Disaster Recovery: Preparing For the Worst

While the threat of such doom does not come as a shock to customers, it's certainly a sobering thought to solution providers who must up the ante on the infrastructures, applications and services they provide. Whether the attack on the infrastructure is the result of physical terrorism or cyberwarfare, customers of all sizes are concerned.

A recent Forrester Research survey finds that 60 percent of all customers have disaster recovery on their wish lists this year, higher than any other category. Many are already implementing such solutions,particularly those who had a bird's-eye view of the Sept. 11 tragedies. Gartner says spending on disaster recovery and contingency planning increased 25 percent last year, certainly influenced by the terrorist attacks. At the recent American Bankers Association conference in Tampa, Fla., contingency planning was also key on the agenda. Banks and brokerage firms with a key presence near New York's Ground Zero, in particular, are questioning whether being nearby, across town or even across the Hudson River is enough.

But even if your customer is not hit, that doesn't mitigate the impact, Clarke warns. For one thing, someone the customer does business with could be hit. Even worse, a virus or worm is all it takes to unleash a denial-of-service attack that could flood the Internet and corporate networks with packets,and the potential of bringing data communications and Web sites to a grinding halt. Because the Internet's DNS and border gateway-protocol nodes utilized by ISPs remain insecure, customers' hands could be tied if a major cyberattack were initiated, he adds. "You can secure your enterprise like Fort Knox, but if the DNS system is attacked successfully or the BGP system is corrupted, you're not talking to anyone on the Internet," Clarke warns.

Some customers got a taste of how much damage could be done this past winter, just six weeks before the war in Iraq broke out, when the SQL Slammer worm was unleashed. The worm wreaked havoc on the Internet worldwide, disabling 300,000 servers in a period of 15 minutes and shutting down corporate systems for hours. The Slammer worm is a virus that takes advantage of a known flaw in SQL Server 2000 when connected to a network. Although Slammer didn't disable computer systems or data, it flooded networks with packets, which caused a brief shutdown of numerous organizations, including the ATM networks of Bank Of America, Chase and others.

id
unit-1659132512259
type
Sponsored post

The virus, in fact, had such an impact that even those that were immune to prior attacks were hit. Procter & Gamble CIO Stephen David, for example, confessed it was the first attack that penetrated his company's firewall.

"I have to tell you, that was a wake-up call for us," he says. "We're taking action. We thought we were safer than we were."

So what's he going to do? To be sure, he's not taking it lightly. "Disaster recovery is going to take on a whole new meaning, first and foremost," David insists. That means mission-critical systems achieving recovery times of two hours to four hours rather than 72 hours, which "is a ridiculous number today," he says. David is looking for a monitoring system that can see a condition and immediately wipe a system clean and rewrite the program. "That will have some infrastructure costs, but I think we will have close to zero latency in our disaster recovery," he says.

So when you're pitching your customer any type of solution, it's important to presume the potential for a major disruption up front,not as an afterthought.