As outsourcing gains momentum in the Information Technology (IT) space, particularly in mission critical areas such as the database, a Service Level Agreement (SLA) is essential in order to govern the type and frequency of services offered and the acceptable level of downtime.  However, as database environments differ from company to company, it is important to ensure the SLA is customised to ‘fit’ the client’s environment and unique requirements. Furthermore, requirements change and the SLA must also be flexible to accommodate updates and modifications.

In today’s information-driven age, the database is the heart of any organisation. From running applications to processing transactions and storing customer and other mission critical data, without the database businesses simply cannot function. Despite the critical nature of the database, many companies do not have a comprehensive backup and disaster recovery strategy in place and resort to crisis management when their database crashes, often resulting in costly downtime. 

 

There are a few checklist items to consider with backup and disaster recovery, ensuring minimal disruption and most importantly, continuity for the business.

Checklist Item #1: The backup and disaster recovery strategy

Whether organisations run a full disaster recovery environment or simply conduct regular backups, having a plan and processes in place to govern this in the event of an emergency can literally save a business.

 

A backup and disaster recovery strategy is therefore essential for every modern business of any size. This is the most important step in ensuring your database is not a disaster waiting to happen.

 

In order to develop this strategy, organisations firstly need to understand how critical their data is to the business. Not all organisations require a full disaster recovery environment, as these can be costly to implement. Furthermore, not all data is mission critical or will cause the business to fail if lost or takes time to recover. However, at the very least, all data needs to be maintained in some form of working backup environment and these backups need to be conducted in line with business rules.  Business rules govern the backup and recovery strategy, and outline how data should be stored and restored, as well as guide the times required for a restore to take place and more.

 

A full disaster recovery environment is obviously preferable for mission critical databases, as when disaster happens the environment can simply be ‘switched over’ with minimum downtime and disruption. The disaster recovery environment should be in sync with the production environment and should also be regularly tested. If a disaster recovery environment is not in place, backups need to be stored in a minimum of three separate locations to ensure that at least one recovery copy is available for restore.

 

Regardless of the recovery method, the processes involved must be clearly documented.  Listing the order of procedures, steps that need to be taken, the required turnaround times and who is responsible to ensure that all functions are fulfilled is essential. All parties involved should clearly understand their role. The failover processes must be regularly tested to ensure that when a disaster happens, these processes are seamless.  When testing, the failover processes should also generate a log to establish which ones are successful and which ones are not, allowing for the appropriate person to remedy.

Checklist Item #2: Address database security

Building security into the database is important, both from a physical and data perspective. This is addressed in various legislations including Sarbanes Oxley (SoX) and the King III guidelines to mention a few, making database security a compliance requirement. The requirement for database security is also extended to any backup copies of data and disaster recovery environments.

 

Physical security such as access control, intrusion prevention and detection, fire detection and suppression will help to prevent unauthorised persons from accessing the physical storage areas and minimise the impact of disasters such as fire. Data security must also be implemented to prevent unauthorised data access and theft from the corporate network.  This is critical given the rise in cybercrime. It is also important to ensure that the database itself and all backups receive the same protection levels. Without IT security, data can be lost, corrupted or more frequently in today’s world, stolen for sinister purposes. Data must be protected to prevent business downtime, which results in loss of revenue and reputation.

Checklist Item #3: Database administration

Whether you use an internal Database Administrator (DBA) or the services of an outsource provider, it is vital to be 100% comfortable with the DBA and the levels of support that are delivered.  The DBA has access to all company data and therefore must be highly trustworthy.

 

The service levels delivered must also be checked, as bad service both in-house and outsourced can negatively impact database downtime and cost the business. This can be addressed in a solid Service Level Agreement (SLA) and Operations Level Agreement (OLA). However, the DBA or outsource provider should maintain the backup strategy, the frequency of testing processes, the documentation and availability of this documentation as well as all planned failover testing. If these services are not being delivered, an organisation should question the value that the DBA is delivering.

Checklist Item #4: Check your SLAs

SLAs must fit the requirements of the business and should support disaster recovery and restore goals. The infrastructure of the database and recovery environment needs to allow for either a full disaster recovery failover to take place or regular backups which require, amongst other things, enough disk space. SLAs must factor this in and meet the specific disaster recovery needs of the organisation.

