What does it take to get PC or server backups to work properly and bring computers back to operational status? Correctly stored data files are a critical component for most organisations. However, on their own they won’t let you get back to business. You’ll also need the applications that generated those data files and you’ll need the associated configuration and profile information. That includes user and account-specific information and any purpose-built software modules to link your system to others in your enterprise. The smart solution would be to back up all of this information within the same process.
Data encryption should be a good thing for security. When your data is encrypted using today’s encryption standards, other people cannot decode your files or your information. Data at rest encryption (DARE) takes care of the data sitting on hard drives, while data in motion encryption (logically DIME – you read it here first!) ensures that it remains confidential while being transmitted from one point to another. However, like the petard or bomb that blows its user up, encryption can sometimes backfire.
When it comes to singling out sectors that are in the forefront of disaster recovery, finance is often quoted as an example. With so much depending on the ability to recover systems and data rapidly after any incident, major banks were among the first to implement hot failover data centres for instance – as well as being among the only organisations that could afford them. At the other end of the scale, there are those that are particularly ill-equipped to deal with IT disasters. The education sector has been identified as one example, but another group falling short of the levels required could surprise you.
Risk management is one of those areas that are too often “somebody else’s responsibility”. Whether through lack of knowledge or indifference, it gets shunted off somewhere else and replaced with an approach of “it’ll be alright on the night”. Unfortunately, it frequently isn’t. Like business continuity or information security awareness, risk management should ideally be everybody’s business and accepted by each member of an organisation as an individual as well as a collective responsibility. Risk management on a per-project basis can help move the needle in the desired direction.
For many people, IT security is about keeping the bad guys out of the data centre by using firewalls to control external access and anti-malware programs to prevent hackers from infecting servers. That is only half the picture however. The threat that has also been growing comes from people already within the security perimeter of the data centre. They have legitimate access to servers, but are misusing that access either unintentionally or deliberately to take data out. The challenge in resolving this kind of insider threat is that it is typically not a malware attack, but a personal ‘manual’ attack.
If you’re wondering how much risk management should become part of your organisation’s rulebook, you may already be looking around to see who else is doing it. Insurers and bankers are obvious examples, because their businesses are centred on risk calculation, whether in terms of setting insurance premiums or defining credit interest rates. Many insurers are also ready to discuss risk management with potential customers in a variety of different industry sectors. These can range from agriculture and aviation to sports and transportation. However, there are other perhaps unexpected examples that show how far the concept of risk management has spread in general.
Does resilience in your enterprise spring from its senior management as a source of inspiration to all? Or is it perhaps embedded in your organisational culture, lovingly nurtured and developed over the years? Either possibility would be gratifying. However, some recent information suggests that neither is the primary source of resilience. Researchers Sarah Bond and Gillian Shapiro surveyed 835 employees from a cross-section of firms in Britain and found that 90% of those employees considered their resilience to be inherently within themselves; and only 10% thought their organisation provided them with resilience. If this is true more generally, there are some important consequences for any enterprise to consider.
Now that management science has taught us how to quantify so many other things, crisis management is a good candidate for being awarded its own scale of seriousness too. The detail you put into such a scale will depend on how much crises afflict your enterprise. If you are battling a continual stream of problems, your scale may be finer (say, 1 to 10), in order to sort out the life-and-death situations from the nuisances. Otherwise, a high-medium-low system of ranking may be sufficient, as long as there are clear definitions for crises to be categorised correctly. So, how does this work in practice?
‘Agile’ is still a buzzword. That’s quite a feat in today’s high-speed business and technological environments, where concepts date so rapidly. The original ‘Manifesto for Agile Software Development’ appeared in 2001, some 14 years ago. Since then, the word and the concept it labels have been applied to different business areas, including marketing and supply chain operations. Recently, it has also cropped up in the phrase ‘agile recovery’. But is this taking the ‘agile concept’ too far?
By conventional standards, business continuity cannot exceed one hundred percent. Business continuity of less than 100% is obviously possible, although measurements of just how much less may only be approximate. However, if everything is working properly, full business continuity has been achieved. Does it make sense to then talk about ‘fuller than full’ or a business continuity index that is more than 100%?
Most people are visually oriented when it comes to taking in information. They also prefer analogue displays to digital ones. In other words, when it comes to understanding risk as part of business continuity, they like colours and graphics, rather than numbers in a spreadsheet. That makes the risk heat map a popular choice for presenting summary risk information to non-risk experts or senior management. Typically, areas in red on the heat map indicate the biggest risks and areas in green the smallest/most acceptable risks. But does this approach in fact too limited?
The ‘fail faster’ mantra in business has polarised opinion. Some people swear by it, saying that by trying many new ideas rapidly, businesses are more likely to find a good one faster to help them be successful. Other people swear at it. They say that ‘fail faster’ is a hollow fad, irrelevant or worse still dangerous to the way business is done today. Yet others claim that it’s a problem of terminology: the word ‘fail’ is being used in a situation where the real goal is ‘succeed’. With high profile companies like Amazon apparently using a ‘fail faster’ approach to increase market share, business continuity managers need to know whether this approach is good or bad for their own organisations.
No enterprise is immune to bad ideas. Some of them can be spectacularly bad, like deserting loyal customers in order to chase new markets that never materialise, or betting the company on a technology that never actually works. A company can have everything going for it and still get it wrong. The case of Webvan with its e-tailing advantages of lower costs and better services targeting the wrong customer group is just one example. However, this kind of failure is not caused by one bad idea alone, but by one bad idea being accepted and pursued by the organisation overall. In other words, it’s groupthink, a frequent enemy of business continuity.
Let’s suppose you want to fill a position in your organisation by hiring an emergency manager. The role of this person is to coordinate the actions of different services responding to a sizable disaster, to translate strategy into tactics, and to keep senior officials or management informed of the situation and progress towards resolution. So far, so good – except this kind of person, or experience, doesn’t grow on trees. However, it is a role that is needed in many public sector areas, including utilities, health, education, airports and port authorities. You could place an ad asking for candidates, but what do you then need to know to evaluate applications?
Building a lean, mean supply chain machine is the dream of many organisations. On the face of it, lean sounds like a good idea. By streamlining and simplifying processes, and by cutting out flab and wastage, enterprises can boost productivity and profitability, and of course end-customer satisfaction. Just the muscle without the adipose layers is the goal. Companies aim for ever fewer suppliers, fewer product touch points and faster operations. Yet there comes a point where a supply chain starts to look more like a skeleton than a living, evolving business organism. It is at this point that the slightest shock to the system can break it. In other words, the fragility of your supply chain becomes a major risk for your business continuity.