Government Disaster Recovery Demand Grows

Government Disaster Recovery Demand Grows

As the weather phenomenon El Nino bears down on the Pacific Coast, chief information officers for organizations in Southern California are bracing for the possible assault of destructive storms and floods.

Businesses and their information systems have been battered over the past few years by earthquakes, hurricanes and floods. While they grab the headlines, these kinds of calamities represent a small portion of the threats to information systems. Natural disasters accounted for only 3 percent of all data loss or less than half that caused by computer viruses, reported hard drive recovery specialists Ontrack Data Recovery, based in Eden Prairie, Minn.

In fact, the number of threats addressed by disaster recovery services is expanding constantly, drawing new vendors to the market. Worth about $4 billion in 1995 in the United States alone, this market is expected to grow to more than $6 billion by 2000, according to Lisa M. Ross, a senior analyst with International Data Corp., Framingham, Mass.

"The term 'disaster' is becoming more flexible and can include anything that critically impacts the business, including software bugs, viruses, computer hackers, sabotage and other threats that fall outside of the traditional fire/flood/hurricane definition of disaster," noted Alice Murphy, senior analyst with Dataquest of Westborough, Mass.

Still largely untapped, the federal government market is attracting a host of service providers, ranging from telecommunications giant Bell Atlantic to a roster of smaller companies, such as CyberMedia Inc. of Santa Monica, Calif., offering specialized solutions. Full service vendors, such as SunGard of Wayne, Pa., are battling for part of the key interagency contract for disaster recovery services currently being competed by the General Services Administration's Federal Systems Integration and Management Center. Expected to be awarded in January 1998, the five-year contract, known as FEDSIM, is to begin in September 1998 and will be worth at least $50 million.

While spurring only a small part of recoveries, high-profile events still boost awareness of the problem. The bombing of the Murrah Federal Building in Oklahoma City in 1995, for example, riveted the attention of federal government officials. In its aftermath, "very high-level government officials came in to talk about disaster recovery," said Tom Sobocinski, director of government sales for SunGard Disaster Recovery Services in Herndon, Va. "We had not seen these kind of people before," he added.

Despite this growing awareness, many organizations have been slow to react. In a survey of private- and public-sector organizations for its Vulnerability Index 1997, Comdisco Inc. of Rosemont, Ill., found that 55 percent of the respondents did not have disaster recovery plans despite increasing vulnerability from "an exponential growth of reliance on multilocation-distributed systems, wide area networks and the Internet and intranets."

"The study findings [further] show that really only 12 percent of customers have effective enterprisewide recovery plans," noted Mike Tobin, vice president of marketing at Comdisco Continuity, a subsidiary also based in Rosemont, Ill.

Some federal agency efforts have stalled despite a mandate from Congress in the Computer Security Act of 1987 to prepare disaster recovery plans. In a report late last year on information security in 15 agencies, the General Accounting Office cited such common problems as "poor controls over access to sensitive and critical data" and an incomplete and untested disaster recovery plan. In some cases, such problems can preclude an agency from "reasonably ensuring the integrity, confidentiality and availability of critical and sensitive computerized data, such as taxpayer information and federal financial records," the report said.

"I think the government is very similar to the commercial [sector]," said Greg Brown, recovery solutions executive for IBM Business Recovery Solutions in Washington. Some organizations place a high priority on disaster recovery; others "think it's a good idea but say they don't have the time; and still others say, 'I've been fine up to now, [and] I don't want to think about it,'" he said.

Security and year 2000 issues have also bogged down planning efforts, he said. "The government is not willing very often to go to a vendor and put its classified data on the vendor's machine," he said. Instead, classified data goes to another government vault, he said.

In addition, the year 2000 software problem "is now grabbing the lion's share of everybody's budget," he noted. "It has been a previous policy that the government will never purchase insurance, and the disaster recovery industry has always been compared to the insurance industry," added Mike Braham, director of CommGuard Services for Bell Atlantic Federal Systems, Washington.

This reluctance is reflected in the marketplace. The three largest full-service providers, IBM, Comdisco and SunGard, say government work is a very small part of their business. Comdisco Continuity Services has enjoyed the edge as the sole source for services under the current FEDSIM contract.

"We've got about 50 different customers covered under that contract," said Diane Laux, the company's corporate communications manager. With about a year to go on the contract, "we expect to expand services with some of those customers and bring on new customers as well," she said.

Comdisco is contending with IBM and SunGard for the rebid contract, which has been enlarged to include up to three vendors, said David Krohmal, FEDSIM program manager. The new contract also will provide continuity services for virtually all platforms, said Krohmal, noting that it had previously been focused on the mainframe environment. It will cover local area networks and wide area networks, planning and consulting services and provide business resumption facilities in highly populated areas and mobile recovery capability, he said.

"We've come a long way in the past five years and are much better prepared," Krohmal noted. "The challenge now is to keep up with technology," he said, adding that the GAO findings may have been related to shortfalls tied to the growth of midrange computers and LANs and WANs, which were not covered under the last contract. Krohmal added that there had been several alerts but no disaster declarations in the past five years.

Bell Atlantic photo Mike Braham, director, CommGuard Services for Bell Atlantic Federal Systems

Invariably, agencies "would have to go out and individually research, investigate and then try to singularly procure all those different solutions," said Braham. It is being offered under the company's Telecommunications Modernization Project, or Tempo, contract with the U.S. Department of Defense and Washington Interagency Telecommunications Systems contract. Parts of Commguard are also offered on the company's General Services Administration schedule.

Smaller companies offering specialized services are also vying for government business. The government provides less than 10 percent of Ontrack's business, said Nancy Riley, corporate security officer at Ontrack, the drive recovery specialists. "It's not a huge part of our business but one we obviously want to expand. It's just that we haven't quite found the right vehicle to do so yet," she said. "We have done work for all the military branches [and] federal law enforcement, especially in our forensics program," she said. The company addresses the government market directly, through its GSA schedule and by working with large integrators. Ontrack has teamed with IBM Business Recovery Services among others.

CyberMedia photo Geoffrey Stilley, vice president, government sales for CyberMedia

CyberMedia launched a major effort this summer to provide its products, which are already widely available in the commercial market, to the government. The company offers off-the-shelf solutions, such as First Aid 98, which proactively fixes Microsoft Windows problems. The company ran a special called the Federal PC Companion Kit that bundled together CyberMedia's First Aid, Uninstaller, and Oil Change with Micro-Scope diagnostic tool, from Micro 2000 of Glendale, Calif., "just to let the market know they were there," said Geoffrey Stilley, vice president of government sales.

In July, the company signed a deal with the Defense Logistics Agency to provide about 43,000 copies of First Aid, said Stilley. Available through the GSA schedule and from government resellers, such as Government Technology Services Inc. of Chantilly, Va., the company has agreements pending with other companies, including BTG Inc. of Fairfax, Va., and is looking to work with prime contractors.