Special Report: Hurricane Preparedness - The business impact of data storage in disaster recovery
Over 60% of mid-sized organizations do not have a data retrieval plan and are inconsistent at best at making backups. Most have no contingency plans for restoring critical services/operations, no secure offsite data storage, and certainly no on-demand data retrieval.
Rob Peglar, Xiotech Corporation, St. Louis
Without question, data storage is at the heart of today’s oil and gas industry. Disaster recovery (DR) for that data is vital. At the worst, its absence can shut a business down. At the least, companies increasingly need it to comply with government regulations in terms of data accountability and security.
These mandatory impositions are particularly onerous for the oil and gas industry. Industry growth and success often mean that their administrative and management practices lag behind their expansion curve. In other words, it is easy for an oil and gas organization to find itself (albeit unwittingly) outside of compliance. Its officers may not fully understand the requirements of Sarbanes-Oxley (SOX) or any of the dozens of other pieces of regulation that may apply to their particular area of the organization.
However, one thing is certain - whatever nuances may apply to the oil and gas industry, each and every one of them demands that data be protected and retrievable in case of failure. The cost of data unavailability can and does run into millions of dollars per hour in critical customer-supplier or trading environments.
However, according to Enterprise Strategy Group, over 60% of mid-sized organizations do not have a DR plan and are inconsistent at best at making backups. In general, they have no contingency plans for restoring critical services/operations, no secure offsite data storage, and certainly no on-demand data retrieval.
So why is this? Who in their right mind wouldn’t want to keep a secure, up-to-the-second copy of business-critical data (never mind what the regulators want)? The answer is one word: complexity.
Until now it has just been too difficult, especially for the oil and gas industry. Data storage infrastructures have always been operationally complex, and traditionally, the solution has simply been to have multiple copies of everything-and that includes hardware, software, documentation, indeed entire data centers.
This catch-all approach is simply too expensive to be considered by the mid-sized businesses, and they have watched their data expand with a touching faith in the reliability of disk drives and the foibles of human nature as “the IT guys” have struggled with floppies, tapes, and any other medium that might give them a sporting chance of retrieving something-anything-in the face of a massive outage.
That’s the bad news. The good news is that technology has moved on to a point where efficient DR need no longer be the realm of the few or only the very large. DR for the many is upon us.
These new technologies, however, do not eliminate the need for a decently well-thought-out DR plan. For one thing, DR is not necessarily an off-the-shelf activity. A well-thought-through DR plan should consider, and perhaps contain, several levels of disaster “category.” For example, a “disaster” may be the loss of a particular network due to human error when manipulating network cabling. It may be the accidental deletion of an important document. But it might also mean the partial or full loss of an entire facility.
So, while one person’s “disaster” might be another’s “inconvenience,” the relative gravity of the event or events does not mitigate the need for appropriate DR measures. In any event, developing a satisfactory and robust DR scenario is particularly challenging for mid-sized businesses.
One approach that minimizes capital expense involves using a hosted service to mitigate risk involved in securing, recording, transporting, authenticating, and authorizing access to customer record data. This is vital to ensure against practices and procedures that might be construed as regulatory violations or threats to customer privacy, triggering potential liability and practice litigation. This is particularly notable in data storage technologies, where it is vital to continuously protect copies of the electronic customer record, including all transaction-oriented data, to prevent a regulatory-related compliance issue from being raised.
In turn, this involves deploying networks that are simple to maintain, yet have sufficient flexibility and resiliency of design to ensure future growth and increasing disaster tolerance without affecting customer operations or customer record data access at any time, i.e., an optimal storage architecture utilizing off-premise continuous data protection.
According to research by IT industry analyst Gartner, planned downtime is by far-up to 80%-the most common cause of downtime in a network. Planned downtime is followed by application failure, operator error, and operating system failure. Coming near the end of the list are hardware failures, power outages, and natural disasters.
Networked storage technology can reduce or eliminate almost all these downtime causes. However, networked storage technology - especially that traditionally deployed by those in the oil and gas industry - does not necessarily eliminate complexity or difficulty in operation.
To overcome these obstacles, the use of storage virtualization technology is vital to make networked storage easy to use, creating opportunities for storage managers to perform real-time testing of software changes and upgrades. Storage virtualization technology also eliminates much of the tedious, labor-intense tuning and data management present in non-virtualized storage environments.
The choice of technologies for a DR solution for customer data is entirely dependent on the answers to two questions:
- a) How long is the recovery window? and
- b) What constitutes a “recovery”?
If a recovery consists of a complete restoration of operations and all customer record data, then several technologies will be involved, namely server platforms, operating systems, IP networking, storage networking, storage platforms, and all customer-data-related and financial software applications necessary to perform audit and analysis. In addition, trained personnel will be involved to perform the recovery functions, as well as implement any special procedures necessary to ensure complete customer record data restoration.
In addition, zero-time recovery mandates the use of online magnetic disk technologies in all locations, whether hosted or self-operated, to hold enough customer record data to perform all necessary and sufficient examinations and consultations. In this architecture, customer record data is kept in multiple locations via continuous data protection (CDP) techniques, ensuring real-time updating of all instances of the customer record. This method obviates the need to rely on any one physical facility for the necessary files or particular documents tied to or within an electronic customer record.
A typical time period for online customer record data retention is three to five years, after which magnetic tape is traditionally used for archival purposes. However, restoration of customer record data from magnetic tape is a suboptimal process and should not be relied upon for critical data recovery purposes.
Other facets to consider while selecting an optimal solution for customer data storage and DR include choosing a hosted solution that is standards based and easy to implement and operate, requiring minimal full-time-equivalent (FTE) staff hours. This is particularly important in recovery and restoration procedures, in the event of a declared disaster.
A number of storage solutions on the market today are highly proprietary, meaning they do not operate according to ANSI open-systems standards, making them at best challenging and at worst impossible to integrate into existing networks. A standards-based, hosted, open-systems solution is not only easier to integrate, but is optimized to work with future standards-based technologies.
Storage systems are designed with widely varying levels of complexity. For oil and gas applications, look for a system that removes complexity from storage management, with which organizations can upgrade their data management procedures to ensure less interaction by FTE staff. Electronic data can be made extremely secure and are able to be restored from multiple locations. However, these benefits are lost if an oil and gas organization implements a cumbersome storage system that requires significant FTE handling.
Certainly, in the non-regulated customer service domain (no one has as yet mandated that you must get good service), quick and reliable non-stop access to its customer record data confers highly tangible commercial advantages, and very few businesses without such access would survive very long in today’s dog-eat-dog business climate.
Whether mandated by law or by the exigencies of best practice and customer service, the systems discussed above can create an environment that complies with regulatory requirements, serves customers, and makes data management easier and cost effective for all sizes of organizations in the oil and gas industry.
About the author
Rob Peglar [[email protected] ] is vice president, technology, marketing for Xiotech Corp., and based in St. Louis, Mo. He has global responsibility defining the company’s product and solution portfolio. He has extensive experience in information risk management, archiving strategy, disaster avoidance and compliance, and distributed clustered virtual storage architectures.