Back from the brink
Large numbers of organisations, especially SMEs, are
poorly prepared for potential disasters. Resellers
should be ready to sell the benefits of business continuity
planning
Paul Bray, CRN 21 Jun 2004
Terrorist attack, nationwide power cut, flash flood:
whatever form it takes, disaster is on everyone's
mind. Is it likely to happen? No.
Does it scare people? Quite a bit. Does this mean
a sales opportunity for resellers? Definitely.
Research firm IDC forecasts that worldwide spending
on security and business continuity (BC) will grow
twice as fast as general IT spending over the next
four years, and that European corporates spent 60
per cent more on business continuity services in 2003
than they did in 1999.
The events of the past year have done little to change
the actual threats faced by organisations, but they
have focused their minds on the issue of BC and disaster
recovery (DR).
In the latest Business Continuity Management Survey
from the Chartered Management Institute (CMI), co-sponsored
by Colt Telecom and Nortel Networks, about 60 per
cent of businesses fear loss of telecoms and IT capacity,
while nearly half are scared of terrorist attack and
a quarter fear military conflict.
But ask them what has actually disrupted their business
in the past year, and loss of IT and telecoms top
the list at about 25 per cent, while terrorist damage
affected only one per cent of those surveyed. The
most common problems are still the perennial ones
of breakdown and 'finger trouble'.
The most common cause of data loss, according to
engineers at data recovery vendor Ontrack, is hardware
failure (78 per cent), followed by human error (11
per cent), software corruption (seven per cent) and
viruses (two per cent).
Given the high likelihood of disruption, many firms,
especially smaller ones, seem woefully ill-prepared.
The CMI survey found that while 69 per cent of corporates
had a BC plan, only 34 per cent of SMEs had one.
Firms that did have BC plans tended to plan only
for four things: loss of IT, telecoms and site, and
fire. Nearly half (43 per cent) rehearsed their plans
less than once a year, if at all, and had no clear
idea whether they would work.
Many businesses are living in a fool's paradise,
believes David Liff, storage vice-president at software
giant Computer Associates. "Even in large companies,
often parts of a dataset are not being backed up,
or they have solutions that have grown beyond their
capabilities," he says.
"Most small businesses have solutions that just
don't work."
It therefore follows that almost any organisation
is a potential prospect for a new or upgraded BC and/or
DR system.
Certain sectors, such as law and finance, are facing
increasing regulatory and compliance pressures, and
manufacturing, retail and the public sector are said
to be good prospects, as are any firms that rely heavily
on e-business or CRM.
But one of the most important applications that needs
protection is email, on which virtually all businesses
now rely.
Although usually spoken of in the same breath, BC
and DR are different, as Sam Samuel, senior industry
strategist at networking and storage distributor Zycko,
explains.
"DR is primarily focused on getting up and running
following an event," he says. "BC is what
keeps a company going while it concentrates on getting
up and running again."
Both should be approached with an open mind, and
from a purely business perspective.
"Any BC/DR analysis begins by identifying the
key business processes within an organisation, pinpointing
the risks to those processes and quantifying the impact
should they be disrupted," says Dave Freeman,
consultancy manager at VAR Diagonal Security.
"Only then should companies look at options
for mitigating unacceptable impacts, and this is likely
to involve people and processes before technology."
The reseller's role should therefore be to get under
the customer's skin and determine what it really needs.
"A DR solution shouldn't just centre on products
and services, but on a procedure," says Kate
Hembury, sales director at reseller WStore.
"The best advice you can give a customer is:
decide what procedures you're going to have in place,
buy the equipment to implement them, and make sure
you stick to them."
To sell BC, which centres on providing uninterrupted
access to live data, resellers really need to understand
their customer's business, because the appropriate
solution will depend on how long it can do without
its critical data.
"To deliver a BC plan properly, resellers should
look at the big picture," says Mike Whittle,
sales manager at reseller Selway Moore.
