Pune Startup Anoosmar Technologies, has just come out of stealth mode, and announced the public beta of Vaultize, which they describe as:
Vaultize is next generation data protection: cloud-based backup and disaster recovery that also enables collaboration between users, synchronization of devices and sharing over web. Vaultize turns your zero-returns investment in backup into an asset that improves availability, increases productivity and makes sharing easy.
Anoosmar Technoloies has been founded by Anand Kekre and Ankur Panchbudhe, both of whom are Pune old-timers, with an ex-Veritas (Symantec), and ex-McAfee background. Both of them have been in the data protection, security, and storage space for over 10 years, and have deep expertise in enterprise infrastructure software. Between them they have 64 US patents.
Before you dismiss Vaultize by comparing it with Dropbox, or , remember that Vaultize is not a consumer product – it is targeting the enterprise space. In that sense, I see Vaultize as more of a competitor to Pune’s Druva. However, given the backgrounds of the founders of Druva and founders of Vaultize, I would be tempted to guess that Druva is likely to be more interested in enterprise backup, and replication and generally areas more to do with performance and availability in an enterprise, while Vaultize is likely to move more in the direction of archiving, and e-discovery and generally areas more to do with risk management and legal compliance. But that’s pure speculation – I might be wrong.
Druva is one of the few Pune software product companies that has received funding from well known VCs, and hence, Anoosmar, which has a similar pedigree and similar target markets, is a company to watch closely.
What:Project Management Institute, Pune Chapter‘s monthly meeting, consisting of two sessions – 1. Current Trends in IT enabled solutions in disaster management services in a social environment, and 2. Building more effective cross-cultural distributed teams. When: Saturday, April 10, 10:00 am to 12:30 pm Where: Cummins Auditorium, Pune Shramik Patrakar Sangh, 193 Navi Peth, Ganjwe Chowk, Near Alka Talkies, Garware bridge & S. M. Joshi hall, Pune 411030. Reception (Tel) – +91(20) 24534190 Registration: This event is free for all, and no registration is required
Topic 1: Current Trends in IT enabled solutions in disaster management services in social environment
About the speaker – Dr. Parag Mankeekar
Dr. Parag Mankeekar is a qualified medical doctor as well as a Medical anthropologist & Masters in International Health from Swiss Tropical Institute, Switzerland. He also did another Masters in Disaster Medicine from San Marino in Italy.
Parag is a recipient of the prestigious Ashoka Fellowship (www.ashoka.org/pmankeekar) a USA based Social Business Innovation organization for the year 2008-2011 for his innovative initiatives in reaching the concepts of Disaster Risk Reduction and Climate Change to children and youth.
Parag is founder Director of “Neeti Solutions”, Director of the Global Challenge Award, a USA Non-Profit (NGO) and also Co-Director at Educational Simulation (ES) a social software gaming company based in California. Both ES and Neeti Solutions have developed a peace building and culture sensitive game called ‘Real Lives’. (www.educationalsimulations.com), popular in US schools.
Abstract of talk
There are many service groups working in social environment for disaster recovery like fire brigade etc. where in the technology based IT solutions are proving to be very useful. Along with this Parag would be covering the work done in innovative initiatives in reaching the concepts of Disaster Risk Reduction and Climate Change to children and youth which has been acknowledged in the form of the prestigious Ashoka Fellowship (www.ashoka.org/pmankeekar) he has received from a USA based Social Business Innovation organization for the year 2008-2011. He would also cover social software gaming area where in Neeti Solutions have developed a peace building and culture sensitive game called âReal Livesâ. He would be discussing on the various trends and opportunities in IT enabled business in social environment which is untapped market. He would also be discussing the challenges he faced being non-technical entrepreneur from medical background and how he managed though them.
Topic 2: Building more effective cross-cultural distributed teams.
About the speaker – Dr.Urvashi Rathod
Dr.Urvashi Rathod is a Ph.D. in Software Engineering from BITS, Pilani. She has an overall 22 years of work experience including an entrepreneurial stint of seven years. She had been in academics for last ten years including a 5 year long teaching tenure with IIM Indore. She is internationally published in peer reviewed journals and has been a reviewer and a member of editorial board for national and international publications of repute.
