recovery scenarios before they're necessary.
- Help the enterprise determine the real costs if the DR planning is not well designed so that the budget for the DR can be compared to the financial liabilities for poor DR planning. This will help justify the DR plan implementation.
- Help the enterprise determine if good DR planning will reduce other costs such as insurance premiums.
Ranking disasters and where they occur
The following 14 natural disasters are a possibility in some places:
- Blizzards and lake-effect snow
- Flash floods and monsoons
- Heat waves
- Hurricanes and typhoons
- Ice storms
- River valley flooding
- Volcanic eruptions
- Wildfires and firestorms
Looking at where natural disasters occur is one factor in selecting primary and backup locations for IT and communications centers. Unfortunately they aren't considered enough in site selection.
Service providers can advise the following common site-locations considerations:
- As the distance from the primary site increases, staff will be less likely to be able to move rapidly to the backup site.
- Access to power, fuel and adequate communications facilities.
- Cost of the physical site, hardware and software required at the backup site.
- How long the backup site can operate.
- How well the primary and backup sites can be synchronized.
Where is the least bad location?
The USA Today article shows a map of the states that are most vulnerable to each disaster. The state's vulnerabilities varied from one to eight disaster possibilities. Nevada had the lowest number of possible disasters, that is, it was rated for one disaster type, wildfires and firestorms. Montana, Idaho, West Virginia, Alabama and Louisiana had only two disaster possibilities—hurricanes and thunderstorms – but these two can be much more catastrophic than other types.
Which states have the greatest number of possible natural disasters? Colorado, South Dakota, Minnesota, Kansas, Missouri, Illinois and Michigan, each of which has seven possible natural disaster situations. Texas is the only state with eight. Many of the disasters are transient, so they do not have long lasting effects. Others, like volcanoes, earthquakes, tsunamis, tornadoes and hurricanes, can prevent a site from recovering for weeks to months. Site restoration time after a disaster should be considered when selecting a location.
The CIO must come to a balanced decision for the backup site. The Disaster Resource Guide is a good source for service providers to help communicate with CIOs on disaster backup planning.
About the author: Gary Audin, president of Delphi, Inc., has more than 40 years of computer, communications and security experience. He has planned, designed, specified, implemented and operated data, LAN and telephone networks.
This was first published in January 2008