Disaster recovery: Don't forget mobile
by Mary K. Pratt, m.computerworld.comJanuary 14th 2013 6:00 AM
Computerworld - SAP had two priorities when the earthquake and tsunami hit Japan in 2011: Contact its 1,000 employees there and ascertain their needs.
Given the sheer scope of the devastation, and the subsequent nuclear crisis, the task would seem herculean. But SAP leaders quickly connected with their Japan-based workers, most of whom had mobile devices, either company-issued or their own.
The next step, says SAP executive vice president and CIO Oliver Bussmann, was getting back to work, even though the company had to temporarily close its Tokyo office. With redundant systems and its global reach, SAP was able to shift some workload out of Japan while its employees there were able to use their smartphones, tablets and laptops to access corporate assets.
To continue reading, register here to become an Insider
It's FREE to join
Already an Insider? Sign in
Computerworld - SAP had two priorities when the earthquake and tsunami hit Japan in 2011: Contact its 1,000 employees there and ascertain their needs.
Given the sheer scope of the devastation, and the subsequent nuclear crisis, the task would seem herculean. But SAP leaders quickly connected with their Japan-based workers, most of whom had mobile devices, either company-issued or their own.
The next step, says SAP executive vice president and CIO Oliver Bussmann, was getting back to work, even though the company had to temporarily close its Tokyo office. With redundant systems and its global reach, SAP was able to shift some workload out of Japan while its employees there were able to use their smartphones, tablets and laptops to access corporate assets.
"There's much more potential out there from a disaster-recovery perspective," Bussmann says, noting that SAP in the past two years has more deeply incorporated mobile devices into its disaster-recovery and business continuity plans.
CIOs like Bussmann are increasingly considering how mobile capabilities can help their companies get through catastrophes. In the 2012 AT&T Business Continuity Study, 67% of the 504 U.S.-based IT executives surveyed said that they include wireless network capabilities in their business continuity plans.
Despite that high percentage, though, the effectiveness of those plans varies widely, IT leaders and consultants say. Organizations using mobile devices for everyday tasks are more likely to have plans to use them in disasters, while those that don't are less able to rely on them in crisis situations.
However, as more people use smartphones and tablets to do their jobs, CIOs will have no choice but to figure out how to effectively fit mobile into their disaster-recovery plans. To do that, they must consider what data -- if any -- is stored on the devices, how workers access corporate systems on a regular basis as well as during a crisis, and what barriers they would encounter during any sort of incident.
That, in short, means analyzing the opportunities and challenges related to such a strategy.
"The more mobile you can make your workforce, the better off you'll be, so it's certainly a tool CIOs need to think about from a business continuity perspective," says Michael Porier, the Houston-based managing director of consulting firm Protiviti.
Companies are incorporating mobility into their emergency plans in part so they'll be able to send out blast messages via email, text and voice -- an approach that increases the odds that at least one type of message will get through, Porier says. Companies often use such blasts to check on workers who are in harm's way and to provide information on safety programs and work processes.
Computerworld - SAP had two priorities when the earthquake and tsunami hit Japan in 2011: Contact its 1,000 employees there and ascertain their needs.
Given the sheer scope of the devastation, and the subsequent nuclear crisis, the task would seem herculean. But SAP leaders quickly connected with their Japan-based workers, most of whom had mobile devices, either company-issued or their own.
The next step, says SAP executive vice president and CIO Oliver Bussmann, was getting back to work, even though the company had to temporarily close its Tokyo office. With redundant systems and its global reach, SAP was able to shift some workload out of Japan while its employees there were able to use their smartphones, tablets and laptops to access corporate assets.
To continue reading, register here to become an Insider
It's FREE to join
Already an Insider? Sign in
From there, he says CIOs are determining which employees can use their mobile devices for work during an incident and how that will happen. Porier says IT leaders need to have security measures in place, whether that's mobile device management software to secure, monitor, manage and support the devices or some other process that protects corporate data. And they need to determine whether to allow employees to download data to their devices or require them to access it through secure channels, such as a VPN.
Ray Thomas, a senior associate who oversees business assurance at consulting firm Booz Allen Hamilton, says he and his colleagues have been weighing such issues in recent years as the firm has endeavored to make its workforce more mobile. "We've been building mobility into how people work on a day-to-day basis, and that same flexibility works to our advantage during a disaster. As long as there's connectivity, our employees can continue to be productive," Thomas says.
Booz Allen has a notification system that uses email, voice and text messaging to push out messages that workers can access via smartphones or tablets. Employees can also access the corporate network with smartphones, tablets, laptops and personal desktop PCs.
Meanwhile, Thomas says employees routinely download work files onto their laptops, and they're reminded to plan to take work home on their devices in advance of expected events, such as Hurricane Sandy, so they can work even if connections with the corporate network are sketchy.
But that approach underscores the limits of a policy that relies on mobile devices during disasters: Power, connectivity and access to corporate networks are no guarantee. "There are weak links all over," says Gregg "Skip" Bailey, director of technology, strategy and architecture at Deloitte Consulting.
