October 22, 2009, 11:41 AM — Like the airbags in your car, a substantial amount of IT time and resources go into preventative and protective tasks. Things like security, compliance, business continuity and disaster recovery (BC/DR) that, while imperative, aren't necessarily producing any direct ROI, productivity, or other benefits during "uneventful" operations.
To be fair, the gear is bound to be earning its keep given the perpetual torrent of virus and spam-laden email, and DDoS attacks, not to mention failing compliance audits can mean big fines. Even so, it's arguably more of a "preventing losses, minimizing expenses" kind of ROI.
And all these preventative and protective measures add to IT budgets, which are already tight.
Photo by Rob Lee
"These expenses can run between five and ten percent of an annual IT budget -- not chump change. That covers ongoing expenses, not including initial purchase of hardware, software, or generators for DR sites," notes Beth Cohen, a Hot Technology Thought Leader (that's a real title) at TAC Advisory, whose career includes having been CIO and CTO at various startups, and before that, Director of Engineering IT at BBN.
Your disaster recovery hardware and software costs can be "anywhere from twice the costs of your production environment down to a much smaller amount, depending on the size of the production environment and on your recovery point and time objectives for the DR environment. If you are looking for full business continuity, it will be expensive," Cohen points out.
Find Other Uses
Do you ever wonder whether you could be getting some ROI on these investments when they're not being invoked for their primary purpose? Recoup some of the costs, helping these facilities pay for themselves, perhaps by saving money, improving productivity, even generating revenue?
The answer, according to a mix of consultants, users and vendors polled is, in general, yes ... sometimes enough to recoup the costs of the tool involved.
"You may buy for one reason, and can get double or triple the value from 'side effects,'" observes Jim Cuff, VP of strategy, Iron Mountain Digital. "For example, if you get an email management solution in order to provide continuity, it may also reduce the size of your Exchange storage platforms."
Here's what some IT managers, consultants, and vendors said:
On Business Continuity Gear, Data
Having systems and datasets sit around unused isn't going to prolong their useful lifetime; you might as well put them to work, like putting stored food or a full-size spare tire into the rotation, as it were.
"We see customers wanting to be able to leverage that second copy for test and development, to repurpose that data for reporting, for data mining, for BI, et cetera," says Rick Walsworth, Director of Product Marketing, EMC Cross Platform Replication, EMC Corp.
"We have customers using their Disaster Recovery sites for active workloads, e.g. batch jobs, non-production applications, even splitting production applications," notes Jon Bock, Senior Product Marketing Manager, VMware, Inc.
Not surprisingly, virtualization is a big enabler in alternate-purposing these systems. "The biggest we've seen is in Disaster Recovery," says Lew Smith, Product Manager, Virtualization Solutions for Interphase Systems. "Using virtualization, organizations can complete additional work in their DR site such as pre-production activities including software development, proof-of-concept prototyping, testing, and QA."
Since you must keep your DR site current in terms of patching, using these machines instead of additional non-production machines also helps avoid the operating expenses of keeping these additional systems patched and updated, Smith notes.
"Take the next step and use those resources as long as you're paying for them," urges Greg Schulz, founder and senior analyst of the StorageIO Group. "Use them for part of your active environment, like load balancing, test and develop and QA, and backup, not something you have just in case."
Use Security Tools to Save Bandwidth, Improve Productivity
Security appliances don't just provide security; many of the tasks they're doing anyway, or can be doing, also offer non-security benefits that reduce network and IT costs.
