Beyond disaster recovery

Today's business environment is characterised by rapid, unpredictable change and is becoming increasingly important to ensure the continuity of business operations in the event of a disruption. Simply reducing a company's vulnerability to an unexpected disaster is no longer sufficient.

Shifting business models, changing regulatory requirements, new technologies and increasing information security threats compel a business to be responsive and resilient - seamlessly taking advantage of opportunities while mitigating risks.

Business functions are virtually inseparable from the IT that supports them. As daily business operations become increasingly dependent on IT, organisations are planning and implementing resilient infrastructures - infrastructures that are capable of proactively responding to both anticipated and unexpected stresses and strains. These stresses and strains can be both positive and negative in that they may reflect fluctuating market demands, man-made events, component failures and natural disasters.

A good resilience plan can actually help an organisation perform better on a daily basis.

Chamu M'Kombe is country manager for IBM's business continuity and recovery services in SA.

Since business strategy is the roadmap for achieving business goals and objectives, and since resilience protects the ability to reach those goals and objectives regardless of anticipated and unexpected events, logic dictates resilience is a component of, and begins with, strategy.

The best response to the threat of business disruption is to combine several disparate risk management strategies into a single, integrated resilience strategy. This holistic view is required to ensure company-wide protection and maximisation of the organisation's ability to perform under strained circumstances.

Companies need to be proactive and incorporate resilience as part of every new business system and as part of the IT management process. In today's marketplace, a company-wide vision for resilience is imperative for an organisation to gain and sustain its competitive advantage. In addition, building resilience as an everyday component of the company enables a return on IT investments.

An integrated resilience plan can reduce the business impacts of a disruptive event, speed up recovery times and deliver value to the organisation - even if a disaster never strikes. In fact, a good resilience plan can actually help an organisation perform better on a daily basis. It can also help with overall risk management and audit readiness.

Resilience needs are not the same across all industries, or even across companies within a given industry. As a result, the process of becoming a resilient business is highly individualised and the complexity of the task demands a methodical approach.

There are two aspects to the process of becoming a resilient business. The first is to gain an understanding of where the company is today and where it needs to go. Recognise what it is that makes the business successful and build an inventory of prioritised business processes.

The second aspect involves actually transforming the business into one that's truly resilient. This transformation is typically more challenging for companies and having a concrete roadmap for the process is critical. However, many organisations are now appreciating the value of moving to a more structured, scheduled approach to analysing their risk profiles in the face of rapid global changes in business conditions.

The transformation lifecycle begins by identifying the risks that are unique to the organisation, including the risk of natural disasters and any other risks that may interrupt normal business activity. It is important to include opportunities in the assessment - such as sudden spikes in transaction volumes, new acquisitions or mergers, or highly effective marketing campaigns. In addition, identify and prioritise business services, functions or processes according to how finances would be affected if the risks to these areas were realised.

Once a framework has been identified, the following building blocks will provide a solid foundation vital for a successful resilience plan:

* Recovery - the provision for safe, rapid data recovery in the event of a disruption.
* Hardening - the fortification of all or part of an infrastructure to make it less susceptible to natural disaster, employee error or malicious actions.
* Redundancy - the duplication of all or part of the infrastructure to supply active backup service in the event of an unanticipated event.

These building blocks are primarily defensive in nature. They are necessary for protection, but by themselves do little to help improve competitive posture. There are three additional building blocks that help to move a business from a defensive stance to a proactive and competitive position within the marketplace. These include:

* Accessibility - the ability for staff, partners and customers to easily access the infrastructure from anywhere.
* Diversification - the physical distribution of resources and implementation of diverse communication pathways to decrease the probability that a single disaster will incapacitate the organisation.
* Autonomic computing - the inclusion of self-managed hardware and software components in the infrastructure, to provide a resilience solution that is integrated into daily business operations.

Resilience planning is a continuous process. However, by creating and/or modifying business processes and organisational environments that mutually support virtual, flexible and distributed workplaces, a business can increase its preparedness to respond to and recover from unanticipated events.