First there was the dedicated, physical server. Then came virtualisation to help organisations mix and match over different servers on their sites. After that came cloud computing with more virtualisation (and multi-tenancy thrown in). However, organisations typically still did their virtualisation between machines in close physical proximity, even if they were using cloud services. Now the next step is to see how well virtual machines and their data can be transferred between racks of machines not just separated by a few feet, but by hundreds of miles – or at least far enough to be out of range of the next tsunami.
How often have you heard the expression ‘no pain, no gain’? These four words sum up the idea that if you are to receive benefits, then you must suffer (or at least make an effort). Alternatively, you could take it to mean that if you don’t make an effort, you can’t expect benefits. An example in the domain of disaster recovery might be ‘if you skip regular data backups (no effort), you’ll fail when your hard disk crashes (no benefit)’. The problem comes when people use chop logic to infer from ‘no pain, no gain’ that ‘if pain, then gain’ is true as well.
Think you know it all when it comes to business continuity? That’s great. Think you can store all that knowledge? Think again. The way most information technology has developed, it’s great for storing information (bunches of related data), but not so hot for knowledge (insights and deeper relationships). There is no shortage of information to define business continuity, list its component parts, describe planning methodologies and offer case studies. You can access that information, transfer it and store it on your PC or mobile computing device. The problem is in storing your understanding of that material, and the model you develop to see them as a connected whole.
Tape data storage just keeps on going. It’s almost like the steam punk of IT, a branch off into a different universe where everybody reads with bigger candles instead electric light bulbs. But it works. In fact, it works well enough for the largest IT vendors to continue pushing the envelope on data storage density on tape and storage and recovery speeds too. However, tape is not disk. You cannot ‘dip into’ tape in the same way you can randomly access a hard drive. And so, for backup and recovery in particular, the virtual tape library was invented to offer advantages of tape and disk altogether. Nevertheless, there are both pros and cons to consider.
Where are the weak points in your organisation and its operations? Where could disasters or criminals do the most damage? Vulnerability testing, as its name suggests, is done to find out where the soft underbelly is. Then protection and security can be suitably reinforced. In a general sense, it can cover everything: from freak weather conditions to power outages, supplier failure and IT disasters. Indeed, the latter category of IT is where vulnerability testing is often the most performed. This is partly because of the critical role of IT throughout many organisations, and partly because IT vulnerability testing is relatively easy to automate. However, even systematic automated testing can’t do it all. So what’s the solution?
As a business continuity manager, CIO or company risk office, you’ve probably already done numerous risk value calculations. In order to make a table to compare risks and their impacts, you might assign percentages or relative scores to risks, and monetary values or relative scores again to impacts. The risk value in each case is then simply “risk X impact”. You get a simple table that allows you to rank risks in order of their risk value and set your priorities accordingly. However, what may be forgotten is that risk calculations can be positive as well as negative.
Disaster recovery planning for your IT installations may use automated procedures for a number of situations. Virtual machines can often be switched or re-started in case of server failure, and network communications can be rerouted without human intervention. For other requirements, people will be involved in getting IT systems up and running properly after an incident. But people do not switch into auto-run modes like a machine. They can be affected by the surprise factor of an IT disaster and by the pressure to bring things back to normal. Five aspects of usability may need to be designed into your DR planning if you want the best chances of a satisfactory recovery.
Forgot your password? Call in-house IT support. They’ll ask you a couple of questions to verify your identity (maybe your date of birth, your favourite colour). Then they’ll reset your password and tell you what it is so that you can go and do that work that’s been piling up. Or so that you can break into that user’s account and from there into more databases and servers – because you weren’t a panicked user at all, but a hacker successfully masquerading as one. What’s the answer to this IT security risk? Harder questions? Passwords that are easier to remember? Or simply taking something out of the equation that shouldn’t have been in there in the first place?
Picture this. A main water pipe bursts and water begins to flood the warehouse, which is also where you happen to be, smartphone in pocket. To avert serious damage and downtime, you need to find the cut-off valve – quickly. At this point, two scenarios are possible. First scenario: you try to find out who can help by calling reception and trying to note the names they suggest and the phone numbers. Second scenario: you access a directory of resources directly from your smartphone, call the person concerned and turn the call into a video call from that person’s desktop so that you can be remotely guided to where the cut-off valve is and how to shut it. How do you get from scenario one to scenario two?
No, there is no typo in the title. In today’s C-level world, CRO can stand for Chief Risk Officer, but can also mean Chief Reputation Officer. By definition, the Chief Risk Officer looks after the governance of significant risks (both menaces and opportunities). The Chief Reputation Officer supervises the management of an organisation’s reputation, brand and communications. Looking after risks and reputation are both vital functions for organisations. The question is whether specific job functions are to be created for one or both of them. The definitive answer will depend on different factors.
Computers are typically robust and reliable. When it comes to doing the same thing over and over again at scheduled times, they leave human beings far behind. That makes IT automation an attractive proposition for many business continuity routines or processes. Where people might forget or botch a data entry because of the monotony of a task, computers remain unaffected. They will check the status of all your branch servers every hour on the hour without fail. They will monitor manufacturing stocks and supply chains and send alerts when any out of bounds situation occurs. What could ever go wrong? Two things at least that human beings still have to help computers sort out.
As seasoned IT professionals and business continuity managers, you’ve probably already done a good few projects. Typically, you start by thinking about what you need to get done and then map out the activities to see how long it will take. Here’s a slight different take on the subject. We start with a fixed time period (12 months) and look at project or process-oriented activities that can help you make the most of it. By planning ahead for the right milestones and routines, you can also contribute to a higher-performance, more robust IT department with less (or no) service outages.