Natural disasters, human error, cyber attacks, and even insider threats all have the potential to knock agencies offline, cripple networks, and lead to data breaches. Ensuring that data and applications are restored as soon as possible means agencies can resume normal operations.

The Modern Federal Data Center OutlookPart 1: Weathering the Storm with Business Continuity Planning

To Prepare, Batten Down the Hatches

Threat Implications

With fewer resources, Federal CIOs have difficult decisions to make. But cutting corners on important solutions that protect data and applications is not sustainable. Public-private collaboration is a key to success. MeriTalk interviewed Symantec recently to understand its views on business continuity planning and the value of information.

Data centers are the heart of an agency’s IT operation. Protecting them from disasters, cyber attacks, and glitches must be a top priority because the data and applications they support are vital to an agency’s mission. Forward-thinking agencies develop recovery and continuity of operations plans and support them with the right solutions.

Sometimes things break down. Unless agencies are prepared, a disruption that slows or stops the flow of information across IT networks can have a devastating impact. The time to have a contingency plan in place is before a problem occurs, ensuring that agencies can carry out their important missions, no matter what.

Use Case – the Battlefield: The military’s reliance on technology is not new, but it is increasingly sophisticated. It is vital that the military be able to deliver information to soldiers in combat without disruption. Any down time not only could jeopardize a mission – it could prove fatal.

As important as continuity of operations and disaster recovery are, agencies struggle with practical and fiscal hurdles and they do not always develop IT contingency plans.

Because agencies often rely on numerous operating systems and siloed environments, it can be difficult to find a business continuity and disaster recovery solution that works across multiple environments. In many cases IT infrastructures are not getting less complicated – they are becoming more complex as new systems are patched onto old ones.

Budget pressures mean that investing in solutions to ensure continuity of operations and disaster recovery in the event of a disruption is not always on the top of the list at Federal agencies. Other investments like cloud computing initiatives and cyber security often claim the limited dollars CIOs have to work with, but they are missing an opportunity to protect data.

The use of disparate platforms and operating systems exacerbates the financial hurdles to effective contingency planning. While infrastructure providers can provide the solutions to support continuity of operations and disaster recovery for their own equipment, they are often unable to provide those solutions for equipment from another infrastructure provider.

An agnostic approach that works equally well with all infrastructure providers gives agencies an opportunity for significant savings, increased efficiencies, and ease of management. In a time of tight budgets, agencies must be able to rely on solutions that protect data, networks, and budgets.

While the private sector is used to the idea of business continuity, the public sector has been slower to embrace the practice. For the private sector, the issue is about profit and loss – down time hinders commerce and eats into profits. The public sector does not face the same economic pressure, but ensuring continuity of operations is no less critical for Federal agencies than commercial interests.

For Federal agencies, ensuring continuity of operations is much less a business decision, but the stakes are equally high, and limiting disruptions is a major advantage.

“In the private sector, it’s a little easier to quantify down time when an application isn’t available. It’s easy to associate loss to cost. In the public sector, it’s much harder to do that, but it’s no less problematic for agencies when continuity of operations is interrupted,” Tittermary said.

Budget and Infrastructure Challenges Brewing

“A continuity of operations plan is like a lifeguard at the beach. You hope you never need it, but you’re glad it’s there,” said Tom Tittermary, Technical Architect for Information Management at Symantec.

To Restore Apps – Rationalize First

Cloud computing makes ensuring an agency’s continuity of operations and disaster recovery plans are as easy as they are important. Running

applications in the cloud allows agencies to restore normal operations with incredible speed.

But agencies must take important steps before implementing a continuity of operations and disaster recovery strategy in the cloud. Agencies first need to fully understand what data they have and which applications access that data. They need to ensure they are storing the data and applications in the appropriate place. And most importantly, because not all applications can be recovered at once, agencies must determine which applications are most important to their mission and put a plan in place to restore those applications first.

“Taking the time to determine what you need to have available first, and what applications you can stand to have

offline a little longer, is an important part of the application rationalization process. Figuring out the priority of applications is critical,” Tittermary said.

A tried and true method for determining this is through application prioritization. Calculating an application’s Recovery Point Objective and its Recovery Time Objective allows agencies to understand what applications are most critical, how long they can afford applications to remain down during a disruption, and how much data an agency can afford to lose from a specific application.

In addition to having an agnostic solution that works across all platforms and systems, agencies must also ensure that they embrace a fully automated approach to their continuity and recovery strategy because any disruption could mean employees are preoccupied with numerous other critical tasks.

Agencies increasingly operate in an environment where disruptions are a matter of “when” not “if.” That means that keeping your fingers crossed and hoping your agency can get by with a contingency plan is a misguided approach.

A better strategy includes having a unified IT approach to continuity and disaster recovery so agencies can get back on their feet quickly and continue to fulfill their important mission. The time to find out if your disaster recovery solution works properly isn’t when you need it, so it is essential to test and validate solutions prior to an emergency to ensure their effectiveness, search for vulnerabilities, and strengthen any weaknesses.

Disruptions can strike even the most well prepared agencies, crippling data centers and making it impossible to have access to data and applications. A well-thought out disaster recovery and continuity of operations plan will ensure that agencies remain as resilient as possible.

Long-Range Forecast

or contact Symantec at

1 (800) 745-6054http://go.symantec.com/business-continuity

This article is the first in a series of interviews focused on ways to modernize the data center and the value of information. Our second and third interviews will focus on virtualization and optimization and information governance.

For more information on the Symantec approach, including a DataCane video testing Symantec’s business continuity and storage solutions in hurricane conditions at the National Hurricane Simulation Center, visit