Reckoning on the calamity gain

11 September gave the disaster recovery market a jolt. But customers need to be educated if it is not to flatten out again, writes Martin Lynch.

Telling business executives about disaster recovery used to be like discussing physics with a chimp. There would be a lot of nodding and head-scratching but, in the end, no understanding of the value of data and the need to protect it.

Within the storage arena, disaster recovery was a small player and, as a selling point for storage solutions, not a very strong one. There was no real upside to the New York terrorist attacks but, if any market received a jolt, it was disaster recovery. You know a market is on the up when the spin doctors emerge with new terms for the same old market and products.

In the case of disaster recovery, the term 'business continuity' is now the popular, more 'holistic' way to describe the need for disaster recovery.

As disasters go, 11 September was so extreme that it is highly unlikely it will ever be visited on the vast majority of companies. The damage to the business community caught in the blast was massive.

Some of the bigger players, such as JP Morgan, managed to get up and running within 15 minutes, but not everyone was so prepared. Some firms kissed their futures goodbye there and then, while many of those that managed to recover their systems are destined to fail within the next few years, according to analysts.

This assessment applies not only to firms in the centre of an extreme disaster but to all companies where any kind of disaster affects their ability to do business.

"A few years back a car bomb went off in the World Trade Center car park," recalled Eric Ullman, technical marketing manager at small to medium sized enterprise (SME) storage specialist Dantz Development.

"None of the offices were damaged but they were closed off by the FBI for 10 days; people couldn't get at their data. More than half of the businesses headquartered there without disaster recovery plans went out of business within three years."

Bums on seats

A similar scenario was seen after 11 September. Despite having disaster recovery in place and being able to recover their data, a lot of the financial companies surrounding the blast area had not expected to be unable to get staff back to their desks.

The back-up software worked fine but the firms had not realised how reliant they were on having employees in front of their screens. As a result, a lot of companies are looking at ways to disperse both back-up and people away from their main site.

Robin Pilcher, director of European marketing for storage networking supplier CNT, agreed that any disaster can do permanent damage. "In most companies, even those with back-up, it can take days to get up and running after a disaster. Losing a few days of business can be crippling," he said.

"You never catch up again. It's not just about getting the data back but getting the people trained and in place after a disaster."

Even if it is not crippling, a disaster can still be very expensive. For example, Visa's head of business systems estimates that just one second of downtime at the data centre will cost the company $1m.

Visa is a global corporation, for which an iron-clad disaster-recovery set up is a high priority. As you drop down to the SME sector, things become a lot less secure.

Dangers of complacency

Gartner has estimated that only 35 per cent of SMEs have a decent disaster recovery plan in place and less than 10 per cent have crisis management, contingency, business recovery and business resumption plans.

This is despite the fact that, according to Gartner, two out of five enterprises that experience a disaster will go out of business within five years.

"Most SMEs are not ready for a disaster," explained Steve Smith, sales and marketing director at Tandberg Data UK.

"Large companies have dedicated IT departments for formulating and implementing disaster recovery solutions, but smaller firms can't afford that luxury. If they even have a back-up tape that someone takes home in the evening, then that's good.

"SMEs are interested in the here and now of business, and disaster recovery is seen as an insurance policy that shows no return until something goes wrong.

"There is a lot of pressure on them to make money, and the last thing on their minds is data back-up. They don't realise that for less than £350 they could implement a simple back-up plan."

Craig Hatter, regional director at Plasmon Data, said: "The penetration problem that disaster recovery has in the SME sector can be attributed partly to the cost, the size of the companies and the lack of education.

"A plan doesn't have to cost hundreds of thousands of pounds. It could be a case of just making sure that the tapes are taken out of the building each night, or having a few servers off-site."

Out of sight ...

Ullman, who works for a firm that targets SMEs, explained: "It's human nature to think 'out of sight, out of mind'. Sadly, a lot of our customers come to us after they have lost data.

"Data used to be on hard copies that were easy to see and file away safely. But, because computers have become part of everyday life and business culture, people take them for granted.

"We talk to businesses and ask what they could do if we flooded their server. Most of the time the answer is 'nothing'."

Smith agreed. "Awareness is the real problem. Disaster recovery is something that all manufacturers of storage hardware have to promote, regardless of what technology is used, because firms must be able to recover," he said.

"Manufacturers should be doing more to help companies realise the basics of back-up and disaster recovery, but most are too wrapped up in flogging their own offerings.

"A lot of the material we produce for resellers is very basic stuff because a lot of potential customers simply do not know what it's all about. I think any drive will have to be government led if it is to put disaster recovery on the regular IT agenda."

Hatter added: "All the initiatives right now are coming from storage companies, not governments. I wonder if companies would even listen to a government on these topics, since they all think they are doing a good job already?

