No time for complacency

Senior security infrastructure consultant explains the various resiliency layers that need to be addressed when designing a business continuity and disaster recovery strategy.

  • E-Mail
By  Greg Kelaart-Courtney Published  September 22, 2005

In the fast paced 21st century modern mercantile practices have evolved to a point that, in order to remain competitive, enterprises have to ensure their IT infrastructures and daily commercial environments perform 24x7x365. Natural disasters such as the Tsunami, which wreaked havoc across South East Asia and hurricane Katrina, which in just a few days managed to cause over US$16billion in damages, demand robust disaster recovery (DR) strategies. In order to protect corporate assets, businesses need to get serious about risk mitigation and resilience planning. The time has come for enterprises to develop business continuity and disaster recovery (BC&DR) strategies. There are several ‘resiliency layers’ that need to be addressed when looking at designing a BC&DR strategy. For instance, a business strategy is a roadmap for achieving corporate goals, and since resiliency protects an enterprise’s ability to meet these objectives regardless of the anticipated and unexpected events, logic dictates that it must become a major component of that plan. Organisational considerations play an important role in achieving business resiliency. The resiliency plan should concentrate on both the business and IT processes that are vital for corporations. Creating and sustaining processes that support resilient business operations and infrastructures require identification of the minimum required process functionality during disruptive events. Data and applications are crucial in today’s marketplace. The ability to constantly provide reliable information is critical for enterprises. Rather than being aligned only with technology, data and applications are now tightly linked to business processes. Technology plays an essential role in building a resilient business. Since a significant portion of most business budgets is earmarked for building the IT infrastructure, it is prudent to align these investments with an enterprise’s objectives. Facilities and security are also an important part of the disaster recovery equation. When examining the resiliency level of a corporation’s facilities, environmental considerations, geographical locations and dispersion, levels of security access to the facilities, both physical and logical security and power protection plans, should be taken into consideration. Only then will corporations achieve the desired results. Futhermore, when developing a BC&DR environment, enterprises need to consider the nature of their business. They should also assess their vulnerabilities. This will help them survive and stay competitive in challenging and uncertain times. Corporations should also determine the level of resilience they need. Risks should be assessed and potential business impacts determined. The understanding of potential loss of business value associated with IT infrastructure readiness is a mandatory element of any analysis. In addition, enterprises should balance the associated costs, budget and level of optimum availability they can afford. Once an organisation has performed the risk assessment of key business areas, it should determine the types and levels of risk tolerance and identify the mitigation measures that are affordable. It is vital to balance costs with business risks. Any design of highly available or resilient networks should incorporate the minimisation of downtime associated with anticipated or unexpected disruptions. As commercial demands change, a company’s vulnerability points change as well; hence a BC&DR plan must be viewed as a continuum and not a single, static initiative. How a business operates within that continuum and uses selected tools, products or concepts, will differ. Every component of the BC&DR plan should be tested periodically through simulation of various business stress scenarios to ensure all the processes are working together, the people involved are familiar with the processes and the technology can support the back-up plan. It is also important to control and monitor resiliency process against the environment and market demands. The objective of a business resilience plan is to define, document and test the enterprise and the actions put in place prior to, during and after a stress condition to ensure acceptable continuity of operations. Continuous monitoring ensures the implementation satisfies the targeted objectives. In today’s competitive marketplace, the enterprise wide vision for resiliency is imperative for a corporation’s success. Businesses cannot afford to be ill prepared for unexpected events and they must develop a strategy to respond rapidly to disruptions. Demands, risks and opportunities abound, ranging from market fluctuations to employee error and misconduct to earthquakes and terrorism. Disruptions can be catastrophic and can lead to loss of market opportunities, degraded brand and reputation, loss of customers and decline in shareholder value. Building a vision for resiliency begins with the recognition and understanding of the infrastructure vulnerabilities organisations face, and an analysis of the potential impact of those vulnerabilities on their business. It includes a holistic assessment of the various working layers: strategy, organisation, processes, applications, data, technology and security. A resiliency plan should be tailored to the enterprise’s industry-specific business elements and processes, existing infrastructure, current and desired business models, competition and budget constraints among other factors. A successful resiliency plan balances the associated costs, budget and optimal level of availability with affordability. Migration to a resilient infrastructure is no longer viewed as an “insurance” measure but a continuous, proactive process in gaining or sustaining advantage over the competition. A resilient infrastructure can proactively mitigate and manage key business risks to enable your organisation to capture market opportunities.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code