Preparing for disaster

End users are failing to grasp the importance of disaster recovery, claims the channel. Caroline Donnelly reports

"Do not stand in a place of danger trusting in miracles," is an old Arabian proverb that UK plc would do well to remember, given its lackadaisical approach to disaster recovery.

It seems, despite the threat of the UK's ever-tightening data protection and compliance regulations, many UK businesses are still failing to grasp the importance of having a business continuity strategy to protect them from disaster.

This is based on the anecdotal evidence of several channel onlookers, including Tim Dunger, director at disaster recovery IT consultancy Plan B.

Part of the problem is that organisations often underestimate their reliance on IT, he claimed. "The fact is that many UK companies still fail to prepare properly for IT disasters [because it] is complicated and doing it well requires a lot of planning and testing.

"This is almost never done because it has a tendency to be ruinously time consuming [and] has left many with either cheap, inadequate provisions or expensive provisions that fall short of protecting the business," he told CRN.

Meanwhile, Ben Shellie, chief executive of Symantec partner Chase Information Technology Services (CITS), said few firms consider disaster recovery to be a business necessity.

"Companies are much more concerned about actual threats to their business, such as competitors and exchange rates," said Shellie.

"They pay insurance premiums to cover themselves against all sorts of other eventualities, but they are extremely reluctant to insure against disaster by investing in IT."

This is despite the fact a major, sustained IT system failure can damage a company's reputation and end up losing them business.

"Companies need to [ask themselves] how long they could do without their computer systems before customers go elsewhere and their company suffers irreparable damage," warned Plan B's Dunger.

This is a question the channel needs to ask when preaching the benefits of business continuity to sceptical clients, stressed Simon Broadbent, backup and disaster recovery specialist at software distributor Blue Solutions.

His company specialises in distributing software aimed at SMBs and has partnerships with several storage, backup and disaster recovery vendors.

Speaking to CRN, Broadbent agreed some firms foolishly dismiss warnings of the financial consequences of unplanned downtime as scaremongering.

"It is not just a case of being able to recover the data that has been backed up - companies also need to be able to get their business-critical applications and systems up and running again quickly," said Broadbent.

"It is an area to which people need to pay more attention because downtime and disasters can happen to companies of all sizes," he added.

Indispensable VARs

That being said, larger companies and those in the legal, healthcare and financial services markets tend to have a better attitude than SMBs to disaster recov-ery, according to several channel firms CRN spoke to.

Carlos Escapa, chief executive of Spanish disaster recovery vendor VirtualSharp, told CRN that the problem with SMBs is that few of them have the required technical skills in-house.

"Larger companies tend to have teams of people working on disaster recovery because if an auditor requests a system test or a disaster happens, it will cause big disruption and they will need to pull people off of other projects to clear things up," he added.

Research from EMC-owned online backup vendor Mozy supports this view and shows that a quarter of UK SMBs never back up their data and 22 per cent do it only once a month.

The reason for this, according to Claire Galbois-Alcaix, senior marketing manager for EMEA at Mozy, is the time it takes.

"This is a real opportunity that the channel can take advantage of by stepping in, with products and services, that end users do not have the skills or time to use," she said.

VARs that go down this route often end up being considered indispensable by end users, because of how much knowledge they accrue about their customers' data creation habits and the devices they use, she claimed.

In the case of the vertical markets mentioned, their attitude to disaster recovery can be attributed to the stringent data retention policies many companies in these sectors have to follow.

"Undoubtedly, it is regulation that places disaster recovery at the top of the corporate agenda," said CITS' Shellie. "The Financial Services Authority's (FSA) retention policies, for example, go way beyond what is required for ordinary UK companies."

Realising the need

Even so, having a robust disaster recovery strategy is still rarely treated as an essential business requirement within these industries. It is simply a regulatory overhead, he claimed.

"It is often only companies that have experienced a disaster which see the benefit of disaster recovery [and view it as a business necessity]," he added. "When they have a warehouse burn down or a catastrophic flood, that is when businesses realise just how irreplaceable those records are."

Despite reports about high-profile companies losing data or suffering downtime as a result of natural, man-made or technical disasters, other firms rarely up their game in response.

This is the view of Johan Pellicaan (pictured, right), EMEA managing director of online backup and data recovery software vendor EVault.

"I think it is an issue that needs to be treated by end users in the same way as a high-profile virus attack because data loss can be equally as devastating for a business," he told CRN.

"As soon as a story breaks about a new computer virus, you see an increase in anti-virus software sales and it should be exactly the same with disaster recovery."