"To be successful, the BC plan should include
analysis, process, support, security, infrastructure,
network, comms, management and alerting, software,
replication and clustering, physical site, service
delivery process and education."
This requires specialist knowledge. "Resellers
need to develop a sales strategy where fully trained
specialists are able to offer customised solutions,"
says Keith Busson, business development manager at
tape solution vendor Certance.
Part of the task is explaining the basics, says Liff:
"There are seven basic management rules that
lead to reliable BC/DR: keep multiple copies of critical
data, from multiple points in time, on different pieces
of media, securely, in different places, keep track
of everything, and test regularly."
But resellers also need to make their customers focus
on why they are following the rules.
"Resellers need to get users asking, 'How do
we ensure continued operation in the event of data
loss?' rather than the all-too-simplistic, 'Do we
have copies of all our data?'" says Brian Stanley,
head of OEM sales at tape drive vendor Exabyte.
SMEs, who may not have the budget to implement a
full BC/DR solution, must be encouraged to prioritise
rather than doing nothing. Once the SME has been persuaded,
it may well outsource its whole BC/DR operation to
the reseller or its partners.
One reseller that offers a managed DR service, provided
by InTechnology, is SSI. It was already managing helpdesks,
hardware, software and other IT requirements remotely
but demand exceeded these.
InTechnology's offerings include the VBAK service
for automated data backup, in which data is encrypted,
sent via a secure line to a remote data centre and
restored as required. In case of disaster, data can
be restored swiftly.
"InTechnology's services fit neatly with our
portfolio," says Steven Fenn, managing director
of SSI. "The VBAK service in particular is proving
popular with clients."
Ultimately, there is no substitute for understanding
your customer. "The message I would promote is
know your market, know its pain points and understand
the operating environment it's in," says Probal
Sil, business development director at reseller Elyzium.
BC/DR resellers' business models range from total
outsourced solutions, through consultancy and support,
to glorified box shifting.
"Some resellers present the available solutions
but rely on manufacturers for the installation and
professional services. For others, installing and
support are key components of their business model,"
says Brendan Kinkade, marketing vice-president at
ATA storage vendor Nexsan.
"Not many resellers offer a total DR solution,"
says Clive Watts, head of business development at
online backup vendor Attix5.
"But there's an increasing trend towards providing
a total BC/DR package by partnering with multiple
specialist vendors."
Gavin Smith, chief executive of off-site backup provider
DataFort, recommends free risk assessments.
"Few people can pass up something of real value
offered for free," he says.
"This gives the VAR the opportunity to advise
on security. After you've pointed out shortcomings
in a company's security you have a good chance of
moving them towards a sale."
However, persuading organisations to invest in BC/DR
is not always easy. You are trying to convince someone
to spend a great deal of money and effort on something
they hope they will never actually need.
"The risk of total loss of access is deemed
to be as low as one in 10,000, yet the cost of protecting
just critical IT systems runs into the £10,000's,
if not £100,000's," says Neil Robertson,
chief executive of BC vendor Neverfail.
It must be tempting for sales staff to talk up the
risks, but ultimately fear is a poor sales tool. Resellers
must therefore convince the customer of the business
need.
"Finding budget is always an issue, and it's
usually helped by business impact analysis so that
the customer can understand the risk and the spending
that's sensible to manage that risk," says Dave
Austin, principal consultant at Insight Consulting.
"Look at the reality of the situation,"
says Garry Growns, managing director of BC/DR services
vendor ImperaData.
"What would it really mean to the customer if
they came into work and found they had lost XYZ?"
"In our experience, if a reseller can show a
customer a BC/DR plan that is easy to understand,
affordable and represents a significant level of protection,
nine times out of 10 the customer will buy that solution,"
says Kinkade.
Calculating the cost of BC/DR involves customers
answering two key questions, says Liff: how quickly
do they need access to their data, and what point
in time do they need to go back to?
