Nour Shurbaji, Solutions Engineer, DSAT (Dell Synergy Acceleration Team), EMEA, VMware
Hamlet was not a CIO (Chief Information Officer), but “If it be not now, yet it will come the readiness is all” sums up the approach we recommend to companies in terms of disaster preparedness. Preparing for a disaster is the best way to limit its consequences. Ideally, decision-makers should plan and test their response and recovery procedures before a major accident occurs and impedes their operations and ultimately their organization’s revenues.
Disaster preparedness is now a widespread practice for businesses. For a long time, it was seen as a luxury, but it is becoming a necessity. However, the entire scope of this activity is not always well known. A good BCP (Business Continuity Plan) encompasses people, information technology, processes and much more.
Here is a summary of why business continuity is an important topic, the three main pillars on which it is based and the assets it must protect.
Why is business continuity important?
Business continuity is critical to companies for two reasons.
1 – Revenue
A company exists to create value for its shareholders, which is achieved by performing activities that provide a service to a customer for a fee. If activities are interrupted, the revenue from those activities will inevitably be affected.
2 – Brand and reputation
A sudden and persistent interruption of operations, even if resolved, can impact the business of customers and thus the reputation of the company. If the interruption becomes public knowledge, the brand’s image of a reliable one is at stake.
What are the three pillars of business continuity?
Disaster recovery is a critical, but not sufficient, component of a comprehensive approach to business continuity. A relevant approach must include three pillars of thought:
- Contingency: how do you prevent a disaster from occurring?
- Resiliency: If a disaster does occur, how do I ensure my business is not affected?
- Recovery: If a disaster occurs and affects my business, how can I effectively restart my business?
What assets should IT (Information Technology) managers protect?
Regardless of the type of business, there are three IT assets that are particularly important to consider when forming an effective continuity plan.
In the context of IT, a service is a digital application or process that serves a purpose for multiple users who may be external, such as customers, or internal, such as employees. Let us take the example of an e-commerce website. The website is an essential service that must remain available because it is the means for customers to purchase items. If any of the components such as storage, computing, networking, or power resources that allow the website to function fail, the website will be unavailable, and the company will lose revenue.
Data can be internal to the company or external, such as customer data. Data classification is a topic in itself. Data can be classified based on confidentiality, risk, retention requirements, value, and many other parameters. In any organization, there are several classes of data that are valuable to the business and need to be protected.
In the event of an incident, data can be lost, stolen, encrypted or corrupted. Organizations, such as financial institutions, for example, spend significant budgets on tools that help them protect their data and mitigate all the risks mentioned.
While services and data may be perfectly available, access to them might not be possible – IT managers must also consider accessibility when planning for business continuity.
One of the most significant risks to accessibility is a DDoS (Denial of Serice) attack. For example, in 2014, six U.S (UNITED STATES), banks were hit on the same day by DDoS attacks and some of their online banking sites went down.
In future articles, we will discuss all these concepts in more detail and match the required capacities to the most traditional vendor solutions. We will discuss preliminary business impact analyses, the exact role of contingency and its importance, and key capacities that improve resiliency to culminate in how to optimize a business continuity plan.