Email Continuity: Maintaining Communications in Times of Disaster

by Ian McDonald

The record-setting 2005 hurricane season in the U.S. has clearly brought into focus the need for business disaster contingency and recovery planning. From an IT perspective, this planning typically encompasses things like server backups, redundancy of network connections or entire data centers, high availability failover of order entry or other mission critical applications.

Yet one of the most fundamental of business applications, email, often gets short shrift from a disaster planning perspective. And given the importance of email for almost every business - both in terms of serving as a critical communication tool and as a de facto information repository - an email continuity plan should be at the top of every IT disaster recovery planning list. But is this truly the case? And is the plan comprehensive enough to maintain continuous email communications?

Unfortunately, the answer is generally no in both instances. And the reason is fairly straightforward: it's not a lack of planning, but rather a lack of recognition.

Over the past decade, email clearly crossed the line from "useful communication tool" (think of the current view of instant messaging) to mission critical communication platform (think: telephone). In fact, industry research firm Gartner Group surveyed business people, asking if they considered their phone or email more important to conducting business; 80% chose email. In fact, in today's business environment the email system serves as a combination telephone, fax machine, conference system, to-do list, calendar and network file server. Take away email, and an employee's ability to communicate, collaborate and coordinate with customers, vendors, fellow employees and others is severely hampered. In fact, overall productivity can plummet, and refrains of "Well email's down, I might as well go home" are not at all uncommon from the employee base. According to Gartner, the amount of business critical data stored in email is as high as 60%!

If this is news to anyone reading this article, then you're likely in the wrong line of work. Obviously businesses recognize the importance of email, and just as obviously they must take steps to protect it.

Recovery versus Continuity
The typical approach to disaster planning for email is to rely on existing backup procedures. But let's be clear: backup is designed for disaster recovery, not business continuity. The two terms are not synonymous: the first process helps you recover from a failure. The second keeps the business going during that failure and recovery process. Every business should certainly have a backup for their email that is designed to reconstruct or replace the system should the server fail, the building burn down or the entire region get slammed by a hurricane.

But email is not a typical business system, and shouldn't be treated as such. Email's primary role as a communications vehicle means that, in the case of an actual disaster, the inevitable outage not only hampers the running of the business, but significantly curtails the business's ability to respond and recover from the disaster in the first place. In other words, if employees can't receive or send out emails, they are not in a good position to coordinate and expedite a return to normal business operations. And if we take an outside perspective, any customer, partner, investor or other interested party that sends an email into what is now a corporate black hole (or just as bad: receives a bounce-back), has no way of knowing what is going on with the company.

While these catastrophic failures are just that - catastrophes - another, equally important point to consider is the frequency and duration of email failures that are attributable to causes other than a natural disaster. Email, while a uniquely important business application, is also a uniquely vulnerable one from a security standpoint as employees use it to connect (and exchange files) with the outside world. This virus and malware potential, along with such routine failures as database corruption, hardware failure and loss of connectivity - make email downtime frighteningly common. Industry research indicates that three out of every four companies will experience an email outage in any given 12 month period, and that those outages last an average of more than 30 hours. That's two to three days without email, even if you've done everything right to account for disaster recovery. The lengthy duration is easily understandable if you consider the time it might take to procure and install new hardware, locate the tapes and load the backup, mount the data stores and rebuild any lost settings, and finally to test and fine tune the whole system before bringing it back online. And all the while the IT department is enduring a uniquely visible testament to their failure.

So to sum up thus far: email is an extremely critical and visible business application, and odds are good that 1) you will lose it, 2) for a long period of time, and 3) this year.

What's to be done? The key is to focus on email continuity as much as disaster recovery.

Continuity Strategies
Email continuity is the concept of having a failover system in place that allows employees to continue sending and receiving corporate email continuously while the primary system is brought back online. Continuity does not replace backup and recovery, but it ensures that the company is not effectively dead in the water from a communications standpoint while that recovery takes place.

The ultimate expression of this high availability solution would be a completely replicated email server that can kick in once a failure is detected. And in fact, that's exactly what some companies have in place, either internally as part of their own IT system, or through an external vendor. Other companies even go so far as to use a co-located or clustered approach, where a hot backup is constantly running in the background. The main benefit of course is that the entire system is fully replicated and ready to go, ensuring minimal disruption, and hopefully geographically isolated, providing an additional measure of disaster, connectivity or power failure protection.

While this continuity approach is certainly an option, it has two key weaknesses. The first is the cost factor: fundamentally at least a 2X multiple of your existing mail system (and possibly a lot more depending on what additional hardware/software you need to incorporate to ensure replication or failover), as well as the need for a highly trained and focused staff to manage the replication. That's a lot to pay for an insurance policy: think of the cost of having a stand-by car and mechanic in case your vehicle breaks down. The second problem is with the replication itself: should the cause of failure be related to a software issue such as a virus, malware or data corruption, it is entirely likely that you will simply replicate the problem to your standby system.

Fortunately, the same unique open-to-the-Internet characteristic of email that creates vulnerabilities now comes to the rescue: a hosted "hot standby" account can be created off site that replicates all email coming to and from the server. This continuity account can then be created for and accessed by some or all employees via a company-branded URL and interface using any Internet connected computer and standard web browser. In fact, these accounts can be designed to be accessed with user's regular email address IDs and passwords, eliminating the need for secondary "emergency" email addresses.

Figure 1 provides a high-level snapshot of how these standby accounts work. Importantly, the continuity solution if completely independent of the enterprise system, ensures independent operation even in the case of a corporate data center failure.

Continuity accounts also archive previously sent and received email, ensuring business as usual for the employee. Some of the continuity services even provide methods for replicating internal (employee to employee) email to the standby account. The duration of this short-term archive can be controlled by the administrator, allowing retention of email for the previous few days, weeks or months.

Ideally, the continuity solution should also have powerful web-based administration and management capabilities, allowing complete administrative control of virus scanning, SPAM filtering and hot standby account settings. This ensures that the corporate IT team can effectively manage every aspect of activating, provisioning and managing accounts and features if they choose.

The hosted nature of these accounts offers several other advantages. First off, the email continuity providers should ensure reliability through extensive redundancy and disaster protection (it's their job, after all). Most importantly these stand-by accounts are instantly available from any Internet connected computer and can be inexpensively provisioned - prices are generally a dollar or two per user per month. The costs can also be further controlled by varying the archive size per email continuity account, or even just provisioning accounts for key personnel (although given the importance of email and the relatively minor cost for insurance, this latter "partial coverage" could be penny wise and pound foolish).

Perhaps most importantly, these email continuity accounts use the same corporate email address as the standard server, eliminating the potential for bounce-back and ensuring that the transition to the continuity solution (and back to the primary email account) is completely transparent to the outside world.

This is a key criteria, because whether natural, accidental, malicious or otherwise, disasters happen. Thousands of businesses sustained damage to their IT infrastructure during the recent series of hurricanes, and many still have not recovered.

In fact, research shows that, hurricane or no, your email system will likely be down for a significant amount of time in the near future. The continuity and, indeed the very survival of your business, can depend on having an email continuity solution in place. You can't afford to lose your primary means of corporate communication - email - precisely when you need it most.


About the Author
Ian McDonald is General Manager & Vice President of Sales of Electric Mail, a provider of hosted email and messaging security solutions, including offerings that protect enterprise email installations and help with recovery in the event of failure.

Article © Copyright 2005 Electric Mail. Used by permission.