Abstract of talk
Businesses deal significantly with interpersonal communication at the individual, group and organizational level. Employees of an organization assemble to work together as a work group, wherein the members share their experiences, best practices or take decisions to help an individual in enhancing his/her performance, or as a team whose members work together toward a common goal. Globalization leads to greater interdependence and mutual awareness among economic, political, and social units in the world. The very existence of businesses in a global environment enforces multi-cultural interactions within the organization or between the organizations. Culture, being the link between human beings and the means they have of interacting with others (Hall, 1973), plays an important role in interpersonal communication in organizations.
This study proposes that the cultural characteristics of team members are associated with the attributes of team communication, which has been found to be one of the key determinants of team productivity and performance. Proposed seminar aims to introduce the audience to the possibility of association between the cultural and team communication attributes that if studies scientifically, can help in building more effective cross-cultural distributed teams.
(This overview of Business Continuity Management is a guest post by Dipali Inamdar, Head of IT Security in Geometric)
In emergency situations like pandemic outbreaks, power failures, riots, strikes, infrastructure issues, it is important that your business does not stop functioning. A plan to ensure this is called a Business Continuity Plan (BCP), and it is of prime importance to your business to ensure minimum disruption and smooth functioning of your operations. Earlier most companies would document business continuity plans only if their clients asked for it and would focus mainly on IT recovery. But scenarios have changed now. Corporations of all sized have now realized the importance of keeping their business functioning at all time and hence they are working towards a well defined business continuity management framework. Business continuity (BC) is often understood as a process to handle events that could disrupt business. However, BC is more than just recovery. The plan should also ensure proper business resumption after recovering from the disruption.
Business continuity management is a continuous life cycle as follows:
The first step is to conduct a Business Impact analysis. This would help you to identity critical business systems and processes and how their outage (downtime) could affect your business. You cannot have plan in place for all the processes without considering financial investments needed to have those in place. CEO’s inputs and client BC requirements also serve as input for impact analysis.
Defining the plan (Determining BCM strategy)
The next step is to identify the situations that could lead to disruption of the identified critical processes.
The situations could be categorized as:
Natural and environmental: – Earthquakes, floods, hurricanes etc
Human related: – Strikes, terrorist attacks, pandemic situation, thefts etc
IT related: – critical systems failure, virus attacks etc
Others: – Business Competition, power failure, Client BC contractual requirements
It might not be feasible to have plans for each and every situation, as implementing the defined plans needs to be practically possible. After the situations have been identified one needs to identify different threats, threat severity (how serious will be the impact on business if threat materializes) and their probability of occurrence (likelihood of threat materialization). Based on threat severity and occurrence levels critical risks are identified.
Implementing the plan (Developing and implementing BCP response)
The identified risks and additional client specific BCP requirements serve as inputs to the creation of BCPs. BCPs should focus on mitigation plan for the identified risks. BCP should be comprehensive, detailing roles and responsibilities of all the response teams. Proper budget needs to be allocated. Once the plan is documented the plan should be implemented.
The different implementation as per BCP could include having redundant infrastructure, signing up Service Level Agreements (SLAs) with service providers, having backup power supply, sending backup tapes to offshore sites, and training people in cross skills, having proper medicines or masks for addressing pandemic situations.
BCP should also have proper plans in place to resume business as usual. Business resumption is a critical and very important aspect of business continuity framework.
Testing and improving plan (Exercising, maintaining and reviewing)
Once the plans are documented and implemented the plans should be regularly tested. The tests could be scheduled or as and when the need arises. One can simulate different tests like moving people to other locations, having primary infrastructure down, testing UPS and diesel generator capacity, calling tree tests, evacuation drills, having senior management backups to take decisions, transport arrangements etc.
The tests will help you identify areas which need improvement in the BCP. The gaps between the expected and actual results need to be compared. The test results needs to be published to senior management. The plan needs to be reviewed regularly to update latest threats and have mitigations for the critical ones which will result in continuous lifecycle. One can schedule internal audits or apply for BS25999 certification to ensure proper compliance to BCP requirements.
