Business Continuity Management in Data Center Environments

Business Continuity Management in Data Center Environments

Holmes E. Miller (Muhlenberg College, Allentown, USA) and Kurt J. Engemann (Iona College, Rochelle, USA)
DOI: 10.4018/IJITSA.2019010104

Abstract

In this article, the authors discuss how business continuity methodologies can be used by data centers to respond to natural disasters, man-made disasters, and accidents. Because organizations depend on computing services, which may become unavailable when disasters strike, prudent risk management processes can provide for continuation and recovery of operations. With a focus on data centers, this article discusses the business continuity plan development process. This article also considers elements of a business continuity management plan, which includes strategy development, preparedness, mitigation, exercises, and response and recovery, and discuss business continuity strategies for colocation and cloud-based data center architectures. Finally, the authors discuss how the ordered weighted average (OWA) methodology can be used to incorporate a decision makers risk profile when confronted with decisions related to the processes discussed.
Article Preview

1. Introduction

Evolving business and customer requirements for ubiquitous computing, immediate access, and more data and data analytics have created new demands for instantaneous “always-available” information. This affects expectations for data centers, both during their regular operations and also when disasters and other disabling events strike. Disabling events include “logical intrusions”, such as when hackers steal information, lock up systems, or initiate denial of service attacks, and physical events, such as tornadoes, hurricanes, winter storms, fires, tsunamis, earthquakes, and power outages.

Many recent high-profile incidents illustrate our exposure to natural disasters. For example, Miller et al. (2006) report how our growing reliance on computing and telecommunications technologies, exacerbate this vulnerability. Because computing and telecommunication technologies depend on data centers, data center risk is a particular concern. Examples of disasters affecting data centers include solar storms (Lloyds of London, 2013); hurricanes (Hardy and Wortham, 2012); earthquakes (Maerowitz, 2017); electrical surges (Gorman, 2013); and fires (Jones, 2012). To deal with these threats and ensuing disaster-related events, Engemann et al. (2005) provide a methodology for disaster management in information technology (IT). This methodology incorporates the relationship among threats, events, control alternatives and losses.

In this paper, we restrict our scope to physical exogenous events that affect data centers, such as those mentioned above. We will not focus on logical intrusions, and will mention information access and privacy only in passing. This is not to downplay their importance but only to sharpen the focus of our analysis.

The managerial approach to facilitating data center resilience in the face of natural events is to develop a Disaster Recovery Plan (DRP). This enables Information Technology (IT) to maintain or restore the systems and communication capabilities of the organization. Disaster recovery planning’s traditional focus was to ensure that IT was resilient (for more on data center resiliency see Jayashankar, 2014; Mohamed, 2011; and Tam, 2011). A resilient system has a “bounce back” capability, when faced with a systemic shock, such as a natural disaster. Since providing services is systemic – depending on computer processing power but also on telecommunications, people, and other services – expanding the scope and implementing processes to include all critical areas of an organization is needed. This led to the expanded field of Business Continuity Management (BCM), which is a holistic management program that identifies potential events that threaten an organization, and provides a framework for building resilience (Engemann and Henderson 2012; Moore and Bone 2017; and Aronis and Stratopoulos 2016). BCM includes the processes and procedures that an organization must put in place to ensure that its mission-critical functions continue during and after crisis events. Because organizations depend on each other and coordinate with supply chain partners, when crisis events occur stakeholders and regulators also need to ensure that proper business continuity plans are in place. Satisfying these requirements means that an effective BCM process enables business function performance, both in the near and long terms.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 12: 2 Issues (2019): 1 Released, 1 Forthcoming
Volume 11: 2 Issues (2018)
Volume 10: 2 Issues (2017)
Volume 9: 2 Issues (2016)
Volume 8: 2 Issues (2015)
Volume 7: 2 Issues (2014)
Volume 6: 2 Issues (2013)
Volume 5: 2 Issues (2012)
Volume 4: 2 Issues (2011)
Volume 3: 2 Issues (2010)
Volume 2: 2 Issues (2009)
Volume 1: 2 Issues (2008)
View Complete Journal Contents Listing