Disaster recovery must be board-approved, say experts

At a roundtable held by information infrastructure company EMC, industry experts agreed a disaster recovery strategy will fail without board backing

A panel of experts at a roundtable organised by information infrastructure company EMC today agreed that disaster recovery (DR) and business continuity strategies must have board-level backing to succeed.

A survey, released today by EMC and produced by independent research company Vanson Bourne, suggests that the UK is not giving DR the business focus it arguably merits.

According to the survey, 78 per cent of UK organisations have experienced data loss or system downtime in the last 12 months.

This is higher than the European average of 54 per cent.

Neil Fisher, vice chairman of the Information Assurance Advisory Council (IAAC), argued that a DR strategy should be a board-level issue.

"DR is about the survival of the business, so it should be a board-level issue. Without board backing, the strategy will never work," he said.

Tony Lock, analyst at research firm Freeform Dynamics, explained that companies need to understand the varying DR requirements of different data sets.

"Most companies don't understand the value of different data sets," said Lock.

"For some data, a two-day outage is acceptable. For other data sets, twenty seconds is disastrous. You need to define how your different data sets need to be looked after, and who owns them."

Chairing the meeting, Steve O'Neill, CFO of EMEA North at EMC, explained that CEOs cannot be relied upon to understand the importance of DR without persuasion.

"The CEO needs to have a more short-term view. He's in charge of keeping the lights on and stopping things going bang," he said.

Fisher agreed, and added that the CIO is best placed to understand and champion the DR requirements.

"The only person with the overall and longer-term technology view is the CIO, but invariably he's not on the board so he needs to convince the CFO," he claimed.

Disaster recovery must be board-approved, say experts

At a roundtable held by information infrastructure company EMC, industry experts agreed a disaster recovery strategy will fail without board backing

O'Neill explained that, in the current austere times, it's harder than ever for CIOs to get, and hold on to, a sufficient budget to maintain an adequate DR strategy.

"When you're cutting budgets, it's the nice-to-haves that are cut first," said O'Neill. "There's a danger that DR is a nice-to-have, or it's viewed as an insurance policy that you've never had to claim on, so why bother with it?"

Lock stated that CIOs need to improve their negotiation skills and political awareness if they hope to secure the appropriate funding.

"CIOs need to get better at persuading the business as to what's needed, and what could happen to the business without a solid DR plan," he said.

"At the same time, the business needs to get better at listening to IT and not just assuming everything it says is all Greek. And IT also needs to get better at politics, because CIOs haven't always come through the business path where those skills are necessary."

Dr. Nathalie Mitev, from the London School of Economics and Political Science, said that setting a DR plan is not enough in itself. CIOs must also ensure it is the right plan, and doesn't represent a risk in itself.

"One in ten organisations are still bringing back-up tapes home as their DR plan – many organisations in healthcare are doing this," said Mitev.

"You need to make sure that your DR plan isn't the most likely cause of disaster itself. What happens if you lose a tape, or leave it on the train?"