January 26, 2014
Realities of Post-Disaster Data Recovery
by Brian Cooney
Data management, business continuity and post-disaster data recovery requires a shift in mindset from firefighting to fire prevention. Zero disruptions is a bold strategic imperative that provides a competitive advantage by enhancing field productivity, increasing office efficiency, reducing downtime and preventing data losses.
Data management today requires an enterprise view integrating a company’s increasingly complex networks. Data must be construed to encompass all information generated, received, transmitted, stored and retrieved throughout the organization. Additionally, data must be incorporated from its various physical and virtual locations, including mobile devices. Following are IT trends affecting AEC companies:
- expansion of email as the predominant form of intra- and inter-company communication;
- growth of online data mobility project management tools using smartphones and tablets to access and transmit data;
- increased adoption of document imaging to replace paper recordkeeping files;
- growth of enterprise resource planning (ERP) platform systems and integration with best-in-class specialty software programs;
- estimators’ use of the same database to work from multiple locations on complex projects;
- increased adoption of, and massive data files generated by, BIM;
- emergence of hosted and cloud-based data recovery systems;
- expansion of e-discovery in litigation, which raises expectations for (and increases the risks of ) record retention; and
- proliferation of social media networks combined with bring-your-own-device policies, which creates new portals for hacking, malware and viruses.
The severity of natural disasters and the escalating number of man-made emergencies and technological disruptions compounds the construction industry’s dependence on IT systems. Many of these disruptions “only” result in temporary IT system shutdowns, while others pose a threat to the viability of the business.
A company’s vulnerability to data loss can be increased or decreased by the actions taken (or not taken) with regard to data backup and recovery. A robust business continuity plan is the first step. Companies have many choices when selecting the best way to back up their vital information and mission-critical data.
Automatic offsite (hosted or cloud-based) data backup protocols at regular intervals are the best prevention for data loss. These backups must be set for every type of data and for every type of device accessing, transmitting or storing information.
Another data recovery strategy is imaging the company’s server and running the restored replica image from a new server in a remote location. However, this strategy requires pre-planning. In a large-scale disaster, obtaining replacement servers may not be possible.
Causes, Costs and Consequences of Data Loss
Data disruption is a reality of the modern work environment. Causes of data loss include:
- failure to initiate or maintain regular data backups;
- hardware failure;
- human error resulting in accidental deletion, overwriting of data or forgetting to add new IT systems/devices to backup protocols;
- failure to test the backup and data recovery restoration process to determine adequacy;
- software or application corruption;
- power surges, brownouts and outages;
- computer viruses, malware or hacking;
- theft of IT equipment; and
- hardware damage or destruction from vandalism, fire and water (rain, flood or sprinkler system discharge).
The consequences of lost data include direct loss of revenue from missing bid submissions or customer orders, direct expenses to pay for technical specialists to help recover data, decreased productivity during the shutdown and costs to re-key or obtain replacement data. For contractors selling directly to consumers, the loss of Internet connection for any extended time could prove costly. Lost data also can result in litigation for breach of confidential information plus adverse publicity.
A 2012 study commissioned by cloud-based data backup company Carbonite revealed 45% of small businesses (defined as fewer than 1,000 employees) had suffered a data loss. Fifty-four percent of the data losses were attributed to hardware failure, and the average cost for data recovery was $9,000.
Real-World Data Loss Scenarios
- Laptop motherboard failure. A project estimator was working offline when the motherboard crashed. Because of a tight deadline, he had to restart the estimate from scratch. Although the bid was successfully submitted on time, the estimator fell behind on pricing other jobs that the company failed to win.
- Lost iPhone. Pictures of a project safety incident with documentation of a mismarked “one-call system” utility spot were lost. The photo documentation had not been transmitted to the office, and the contractor lost the request for damages against the utility locating service. Moreover, the smartphone was not properly password-secured, allowing unauthorized access to contacts, client information and company data.
- Desktop computer backup location not properly mapped to server. When a workstation was upgraded with a new desktop computer, it was not mapped to the server for automatic backup. The computer hard drive crashed, and no files were backed up. Recovery using the old desktop computer was slow, and data created on the new computer was lost.
- New database not added to the nightly backup protocol. A company purchased a new customer relationship management database and, after a power outage, realized it had not been added to the nightly data backup protocol.
- Onsite data backup location destroyed. The building housing an onsite backup server was struck by lightning, which started a fire and resulted in a total loss of all current and historical data.
- Disaster recovery software not properly configured. While conducting a test of a company’s disaster recovery plan, it was discovered that some critical data was not being captured in the backup files.
- Laptop and tablet stolen from a jobsite trailer. The field equipment had not been backed up for several weeks, resulting in the loss of key project documentation.
Best Practices for Data Management
Data management and IT network administration is a strategic, unique function for all companies. It is not possible to delineate all data management best practices, but the following guidelines should help enhance most companies’ post-disaster data recovery efforts:
- Determine the company’s recovery-time objectives, and plan and budget accordingly. Identify which functions and systems must remain operational at the time of a disruption or disaster. This requires advance planning and budgeting for necessary systems and technical support services. It also helps prioritize risk-reduction strategies, including investments in data management backup system and security upgrades.
- Develop a written business continuity plan that outlines specific responsibilities for protecting vital information and mission-critical data. The business continuity plan should include protocols for backup and synchronization of all office systems and virtual/mobile devices. It also should address the frequency and format for testing data management integrity and security, as well as how gaps will be identified and addressed.
- Inventory the company’s vital information and mission-critical data, and verify it is being backed up. Key considerations include how the data is being backed up, by whom and how frequently, as well as where the backup data is stored. It is important to ensure the data backup and restoration process work as designed.
- Initiate automatic scheduled backups, ensure the backup data is stored offsite, and test the adequacy of the data backup and restoration methods. Consider the added benefits of imaging the company’s servers to achieve a complete restoration of the data management system
- Develop a comprehensive diagram of the company’s integrated data management network, including all physical and virtual/mobile subsystems. Ideally, this will be an “as built” blueprint of the company’s configuration consisting of the hardware, operating systems, software and applications that make up the data management network.
- Institute policies regarding the use of the company’s Internet, including security protocols. Implement policies for user authentication, password verification, unacceptable personal devices and reporting of lost equipment. It is essential to communicate these policies and security protocols to all users and to train new employees.
- Establish proactive management of the company’s data and IT network. Ensure the company’s network administrator has state-of-the-art tools, including remote access, help desk diagnostics and anti-spam and malware protection. Request periodic updates on all software licensing audits and verification that all security patch updates have been installed on a timely basis. Establish a fixed replacement schedule for hardware and software.
There is good news and bad news regarding business data management and recovery. The bad news is that the need for post-disaster data recovery can no longer be ignored. The increasingly complex and connected business world demands pre-planning for business continuity. The good news is that data management and recovery services are scalable to meet the custom needs of every business regardless of the size and scope of the operation and its degree of data dependence.