Business continuity, disaster recovery, cyber resilience, is the cloud the best way to go?

Introduction

For any business the idea that if something fails then the whole business falls apart has been a part of business since the early 1970’s.    it is still prevalent in most businesses.   Yes they will have plans in place, business continuity and disaster recovery for a start, well at least they should have.

Most businesses today consider DR and BC as a major inconvenience much less something to invest hard earned cash in – that is until something goes wrong.   Then there is so much soul searching that by the end of the problem it is now front and centre of the business mind.

It doesn’t take much to shatter the myth of “it won’t happen to me” just by having the scare is enough to get managers, owners and C level executives to think about the problem.

Our job is to have them think about it BEFORE it happens.

Business continuity

Business continuity is the plan that makes sure that the business is able to function as a business no matter what the situation.   It is a case of planning and risk management.   It is making sure that cash flow is covered with as many what ifs that no matter what happens, except monumental situations – alien invasions and life ending predictions – which there is a one in a billion chance of happening.

Apart from that a BC plan has it all factored in.   Flood, fire, virus, cyber attack all included.

Disaster recovery

Disaster recovery is the actual process of achieving business continuity.   The plan calls for a spare hardware, software, connections, power phones and the like.   They know where the spares are and what the contingency plan is to achieve that BC line.

A DR plan is the process itself.   The check list to get the underlying infrastructure back to a working condition as fast as possible.

Resilience

Business resilient is a lot harder.   It is not a ‘follow this and you will achieve resilience’ type of process.   A resilient business does not have only the BC and DR plans in place but it also has the cultural awareness to achieve a lot more within the business.

Resilience is all about achieving business nirvana.    That situation where you know that everything is in hand and that new opportunity is achievable because not only has the competition not seen it, but if they had they would not have been able to do anything about it.    It is a very unique situation to be in for a business and usually only about 1% of businesses achieve that capability.   If you are the 1% the that is good if not you should be aiming for it.

Why the cloud

All of this talk of cloud based this and cloud based that makes the application of BC, DR and resilience really important to management and owners.    Any cloud based systems has already freed up substantial capital and moved a large part of capital expense into operational costs.   For a business this is good, but all of the old plans have to be adapted to protect the business information.

Cloud strategies can create large savings.   They can also create major problems for a business.   Once again it is a case of buyer beware.   As a client you need to ensure that all components fit YOUR requirements.  If they do not what are the critical requirements of going to a cloud based system.

Is there a better way

In today’s world you have to way up the benefits of both cloud based and on site requirements.    Most businesses still have a requirement to keep critical or business essential information under strict control.   That can only be achieved with on site locations, but there are also other factors that need to be looked at.

Compliance requirements is also a major driving force with adoption of the cloud strategy.   It is very hard to incorporate high end compliance requirements into a cloud strategy if you do not know the actual location of your data.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.

Leave a Reply