Trouble in paradise

The recent Business Continuity Forum proved to be more than just another conference, as regional security specialists and end users argued about how to ensure their businesses survived disasters like last year's Gonu. Imthishan Giado reports.

  • E-Mail
By  Imthishan Giado Published  December 3, 2007

"There's a famous saying in the Swiss banking community: the most secure bank is one which is not connected to the outside, has no doors, doesn't have customers and is at the bottom of the ocean. That's the safest place to be - when you're not doing business," according to Dr Hannes Lubich, BT's head of security practice for EMEA.

Lubich was speaking at the recent Middle East Business Continuity Forum on the importance of having a proper business continuity plan in place in addition to a comprehensive disaster recovery site to deal with system outages. The conference, endorsed by the Business Continuity Institute, drew delegates from companies across the region in a variety of sectors, some looking for information about business continuity, others looking to see how their firm's systems compared to those used by the competition in the field.

revention costs a lot of money, and if nothing happens, you cannot prove that that was because of the money you spent, because nothing may have happened anyway.

A brief survey of the attendees revealed that surprisingly few had adopted business continuity, which is especially interesting in the wake of Cyclone Gonu last year. Lubich believes part of the problem is the negativity associated with the subject.

"People don't like it, because it's always something to do with disasters. Prevention costs a lot of money, and if nothing happens, you cannot prove that that was because of the money you spent, because nothing may have happened anyway. You could also spend a lot of money on prevention and something may happen, which is even worse," he explains.

Lubich suggests a baseline set of defences for those new to the concept:" The basic steps are that they have to take stock of all the risks they have now, all the technical and organisational counter measures that they have in place and do a gap analysis of what they think the biggest risks will be and how they are going to deal with them. Even if they are under attack, they will still have to provide services and clean up which is a hidden process to the client."

As the conference progressed, it became apparent that some sectors were better prepared than others. In particular, most of the attending financial institutions had documented business continuity plans in place to cover a variety of scenarios while conversely, government and energy seemed to be still at the starting blocks. Rajib Bose, quality compliance officer at ENOC, explains the reasons for the disparity.

"Today, it appears that banks are far more ahead. If they are, it's only because of compliance. We do not really have continuity in that sense as a compliance requirement. We are not self-led, neither are they self-led," he says.

Lubich agrees, saying that the laws which force sectors such as healthcare, banking, insurance and finance are international, not local: "If they are a bank and want to be part of the international banking system, they have to comply to Basel II, like it or not."

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code