St. Patrick’s Day and every day: it’s better to be prepared than lucky

  • Relying on luck is never enough when it comes to protecting your business.

  • Refining your business continuity plan and building upon what you learn will make it better.

  • Being able to tap into personal experiences can be useful in identifying flaws.

With March upon us, it brings thoughts of St. Patrick’s Day and the luck of the Irish.

But for those of us charged with managing and running tech, counting on luck doesn’t compute given the frequency of cyberattacks and increased demands on resources.

“The more I practice, the luckier I get.” Gary Player, golfing great

It takes both practice and a diverse view to address the business continuity needs of today, as the very definition of foundational terms — like work location, services, and support — are changing. Diversity of perspective is a critical component of any kind of timely response plan.

The concept of organizational business continuity needs to be reassessed in a world of high levels of automation, contracting for services, and reduced latency.

How organizations define security has also changed. Once focused almost entirely on data, strong security plans take a more comprehensive view. Enterprises effective at security today weigh risk, confidentiality, integrity, authentication, and availability. They practice resiliency and recovery to cover their bases.

It reminds me of a time when I was coordinating a business continuity evaluation of an automotive services company. We noticed that their business continuity data center was located below a dam in an earthquake zone that had annual brush fires nearby. Their view was that they never had a problem.

Hopefully, you’ll recognize with even a cursory review that it was a problematic design. Yet, the company believed it was fine for their needs. A more diverse view was required.

“Aren’t I lucky to have survived so much bad luck.”– Ashleigh Brilliant, author and cartoonist

In today’s environment, business impact analysis is becoming ever more technical, and the interconnection between environmental factors is becoming more complex. We tend not to think about it, but the unpredictable and the unthinkable happens.

Mission-critical IT systems require mission-critical protection, no matter the platform or supplier that may be operating the underlying hardware. It is not just a matter of the systems, but the network connections and the integrated applications and services that are important. No one cares if the lights are flashing and the disks are spinning if the end-to-end transactions can’t take place.

Recovery failures take place even for organizations that plan and test their disaster recovery plans on a regular basis. It is not a lack of preparedness that catches organizations off guard, but a lack of imagination about what can really go wrong. Some of the big problems I recall are:

  • When the accident at Three Mile Island nuclear power plant took place, a large service provider had a data center downwind. What do you do when the National Guard comes in and tells you to drop everything and leave? You can’t get tapes. You can’t start batch jobs. You just have to leave.
  • During Hurricane Katrina, a service provider’s data center was physically okay, but there was no power, and the off-site backup was underwater. Someone had to fly into the data center and get the latest information (while the backup power was still on) and move it somewhere else for the processing to be performed. A different view on geographic diversity was needed.
  • And let’s not forget that during the Fukushima nuclear accident, it was not that the plant didn’t have sufficient backup cooling to handle the power loss from the earthquake, but that the pumps in basement were flooded by the tsunami. Sometimes, it may not just be one disaster you need to deal with.

Being able to tap into personal experiences — your own and those of your peers — can be useful in pointing out these kinds of flaws.

After all, it’s better to anticipate than to rely on luck.

See how AT&T Network Security Services can help you be prepared.

 

Charles Bess is a retired VP and Fellow from HP. He a communicator, team builder, architect, and pioneer – typically knowing where the explorers have gone and identifying the best path for others to follow.  All of the opinions are his own.  AT&T sponsored this blog post.

Charlie Bess IT Consultant Sponsored Post About Charlie