Business Continuity Reigns: Service Resilience in a Virtual World

AddThis Social Bookmark Button

by Joe Wolke and Michael Croy

For many years, the convergence of business and information technology (IT) has remained a hot topic. Today, business and IT are fully integrated. If the business changes, IT changes. If IT changes, the business changes.

But what does this mean for business continuity and disaster recovery (BC/DR)? It is no longer an afterthought, built on top of the IT infrastructure. Rather, BC/DR is now at the service level, not just at the IT organization level.

An effective BC/DR model for today’s converged infrastructure is called ‘service resilience’ – which incorporates BC/DR into the design of each system, based on the specific needs or requirements of both the business and IT.

As a result, IT leaders need to adopt a methodology built around some key areas. Such a methodology is needed to elevate IT leaders’ approach from traditional disaster recovery and business continuity planning to a more holistic, comprehensive strategy that embraces the concept of service resilience.

Think about it this way – service resilience provides the continuity necessary for IT services to run the business. Technology has become the business. Everyone and everything is wired and tethered to a bigger, faster, more agile, and more complex infrastructure.

Chief information officers and IT leaders recognize these new challenges, but preparation still lags. Meanwhile, the increasingly holistic relationship between IT and business means that technology changes can occur daily. These changes create an environment where events such as mergers, acquisitions, and process changes can threaten business continuity just as much as a devastating event can.

Resilience in the Age of Transformation

Mission-critical applications are important to focus on when resiliency planning because applications now drive business processes and ultimately business functions. Applying that concept at a broader level, the implementation of any new technology — applications included—requires planning not only to understand what it can do for your business but also to recognize how the business can become dependent on IT, and therefore, can be crippled should it fail or be turned off.

Imagine something as simple as implementing a new set of servers with increased capabilities. The benefits would prove plentiful. However, in order to mitigate the associated risks, IT organizations introducing new technology must anticipate and scrutinize potential resilience issues by asking themselves six important questions:

1. Is my infrastructure able to meet the resiliency requirements of every application?

2. Are all my supporting services, including backup and recovery capabilities, in place to support my new environment?

3. How will my new capabilities impact business and service resiliency?

4. Is my environment implemented and utilized correctly to best support the business?

5. Are my applications keeping up with the infrastructure and vice-versa?

6. Are my data and IT assets optimized?  For example, can the local business support the global regions when a crisis hits?

The Cloud Conundrum

Cloud computing raises new questions and answers. In virtualized environments, it seems that the business by nature becomes more resilient. But many new questions arise.

As with any technology on which your business runs, the best course of action is to determine what threats exist, how they will impact your business, and how they will be resolved—if and when they occur.

While cloud partner contracts include availability service levels, they don’t allow an organization direct control over issues when they arise. In other words, it is important to get past the hype by defining resiliency requirements before architecting. For example, it is wise to consider the following: Are the partners reliable and can they deliver on a consistent basis?

There could be multiple third parties along the technology delivery chain and resiliency depends on all of them. By better understanding the chain, you can determine what resiliency levels are appropriate for each link in the chain. Some may require less than others, which would allow for flexibility in managing costs.

Whether it’s a cloud provider or any other service provider, vendors must meet the same rigorous standards that your organization sets for itself. That means it’s important to take a look at the vendor’s disaster recovery plans to determine if they meet your requirements. Often times, vendors will not share their disaster recovery plans, in which case organizations should establish a written agreement on minimum required service levels during a disaster. A backup supplier should also be identified and made familiar with your service needs.

Ensuring Service Resilience: No Surprises

The basic fact is that major threats to service resilience are caused not just by sensational events like hurricanes, fires, and floods, but also by unidentified operational failures that support the business. It can be as simple as a business need or expectation being poorly communicated or interpreted, and therefore, not properly supported by the infrastructure.

The best way to avoid these threats is to validate four main areas. These include:

1. Your current business requirements and infrastructure.

2. The strength of your infrastructure recovery plan.

3. Your infrastructure’s ability to support future business objectives and strategies and their impacts.

4. The process of assessing and ensuring resiliency during implementation.

Your efforts to validate these four areas will likely yield surprises that you can’t afford to overlook. Bringing in the proper outside expertise to help you collect this information from business and IT leaders can be one of the wisest business decisions you can make.

Auditors are trained to document the good, the bad and the ugly. What they uncover quantifies the costs of being ill-prepared. The case will be extremely compelling. If you think your organization is the exception to the surprise rule, think again. The good news is that whatever issues arise, they can be fixed.

Joe Wolke is the director in IT strategy practice and Michael Croy is the business continuity practice manager at Forsythe Technology (Skokie, IL).