Protecting the business

Von Kavitha Rajasekhar

Data locked away safely is of no value, unless an enterprise figures out how exactly it can make that protected information available to it, even during a crisis. With some helpful vendor nudging, it appears that enterprises in the Middle East are finally beginning to look at Business continuity (BC) in its entirety -- which brings in critical components like data protection, security and disaster recovery strongly into the mix. And what"s more, the region"s mid-market seems to be in a state of heightened awareness to ensure that BC meets DR and data availability, as SAME found out.

These are interesting times for both the Middle East enterprise market and vendors alike. Not only is BC top of mind, but customers are now talking about it in its entirety. And interestingly, it is not the regions big boys that are putting their spending bucks up-front, but the mid market that seems to be getting out there to lead the pack and vendors are not complaining.

One thing is certain, companies today are moving away from the one-fit-for-all option, which no longer serves the purpose, more so in the case of a BC or a DR strategy. Therefore any investment in this area needs to be mapped closely to the specific business requirement. " The trends in the industry stem from this realization," says Symantec Middle East Country Manager Gulf & Levant, Vikram Suri, and goes on to add that "BC is more about evaluating your requirements to assess the level of risk you are willing to endure to reap a certain amount of benefit."

"Customers today are saying, yes we need to protect the data, but once they have done that, they also need to see a way to make that data available to them. Data locked up safely somewhere does not ensure business continuity, it is now about total protection and availability -- or Continuous Data Protection," says storage integration player CSI"s Director Tim Carlson.

According to Carlson, only a combination of a BC and DR (disaster recovery) strategy will ensure that the data is protected and made available. "It needs to be tied up with disaster recovery and the overall concept of data protection. Continuity is being seen as the next step from protection. Your data is protected if it is locked down, however, businesses need to have their data available to their customers, yet secure and recoverable should anything go drastically wrong," he adds.

IT managers agree. Like the IT Department Manager of Abu Dhabi Oil Refining Company (TAKREER) Faud Al Ansari says, a BC strategy is more than just data protection. "Data protection is one of the most crucial factors that build up the BC concept. Yet, another important aspect of BC is availability of services and restoration of services and in some critical cases - immediate or seamless restoration of services. Of course restoration of service is pretty much linked to proper restoration of data, which by itself mandate proper data protection schemes," says Al Ansari.

Getting a single view

Getting the right value from data and storage infrastructure is about consolidation, and there are enough reasons in an emerging market like the Middle East that push the envelope for storage consolidation. With compliance norms looming large over the region, the back-end storage, DR and BC strategies need to fall in line and ensure compliance even in a crisis situation. "Among the fastest growing areas within the Middle East"s information storage sector are software solutions that enable rapid data recovery from a diverse range of hardware systems and e-mail archiving solutions which help companies comply with record retention regulations," says Heini Booysen, Program Manager with analyst group IDC.

Organizations are also finding that data locked or stored in different sets of storage pools are not delivering value across the enterprise. Getting a single view of the business and the data is therefore being considered as key to ensuring BC. Data replication, storage consolidation and data classification are beginning to be looked upon as intrinsic to BC with the region"s businesses.

"The biggest technical issue facing us as a major telecom player is storage consolidation and ensuring that this scales up to also provide total BC and DR. If you ask any big player in the region today on whether they have a complete DR strategy, they will most certainly say no, but the idea is to ensure that we take it step by step to and make sure that the most critical data stays protected and available," says Kuwait"s Wataniya Telecom Manager Technology and Product development Fawaz Bassim.

And most importantly, organizations across the board including mid-market players are keen to secure and protect their data in a cost efficient manner. According to Hitachi Data Systems Senior Director EMEA Product Marketing, Phil Jones, organizations across EMEA were in a stage of taking a consolidate view on their infrastructure including those supporting their BC, DR and storage requirements. "They clearly want one view of the environment and vendors need to understand and enable that. We are looking at this as a data protection strategy, which ties in all requirements like tiered storage, archiving and data protection. Customers are also keen that all data protected should clearly have a tangible value to the business," says Jones.

