It’s been seven years since Parker, Hudson, Rainer & Dobbs LLP (Parker Hudson) lost more than $3 million due to a five-day business outage caused by a fire. The lesson learned is as fresh as if it were yesterday.
“The day we came back online the partners held a meeting and told me to set up a disaster recovery solution,” recalls Benita Dansby, director of IT at Parker Hudson. “They said, ‘Do what you have to do to get it done.’”
At the time of the fire, Dansby’s only recourse was to wait for clearance to re-enter the building, carry some of the firm’s servers down 15 flights of stairs, and attempt to get them back up and running at another location. If a similar event occurred today, employees would be back in business within four hours, using a Cisco Powered™ Disaster Recovery-as-a-Service (DRaaS) solution provided by Windstream Communications.
“We took one of the worst periods we’ve been through in my IT career and turned it into one of the most efficient,” says Dansby.
The need for compliance
Based in Atlanta with a satellite office in Tallahassee, Florida, Parker Hudson is a boutique law firm serving corporate and commercial clients in practice areas ranging from bankruptcy, commercial finance, litigation, and real estate to tax, dispute resolution, employee benefits, and healthcare. Due to the highly sensitive nature of the material accessed by attorneys, the firm must demonstrate compliance with specific security certification standards, such as the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX), and Statement on Standards for Attestation Engagements (SSAE-16).
“Many law firms our size don’t have separate security officers,” notes Dansby, whose IT team includes one other full-time employee and two contract employees. “I had been considering cloud-based DRaaS for years, but I was never completely comfortable that it would handle our complex security and compliance requirements.”
Immediately following the fire outage in 2008, Dansby established a co-location data replication environment with a recovery time objective (RTO) of 72 hours. Soon afterward came a host of client security audits, ranging from 20 to 300 pages, and an obligation for IT to adhere to all of them.
Switching to cloud
When Dansby learned of Windstream’s DRaaS offering, and discovered that the regulatory compliance was built in, she decided it was time to give the cloud a chance. “Windstream had the certification our clients were requiring and that was huge because not all cloud providers do,” she explains. “They were also able to leverage our existing equipment to connect us to their system.”
Parker Hudson connects to Windstream’s DRaaS through a Multi-Protocol Label Switching (MPLS) connection, providing an extremely secure channel used exclusively for data backup. The company also uses Mimecast, a cloud-based risk management system for email that helps ensure unified messaging is maintained in the event of a failure.
One benefit, says Dansby, is that Windstream’s tiered level of service allows Parker Hudson to differentiate between critical applications and less critical applications, and to prioritize accordingly so that it only pays for the service it needs. For example, the company’s Microsoft Exchange email system and billing system are backed up hourly while document management is backed up every two hours.
Dansby sees the Windstream DRaaS as the first step in transitioning everything to the cloud, including application hosting. Parker Hudson is moving to a new office at the end of 2015 and she expects to be on a cloud-hosted Cisco® phone system before then so that the impact of the move is minimized.
“The fire made us realize there was a chance we could lose everything if we didn’t put a disaster recovery solution in place,” she says. “That started us down this path, but the process of moving to the cloud has been so smooth, it’s opened the door to thinking about possibilities we weren’t even considering before.”