 

For example, an online e-Commerce store cannot afford to have any downtime due to the nature of their 24x7x365 business. Therefore, their SLA should include service levels that ensure maximum uptime and fast restore times with disaster recovery. Other businesses, such as a legal firm, may need to have their data restored within a few hours, or a day. This type of business won’t collapse if the data restore is completed within 24 or even 48 hours.  Therefore, the SLA must accommodate these factors and should also be in line with the disaster recovery strategy supported by the business rules and processes. If SLAs do not fall in line with business requirements, they need to be reassessed. However, it is also important to bear in mind that 99.999% uptime and fast recovery comes at a price. The balance of expense, functionality and best possible service levels to meet the business’ needs must be considered when defining an SLA.

 

In addition, the SLA should incorporate regular testing of the disaster recovery plan to ensure that it works, eliminating much frustration in the event of failure. 

Conclusion

Ultimately any disaster recovery solution minimises downtime.  Downtime costs money and this is often more expensive than the implementation of a full disaster recovery environment. If this is not possible, having a strategy in place is critical to ensure that processes are followed. Maintaining a stable database environment is equally important for business continuity.  A checklist that covers these aspects of database backup and recovery will help to mitigate risk, minimise downtime and ensure businesses are up and running in the shortest possible time in the event of a disaster.

Economic conditions are a very pressing challenge for organisations of all sizes around the world, resulting in squeezed budgets. One such area is IT. As a result, many organisations are turning to outsourcing as a business model, as it offers savings, flexibility, scalability and the ability to access resources on demand rather than having to hire them full time. However, as a result of the unique conditions in South Africa which include a massive skills shortage, and in an effort to further save money, some organisations are turning to temporary staffing solutions to fill critical posts. This can be a costly mistake.

While temporary staffing are often cheaper in the short term than an outsourced provider, and can help to fill gaps in the IT environment, there are certain areas where temps are not the ideal solution, typically mission critical areas such as the database. When it comes to the database, knowing the difference between outsourced and temporary resources and choosing the right one for your business could make all the difference.

In areas such as the database, it is simply not possible to assign a nine to five value for tasks such as database administration. The IT environment does not stop working at five in the evening and over the weekends, like people do, and many organisations do not realise that temporary staff members may not be available after hours. If they are available, they need to be paid after hours rates, which are generally a lot higher than normal rates. In critical areas such as the database, organisations will be left with little choice other than to pay the 'after hours' rates, since the consequences of extended downtime are undesirable. Temporary staff may also call in sick, or even leave the organisation, which means that these staff will have to be replaced – a significant challenge in a skills scarce environment.

An outsourced provider, however, is contracted by a Service Level Agreement (SLA) to deliver a certain level of support, irrespective of the time of day, the day of the week and so on. These providers stake their income and reputation on being able to provide the services organisations need, when they need it, which is a far better option in mission critical environments. Outsourcing also provides a service, as opposed to a staffing solution. This means that even if the usual resource handling an account is unavailable for any reason, the service will still continue as there is a pool of resources for the outsourcer to draw on.

Outsourcers can provide 24/7/365 support for critical IT applications and infrastructure, and their business is built on delivering these services to the highest standards, whereas the loyalty and commitment of temporary staff can be low as they have no incentive otherwise. Furthermore, temporary staff are often not included in company training due to budget pressures. If the employer does not invest in upskilling temporary resources with additional training, there is little opportunity for growth. Their key performance indicators may not necessarily be aligned with those of the business but rather aligned to the temporary contract.

Outsourced resources are highly trained and are exposed to many different environments from which they are able to learn. Their training is kept up to date by the outsourced provider, and certifications are also of the utmost importance, since it is in their best interests to maintain the highest levels of skill. Outsourced providers, through SLAs, will also ensure that the key performance values of the outsourced resources are aligned with the business, since outsourcing at its core is a business service.

When it comes to the IT environment, not all areas are mission critical. Not all aspects of IT require the high levels of service delivered by an outsourced provider. Some areas work well with temporary staff, particularly in areas such as web development where the task at hand is not a 24 hour job. The database is not one of these areas. It is critical to the business and it needs to be secure and maintained. A database administrator must be able to access all of the data contained within a database, which could prove dangerous if this task is handed to someone with no loyalty to the company, as the Wikileaks saga proved.

Database administration requires a trusted, skilled resource who will document processes according to best practice, who has the necessary skills which are kept up to date, and who will be available whenever needed, whether this is after hours, on the weekends or during the course of a normal business day. No single resource will be able to provide this, but an outsourced service provider can.

An organisation would never hire a temporary security guard, as this represents a huge business risk – the guard may not be loyal because he has no job security and he needs to sleep and have days off. Even hiring an additional security guard does not solve this problem, as one guard may get sick, both may leave and so on. Security is not a one person job, it should be a service. The same is applicable to database support, where the modern business is hit hardest if something goes wrong. Business solutions such as outsourced services are critical to keep the database, and the business, up and running optimally at all times.