Approaching BC from a business process, Computer Associates Business technologist Paul Ranstead says following an ITIL perspective allows a business to quantify how much a particular process or its management is costing the business. " CA from its Unicentre perspective right up to Bright Stor (for backup and recovery) and Pest Patrol security products follows a single management console strategy, which we believe enables an enterprise to leverage value from any of its technology driven strategies, including BC," Ranstead says.

CSI"s Carlson adds that with a consolidate data management and protection strategy, companies are able to react to changes in the market or environment with greater flexibility.

How much is your data worth?

Any BC and DR strategy and solution like any other IT project has an ROI factor attached to it. While companies are willing to put the money on the table for protecting their business data, they clearly want the spending to be proportional to the value of the data they are protecting.

One model being looked at closely by end-users and vendors alike is the "maximum acceptable outage". "Many customers are now keenly classifying data and deciding how much downtime are they willing to have based on the data"s value and importance to the business. They are then able to come with a strategy that provides both cost competitiveness and data protection," says CSI"s Carlson, who incidentally uses an in-house built program that calculates the value of the data to the business in currency.

The Information Security Consultant, of the Abu Dhabi Police, Manhal Musameh, validates this trend. "BC planning is directly proportional to the importance of business services being provided/protected. It is a risk-based business oriented process and should never be treated as an absolute technical matter. Some services can accept disruption more than others and this is the factor that should be considered during the development of the BC strategy. Different strategies can be considered based on the Maximum Acceptable Outage (MAO) of the service," says Musameh.

The well-diversified Al Ghurair Group for example is one company that uses a mixed model to protect its data and applications. Given the fact that the group has vast investments in different sectors spanning from manufacturing, plastics, paper and other industries, 24x7 type of operations and information systems availability is critical in some areas and not so critical in other segments.

"Our business dictates that disaster recovery can take up to four hours without having significant impact on business. This allows us to plan and configure disaster recovery procedures that meet our business requirements while paying attention to the required investment," says the group"s CIO Hatem Al Sibai.

"Al Ghurair is unique in the sense that we use a centralized data center model as well as a distributed data center model at the same time. Applications specific to a company, such as vertical applications meant for a specific industry, are hosted in a mini data center located in that company. On the other hand the ERP is a common application and is centrally hosted in our main data center. This minimizes the impact of a disaster event that leads to loosing one data center," Al Sibai says.

Takreer, being one of the major oil refining companies in the region and due to the nature of its business adheres to high standards of BC at the corporate level. Consequently the same theme flows in various disciplines of the company including IT. "As a whole, BC and DR is a must for any enterprise however, the importance and degree of its comprehensiveness is a subjective matter that is particular to any arbitrary organization. Without any DR or BC plan, the enterprise is prone to undergoing chaos and loss of company asset during any unexpected interruption of business due to disasters. In a way the enterprise itself needs to identify the value and criticality of its data to the business of the enterprise in the first place and then the people in charge of DR and BC can lay down the necessary plans. Of course the IT DR plan should be integrated with the overall enterprise BC plan," Al Ansari says.

These large enterprise and their experiences in implementing a DR and BC strategy can offer important lessons to the mid-market to learn from, say vendors. While Peter Tandy, EMEA Sales Manager (Data Management Solutions) at Sun Microsystems agrees that the demand levels for BC and DR are increasing in the market, he warns that many companies could struggle like the larger firms to keep it running. " You need to test your DR sites once every six months. Continuous data protection is another important area. Most companies don"t realize that their mission critical data is still unprotected and they are protecting data, which has zero value to their businesses," says Tandy.

Like EMC EMEA, Solutions Specialist, David French says, "information is clearly evolving as currency for the next generation of enterprises and the world." "It is the power to decide and dictate, and protecting this vital asset is mandatory for any organization, if they wish to survive," French adds.

Security moves into the mix

Recent technology alliances between storage players and the broader industry has been very noticeable in the realm of security partnerships. Clearly the industry is beginning to see that security and information integration is as much a part of BC and DR as infrastructure components. "Data integrity and its safekeeping are vital for any organization to continue in the face of a crisis, which might take the shape of physical disasters or the more frequent threats of logical intrusions like denial of service, hacking, spam and virus attacks," says EMCs French. According to him, he sees threat assessment as the first stepping-stone on the road to ensure the continuation of business.

