IT disaster recovery spending is never an easy sell, but a troubled economy has made the pitch even harder, forcing many
CIOs and IT disaster recovery managers might have been focusing 18 months ago on often-expensive technologies to fill a gap in DR coverage. Now, they are more likely to focus on people and processes. Some are looking to wring more from existing assets by using distant corporate buildings for secondary or tertiary recovery sites. CIOs also are exploiting server virtualization to reduce floor space at their leased recovery sites, and they are boosting the resiliency of their internal IT infrastructures to minimize the impact of a disaster, these providers said.
"The economy has been a challenge for clients, no question," said Patrick Corcoran, global client solutions executive at IBM and 32-year veteran in the disaster recovery/business continuity field. "Before it became an issue, there were a lot of discussions about lowering RTOs and RPOs, especially RPOs. Clients didn't want to lose data."
Now, these same IT departments are taking a second look at data tiers – and recalibrating in some cases – to save money on disaster recovery services, said Corcoran and others.
"We're certainly hearing a lot of hesitancy on the part of customers, whether they're in buying mode or have already bought," said Bill Hughes, director of consulting services at SunGard Availability Services LP. "We're seeing projects delayed, decisions delayed and a lot of questions on how can we do this for less cost."
Budgets for IT disaster recovery and business continuity have not shown much erosion, as measured by industry surveys. They account for between 3% and 6% of the data center budget. But some of that resiliency is likely due to the long-term nature of DR contracts, Hughes said.
Companies that have used external providers for DR are looking at internal options for a cold or warm site, a nearby building or an underused facility acquired in a merger, according to Bob Boyd, CEO of Charlotte, N.C.-based Agility Recovery Solutions Inc. Companies that in past years would have contracted for 150 seats are seeing if they can manage with a 25 seat-trailer and reserving the right to scale up if needed.
Regulatory and board requirements for disaster recovery, never mind hurricanes, new computer viruses and the anticipated explosion of swine flu, prevent companies from dropping DR programs altogether, Hughes said. "What they're trying to do is trim the edges, whether it is by cutting back on travel, consultant time or what they have in their solution set."
Clients are also looking to streamline the technologies they need on the recovery floor, Hughes said. "A customer with 500 systems whose initial plan was to duplicate those 500 systems at a SunGard recovery center is now asking, 'How do I focus, prioritize, and what technologies do I use,'" he said.
We're seeing projects delayed, decisions delayed and a lot of questions on how can we do this for less cost.
Bill Hughes, director of consulting services, SunGard Availability Services LP
Risk assessments, or business impact analyses (BIAs), sometimes glossed over, are big this year.
The current budget constraints are changing the IT disaster recovery discussion in another way, these providers said, driving home a message long harped on by industry gurus: namely, that disaster recovery cannot be the province of IT alone. Too often IT staffs have discussed DR in terms of recovering servers rather than business value, experts say. In order to gain business support for DR, CIOs are realizing they must map DR programs to corporate strategic initiatives.
"Business continuity and disaster recovery tend to be very IT-focused, [saying], 'We recovered server XYZ in this amount of time.' We need to stop talking about disaster recovery and business continuity in terms of technologies, because technologies aren't of interest to the business," Hughes said.
With money tight, a lot of companies are delaying testing on DR programs, a weak commitment in good times. (Less than half of the companies that have DR programs test, according to industry surveys.) Providers were unanimous in cautioning against this. "You are lengthening the window of risk and not getting the return on investment of disaster recovery," Hughes said.
A lot of companies go through a DR process to fulfill a regulatory requirement or because a big customer, such as the federal government, requires a DR recovery plan, but never take the next step of testing, said Boyd. "It's only through testing that you realize IT, for example, can only rebuild a server if it's a Dell, not an IBM."
Sometimes investment in new technology gives the most bang for the buck. Read about how technology is changing DR outsourcing.
Let us know what you think about the story; email Linda Tucci, Senior News Writer.
This was first published in August 2009