Vendors supplying you with components or services for your infrastructure need to feel confident about working with your organisation. That way they’ll be motivated to give off their best. It could be argued that stressing a vendor with unannounced tests might have a negative impact on their relationship with you. After all, they have a business to run too and your test is a business disruption for them. However, real disasters often arrive unannounced and in order to be realistic tests should be unannounced too. Is there a way out of this conundrum, and if so what is it?
There are statistics, there is business folklore and there are facts about disaster recovery. Some of the statistics quoted may not always be easy to trace back to their source, but it remains a fact that to stay in business, you need to be able to do business. That’s why good disaster recovery planning and management are so important. A recent report from Quorum entitled ‘Disaster Recovery Report Quarter 1 – 2013’ provides an updated point of view. It also quotes a few thought-provoking statistics that should motivate organisations to review and improve their own DR plans and policies.
‘I keep it all in my head’. Or ‘How likely is it that an event occurs that stops my business from operating?’ These are frequently the reactions of small business owners to the idea they should pay more attention to business continuity and disaster recovery. While business continuity often occupies an increasingly large part of an organisation’s attention as the organisation gets bigger, even one-person companies need to have a workable strategy in place. In particular, IT security and backup are aspects are priority items.
Numbers can be useful, but they don’t always tell you everything. Just like business forecasts and other models, it’s wise to include both quantitative and qualitative evaluations of your business efficiency. While quantitative measurements are designed to give hard numbers, qualitative tools can help fill in the gaps where other data are lacking. Qualitative tools can also help to understand why a result may be different to what was expected – or just as importantly, why it’s good and therefore what you need to do to make sure it stays good. How then does business efficiency benefit from both approaches?
Business continuity is a matter of staying competitive as well as operational. With much of current business revolving around computers, that means ensuring that IT resources are effective and efficient. However, the fastest processors and the most recent versions of software do not automatically confer competitive advantage on the companies using them. Indeed, the standard three year cycle to upgrade PCs is considered by some to be a subterfuge by certain IT vendors to keep their sales figures up – PCs, operating systems and popular applications such as spread-sheet software may have useful life expectancies of considerably longer. So what should you upgrade and when?
How do you view Business Continuity? Is it all about avoiding business outages for a given speed of business, or should it also contribute to increasing that speed? After all, if business continuity is designed to move an enterprise away from slowdowns, then logically it should be moving the enterprise towards picking up the pace of planning, forecasting, deciding and executing on those decisions. Whether or not you consider that business continuity should lead the way in accelerating business, sooner or later BC will be involved; if only because competitors will also have speeded up in the meantime.
User IDs and passwords are part of everyday business life and business continuity for many people. You need them to log on to get your email and use other company systems. Often, the easier they are to remember, the easier they are to hack. And cryptic codes often get written down on scraps of paper left next to the computer, defeating the whole object. If your business and its employees have a tough time keeping track of user IDs and passwords, a possible alternative using QR codes is now being mooted. That’s right, the same QR codes that you snap with your smartphone to zip over to websites or launch apps. But will it take off?
Cloud services whether PaaS (platform), SaaS (software), DraaS (disaster recovery) or another ‘as a service’ option are part of the business landscape now. However, in the vast majority of cases, using them means that your data is stored outside your organisation. No matter what the cloud vendor’s reputation, security must be evaluated, confirmed and applied. Here’s a list of ten security questions to help you safeguard your data, your confidentiality and quite possibly your business.
When you’re scouring your neighbourhood to detect possible risks to your organisation, a tool like Google Earth can be a valuable asset. Without leaving your desk you can tour streets and advance street view by street view, pinpoint addresses such as the nearest phone service and electricity providers on your map and spot vulnerabilities – that remote site with no surrounding fence, for example. That’s the good side of Google Earth. However, it also has its limitations and even potential drawbacks. Find out more about these below so that you won’t be caught short.
Organisational risk is in the eye of the beholder. What you see as being the main risks as an innovative small business serving the Melbourne metropolitan area may be very different from the point of view of a multinational corporation with projects all over the world. It’s wise however for both types of organisation to consider different perspectives. They can help reveal risks hitherto ignored or that lurk in the background, ready to increase in importance as conditions change. They also help enterprises to remain flexible in their outlook and more resilient to problems, whether inside or outside the business. Here are a few different takes you might consider.
‘Agile’ is a common buzzword in organisations today. Intuitively, it fits well with the notion of business continuity – an agile enterprise, able to respond iteratively to whatever today’s business conditions or events throw at it. The old concept of long-term corporate planning is light years behind; many businesses don’t know what will happen in five months, let alone five years. But does it make sense to try to define ‘Agile’ further; even with a praiseworthy goal of trying to create a blueprint for ever more effective enterprise resilience? After all, the more you try to nail down ‘Agile’, the less agile you are likely to become. What’s the solution?
Hacking of the IT resources of small and medium businesses is on the increase. The age-old excuse of ‘We have nothing worth hacking’ is no longer valid, although this doesn’t always register with SMBs. Hackers see small businesses as targets of interest for several reasons. Firstly, SMBs are vulnerable. Their security is weak, because of limited budgets and technical staff resources. Secondly, even if they don’t have funds to be stolen (although most SMBs do – anything from a few hundred to a few hundred thousand dollars), they have other riches: customer names, contact details and other data. And thirdly, perhaps the most pernicious: SMBs make good cover for hackers who in reality want to attack other, larger targets.
The ‘new normal’ propounded by management gurus a few years back was that ‘change is the only constant’. Companies, said the gurus, must constantly change, innovate and reinvent themselves in order to remain competitive and successful. They applied their mantra to everything from marketing to manufacturing to supply chain – with varying results. Victories included moves to lean and green manufacturing that saved money and the planet at the same time. Less fortunate changes have included Microsoft Windows 8 and (some time ago) Coca-Cola’s new Coke. Sometimes continuity itself is the best business continuity there is, but how can you tell?
What goes on inside your enterprise is of prime importance for your business continuity management. However, so are the actions and attitudes of vendors on which you rely to run your business. In the same way that you regularly check on BC processes and awareness inside, you should also conduct periodic investigations of key business partners. The first thing to know which vendors should be on the critical list. Essentially, a critical vendor is one on which you are heavily dependent and which cannot easily be replaced in-house or by another vendor. Such a vendor may also have access to confidential information in order to make the relationship work. Let’s suppose you’ve identified such partners. What are your next steps?
While good planning and processes are at the heart of business continuity and disaster recovery, technology can accelerate the benefits as well. We live in an age of cloud computing and smartphones. Both can be used to help an organisation get back on its feet after incidents, or simply ride them out without severe or permanent consequences.