Rapid and effective communications are essential in responding to data center disasters, or any other crises for that matter. Manual techniques including call trees and buddy lists are time-tested, but they are often unreliable. The shortcomings of manual contact systems are caused by the difficulties in maintaining accurate contact information and then by the exigencies of disasters, in which the responders need to take action, not make phone calls. Automated notification systems for data centers are used to prevent this problem.
How automated notification systems work
Automated notification systems remove many timely communications obstacles. And although there are many vendors that offer these systems, they generally do the same things. Typical automated notification systems send messages to predetermined recipients on an automated basis to inform them that an incident has occurred. They do this by trying all contact points (e.g., office phone, cell phone, home phone, email, etc.) until contact is made. Optionally, some or all recipients can be placed immediately into a conference bridge. Different messages can be sent to different audiences, so that, for example, a senior management crisis management team (CMT) may be mobilized to lead a strategic response, while data center operations staff may be directed to go to a remote recovery site.
For example, Joe Smith is a technical support leader at his company. If an incident partially or totally destroys his company's data center, he would be needed immediately at the company's disaster recovery site. Therefore, his company's automated notification system should send him a message saying, "Disaster occurred. Report to disaster recovery location." The automated notification system will then contact his office, home and cell phones; his company email, personal email and instant messenger. It will continue to alert him until he responds to it, indicating he has received the message and is taking action.
Selection criteria for automated notification systems
Automated notification systems add to the speed and effectiveness of initial crisis notification. They may also be used for ongoing emergency communication as a crisis unfolds. But there are several automated notification systems you can choose from, and they have a lot of similarities that can create confusion for users. To help you, here is a list of selection criteria you should consider:
- Ease of use -- Most of the use of an automated notification system involves creating profiles for message recipients, with their contact information, the business functions or groups they belong to, the circumstances in which they should be alerted, generic messages that should be sent, etc. Since the user interface for adding information (manually, online forms, HTML, etc.) will be the most frequently encountered part of the system, it should be easy to use.
- Software or service? -- Some vendors sell automated notification software, but most vendors offer it as a service. This seems sensible, because as a product the application would need to be operated in a customer's data center. And if that data center were the subject of a devastating incident, the notification system might be incapacitated as well. However, hybrid models also exist; you can buy a product that is hosted by the vendor.
- Speed of response -- In an emergency, the sooner the necessary people are mobilized, the sooner they can respond to a disaster. Therefore, it's essential that the automated notification systems send the right messages at the right times to the right people. So if there were a physical disaster, the CMT, facilities manager, data center operations and building security need to be alerted instantly. But if there were a denial of service attack, information security, network operations and the computer emergency response team need to be the first to know.
- Coverage -- Some vendors have international presence, but many do not. If the automated notification system is only expected to be used in the United States and Canada, then this is not an issue. However, you may want to consider a vendor with international presence if you have notifications that need to be issued globally. Also, if you have data centers in different areas of the world, it may be wise to be supported by local vendors in each area.
- General vendor considerations -- The same vendor considerations that would apply to any acquisition are valid in choosing automated notifications systems for data center disasters. These include the longevity of the vendor companies, their financial positions and the size of their service teams. This is particularly important when acquiring a service rather than a product. The potential inability of a service vendor to respond when needed is a genuine concern.
Which vendor should you choose for automated notification systems?
Part of the problem in selecting an automated notification system is that there are so many vendors with so little history. Everbridge Inc., Next Connexions, Omnilert, One Call Now, Plant Equipment Inc. and Varoli Corp. are just a sample of the vendors in this area, and none of these vendors are very well-known, or has a substantial market share. For potential users, this provides considerable leverage in pricing but also raises questions about the long-term prospects of many of the vendors, their systems and the customers' data.
So although most automated notification systems perform the same functions, they do not all perform them the same way. Those interested in buying one should consider, in addition to the service vs. product issue, where contact information is stored (a self-contained database or a directory such as LDAP or Active Directory); where that information comes from (manually entered or extracted from human resource databases; and how it is maintained (again, manually or with connections to HR systems).
About this author: Steven Ross is an Executive Principal of Risk Masters Inc. and holds certification as a Master Business Continuity Professional (MBCP). He is a specialist in business continuity management, crisis management and IT disaster recovery planning. He is editor of the multi-volume series, "e-Commerce Security," and author of several of the books in the series, including "e-Commerce Security: Business Continuity Planning."
This was first published in November 2010