The issue of disaster recovery and business continuity is not a storage issue. Of course, storage has some significance to the implications of disaster recovery/business continuity (BC/DR) but so do a lot of other considerations. Storage is the answer to BC/DR to the same extent that electricity is the answer to BC/DR.
Of course, that doesn`t stop any of us in the storage industry from interchanging the terminology. A recent survey from a storage vendor asked questions about the topic and revealed, it claimed, that despite end-users being concerned about BC/DR, they weren`t prepared because many couldn`t tell you how many days it would take to retrieve a lost file.
Of course, that`s how you sell - identify a `hot` concern and explain how your solution maps against that concern. Electricity doesn`t sell itself as a BC/DR solution because it has more other `hot` concerns like providing light and heat. Storage isn`t so lucky.
It`s imperative for a vendor of any kind of IT product/service (particularly enterprise IT) to identify how that product relates to current concerns in order to demonstrate the value and context upon which that product/service is based. The danger is when we start to ignore the other elements that make up the entire context. Danger, because the organisation we are trying to sell to almost certainly hasn`t ignored the context.
When an organisation approaches the need to implement a BC/DR plan they don`t approach it as a storage issue, they approach it as a business issue. Eventually it becomes an IT issue and then because of the nature of the vendor market they have to start breaking it down into a storage, security, enterprise management issue and so on. The point that this is very tricky to hold together is precisely why process management systems like the IT Infrastructure Library (ITIL) system are becoming so popular.
Of course, that is not the only solution to managing the difficult problem. They could outsource the problem or they could bring in a services company so that they don`t have to concern themselves with the individual components, and that`s a very legitimate solution to the problem. But for those who don`t just turn the problem over to someone else, pulling together IT solution areas (which we could affectionately refer to as silos) becomes an obstacle to solving the business problem.
Taking a less cynical view (or the opposing spin), this could also be defined as a best of breed approach but to a large extent the silos of technology have been forced on organisations by vendors, because most vendors fit into one silo or the other.
Returning to the storage market, this silo approach is starting to become a real obstacle to the evolution of our industry. All of us work hard to continue to develop our products and we find areas where we can steal a march by doing something faster, cheaper or better. Then the competition catches up and while we continue to argue about the relative merits of information lifecycle management, our industry is becoming commoditised.
So what`s the solution?
One solution is certainly the evolution of storage products to integrate with other solution areas like security and systems management. I`m not necessarily referring to an approach that sells a BC/DR solution `out of the box`, though that would certainly be possible if this philosophy is followed through. In fact, many IT organisations aren`t comfortable with this `out of the box` approach because they understand the current set-up. They know what a storage product is, what a security product is and how to deal with both. What I`m talking about is a modular approach where storage integrates and interacts easily with other areas of IT within the context of an overall IT process.
Take for example one very simple process that has to be considered as part of business continuity: patch management.
A level of vulnerability might be flagged on security warning sites in systems that run a certain OS - like some legacy NT 4 servers for example - and there might be no patch available, just measures to shut down a service or change the configuration in some way. Using asset management, IT staff can quickly find out which systems are affected and whether it is possible to take the necessary precautions or if this is not possible because the application is affected, defences around the system can be improved. It could also mean a change in backup policy so that copies are taken more often and if the legacy system can be upgraded the combination of asset management and software delivery could affect the change should the hardware not need altering as well. Of course, should patch deployment be the answer then asset management and software delivery can work together; combine that with automated vulnerability notification for all of your systems (regardless of platform) and consolidated information on protection levels and you have something really powerful.
Even in that relatively simple IT process, it requires asset management software, security software, backup software and software delivery to solve the problem. While all of those software products could be managed separately (and probably each would have its own management console to do precisely that) it`s when the products integrate with each other that an IT process can be managed rather than a functional area, and that`s when the whole is worth more than the sum of the parts.
So are there signs that this approach is gaining any traction?
Analysts would point out that end-users are right now asking for more secure storage rather than the integration of security and storage and once again, that is a perfectly legitimate response. I am not suggesting abandoning the development of standalone solutions, but if the new and improved standalone solutions also have the option to be integrated together to form a process solution, do you think that would be rejected as a bad idea? The biggest opportunity for failure in BC/DR plans is bad process so being able to tie storage operations into enterprise management provides a big gain. Similarly, being able to pull information from across multiple products enables a proper picture of what`s going on and makes the whole concept of managing the process meaningful.
Very few vendors have the breadth of portfolio to provide the different solution components. That doesn`t mean that those who specialise in one particular area of storage should give up and move on but they need to acknowledge that the big software vendors are going to be pushing the storage market toward integration with other areas to better support processes like BC/DR (and of course to sell more software!). Smaller vendors need to ensure they integrate into this central management infrastructure picture in order to ensure they remain a relevant part of the process.
To write again about the storage requirements of business continuity and disaster recovery would be to cover well-trodden ground. But that is because it isn`t a storage issue. It`s a business process issue and an IT process issue and the question for vendors is how we are going to support those processes so that it is the business that is protected and the business that can recover, and not just the data. No one expects every vendor to amass the necessary industry expertise to understand the entire business process but we don`t have to. We just have to recognise which cog or cogs we are selling and make sure they fit with all the other cogs.
Share
Editorial contacts