"Most people come to us for backup and clustering without giving much attention to first understand the threats they face and then prioritize them. We encourage and even advise businesses to make use of expert threat assessment analysis and then take the next step of deciding on the correct prescription to backup their data," he says.

The second most important factor that makes people hesitant in ensuring business continuity protocols is the cost factor. "It has been noticed that most people downplay the threats they face consciously, thinking about the viability of such a venture because it is costly. What they fail to realize is that if for any reason they are out of business due to data loss or any other reason, the cost to the company will be far greater then they have ever anticipated". French also concedes the fact that consciousness is gradually rising to take steps in protecting one"s data.

Customers are also beginning to integrate information security closely with their BC strategies. "Security measures play major role in the BC plan and it can be viewed as a preventive measure towards the disaster occurrence. Therefore, BC strategy that is coupled closely with the security measures ensures the cohesiveness of prevention and solution plans," adds Al Ansari of TAKREER.

At his company, the IT team, has taken various initiatives towards deploying it"s DR plan by implementing offsite/on-line back up of data and identifying hotspots for DR. Restoration of services from the hotspots in the least possible time is anther initiative that is under pilot and soon it would be applied on all business critical applications running in Takreer environment. "In order to tie up its DR plan closely with the security measures, Takreer has started the process of conducting a comprehensive third party IT Security Auditing task and once completed, a concrete IT DR plan will be in place to ensure the BC of Takreer IT services," he adds.

Manhal of the Abu Dhabi Police also sees BC as an integral part of information security. Since the core of BC is Availability (availability of services which depends on technology and information) and since the main target of Information Security is Confidentiality, Integrity and Availability, we can see the tight relation between security and continuity," Manhal says.

Vendors are no doubt responsible in large part for pushing varied IT technologies to begin talking to each other. Take the Symantec and Veritas merger for example. According to Symantec"s Suri, the company has been talking about a concept known as information integrity over the past year, which underlines much of its ethos at present. "We believe that information is the most valuable asset of a business today, and as such, it should be readily available to those employees and partners that need to access it to do their jobs effectively, but at the same time must be secure, so that competitors can"t steal ideas or contacts. Securing your data should be important throughout the process and needs to be an integral part of the business continuity planning," he says.

Even as Symantec pushes the envelope for ensuring enterprise security, Veritas is bolstering its portfolio of backup, recovery and archiving software and technologies to cater to the growing need for ensuring data integrity and continuity. Recovery management technologies, particularly provide that missing link between applications and continuous data protection. Back-up for mission-critical data, once a goal in itself, is now only the beginning. "Today, businesses are keen to develop sound recovery practices for their critical data. For Veritas Middle East"s customers -- rapid, seamless recovery of corporate information from the widest variety of sources and systems also reduces information management costs through better use of hardware and other existing resources," Omar Dajani, Technical Consultant for Veritas Middle East.

The shift in the industry is clearly indicated in the way another IT security player -- ISS views the market. Though the company does not yet play in the BC and DR segment with a specific set of offerings, moving in that direction is certainly the way to go, says ISS VP EMEA Marketing Peter Stremus. "Security is all about protecting the business, and naturally we see the industry expanding to find a play in segments like storage, BC and data protection. ISS certainly see value in looking at this segment, Stremus says.

The mid-market is the place to be for vendors

DR and BC continuity are no longer terms that you are likely to hear in the corridors of the Middle East"s largest enterprises. Interestingly, small and medium players are beginning to show technology buying patterns that are comparable with the enterprise customers. At the recent StorageWorld Middle Show, it was more than evident that the mid market is the way to go, especially for the vendors, who are now pulling out all stops to offer easy to manage and cost competitive products to suite the mid market needs.

"The Middle East is one of the leading regions where surprisingly a huge number of organizations realize the gravity of the issue and are taking active steps to address them," says EMCs French. "SMBs in this region are particularly quite mature in this regard to understand the importance of data protection and reinforcement and we expect demand to rise in the coming months," he adds. EMC caters to a variety of customers in the Middle East including the finance and telecom sector and is also focusing on the mid-market.

