Disaster recovery testing: SMB vs. enterprise

While experts agree that disaster recovery testing is critical for all companies, smaller customers with small budgets tend to ignore it. Find out about the differences in disaster recovery testing among large and small companies and how small businesses can apply a simplistic approach to testing to protect their IT operations.

By Sue Troy, Site Editor

Research on disaster recovery testing among end-user IT organizations shows that a pretty good chunk of those organizations are -- or at least say they are -- testing their DR plans on a regular basis. For example, a March 2009 Snapshot Survey on DR testing conducted by SearchStorage.com showed that 59% of 139 survey respondents said they regularly perform DR tests and of those who do test, 65% said they perform DR tests twice a year or more often.

Despite the attention to DR testing at IT organizations, whether or not your company has an easy shot at disaster recovery testing revenue most likely will depend on who your target customers are. Solution providers catering to small businesses oftentimes say that the vast majority of their customers aren't interested in testing, while those addressing the needs of enterprise customers say there's a vigorous business around DR testing.

More on disaster recovery testing

Assess your customers' disaster recovery risk

Testing IT disaster recovery plans

Disaster recovery testing FAQ

The disparity between those two sectors makes sense, says disaster recovery expert Jon Toigo of Toigo Partners International. "The larger the company, the more complex it is, and the more they need to get religious about continuity," he said. Some small companies don't even do DR planning, said Toigo, "even though their most critical data would fit on a USB key. It's like dental floss. They know they should do it, but they don't do it."

Mike Croy, author of "Are We Willing to Take That Risk?" and director of business continuity solutions for Forsythe Solutions, whose customers are mostly enterprise-level IT organizations, agreed with Toigo: "Whether you're large or small, testing is pretty important." At small companies, he said, testing is a challenge because of budgetary restrictions. "Larger firms have set aside more money and more staff for testing. They may often have contracts in place with large recovery site companies that help manage recovery exercises for them. Smaller firms obviously don't have the same type of funding, but it's as critically important to them to run a test."

Croy said that the majority of Forsythe's customers have a DR plan in place, and "the larger customers have testing in place."

Bob Gaines, technology marketing manager for AllCovered, a 250-employee solution provider based in Redwood City, Calif., said that just 2 percent of his customers are interested in DR testing, while about 15 percent have some form of a disaster recovery plan. AllCovered's target market are SMB customers. "DR/BC is considered a luxury at those companies," said Gaines. "They don't worry about disasters. They're just trying to dodge the bullet."

Kyle Elworthy, owner and network engineer at Network Essentials, an MSP in Charlotte, N.C., echoed Gaines' perception of customer interest in disaster recovery testing. Elworthy said that just one in 60 of his customers is interested in formal testing. "The customers with 5 to 25 users don't want to go to the expense and trouble of doing DR testing," said Elworthy.

The DR testing haves

For those companies that are actually testing their DR procedures, Croy said he often finds that customers "plan their tests instead of test their plans." Their tests become so scripted, he said, that they don't end up with a valid assessment of how well the company would react to an actual disaster.

To get customers moving in a different direction, Croy said he tends to ask them questions along the lines of, "What are you trying to accomplish with that recovery? Have you determined the RPO/RTO?"

And DR planning and testing shouldn't just include plans for actual disasters and typical business interruptions, said Croy, who points to a possible pandemic as an example of the kind of scenario that could cause a business interruption in the absence of an actual disaster. "We might have a great deal of absenteeism," he said. "A pandemic could cause more employees to be working from home." The questions he addresses to his customers for that scenario are: "Have you tested your remote access to see if it will support business functions?" and "Do you have enough bandwidth to make sure that they can get work?"

For VARs that are focused on the SMB market, that kind of DR plan sophistication may seem impossible to achieve with their customers, but at the enterprise level, according to Croy, Forsythe has customers that are thinking at that level of readiness. "They want to know if they're ready for pandemic and absenteeism," he said.

The DR testing have-nots

According to Toigo, storage solution providers that don't have a disaster recovery testing practice are simply leaving money on the table. Part of the problem, he said, is that people see DR testing as an onerous task. "There are a lot of ways to test tape backup without doing a full restore. A lot of tools will allow you to confirm that the tape is restorable. "

And rather than unplugging a system to see what happens when it fails, Toigo advises a more simulated approach, where stakeholders in a DR project are told various systems are inoperable and need to determine how to address the purported outage. "I'll go into a data center and put Post-Its on certain hardware and tell [the IT staff] that those systems are down" and that they need to react.

Croy also suggested that small companies could suffice with a simplistic approach to disaster recover testing. "This test may consist of simple restores at another location along with verification of connection capabilities," he said. "By being much more selective in the parts of the plan that are tested and limiting it to mission-critical portions of their operations, a business can achieve some excellent results."

When it comes to software to help ensure DR readiness, Toigo recommends that solution providers consider two classes of products for their customers: "aggregators" and "wrappers."

The aggregators include products such as Continuity Software's RecoverGuard, which monitors system health. "RecoverGuard gives you a high degree of readiness should something happen. It's certainly a good tool," said Croy. But, he said, "there's no tool -- period -- that replaces testing. RecoverGuard will tell you the state [of the systems] but the actual recovery is something RecoverGuard won't give you."

Wrapper applications, such as Neverfail Group's Neverfail, EMC's RepliStor, Double-Take Software's Double-Take and CA's XOsoft, on the other hand, monitor system health and coordinate data replication between platforms, according to Toigo. Of those applications, Toigo said XOsoft makes a lot of sense for VARs. "[CA's partner program] is the easy one to get into."

Dig Deeper on Storage Backup and Disaster Recovery Services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.