Pune faces threats of irregular power supply, pandemic out break etc which could lead to business disruptions. One needs to have detailed plans for critical threats to ensure continuity of critical operations. The plans should also have detailed procedure to ensure proper business resumption. Plans may be documented but actual action during emergency situations is very important.
Important note: Contractual requirements
When signing off specific contractual requirements with clients, certain precautions must be taken as follows:
Before signing stringent SLAs it should be checked that there is a provision for exclusions or relaxations during disaster situations as you will not be able to achieve SLAs during disaster scenarios
When BCP requirements are defined in client contracts the responsibilities or expectations from the clients should also be clearly documented and agreed to ensure effective execution of the BCP
BCP requirements can only be effectively implemented when proper budget allocations are planned. So for specific BCP requirements cost negotiations with the client are important. Usually this is ignored, so it is important that the sales team should be appraised before agreeing on BCP requirements with the client.
Do not sign-off on vague BCP requirements. They should be clear, specific and practically achievable
Before signing off any contract which has a penalty clause, it should be reviewed thoroughly to ensure that compliance to those clauses is practically possible
About the author: Dipali Inamdar
Dipali Inamdar, Head – IT security in Geometric Ltd, has more than 11 years of experience in Information Technology and Information Security domain. She is a certified CISA, ISO27001 Lead Auditor, BS25999 Lead Auditor and ISO2000 Internal auditor. She has worked in sectors spanning BPO, IT and ITES companies, Finance sector for Information Security and Business Continuity Management. She is currently operating out of Pune and is very passionate about her field. See her linked-in profile for more details.
Recovery Point Objective (RPO) and Recovey Time Objective (RTO) are some of the most important parameters of a disaster recovery or data protection plan. These objectives guide the enterprises in choosing an optimal data backup (or rather restore) plan.
“Recovery Point Objective (RPO) describes the amount of data lost – measured in time. Example: After an outage, if the last available good copy of data was from 18 hours ago, then the RPO would be 18 hours.”
In other words it is the answer to the question – “Up to what point in time can the data be recovered ?“.
“The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.
[…]
It should be noted that the RTO attaches to the business process and not the resources required to support the process.”
In another words it is the answer to the question – “How much time did you take to recover after notification of a business process disruption ?“
The RTO/RPO and the results of the Business Impact Analysis (BIA) in its entirety provide the basis for identifying and analyzing viable strategies for inclusion in the business continuity plan. Viable strategy options would include any which would enable resumption of a business process in a time frame at or near the RTO/RPO. This would include alternate or manual workaround procedures and would not necessarily require computer systems to meet the objectives.
There is always a gap between the actuals (RTA/RPA) and objectives introduced by various manual and automated steps to bring the business application up. These actuals can only be exposed by disaster and business disruption rehearsals.
Some Examples –
Traditional Backups
In traditional tape backups, if your backup plan takes 2 hours for a scheduled backup at 0600 hours and 1800 hours, then a primary site failure at 1400 hrs would leave you with an option of restoring from the 0600 hrs backup which means RPA of 8 hours and 2 hours RTA.
Continuous Replication
Replication provides higher RPO guarantees as the target system contains a mirrored image of the source. The RPA values depend upon how fast the changes are applied and if the replication is synchronous or asynchronous. RPO is dependent only on how soon the data on target/replicated site can be made available to the application.
About Druvaa Replicator
Druvaa Replicator is a Continuous Data Protection and Replication (CDP-R) product which near-synchronously and non-disruptively replicates changes on production sever to target site and provides point-in-time snapshots for instant data access.
The partial synchronous replication ensures that the data is written to a local or remote cache (caching server) before its application can write locally. This ensures up to 5 sec RPO guarantees . CDP technology (still beta) enables up to 1024 snapshots (beta) at that target storage which helps the admin to access current or any past point-in-time consistent image of data instantly, ensuring under 2 sec RTO.