Business Risks and the New Resiliency: More Than Just Recovery?
Business risks are on the rise. As noted by a recent IBM white paper, while cloud computing, mobile devices and the Internet of Things (IoT) are “making us more productive, flexible, connected and responsive,” dependence on 24/7 availability also increases total corporate risk. As a result, companies are beginning to shift away from defining their business resiliency by recovery alone.
In a world of always-on threats, here’s a look at the evolution of business continuity efforts.
Risk Is Your Business
You can’t avoid it, and it’s best not to ignore it: the risk presented by technology advancements and the rise of a tech-savvy workforce. For example, IT Pro Portal notes that mobile security risks are growing, with less than half of survey respondents using a mobile device management strategy and 67 percent having already experienced a mobile data breach.
Consider the Internet of Things (IoT): According to the Wall Street Journal, just 34 percent of companies said they could accurately track the number of IoT devices on their network and only 30 percent believed they were prepared for the security risks associated with the huge uptick in always-connected devices.
Beyond specific technologies, user behavior represents a potential failure point. A recent RCRWireless piece discusses the risk of major sporting events such as the Olympics, which cause employees to be more active on social media and therefore increase their chances of clicking a malicious link. Twenty-three percent of fans watching the Olympics were business users, and during the games the likelihood of these users leveraging “risky social media apps” more than tripled.
Managing Modern Maladies
How do companies handle this influx of risk? Two decades ago, the answer was simple: daily backups and recovery as needed. This approach was sufficient since businesses experienced a modicum of “downtime” each day, where IT professionals could identify security issues, repair the damage with backups if required and ensure customers were never affected by the outcome.
Today, this simply isn’t practical, since C-suites and clients alike demand 24/7 uptime, availability and security — forcing IT departments to fix on the fly and significantly reduce the value of “canned” disaster recovery (DR) solutions. Now, research shows that about 40 percent of companies have activated their DR plans in the last two years, and over a six-month listening period IBM heard more than 99,000 social media discussions about the need for business continuity. How do companies make the transition away from static backups to adaptable services that address emerging business risk?
Plan to Protect
The shortest path to better protection? Most IT professionals say the cloud. It’s scalable, agile and easy to failover as required. But it’s not a catch-all. As noted by a recent cloud resiliency white paper, “systems recovery across multiple cloud service providers and locations requires high level integration skills” — and because most companies now rely on diverse vendors to supply a unique cloud environment, it’s easy to get bogged down in the details while high-level continuity suffers.
The solution? A structured approach that depends on strategy over serendipity; as noted by IBM, this remains challenging with just 17 percent of organizations leveraging a formal business continuity strategy that is consistently applied. It’s possible to improve the outlook, though, by implementing seven continuity “keys.” These are:
- Securing executive sponsorship for BC projects.
- Conducting an assessment of current resilience solutions.
- Taking the discussion to enterprise level.
- Analyzing need holistically, looking across multiple departments and business locations.
- Identifying key business processes which must be protected by BC.
- Applying a consistent, company-wide approach to continuity.
- Establishing a centralized governance structure.
In effect, this helps to modify cloud resiliency deployments from scattershot to strategic, providing a clear outline of which services are most crucial, how they’ll be brought back up in the event of a disaster or cyberattack and what role cloud providers will specifically take in the recovery effort.
Risk is on the rise. The discussion around resiliency, meanwhile, is shifting away from “if needed” to “on demand.” By embracing both the cloud and continuity best practices, companies can ensure they’re prepared to meet modern-day business risks.