Enterprise Organizations Need Formal Incident Response Programs

I spent the early part of my IT career in the storage industry, mostly with EMC Corporation. Back then, large storage subsystems were equated with IBM mainframe computers, with a heavy emphasis on the financial services market.

Topics: Information Security IBM Data Protection Information and Risk Management HP Security and Privacy incident response SunGard E&Y Booz Allen Accenture

SunGard On-Premise Managed Recovery is Coming

I love Ah-Ha moments followed by Heck-Yeah exclamations … when you hear about something new and yet so intuitive that you have to shout “Why haven’t folks always done this?!?” Maybe they didn’t do it in the past because the technology wasn’t there yet, or the economics, or whatever. But in IT, I am always jazzed when I get the chance to dig into one. Here are few of my favorites:

  • Item-level recovery from whole-VM based backups
  • Storage tiering that enables near-transparent scale-up and scale-out
  • Integrating snapshot recoverability into traditional backup UIs
  • Client-side deduplication using APIs from production workloads to the storage itself

There are others and none of the ones above apply to this blog post, but you get the idea. My most recent experience came from SunGard.

Earlier today, I was visiting with some folks from SunGard who were discussing a new service that they are bringing to market: MRP-OP. Managed Recovery Program (MRP) is one of SunGard’s foundational offerings of providing their infrastructure and expertise to ensure that your business can continue operations.

Historically, a lot of enterprise IT teams presumed that they didn’t need SunGard because:

  1. They deployed the applications and servers originally or are maintaining them now, so they understood their environment
  2. They owned more than one data center
  3. They were using replication technology between those sites.

So, let’s unpack those rationalizations:

I have already soapboxed on how “replication technology” does not equate to a “disaster recovery” capability (excuse #3) – replication is a means of data survivability, so that you can deliver real BC/DR.

See my earlier blog post on Your Replication is not my Disaster Recovery.

Just because you originally deployed those servers and applications and now ensure that they stay running (excuse #1) does not mean that you necessarily understand what it would take to get them from scorched earth to operational in a timely manner. And by the way, which ones really need to come up first (based on financial or operational assessments)? Most operational IT folks can’t answer that.

Check out Chapter 2 (free download) of my book on quantifying RPO/RTO using the BC/DR methods of BIA & RA to understand your TCO & ROI for data protection methodologies. Chapter 2 helps you calculate it, while Chapter 12 helps you map it to a BC/DR strategy and program.

But perhaps most important reality to point out – owning a secondary data center does not make you a disaster recovery expert (excuse #2).

With those realities in mind, SunGard is in the process of packaging their Managed Recovery services in a way that can be delivered when large companies do own two or more data centers, but those IT teams recognize that they are not in fact DR experts. The MRP-OP (on-premise) offering takes the business impact analyses, process development, and other true BC/DR expertise that SunGard offers and partners it with the operational IT folks in multi-site organizations.

For large companies with multiple sites and skilled operational IT folks, SunGard's MRP-OP appears to be a perfect scenario that meets companies' needs where they are instead of where traditional DR has always been -- so I will be watching as SunGard works to bring it to market later in 2012.

Topics: Data Protection SunGard disaster recovery