He points out that when a magnitude 5.8 earthquake hit the Washington, D.C., area in 2011, cellular networks were overloaded, and many people couldn't make or receive calls, although some texts were able to slowly make it through. And Hurricane Sandy took out some cell services completely and left many areas without the power needed to recharge devices.
Companies with workers accessing the corporate network from handheld devices also need to consider whether they can accommodate added network traffic during an emergency, says Joe Nocera, principal in PwC's Advisory Technology Consulting practice. He says a typical VPN might be used by 20% to 25% of a company's employees on a daily basis, but usage can spike to more than 80% during a disaster.
The Benefits of a Virtual Desktop
When CIO Gary L. Bateman started deploying desktop virtualization technology three years ago, he figured it would help him save some money and simplify IT support -- both crucial as his employer, the Iowa Workforce Development agency, was facing drastic budget cuts.
The new infrastructure combined with a new bring-your-own-device policy allows the agency's 1,000 workers to easily access corporate files from any computer, whether it's a client PC in the office, a personal smartphone or an agency-issued tablet. Members of the public can also connect with the agency through the virtual desktop.
"We had positioned ourselves to compute from anywhere you could get an Internet connection, and from a disaster-recovery perspective, that works out great," Bateman says.
Of course, it's not quite that simple, Bateman adds. His IT department distributes workloads between its two data centers to cushion against the chances of all systems being disabled during a disaster -- a turn of events that would leave employees unable to work at all.
"As long as we have power and connectivity to at least one, you can still get to virtual environment," he says. "We can stay in business, because anything I can run from an office, I can run from a virtual desktop."
Interest in desktop virtualization is high. In a 2012 Cisco survey of 600 enterprise IT leaders, 68% of the respondents said that they agreed that a majority of knowledge worker roles are suitable for desktop virtualization, and 50% said that their organizations are implementing desktop virtualization strategies.
Survey respondents listed business continuity as one of the three areas that would benefit most from desktop virtualization (employee productivity and IT costs being the other two). Moreover, the respondents saw desktop virtualization as key for mobile computing, with 81% citing laptops as a priority, 76% choosing desktops, 64% citing smartphones and 60% naming tablets.
Computerworld - SAP had two priorities when the earthquake and tsunami hit Japan in 2011: Contact its 1,000 employees there and ascertain their needs.
Given the sheer scope of the devastation, and the subsequent nuclear crisis, the task would seem herculean. But SAP leaders quickly connected with their Japan-based workers, most of whom had mobile devices, either company-issued or their own.
The next step, says SAP executive vice president and CIO Oliver Bussmann, was getting back to work, even though the company had to temporarily close its Tokyo office. With redundant systems and its global reach, SAP was able to shift some workload out of Japan while its employees there were able to use their smartphones, tablets and laptops to access corporate assets.
To continue reading, register here to become an Insider
It's FREE to join
Already an Insider? Sign in
Moreover, Bailey and others say, workers have to be accustomed to using smartphones and tablets for daily tasks before a disaster strikes. Executives shouldn't assume that workers will be able to easily switch from their regular desktop habits to working on their handhelds. Nor should they expect workers to learn on the fly how to use a VPN to access corporate systems from their home computers. And even if they could, let's face it: Working on a smartphone or tablet doesn't match the ease of working with a desktop's full-size keyboard and screen.
Of course, all this talk presupposes that corporate systems will remain up and running during a disaster. If they don't, that's a whole other ballgame.
"If you have a data center that gets wiped out, it doesn't matter if you have mobile devices," Bailey says.
With that in mind, IT needs to understand the role mobility plays in keeping a business running as it plans its back-end recovery efforts, making it a priority to restore the servers that support mobile device management and applications that enable mobility, Nocera says.
"It's knowing where those applications are being served up and making sure you have them covered in your recovery plan," he says.
More CIOs are bumping that up the priority list.
Buddy Cox, executive vice president and CIO at Houston-based Cadence Bancorp, is seeing that firsthand. According to industry statistics, 18 million people bank via mobile devices today, and that figure is expected to grow to 50 million by 2015. Faced with those kinds of figures, along with workers' changing work styles, he says he's enabling more mobile devices to handle a growing number of mission-critical applications.
"We looked at what our customers and [employees] need to access in an event, from minor interruptions to catastrophic ones. And we know who carries iPads or iPhones and what options we have," he says, explaining that his disaster-recovery plans also include regional recovery sites where employees can work. Those sites even have satellite-based communications systems.
But, for now, experts agree: Mobile isn't a panacea, but rather one piece of what should be a multilayered approach that also includes land-based connections, alternative office sites and some redundant systems.
"We haven't gotten to the state where [we can] just fail over to mobile devices," says Dan Waddell, senior director of IT security at eGlobalTech, an IT consultancy in Arlington, Va., and a member of the board of the International Information Systems Security Certification Consortium. "They should be considered, but they should not be the only option."a
Pratt is a Computerworld contributing writer in Waltham, Mass. Contact her at marykpratt@verizon.net.
Read more about Mobile/Wireless in Computerworld's Mobile/Wireless Topic Center.
Original Page: http://pocket.co/sG3BM
Shared from Pocket
No comments:
Post a Comment