The Business Continuity Evolution
Disaster recovery has been elevated in importance, evolving from pre-1990, when the focus was on ensuring that IT Systems Management disciplines include protocols to resume IT in the event of a disaster.
In the 1990's, business recovery ruled, where disaster recovery programmes include assurance that end-users will have access to IT systems in the event of a disaster. In the 2000's, the orientation has shifted to business continuity, where organisations recognise that certain business functions require more expeditious resumption time intervals.
Today, there has been a paradigm shift to business resilience. Information Risk Management is a convergence point for disaster recovery, high availability, business continuity, information security and crises management.
"Over the last 12 months, we have seen that business failures are no longer due to technology issues like hardware or network interface failure. Today's failures are due to human error, poor planning or the lack of governance," said Rogers. "It is no longer the fault of technology."
Organisations have realised that they may have disaster recovery sites in place, but staff may not be able to access it in times of disaster. "The problem is that the data centre may run, but the business doesn't, as no one can get to the data centre," he said.
"Disaster recovery colocation may not work, as some organisations treat them like playgrounds where they create a secondary environment, used to try out tweaks and test bits of software. But when disaster strikes, the disaster recovery doesn't work."
"Companies need to keep in mind that technology is only there to serve the business function and business process," said Rogers. "We need to not just look at business or disaster recovery, but the business as a whole, and understand that IT's role is to serve business."
In the future, the new focus will be on smart business reliance, where a predictive engine can detect emerging threat conditions, calculate probability and business impact, and pre-emptively initiate cloud-based migration of client workload.
Building a Resilience Blueprint
When it comes to creating a resilient enterprise, Rogers recommended building a resilient enterprise blueprint, and aligning IT to business.
An analysis of the different risks within an organisation helps it to understand the current state of its environment, enabling it to identify risks and create an appropriate risk strategy. An effective blueprint actually comprises multiple layers of resilience strategies, all based on best-practices guidelines and processes. Where appropriate, these different strategies should work together to successfully address the reach and range of the different risks within the framework layers.
Companies should take a holistic approach to evaluating risk and determining its level of resilience. Evaluate the following for their current and target levels of business resiliency maturity: strategy, people, processes, applications and data, technology and facilities.
Sign up for CIO Asia eNewsletters.