Understanding Disaster Recovery Responsibilities When Using the Cloud

Disaster Recovery Responsibilities When Using the CloudIn the wake of recent Cloud Service Provider (CSP) outages, what is your organization responsible for when it comes to complex IT architecture?

Many organizations today rely on complex IT infrastructure to support their operations, leveraging solutions ranging from internal hosting to cloud hosting to dependence on third-party systems. IT service delivery is getting more intricate, in large part due to the need to leverage different IT tools and services from a variety of providers. Cloud-based solutions, such as Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS), promise simplicity for the end user.  However, IT service delivery and management usually becomes much more difficult due to the complexities around architecture and integrations. Therefore, IT disaster recovery planning becomes more difficult, as it must account for these complexities and coordinate with various third parties to ensure adequate coverage. Bottom-line – simply defining who is responsible for what when it comes to disaster recovery planning can be difficult. Continue reading

Understanding the Business Continuity and IT Disaster Recovery Gap

BC and ITDR GapMany business continuity professionals can attest to the tension that often occurs between the business and IT when it comes to recovery capabilities. For example, Company X recently implemented a business continuity program, including determining recovery time objectives (RTOs) for key business processes. Like all well-established business continuity programs, the business impact analysis (BIA) considered the loss of technology and helped the company develop recommended recovery time (and recovery point) objectives for technology resources. The business documented and presented these RTOs to management following the initial BIA, but never followed up with IT to ensure that the capabilities could be met.

Meanwhile, IT leveraged its own application/system list and related recovery information to prioritize applications for recovery and drive the implementation of a disaster recovery solution that was cost-effective and aligned with IT’s conclusions of business requirements for recovery (created from data outside the BIA). Both the business and IT feel confident in their work; yet, neither have communicated with the other. Given that the groups have not undergone a joint exercise (or actual disruption), neither group is aware of the underlying gap: Recovery priorities and strategies are misaligned between the business and IT.

This perspective analyzes the symptoms and root causes of the business continuity and IT disaster recovery gap and proposes solutions to close it.  Continue reading

Breaking Down Silos – Using Common Criteria to Assess and Prioritize Risks

Breaking Down SilosAn isolated approach to business continuity (and risk management in general) is holding many organizations back.

Business Continuity is one of many disciplines that helps organizations to become more resilient – that is, to increase an organization’s capacity to adapt to evolving circumstances and survive (or even thrive) during periods of disruption or change.  Other related disciplines – such as Information Security, IT Disaster Recovery, Emergency Management, Enterprise Risk Management, and Physical Security –ultimately have the same strategic purpose.  The goals and objectives of the individual disciplines may be more focused, but if we, as practitioners of these disciplines, force ourselves to look outside the artificial walls we sometimes build around our responsibilities, we should find that we are striving for something bigger than we can deliver on our own. Continue reading

Does Practice Make Perfect?

Practice Makes PerfectEveryone has heard the popular saying “Practice Makes Perfect”. But, is this true?

I am of the belief this statement is close to the truth.

“Perfect Practice Makes Perfect” Many have heard these words from Vince Lombardi, but I always heard them, multiple times mind you, from my father.  As a typical teenager, I didn’t really comprehend the message, or realize that it applies to more than just sports.  The message my father and Vince were trying to convey is simple, “What you put in, you will get out.” Continue reading

“…Or High Water”: A Business Continuity Case Study

Water PipeThe Importance of Business Continuity and Leveraging Resource Loss Based Planning

SITUATION
On Sunday, January 8, 2017, the temperature in Cleveland, OH dropped significantly, which caused a water pipe to burst in the hallway of our building, right outside the entry to our Cleveland office.

No one was in the building at the time, and the water poured out for about 45 minutes before it was shut off. The water pooled primarily in our office space resulting in damage to floors, walls, and some equipment. When all was said and done, the total amount of water removed from our office space alone, was approximately 15,000 gallons. The rest of the water literally went down the elevator and main stairway – flooding three of the floors below. Continue reading

My Business Continuity Predictions for 2017 and Beyond

Business Continuity in 2017 and BeyondWith 2017 well underway, I wanted to take the time to reflect on 2016 and also look ahead to predict the way in which our business continuity profession will continue to mature in 2017 and beyond.

In many ways, this “top five” list is aspirational – that being my hopes for our profession as we solve some entrenched challenges and work to add more value to the organizations we serve. Continue reading

Ownership – Where Do Our Responsibilities Begin and End as Business Continuity Professionals?

Ownership – Where Do Our Responsibilities Begin and End as Business Continuity ProfessionalsAs published in the Summer 2016 Issue of the Disaster Recovery Journal – Volume 29, Number 3.

One of the latest threats to organizations is something termed “ransomware”.  Commonly defined as a type of malware that blocks access to an application and its data until the victim pays a predetermined amount of money.  You may have read about two recent attacks, one targeting the Hollywood Presbyterian Medical Center and the other targeting MedStar.  If you haven’t heard about these two attacks, perhaps you can pause for a minute and do a quick Google search to learn more.  And, after you do, I have a question for you to consider:

If your organization hasn’t already prepared for this type of threat (ransomware or malware in general), who owns planning for it or preparing contingencies addressing the affected resources?

This article discusses some of the threats and risks that are currently top-of-mind for executive managers and why resilience-related thinking is so important, as well as the different roles that the business continuity professional can perform to add value. Continue reading

An Introduction to IT Disaster Recovery Planning

Risks to critical business operations due to systems outages have been, and will always be, a concern for most organizations. As a result, IT disaster recovery planning is critical to help reduce the likelihood of a system disruption, or reduce downtime if (when) a disruption does occur. So, if you’re looking for an introduction to IT disaster recovery planning, you’re in the right place!

This perspective presents how IT disaster recovery planning fits into the overall organizational Business Continuity Program; discusses common goals in developing Business Continuity and Disaster Recovery plans; and explores unique activities that must be considered when developing an IT Disaster Recovery Plan. Continue reading

More Than Just Recovery Time Objectives

Catalyst-Business-Continuity-Software-Dependency-MappingUsing the Business Impact Analysis to Understand Relationships Between Resources and the Business

BACKGROUND
The business impact analysis (BIA) establishes the foundation of an organization’s business continuity program by establishing business continuity requirements. As a result, a significant part of Avalution’s work involves helping organizations design and execute the BIA process. Furthermore, a well-executed BIA can deliver so much more than just a list of recovery time objectives (RTOs) and recovery point objectives (RPOs)! Continue reading

Continuity Insights Management Conference 2016

CIMC 2016

The 2016 Continuity Insights Management Conference is taking place April 18-20, 2016 at Gaylord Opryland Resort & Convention Center in Nashville, TN. We’re looking forward to another wonderful show!

We have a lot planned during CIMC 2016, and we hope you’ll join us:

Please take a look below for more details on each. We look forward to seeing you soon!

Continue reading