Of the 32 types of storage ownership costs, number 30 is probably the most discussed, and has the most effort extended toward this cost category. #30 is the cost of risk associated with a catastrophic outage or disaster.

Describing this storage TCO element is easy: Companies that do not have a disaster recovery or business continuity plan (documented, tested, verified) are running with a rated risk of business outage or disruption. This risk, whether real, predicted or ignored represents a real cost to the business. Determining the cost of the risk is an important factor in considering different storage architectures.

My good friend Dennis Wenk has written several papers on disaster risk and the cost of risk, speaks at events on this topic, and performs risk assessment workshop for customers. See a sample paper here.  Several years ago he shared with me some work on Annualized Loss Expectancy (ALE), and the concept that various events or catastrophes have a probability of occurrance, and cost of occurrance.

The cost of Risk = Threat x Vulnerability x Expected Loss

When summarized, every IT shop can calculate the ALE based on geography, architecture, provisions etc. This ALE becomes a cost number that should be factored into storage plans, architectures and TCO.

Dennis shared with me this graphic, that helps to illustrate the point of ALE.

When comparing 2 or more different architectures, looking beyond the purchase price is essential.  When looking to factor in the cost of resiliency, cheaper-to-buy-solutions may not have the same recovery rate or tolerance to more expensive systems. The actions or investment needed to reduce the cost of risk can be done by:

• Create a formal DR/BC plan and provisions that include frequent tests, reviews
• Define intermediate plans for on-site (local) recoverability or in-area recovery
• LD circuits, replication mechanisms, secondary hosts and storage

Trackback URI | Comments RSS