Business continuity has become top of mind for everyone over the recent months. Of all the things business leaders worry about back in 2019 that could impact business negatively, a pandemic must have been close to the last item on the list.
Unfortunately, prepared or not, we were hit with lockdowns, social distancing and a new set of rules, as well as more economic pressure on businesses in 2020 than we could have imagined. Many have had to close their doors and many others have been forced into retrenchments and drastically cutting back on spend.
2020 is the year when those who have been promoting business continuity and resilience finally got to experience their “I told you so” moment, although the moment was not nearly as satisfying given all that has happened. This year was the melting pot for companies as they were forced to innovate, invent and pull rabbits out of hats to survive.
Planning for these unexpected events is sometimes seen as a waste of time and money, but if one waits until disaster strikes to try to make a plan, it’s too late. To find out more about what business continuity options and services there are available to companies in South Africa and up north into Africa that want to be resilient when disaster strikes, Hi-Tech Security Solutions spoke to Michael Davies, the CEO of ContinuitySA (part of Dimension Data), a company that has been driving the business continuity and disaster recovery market for many years.
Hi-Tech Security Solutions: What should companies be looking at when considering business continuity? Which aspects of business will be impacted?
Michael Davies: Organisations should consider people, process, and technology in terms of improving business continuity and resilience for their organisations. In order to cover comprehensive business continuity management (BCM) and resilience options the things to consider are:
• Business Continuity Plans incorporating business impact analysis, risk assessments, threat assessments, considering single points of failure, recovery time and point objectives etc. It is the plan by which the organisation avoids or minimises disruption to the business.
• Data. Whether residing on local or cloud servers, data issues (as well as the connectivity required) need to be reviewed, evaluated and protected (cybersecurity) with backup abilities so it may be recovered if necessary.
• Process. Once business continuity plans have been created and reviewed, awareness and testing of plans is a very important element of ensuring that they work and are valid. The testing and awareness should cover the full spectrum of people, process and technology.
• Top management buy-in is essential for BCM programmes to be successful and collaboration within the organisation is a key ingredient for success.
Hi-Tech Security Solutions: Who offers these services and what do they entail?
Michael Davies: From an advisory perspective, the large auditing companies provide these services, as do focused business continuity companies such as ContinuitySA. When it comes to work area recovery, there are far fewer providers available as this is a niche service – ContinuitySA being the largest independent provider in Africa.
For data replication and backup there are several companies to choose from, however, we do recommend selecting a company that specialises in backup and recovery as many IT companies will promote data backup but do not have the experience or proficiency in helping clients recover should there be a data loss or cyber breach.
Hi-Tech Security Solutions: What are the various disaster recovery options available, from offsite backups to cloud and other solutions?
Michael Davies: Advances in technology have been revolutionary in terms of being able to allow people to work remotely and from home. This ability provides a great deal of flexibility to organisations’ business continuity plans (BCP) and has changed the way organisations retain backups and design disaster recovery plans.
Private and cloud computing solutions provide flexible solutions in the retention and backup of data. However, organisations are advised to check and test the recovery capabilities of their cloud solutions to ensure that their BCPs are viable. Few organisations rely on the tape backups popular some years ago, but replication to and storage of backups to offsite devices is popular. This is especially important if they are not connected to the organisation’s network as a protection against cyber breaches and ransomware that may infect any network connected device.
Triangulation replication and backup where data is stored in three different places at the same time is preferred in some industries as a robust method of ensuring data is available for recovery purposes when recovery time objectives and recovery point objectives are minimal.
Hi-Tech Security Solutions: What is your ‘big picture’ overview of the market and current trends in the industry given the unusual year we have had?
Michael Davies: The global risk outlook continues to be challenging and we recommend that organisations use their governance, risk and compliance (GRC) activities to create robust frameworks that support business resilience. We recommend that risks are not viewed in silos, but rather as part of a complex whole. If that is the case, then GRC activities can be used profitably to develop an integrated risk picture and response. GRC will help guide this process, particularly when the organisation has multiple sites in different geographic areas.
Some trends to watch in the future are:
• Cyber risk. As organisations and business generally continue to digitise, cyber risk grows. It is important that organisations pay due attention to the basics of cybersecurity, ensuring they have the right people, processes and tools in place. Organisations should recognise the increasing cyber risk associated with the growing use of cloud services and be aware that cloud providers’ data centres can also go down, and build that risk into their business continuity plans.
• Utility risk. The off and on resumption of load-shedding by Eskom, the water crisis driven by the prolonged drought and infrastructure constraints in certain areas mean that water and power outages will be key focus areas of business continuity plans.
• Financial risk. Due to the COVID-19 pandemic, the global and local economies are in distress resulting in the country’s debt rating deteriorating along with other financial risks, including exchange-rate volatility.
• Supply chain risk. The global nature of business, and exacerbated by the COVID-19 pandemic, means that companies participate in long and complex supply chains risk exposures that affect the entire chain. When doing their business impact analyses, organisations need to give thought to the contingent risks they face thanks to their participation in supply chains.
• Geopolitical and socio-economic risks. Brexit negotiations, the US presidential elections and US-China trade negotiations remain key concerns. However, each region has its own risk profile which needs to be properly understood. This is particularly true of Africa where risk profiles vary quite significantly from country to country. Locally, the perceived inability of the government to take the necessary action to restore the economy to growth and create jobs remains a key risk driver, which is being further hampered by the pandemic.
• Socio-economic risks have been concerning South African businesses for decades, and the continued decline in growth prospects and poor job prospects will continue to be.
Hi-Tech Security Solutions: How important is business continuity in creating resilient organisations?
Michael Davies: Business continuity and resilience have become important items on the board agenda for a very good reason. We are living in a volatile, uncertain, complex and ambiguous (VUCA) world with accelerating change, and putting plans in place to avoid or overcome disasters is critical to any organisation’s sustainability.
One of the ways in which the BCM life cycle contributes to resilience is through regular testing and then feeding the results of that testing back into the BCM process. This creates a much stronger and more flexible framework to build resilience as regular testing can consider the changing environment.
Resilience is not a traditional investment, but it is a genuine one, a more resilient organisation is more likely to be successful over the long term despite today’s risk landscape. In those terms, the implied return is actually the value of the company and its future earnings.
© Technews Publishing (Pty) Ltd | All Rights Reserved