Chris Boorman, marketing vice-president at BC vendor
Veritas, has a list of compelling arguments: the company
must have a BC/DR strategy to comply with new regulations;
BC/DR increases business efficiency through high availability
and automation; it increases customer satisfaction
through consistent service; it reduces costs through
consolidation; and, of course, it brings peace of
mind.
Austin recommends simple honesty. "Some solutions
don't address real needs and some hide their own inherent
risks, and customers feel let down by this,"
he says.
"Resellers should know the strengths and weaknesses
of the solutions on the market, then position their
own product and acknowledge what it won't do as well
as selling what it will."
BC and DR need to cover a number of eventualities,
and the technologies employed may vary according to
the nature of the threat and the volume and criticality
of the data - not to mention the extent of the customer's
paranoia and the depth of its pockets.
Big vendors such as Computer Associates, Hewlett-Packard,
IBM and Veritas have a large slice of the market,
and argue that their integrated solutions are the
easiest to install and upgrade.
But Samuel believes there is no one key vendor. "There
are lots people with a variety of technologies and
no one spans the whole process, so you need strategic
alliances to get the best solution," he says.
The most important BC applications require online
backup systems that can cut in immediately if primary
systems fail. If a solution doesn't include magic
words such as Raid and mirroring, and increasingly
clustering, replication and high availability, it
probably won't get past the proposal stage.
SANs are preferred by corporates and some larger
SMEs for their robustness and upgradability, but the
cheapness and plug-and-play simplicity of NAS still
has significant appeal for smaller installations.
If a BC solution is not off-site it won't be much
use after a major fire or terrorist attack, and remote
facilities are coming down in price. "The idea
of hot failover servers held off-site has been perceived
as the preserve of larger firms," says Aydin
Kurt-Elli, chief executive of ISP edNET.
"But hosting your own filestore services in
a data centre is now cost-effective."
When budgets are tight, customers must be encouraged
to prioritise.
"Most users still think they need to put all
their data on high-performance, costly storage, but
that's a misconception," says Philippe Fosse,
general manager of storage array vendor XIOtech.
"We advise them to classify data as vital, nice-to-have
or low priority. We suggest vital data is placed on
a synchronous mirroring and replication solution,
with disk-based continuous availability.
"Nice-to-have data should be stored on an asynchronous
mirroring and replication solution such as fast tape,
and data that needs to be kept but will probably never
be accessed again should be placed on inexpensive,
slow tapes."
Finally, if there is one thing that investing in
BC/DR brings home to users - apart from how vulnerable
parts of their ICT systems are - it is how much redundant
data they have accumulated.
"Understanding exactly what you're storing normally
allows you to stop storing over 60 per cent of it,"
says Liff. "Resellers can add huge value to a
customer by looking beyond just backup and selling
them storage resource management tools and services."
Yet more sales opportunities. As they say, it's an
ill wind ...
CONTACTS
Attix5 (0118) 925 3340
www.attix5.com
Certance (01628) 890 366
www.certance.com
Computer Associates (01753) 577 733
www.ca.com
DataFort (01483) 872 052
www.datafort.co.uk
Diagonal Security (01256) 869 000
www.diagonalsecurity.com
edNET (0845) 119 9911
www.ednet.co.uk
Elyzium (01753) 515 000
www.elyzium.co.uk
Exabyte (01452) 563 071
www.exabyte.com
ImperaData (0845) 006 8826
www.imperadata.com
Insight Consulting (01932) 241 000
www.insight.co.uk
InTechnology (020) 7786 3400
www.intechnology.co.uk
Neverfail (0870) 777 1500
www.neverfailgroup.com
Nexsan 001 (818) 715 9111
www.nexsan.com
Selway Moore (0118) 903 7907
www.selwaymoore.com
SSI (020) 8662 8222
www.ssil.co.uk
Veritas (0870) 243 1080
www.veritas.com
WStore (0870) 011 3310
www.wstore.co.uk
XIOtech 001 (952) 983 3000
www.xiotech.com
Zycko (01285) 868 500
www.zycko.com
