IBM Moves To Plug Holes In Disaster Recovery

When it comes to backup and disaster recovery, most companies focus too much on protecting IT equipment and not enough on protecting their overall business. At least, that's how IBM sees it. That's why the computing and services vendor is relying on its vast research arm to create technologies and services designed to ensure business continuity. "Historically, the mentality in disaster recovery comes from an IT focus, and it's an insurance mentality," says Todd Gordon, VP and general manager of IBM's business and continuity services.

Next week, IBM will introduce E-Business Management Services, designed to keep critical business operations--as defined by the user--running at peak performance, whether an individual server fails or an entire site goes offline. The services will use what IBM calls "autonomic" intelligence--a method of self-regulation that chairman and CEO Lou Gerstner likens to the human heart's ability to automatically beat faster when the body needs more oxygen. IBM has been promoting autonomic computing for more than a year, but the launch marks the first time a commercially available product incorporates the technology.

Senior executives at companies that buy E-Business Management Services will have access to what IBM calls a virtual cockpit on their desktops. From there, they can stipulate performance levels for key business processes such as the speed at which transactions are processed. Behind the scenes, IBM's new Intelligent Device Discovery software will manage infrastructure resources to ensure that those processes function at the predetermined level, even if a component or the entire site malfunctions.

The Intelligent Device Discovery software automates asset inventory and tracking processes. It consists of an open data-integration and automation platform that uses autodiscovery functions to match outside data, such as a customer order, with usage information from application servers and network monitors, IBM says.

Businesses will need to have the necessary hardware infrastructure in more than one location. But that hardware would be used for day-to-day operations, as well as emergencies.

Despite the slow economy, IBM expects that businesses are ready to increase spending on security and recovery products. There's little doubt that's the case for companies that were affected by September's terrorist attacks. "We're going to raise the bar higher, and we're willing to make a higher level of investment in disaster recovery," says Nancy Karen, CIO at New York law firm Sidley Austin Brown & Wood. Six hundred of the firm's employees occupied five floors in the World Trade Center's north tower (all but one escaped). In the days after the attacks, the firm trucked cartridges containing data that had been backed up at a remote site in New Jersey to an operations center in Chicago.

Now, Karen says, she's ready to look at systems that will let the firm shuttle data between offices electronically, in real time. "You have to have a very flexible disaster-recovery plan that can swing one way or another depending on the scope of the disaster," she says.

Some analysts say IBM could have a tough time selling premium security and continuity services, which don't come cheap, to cash-strapped companies in the rest of the country. "Businesses are definitely going to be spending more on security and backup, but there's a lot of technology already out there that's sufficient for most of them," says Bob Sutherland, a Technology Business Research analyst. IBM wouldn't disclose pricing information for its new offerings.

Still, IBM says it's committed to taking a lead in business protection. Among the technologies its research unit is developing is one designed to let companies protect crucial data while minimizing performance hits.

For instance, the vendor says it will soon sell software capable of simultaneously encrypting and decrypting secure data. That's usually done in separate steps, but by combining the two, end-to-end encryption across a network can be accomplished 20 times faster than by conventional means, IBM says. The company is negotiating to license the technology to hardware vendors such as router manufacturers, says Charles Palmer, manager of network security and cryptography at IBM Research.

IBM is researching software algorithms that could make it easier for servers to detect hackers. Also under development is software that uses what's known as behavior-based intrusion detection. "You don't know how many people are out there trying to hack your system, but you do know how many legitimate users you have. You look for that normal behavior, and the behavior you don't expect is what becomes suspect," Palmer says.

For example, if a manager knows certain employees log on at certain times, but all of sudden someone within the group is logging on at a different time, the action may indicate that a hacker has gotten hold of the employee's logon information. The technology could show up in servers a year from now, Palmer says.

IBM is also working with Royal Philips Electronics to develop an operating system for smart-card readers featuring military-grade security. Says Gordon: "We think the demand for all this will match the urgency of the situation."