Agriculture and animal farming in particular have as much a need for business continuity as any other sector. Animal farmers deal with larger volumes of cattle, sheep or other livestock, whereas factories or other non-agricultural businesses are usually more concerned with teams or departments staffed by people. Yet when it comes to preparing for and dealing with natural disasters, these different types of enterprise may have more in common than you thought. The following quote from the film ‘Men in Black’ gives a hint about what’s going on.
The answer to this question depends on how fast you want your data back and how much time and effort you are prepared to spend. If your data is both mission and time critical, then full, frequent backups possibly with mirrored systems for immediate restore or failover may be the only solution. Financial trading organisations, large volume e-commerce sites and hospital emergency wards are examples. Other users who do not want to or cannot go down this route will be faced with more basic options.
Some enterprises are attracted by the potential advantages of the cloud for disaster recovery and business continuity. However, they fear the possibility of information being spied on, stolen or hacked after it leaves their own physical premises. A little lateral thinking suggests another possible solution. Instead of moving outside a company firewall to use cloud possibilities, how about implementing cloud functionality inside the firewall? A number of vendors now offer private cloud solutions and they have some customers whose identity may surprise you.
As cloud computing develops and providers multiply their data centres, physical location of data has become an important issue for many organisations. Their goal has often been to prevent storage of confidential data outside their national boundaries. The risk of a data breach is considered to be too great, especially in the wake of the Snowden revelations and CSA snooping saga. In some industries such as medical or financial, regulations may simply prohibit the use of data storage facilities abroad. Yet one national government is taking the opposite approach and making foreign facilities a part of its disaster recovery plan.
All business in a competitive market is risk-based, whether or not enterprises admit it. Positive risk indicates opportunities. Negative risk points to the need to take measures to avoid, transfer or mitigate that risk. Banks are a case in point, with risk analysis at the heart of their daily activities as they continually calculate the probabilities of profitability in investments and loans. For enterprises in other sectors, risk may be less in the spotlight, but no less important. All companies need good disaster recovery and business continuity management for instance. Both depend on properly assessing risks and their impact. So how can you tell if senior management is taking risk management seriously?
There are times when you wish you could undo what you just did. Sometimes, you can’t. Financial investments, office reorganisations and even that too-hasty email you sent often cannot simply be reversed. With IT on the other hand, it’s a different story. From individual PCs to corporate data centres, the ‘Undo’ function has become a standard feature of many computing systems for making errors and problems disappear. As little as one mouse click may be enough to turn back the hands of time and begin again as though a mistake had never been made. But is this disaster recovery capability the magical solution it is often made out to be?
People who manage a functional department or a business process may find it tough to set recovery objectives for what they manage so devotedly, day in and day out. That does not necessarily mean that they are not objective. Instead, they may not know how critical their part of the business is to the rest of the organisation. Without a measuring stick, they cannot confidently make recommendations or requests about suitable recovery times. So when the next business continuity planning moment comes along, BC managers may find that they have some handholding and educating to do to bring different organisational units up to speed.
Traditionally, insurance agencies do not reward companies that stay out of trouble. The idea is to split the cost of compensation to a few unfortunate enterprises among the larger number of all enterprises that take out an insurance policy. Compensation is paid according to the nature of the insurance claim presented and the terms of the policy. However, it can only be made if risks can be evaluated and damage calculated. Some aspects such as damage to a company’s brand may be impossible to assess, even if they have a major negative impact. Insureds and insurers try to work with quantifiable factors. But smart enterprises know there is additional leverage to be gained when putting insurance in place.
Infrastructure-as-a-Service is attractive. The idea of tapping into scalable computing, storage and networking resources on a pay-as-you-go basis is mouth-watering to many. Vendors strive to differentiate their offerings, although key defining features are still commodity items such as power, capacity and speed. In theory, that should make it easier for organisations to move freely between all the IaaS options, an important aspect for business continuity. But just how feasible is it to switch from one IaaS installation to another?
Statistics from reputable sources are clear: Symantec of anti-virus software fame found that 73% of organisations it contacted saw higher levels of efficiency as a key advantage. Deloitte, the audit firm, has said that 71% of enterprises are already deploying mobile apps. That means opportunity for faster sales reactions, improved productivity and even lower operating costs if employees use their own tablets or smartphones. But it also means greater risk to company data now stored on devices that can more easily be lost or stolen, or that can simply be removed if their owners leave the organisation to work elsewhere. These potential security holes need to be plugged.
They say that information drives business. Actually, it’s electricity. Your data will most likely be useless if you have no power. On the other hand, if you can turn the lights on, you can start working, one way or another. But now in a kind of millennial Mobius loop, information is also increasingly driving power distribution. Smart grids are a case in point. The benefits are in higher power transmission efficiency, reduced costs, better peak load handling and better integration of customer-owned generating systems. The risk is in the network security.
To customers, the cloud often seems like an ideally flexible application and data storage solution. On the other hand, starting as a cloud provider often requires very deep pockets. As a result, not every provider stays the course. And if under-capitalisation doesn’t kill a provider off, there is always the danger of a marketing failure that persuades backers to pull the plug. The irony of the situation is that many customers want to make their cloud provider a strategic part of their disaster planning. However, customers must then also extend their plan to include the possibility that the provider itself is the disaster.
If you haven’t yet met cross site scripting or XSS for short, it’s probably only a matter of time. And if your enterprise is running a web site that allows users to enter data, for example as search terms, consider XSS as a threat to be tackled now, not later. The short version of what XSS does is this: it uses vulnerabilities in a web application (such as a dynamic website) to let an attacker send malicious content via the application to another end-user victim. What can web application owners do to stop it?
Online giant Google raised eyebrows recently when it stated that it was starting up two billion containers a week in its computing infrastructure. But the type of containers the company was talking about were logical instances inside its computers, not the mammoth steel boxes that are shipped by truck, rail and ship. Google’s containers are its solution to an issue concerning conventional server virtualisation, which involves more overhead than the provider is prepared to accept. A new development in IT, its new ‘lightweight virtualisation’ may be attractive to other organisations too. Yet, in certain circumstances, a real steel container may also hold the solution for business continuity.
Would you put all your investment into shares in just one company? Or into just one piece of property? Or even just into gold? While people are free to put their money where they please, many financial investors have identified diversification of investment as a better solution. Similarly, in business continuity the right mix of safer measures with lower returns and more innovative strategies with higher returns can optimise resilience without requiring unduly heavy expenditure (which in itself could threaten business continuity). This portfolio approach requires a certain attitude and tools, but can pay dividends.