Content

Combating Enterprise Vulnerability

The technological revolution has occurred gradually and relatively quietly, meaning many top managers don’t realize how dependent their organizations have become on electronic information.

As it is information that provides competitive advantage for businesses today, it is essential that the organization identifies any vulnerabilities in terms of where applications, data and business continuity (BC) plans could fail. Those that ignore these changes put themselves at grave economic risk.

In the past, companies knew exactly where their information slept, as mission-critical data was usually held on a single mainframe. However, information now resides in increasingly disparate repositories - from hard drives to PDAs, and from laptops to customer service centers. Also, as the pace and sophistication of modern enterprises increases, so they demand continuous access to information in real time. Indeed modern business has been designed around that expectation.

A further development has been the increasing amount of information in an organization that is cross-linked as management information systems become more tightly integrated. This allows information to be entered in one place but accessed throughout the organization and across multiple sites. However, this interdependence means that even the smallest departmental system glitch could affect all staff across the company. Potentially, one failure could bring down an entire system and cause severe lost revenues during downtime. For example, Datamonitor predicts that in the credit card sector the cost of an hour's downtime could be as much as £5.2 ($8.37) million, and for the retail industry more than £72,000 ($115,945) an hour could be lost - no insignificant amount of money.

The more points of exposure, the greater the vulnerability of the organization in terms of system failure. To illustrate this multiplying effect of technology and the vulnerability that it creates in an organization, SunGard uses a shorthand method called the '20/20 rule': "If we have 20 more servers used by 20 more people, we've created 400 new points of exposure in our systems."

Emergence of information availability

This means that the business must now look beyond merely protecting and recovering this information, to keeping everybody in the organization connected with it at all times, even when disaster strikes. This need for continuous connection is called information availability and is emerging as the next key business challenge as the connection between a company's information and the people that need to use it must now remain seamless and transparent.

The information availability continuum below (the horizontal axis represents time to recovery, while the vertical axis displays the risks of such downtime) shows that a decade ago, most business functions clustered toward the left of the continuum - mainly because businesses only had one or two really critical applications, which were resident on the mainframe. Today, these are all are moving dramatically toward the right as organizations have many more critical applications that are required by a growing number of people in an ever-decreasing amount of time.

The information availability continuum

To the far left you have applications that cannot afford any downtime, such as CRM and e-commerce, as they are critical to the organization's ability to keep business running as normal. The competitive pressure to be able to deliver a constant service to customers, no matter what is happening behind the scenes, is greater than ever and means such systems cannot afford any downtime. As companies adopt more of these applications, disaster recovery will become measured not in days but in minutes or seconds. This means it must now be transparent (information availability) and not apparent (disaster recovery) to both users within the organization and its customers.

The significant changes in business practice, as we move increasingly towards globalization and 24/7 service, means business continuity provision cannot stand still. It will now have to go beyond merely recovering information, to the protection of processes to ensure information is available at all times to the people who need it. Neither can the business afford to react to situations any longer, as it must now be proactive in identifying threats before they become a disaster. The goal must now move from getting the business back up and running, to keeping it running at all times - no matter what happens.

As companies have an increased dependence on electronic information it is information availability that will reduce vulnerability in terms of minimizing the effects of any system downtime. This will ensure the organization retains its competitive advantage by keeping its people continually connected to the data they need to keep one step ahead in 21st-century business.

Jim Simmons is CEO, SunGard Availability Services (www.sungard.com).

 

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.