Interview: Sungard AS’ Joseph George on Data Protection During Hurricane Season

Interview Sungard AS Joseph George on Data Protection During Hurricane SeasonJoseph George is the vice president of product management and global recovery services at Sungard Availability Services (Sungard AS). With Hurricane Florence approaching, many organizations are anxiously preparing for the natural disaster. In a situation like this, it’s helpful to have some guidelines that are specific to the current problem. With five years of experience at Sungard AS, George was able to give insightful advice on how to best protect your business during hurricane season.

What is the potential business impact of a storm like Hurricane Florence?

AccuWeather estimates that Hurricane Florence will cause $30-60 billion in economic impact and damage. Despite being downgraded to a category 2 hurricane, it has grown in size and is predicted to move slowly across its path, which could result in dangerous flooding. If businesses did not properly prepare, a process that typically requires months of work, there’s potential the storm will not only prevent normal business operations, but could cause damage so severe that the business may never recover.

What are some preemptive measures businesses can take to protect their data during hurricane season?

Businesses should prepare months in advance of hurricane season and focus on developing and implementing a well thought out disaster recovery (DR) plan that protects their data, systems and minimizes disruptions. There are the three main components that businesses need to address.

  1. Data Protection: If you don’t have your data at an off-site, geographically separated, secure location, then you are exposed. How you choose to get your data off-site – via tape, disk backup, storage replication, or server replication – will depend upon the mission-criticality of your particular applications and the amount of business downtime or recovery time objective (RTO) and amount of data loss or recovery point objective (RPO) for each. However, simply having your data protected at a second location does not in and of itself make for a DR plan.
  2. System Recovery: This constitutes the platforms, servers, networks, and storage that you will need to actually recover your applications. Your recovery environment should align with your production environment, and be compatible with all the above perspectives. If your recovery environment has changed over time, then ideally you have performed adequate change management between your production and recovery environments so that when you attempt to recover your data, the two are in sync.
  3. People, Processes, and Programs:
  • People: It should be obvious that it will be people – your staff – who perform the recoveries. Therefore, it is imperative that they have an operational place to work, with the right equipment, space, and communications to enable them to do their jobs. It is also important that they have the right expertise and focus to successfully recover your data and applications.
  • Processes: These are the procedures and “runbooks” that document the steps of the recovery. Your recovery will only be as successful as your “last-known good” procedure, so if these are not updated or correctly maintained, then you run a significant risk of failing at recovering your applications and data.
  • Programs: This refers to the ongoing lifecycle and management of the DR program, and governs crucial activities like test planning and execution, post-test analyses, execution of change management, and active integration of best practices and lessons learned on an ongoing basis.

How can businesses reduce the risk of downtime during this period?

While a key part of a successful recovery will depend on the amount of planning done well in advance of the disaster, there are a few things that should be considered in the time leading up to and during a disaster.

  1. Execute your business continuity (BC) and DR plans. Make sure the team is ready to go and prepared to enact your BC/DR plans in advance of the storm hitting. These plans could include a range of activities including sandbagging of critical facilities, relocating business-critical employees to alternate workplace facilities, crisis communications and failover of your IT systems and applications.
  2. If you’re in an affected area, consider taking steps to protect your production assets such as moving critical equipment to elevations higher than the forecasted flood level so that you can ensure those assets can be available for failback post-disaster recovery.
  3. Communicate with employees to keep everyone up to speed on what’s happening and if there are any actions that need to be taken. Tell employees to stay away from dangerous areas that may results from storm damage – contaminated floodwaters, unstable structures, and electrical hazards, etc.
  4. Anticipate and arrange for any supplies and equipment that may be needed to be purchased post-recovery to replace any damaged assets.

How can organizations best recover lost data during a natural disaster?

In order to fully recover data in the event of a disaster, companies must develop and implement a DR plan, test that plan frequently, and keep their recovery plans and procedures in sync with the on-going production changes occurring in their organization to ensure that systems and applications can be successfully recovered at an off-site location.

Tess Hanna
Follow Tess