The quiet revolution – a new job spec for the business continuity professional

The technological revolution has occurred gradually to the point that many top managers don’t realise how dependent their organisations have become on electronic information. Those responsible for business continuity therefore need a change in their job description to support this evolving business environment. Keith Tilley, UK managing director at SunGard Availability Services, explains why.

Today, information equals competitive advantage. But do you know exactly where all that information is? A few years ago, this was an easy question to answer – all mission critical information was stored on a single mainframe server out of harm’s way. These days, that same information is stored in disparate repositories – next year’s business plan might be saved on the managing director’s laptop, whilst your sales director’s list of leads is held on his PDA, and customer transactions are managed through the website.

As the pace and sophistication of modern enterprise increases, users need and expect continuous access to critical information in real time. Indeed, modern business revolves around that expectation. This now makes the job of the business continuity professional fundamentally different. The challenge goes beyond protecting data to managing information and keeping everybody in the organisation connected with what they need at all times – no matter what happens.

This need for keeping people and information connected – otherwise known as information availability – is emerging as the next key challenge in business continuity planning, as people without information is as useless as information without people.

Local failures can cause global disaster
More and more information in an organisation is becoming cross-linked. Consider, for example, enterprise-wide systems. Before they came along, we had a loose network of systems, few of which could talk to each other, with widespread redundancies and other inefficiencies. Now we have tightly integrated systems that allow information to be entered in one place and then accessed throughout the organisation.

But this integration also creates interdependence. The smallest glitch in the system can affect everyone. One failure can bring down an entire system and cost millions of dollars in lost revenues.

Information is now dispersed throughout the organisation – sent to and gathered from desktop PCs, laptops, mobiles and PDAs, virtually everywhere. The more points of exposure, the greater the risk that the entire system will fail. SunGard uses a shorthand called the ‘20/20 rule’ to illustrate this multiplying effect of technology and the vulnerability that it creates: If we have 20 more servers used by 20 more people, we’ve created 400 new points of exposure in our systems.

Downtime is not an option
As we have already established, a decade ago a business only had one or two mission critical applications which were resident on the mainframe. Advances in technology have changed that. Now there are many more critical applications required by a growing number of people in an ever-decreasing amount of time.

CRM, e-commerce and customer order entry systems are just a few of these. As companies adopt more of these applications, disaster recovery must be measured not in weeks or days, but in minutes or seconds. For the business continuity professional, information availability must be seamless and transparent – even when disaster strikes.

Disaster evolution
Two decades ago, when everything worth protecting resided on the mainframe, the biggest threat to your information was a natural disaster – a fire, a flood, a lightning strike. That was relatively simple to protect against. You’d make backup tapes and ship them offsite. In the event of a disaster, you’d send the backup tapes and a recovery team to a redundant facility or hotsite, and you’d recover.

With today’s distributed systems, however, the definition of ‘disaster’ is far broader. Now we have to prepare for telecommunications outages, computer viruses, hacker attacks, terrorism, sabotage and power interruptions. The UK, US Sweden, Denmark and Italy have all been affected by major power outages over the past couple of months – and this risk is only likely to increase over the coming winter months.

It is a basic rule of engineering that as systems become more complex, so do the opportunities for failure and unforeseen consequences. And as information becomes more distributed, the risks of failure multiply even further.

And while hardware failures can be more catastrophic to a business than any fire, flood or hurricane, they’re unlikely to make the evening news, which is also a potential problem. If your factory is under 10 feet of water, suppliers and customers might give you the benefit of the doubt while you get back on your feet. They’re going to be a lot less understanding if you tell them your system crashed.

The big change
What this all means is that the person charged with protecting the organisation’s information assets – the business continuity professional – will have to change the way he or she works.

It is no longer a reactive job, but a proactive one – we must identify new threats before they become a disaster. As recovery must now be instantaneous and transparent, the goal posts move from getting the business back up and running after the event to keeping it running at all times, no matter what happens.

It is the business continuity professional’s responsibility to drive this message home to top management and ensure the necessary resources are made available to meet this new challenge.

For more information about SunGard Availability Services tel 0800 142 413, e-mail infoavail@sungard.com or visit www.availability.sungard.com

•Date: 10th October 2003 •Region: Worldwide •Type: Article •Topic: BC general
Rate this article or make a comment - click here