Hi Dad,
Here’s a brief summary of the data insurance idea.
A major and trusted insurer would offer a data insurance product to
businesses offering the following:
– Assessment of the total value of a business’s “data assets” based on their
financials and the weighted relative value of each category of data to the
continuity and ongoing profitability of that business. E.g. customer &
supplier accounts info is the highest priority for most sales/distribution
organisations… while CAD blueprints are hugely important to architectural
and engineering practices. However, the valuation process is simplified by
making revenues/profits the predominant factor in the calculation.
– An insurance policy covering the total value of their data assets
– A business interruption policy that they can claim against in the specific
case of data loss or the partial or complete failure of their Information
Systems.
– Cost-effective data archival software that meets Recovery Point Objectives
(RPO), Recovery Time Objectives (RTO) as specified within the above policies
– Yearly assessment of data asset risk and BC preparedness. This could be
described as a “data risk audit”
– Payment by monthly premium covering all the services, policies &
technologies specified above.
My reasons for thinking that Information Lifecycle Management & Business
Continuity Management (BCM) services should/could be offered to businesses
in this manner are partially explained below. (An extract from my market
analysis document)
————————————————————-
Despite a proliferation of Business Continuity service providers within
Ireland, much of the SME market has yet to embrace their services. The
question we must answer first is why is this the case? Some possible reasons
include:
– Lack of education about BCM and DR services?
– Little awareness of the effects of poor or non-existent DR planning?
– The cost of the service is prohibitive or an incorrect value
proposition has been put forward by service providers?
– The DR/BC service providers are too large/small to understand and
meet customer requirements, both technological and cost?
– The sales channel for DR services is incorrect?
Looking at each of these questions separately it is apparent that many
businesses have no understanding of DR services and little awareness of
existing service providers. Indeed the necessity for DR planning is
underesimated by line executives. In a recent EMC/Roper poll 52% of IT
executives versus 14% of line executives believed that their data was
vulnerable.
This information has been borne out by the preliminary results of our
survey. We have yet to survey a sample size large enough for meaningful
quantitative analysis but the comments of those surveyed have been helpful.
Two of the respondents provide IT services to a small number of SMEs in the
munster region. They stated that most SME’s believe that Disaster Recovery
and BCM involves “having a backup copy of some important files stored
somewhere.”
We fully realise that extensive primary market research will be necessary in
order to determine the viability of our proposed service. To this end, we
are developing a strategic plan for market analysis with SEBIC. This plan
should lead to a substantial revision of this report, both research and
conclusions, in the near future.
However with our current secondary research we feel able to confidently
state the following:
– Reliable information on the BCM & ILM market in Ireland is difficult
to find. There are many anecdotal articles and stories out there about BC/DR
horror stories and recent studies on the poor preparation of SME’s abound.
It is more difficult, however, to determine the actual size and segmentation
of the market as most SMEs are clearly not interested in BCM products as
currently offered & priced.
– The Irish market for BCM and ILM services is clearly underdeveloped
(<29% takeup for BCM services throughout Irish business. SME's are least
prepared, source: EMC/DELL);
– Most SME's are poorly prepared to mitigate against data loss in a
crisis situation. . This is directly and indirectly causing business
interruption and indeed failure; (43% of businesses that suffer major IS
loss fail within 1 year, source: IDC)
– BCM as a product has done little to catch the imaginations of the
small business community in Ireland. It is likely that it should be sold in
a different manner, perhaps as a specific "data insurance" policy offered to
business by a major and trusted insurer.
– Legislative changes and increased awareness should increase interest
in BCM and ILM services in Ireland. Mandatory certified ILM & BCM is a
distinct possibility if data retention, protection and availability laws are
properly enforced.
– Some legislative changes would require small businesses to retain
much more data than is the current practice.
E.g. if we assume that the average small business has around 2 GB of data
then meeting proposed EU legislation requiring storage of all data for a
period of 5 years would produce 6 GB stored on average per year. (ignoring
reduction in storage service costs). However, undstructured data is growing
by over 100% per year in some cases yielding around 25 GB of data stored as
a yearly average over the 5 year period. This represents. In excess of 1100
% increase in the data stored as old data is accumulated and new files are
generated. Even assuming that storage costs halve every 18 months, the cost
is still considerable. Especially considering conventional storage systems
rarely scale uniformly in both storage and price.
– There is already a vast amount of unstructured data stored
throughout Irish SME's. The small IT consultancy organisations that
responded to our queries estimate an average of 2GB of data for medium size
(~50 employee) SMEs. A very rough calculation would predict around 100,000 x
2 GB = 200 TeraBytes (TB) of information stored across Irish SMEs.
—————————————————————————
Talk to you later,
…shane