10-08-10 | Blog Post
While most company CEOs have focus and responsibilities elsewhere, it’s inevitable to think about the “what if” scenario involving IT failures. It would be reassuring to know that the basics of critical IT infrastructure are current and in place – just in case.
Here are 5 simple questions that can give you a snapshot of the health of your critical path IT data environment.
1) Is the list of authorized data center users up to date?
As resources change, it’s easy have an authorized access list that gets out of date. Unfortunately, these discrepancies tend to show up when a server is in need of attention and everyone is scrambling to figure out how to get the proper authorization along with the pressure of a down system. If a 3rd party data center is sticking to its security protocols, a new authorized person cannot be added via just a phone call – it usually requires the designated security officer from your company to send official notice in writing, or via an online portal, of any changes to the authorized access list. Make sure to embed processes with your HR department to update the data center access list appropriately when new people come into and leave from the company.
2) When was the last time the data center battery reserves and generators were actually tested with a full load?
All the prevention in the world means nothing if the line of defense fails when something goes wrong. Anyone can have one or more generators sitting out back for just in case, but it only counts if the generators have actually been proven to start up when the primary power source is absent and can bear the load of the current data center demands. At minimum, this should be tested once per year.
3) Who confirms that backups have completed?
Every company has some kind of backup plan, but a high majority of backups are interrupted or fail. Who owns the responsibility of confirming that the last full backup was completed? What happens if it did not complete correctly – does your backup provider audit and re-run the backup to ensure it was successful or does someone from your company oversee that? Other good questions to ask are how many backups are kept – just the last, possibly corrupt or incomplete backup, or the last 2, 5, or 10 backups just in case the most recent backup did not complete? How often are the backups run? Ideally a daily incremental backup and a weekly full backup at a minimum are run, audited, and repeated if necessary.
4) What date was the last successful full restoration from your backup performed?
The Gartner group found that 71% of data restorations from tape backups fail – and that 94% of businesses don’t survive a catastrophic data loss. Problems with restoring range from incompatible hardware to corrupt or incomplete backups to incompatibility between different tape heads. If your primary data center burns to the ground, you’ll likely have to use a different tape reader to read the backups tape than the machine used to write the backup tapes – a proven cause of many restoration failures. If you’re still using tape backups, see what electronic options exist. Regardless of your backup technology, you need to know when the last successful restoration was completed and that the knowledge of this process is documented in a secure place that can be accessed when things go wrong.
5) How many hours do you have?
When your systems fail, how many hours do you face for recovery? At one extreme, recovery may involve the configuration of new hardware, application re-installation, and data replication. Depending on hardware availability, configuration compatibilities, and the state of the available data backups, this process can take one to several days. At the other extreme, you may have set up automatic, electronic synchronization to a remote location with virtual servers that are hardware agnostic, and may be able to fail-over with no service disruption. Compare the cost of your current backup scenario with how much revenue your company loses every minute, hour, and day your servers and data to see if you have an appropriate level of backup in place. There’s no reason to invest in the higher levels of disaster recovery if your business can go on for a week without your servers running. If, on the other hand, you’re running tape backups once per week with no auditing and your company stands to lose significant revenue every hour that your servers are down, you should check into options that won’t compromise your revenue flow any longer than necessary.