"Clearly, the market message we vendors are getting is that regardless of size, even the smallest companies want the highest set of functionalities if their business warrants it. DR, data protection, compliance requirements and overall BC issues are top of mind. Particularly we are seeing companies in the mid market look for ROI, simplification of storage and DR infrastructure and easy management capabilities," says Hitachi"s Jones.

But why are small player seeing growth in technology usage that often tends to be far greater than their size? "The small customer is growing quickly in this market and scalability is a big requirement. We also find that in this region, we need to define and describe companies in terms of their IT maturity rather than their size. So quite literally, an SMB company can show behavioral patters like a large enterprise," he adds. To support its mid-market focus, Hitachi is going the modular route, offering products suited for the needs of smaller businesses.

"Absolutely, as before, the importance of business continuity is accepted at many levels now, as the prevalence of technology spreads and virtual filing becomes the norm. The filing cabinet may be disappearing, but disk and tape storage, as well as more enterprise-focused solutions, have been seen creeping in to the mid-market in this region," says Symantec"s Suri.

The service provider segment is also looking at offering competitive BC and DR as a packaged service to target this burgeoning mid market segment. Take the case of ASP Gulf, which offers hosted services and outsourced infrastructure management services. BC and DR services is part of the company"s new thrust.

According to the company"s GM Chris Jaguros, this is what he calls the democratization of DR and BC. "The growth in the mid market for BC means that companies can now get access to DR and data protection in a fashion that the business requires and can afford. ASP Gulf will focus on offering a layered solution depending on the size and requirements of the clients. "BC and DR today is not just meant for the large enterprises. As service providers we believe we need to structure the market so that every type of business can enable this critical and important function in their organization," Jaguros adds.

Other industry heavy weights like IBM also undoubtedly see big opportunity in pursuing the mid market for ensuring BC and DR using its storage products and solutions. According to IBM ME and Pakistan Storage sales Manager Mohamed El-Shanawany, the company has aligned the market in three segments -- infrastructure simplification, ILM (for meeting compliance, storage management, etc) and BC (which includes DR, continuous availability and data integrity).

"Evan a small enterprise today wants to secure its data. IBM believes that it needs to provide technology and products that will enable an enterprise to choose how much and what it wants to spend on interns of BC and DR. Our push for virtualization is also a way to ensure data is replicated and made available across the enterprise," says El-Shanawany. According to him, the key trends noticed in the market include converting all enterprise information/data into digital, backup and recovery and understanding the data management lifecycle.

The digital lifecycle is also the big push for technology major Hewlett Packard. According to Ann Livermore, executive VP for the technology sales group at HP, the new storage products and services are responding to three major shifts in the information technology industry. The first is the move to digital content. "All content is going to be digital," said Livermore. "That is true at work, at school and at home." The second major shift is the embedding of technology in all aspects of daily life. "When that technology is embedded, we want it to be easy to use," she said. The third major shift is the fact that the technology landscape is more heterogeneous than in the past. "Because of that, we want to make sure these things work together," Livermore said.

HP has just complete a refreshment of its mid-range storage systems with the arrival of the StorageWorks Enterprise Virtual Array, as well as introducing a set of appliances designed to speed the transfer of files between remote offices and the data center and rolling out a clustered gateway product for consolidating file services in remote offices back to the data center.

In the view of HP EMEA Strategic Business Planner of Network Storage Solutions, Debbie Young "at the heart of HP"s strategy is an attempt to raise the storage game from a pure data play to a comprehensive BC&A (Business Continuity and Availability) solution, that integrates availability, recovery and security -- thus hitting top executives" hot buttons all at once. "It takes highly resilient storage as a given and then value-adds significant efficiencies and flexibilities on top," says Young.

And with increasing vendor interest, set against the background of key trends in the storage sector, indicates "a high mind share for availability and recovery", "increased storage spending", "supply and demand for commoditization" and "matching solutions to pain points" according to Claus Egge, IDC"s Program Director of European Storage. "The clear leader amongst storage challenges" is improving data availability and recovery, although applications driving the exponential growth in storage remain e-mail, archiving and file sharing.

The conclusion? According to Egge, this is clear: "a real demand for intelligent storage" with an on-going significant take-up of ILM (information lifestyle management)."