"The onus is more on the storage industry and the various business and standards groups to impress the need for disaster solutions."

Business opportunities

The SME sector may be the most vulnerable to disaster but this makes it a huge business opportunity for vendors and the channel.

The disaster recovery argument may not traditionally have been the strongest reason for investing in storage solutions, but its profile is on the up. So, did 11 September make a difference to sales or attitudes?

"Yes, 11 September has had an impact on the market," said Hatter. "Data is one of those things whose worth is never appreciated before a disaster, but since 11 September there has been a lot of interest. Storage vendors have been doing a lot of awareness campaigns."

But Smith warned: "The market has flattened out a bit. We are not seeing the buoyancy of last December and January. Some of the panic from 11 September has worn off. There was a discernible effect then when we were hearing from firms that had lost everything, but things have calmed down now."

André Armstrong, storage business manager at Computer 2000, said: "We have seen growth since that tragic event. I think companies already had disaster recovery plans but that event brought them forward.

"A lot of customers are still playing Russian roulette with their data but we are educating our resellers on disaster recovery solutions.

"The opportunity is very big in this area and, in the past six months, there has been heightened interest in storage from our customers."

Small scale disasters

Russian roulette is the ideal term for how many companies still treat their data, and it doesn't take bombs or plane crashes to bring down a business. In fact, the vast majority of disasters are mundane: corrupted disks, faulty back-up, human error, power cuts, fire, flooding or theft.

It may have taken a global disaster to wake businesses up but, in reality, the biggest threat they face is on the payroll.

"Human error is still responsible for most data loss," explained Smith. "Natural disasters get all the attention but they are still a small part of the disaster scene."

Pilcher agreed. "Humans cause 30 per cent of data losses, by accidentally deleting a file, failing to back up data, or committing a malicious attack," he said.

Gartner goes even further, claiming that 80 per cent of mission critical application service downtime is directly caused by a mixture of people and process failures. The rest is caused by technology failure, environmental failure or disasters.

Even firms that have some form of disaster recovery plan aren't safe because, according to IDC, only a quarter of them bother to test their plans even once a year.

Considering just how much access staff have to sensitive data and the computing power on their desktops, expensive mistakes are inevitable. The old mainframe/terminal days when staff had no real power over the data they used are long gone.

The email factor

As well as the data issues, there is now the email factor. Email has gone from luxury to business necessity and has rapidly become the primary means of corporate communication.

Forget data; email denial for any significant length of time would cripple most companies. It is facts like this, rather than major disasters, that sell recovery solutions.

In the case of the channel, more general storage resellers are looking at the disaster recovery space, and both storage vendors and distributors seem keen to give them the skills.

"Ultimately, the more education that happens on the channel side, the better the chance resellers have of successfully selling the solutions," said Hatter.

Armstrong added: "In the medium sized business arena, particularly on the disaster recovery services side, there is a great opportunity for the channel. We are constantly running training sessions for resellers and we have a Total Solutions event coming up in May, which will cover storage."

Back to school

Ullman stressed that education is vital. "Since 11 September we have seen an increase in sales and in the channel we have seen a shift, where smaller resellers are now adding disaster recovery arguments to their sales pitches," he explained.

"Right now, educating the customer has to happen at the reseller/consultant level; it's a grass roots thing. With just a little research and education they can very easily start offering disaster recovery solutions to customers.

"Nothing is better for a reseller than one of their customers suffering a disaster and recovering all of their data. The SME arena is the next big market, but it's not there yet."

The market is there for disaster recovery solutions; almost every report agrees with that. It is getting the message across to customers that remains the biggest hurdle.

The Twin Towers disaster definitely pushed disaster recovery issues out of the IT department and into the boardroom, but for how long? In the words of one less than optimistic storage vendor: "In the news one day, forgotten the next."

Summary

The disaster recovery market boomed following the 11 September terrorist attacks.
The SME sector is the most vulnerable to disaster and, therefore, represents the greatest opportunity.
Vendor and channel representatives feel that ignorance about disaster recovery is rife in most companies.
Eighty per cent of all disasters are caused by people and process failures. The remaining 20 per cent result from technological or environmental failure.

Contacts

Computer 2000 (01256) 463 344
www.c2000.co.uk

CNT (01753) 792 400
www.cnt.com

Dantz Development
www.dantz.com

Plasmon Data (01763) 261 466
www.plasmon.co.uk

Tandberg Data (01223) 598 002
www.tandberg.com

Highlights

/news/4046202/staff-salaries-2022

/news/4046158/midwich-ceo-nimans-acquisition-2021-results-returning-pre-pandemic-levels

/news/4046159/vendors-suspend-sales-russia-following-ukraine-invasion