News Stay informed about the latest enterprise technology news and product updates.

U.S. has much to learn about disaster recovery, physical security

Disaster recovery and security measures for IT organizations have improved in recent years, but Tuesday's terrorist attacks in the United States are a chilling reminder that there is still much to learn.

Prompted by fears of an IRA attack, a London bank built a bombproof wall between two of its mainframe systems to protect data from terrorist attack. That was 20 years ago.

While recovery and security measures have improved, Tuesday's terrorist attacks in the United States show that businesses in countries other than the United Kingdom and Israel may be wise to at least plan for the possibility.

For more information:

The Best Web Links on disaster recovery

Many Israeli companies view terrorist attacks as just another one of the threats that require data-recovery procedures, said Hagai Schaffer, CTO of service level management software firm Oblicore Inc., which has offices in Israel. Other threats include fire, earthquake or flooding. "As part of (a company's) procedures backup data may be stored in another location, and another computer site may be prepared as an alternate site in case of emergency," he said.

London-based law firm Manches took steps to guard its systems from terrorist attack because the firm's offices are near many foreign embassies and the country's highest court. But it was a 1996 bomb blast nearby that truly prompted it to action. The firm decided that its recovery plans needed backup facilities since the firm couldn't afford to be without its "IT system for more than four to six hours and without a switchboard for more than two hours," a company official said in case study on IBM's Web site.

Data recovery plans should be for all companies, said Dick Bannister, an analyst with the Evaluator Group of Greenwood Village, Colo. For example, a manufacturing company needs to keep track of its accounts payables. "Most keep all their supply contacts online," he said. "It's critical to have access to this information.

"If you don't have an effective recovery plan, which means getting your data up within a few days, you are out of business," Bannister said. "You are not talking about your stock price dropping but your business being gone."

Data may be recoverable 10 miles from an attacked location. But businesses are people-dependent, so the data may not be worth a lot if the people who understand it don't survive. This means that contingency plans should also include the need for staff to operate it.

The most basic step in a data recovery plan would be figuring out what data is critical for your business and then getting that off site. Smaller companies may be able to move magnetic back-up tapes off site once a day. But such an approach won't work for companies with large amounts of data. For them, products are available that allow data to be mirrored on another system located miles away within seconds.

Most of the larger businesses in the World Trade Center relied on replication, and their data is safe.

Levels of physical security

Besides backing up data, securing computer facilities is an important step, said Tsvi Misinai, CEO and chairman of Israel-based mainframe software vendor NewFrame.

Misinai has observed four levels of security for data centers and other facilities in Israel. The most basic includes a lock on a computer room door. The next security level would include a more secure locking system and perhaps a guard for the computer room and to monitor access to the building. The third level adds scanning equipment similar to what airports use so visitors can't smuggle in any weapons or other dangerous contraband.

The final level, used by the most sensitive organizations such as the military, doesn't allow any non-workers into the buildings. All meetings and even technical support by third-party vendors is done off-site, Misinai said.

Misinai said Israel, the United States and the rest of the world should take security more seriously. Any major business site, data center or skyscraper should observe at least the third level of security, he said.

"The more defensive security measures that will be in place the less casualties will occur," Misinai said. "This is not a paranoia. It is better to waste a few minutes every day of your life than wasting your entire life in one day."


The Best Web Links on managing and implementing an IT architecture

The Best Web Links on securing an e-business

How to cope when disaster strikes

This story originally appeared on searchEBusiness.

Dig Deeper on Topics Archive

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.