The year resilience paid off

Issue 8 2020 Editor's Choice, Security Services & Risk Management

Business continuity has become top of mind for everyone over the recent months. Of all the things business leaders worry about back in 2019 that could impact business negatively, a pandemic must have been close to the last item on the list.

Unfortunately, prepared or not, we were hit with lockdowns, social distancing and a new set of rules, as well as more economic pressure on businesses in 2020 than we could have imagined. Many have had to close their doors and many others have been forced into retrenchments and drastically cutting back on spend.

Michael Davies.

2020 is the year when those who have been promoting business continuity and resilience finally got to experience their “I told you so” moment, although the moment was not nearly as satisfying given all that has happened. This year was the melting pot for companies as they were forced to innovate, invent and pull rabbits out of hats to survive.

Planning for these unexpected events is sometimes seen as a waste of time and money, but if one waits until disaster strikes to try to make a plan, it’s too late. To find out more about what business continuity options and services there are available to companies in South Africa and up north into Africa that want to be resilient when disaster strikes, Hi-Tech Security Solutions spoke to Michael Davies, the CEO of ContinuitySA (part of Dimension Data), a company that has been driving the business continuity and disaster recovery market for many years.

Hi-Tech Security Solutions: What should companies be looking at when considering business continuity? Which aspects of business will be impacted?

Michael Davies: Organisations should consider people, process, and technology in terms of improving business continuity and resilience for their organisations. In order to cover comprehensive business continuity management (BCM) and resilience options the things to consider are:

• Business Continuity Plans incorporating business impact analysis, risk assessments, threat assessments, considering single points of failure, recovery time and point objectives etc. It is the plan by which the organisation avoids or minimises disruption to the business.

• Data. Whether residing on local or cloud servers, data issues (as well as the connectivity required) need to be reviewed, evaluated and protected (cybersecurity) with backup abilities so it may be recovered if necessary.

• Process. Once business continuity plans have been created and reviewed, awareness and testing of plans is a very important element of ensuring that they work and are valid. The testing and awareness should cover the full spectrum of people, process and technology.

• Top management buy-in is essential for BCM programmes to be successful and collaboration within the organisation is a key ingredient for success.

Hi-Tech Security Solutions: Who offers these services and what do they entail?

Michael Davies: From an advisory perspective, the large auditing companies provide these services, as do focused business continuity companies such as ContinuitySA. When it comes to work area recovery, there are far fewer providers available as this is a niche service – ContinuitySA being the largest independent provider in Africa.

For data replication and backup there are several companies to choose from, however, we do recommend selecting a company that specialises in backup and recovery as many IT companies will promote data backup but do not have the experience or proficiency in helping clients recover should there be a data loss or cyber breach.

Hi-Tech Security Solutions: What are the various disaster recovery options available, from offsite backups to cloud and other solutions?

Michael Davies: Advances in technology have been revolutionary in terms of being able to allow people to work remotely and from home. This ability provides a great deal of flexibility to organisations’ business continuity plans (BCP) and has changed the way organisations retain backups and design disaster recovery plans.

Private and cloud computing solutions provide flexible solutions in the retention and backup of data. However, organisations are advised to check and test the recovery capabilities of their cloud solutions to ensure that their BCPs are viable. Few organisations rely on the tape backups popular some years ago, but replication to and storage of backups to offsite devices is popular. This is especially important if they are not connected to the organisation’s network as a protection against cyber breaches and ransomware that may infect any network connected device.

Triangulation replication and backup where data is stored in three different places at the same time is preferred in some industries as a robust method of ensuring data is available for recovery purposes when recovery time objectives and recovery point objectives are minimal.

Hi-Tech Security Solutions: What is your ‘big picture’ overview of the market and current trends in the industry given the unusual year we have had?

Michael Davies: The global risk outlook continues to be challenging and we recommend that organisations use their governance, risk and compliance (GRC) activities to create robust frameworks that support business resilience. We recommend that risks are not viewed in silos, but rather as part of a complex whole. If that is the case, then GRC activities can be used profitably to develop an integrated risk picture and response. GRC will help guide this process, particularly when the organisation has multiple sites in different geographic areas.

Some trends to watch in the future are:

• Cyber risk. As organisations and business generally continue to digitise, cyber risk grows. It is important that organisations pay due attention to the basics of cybersecurity, ensuring they have the right people, processes and tools in place. Organisations should recognise the increasing cyber risk associated with the growing use of cloud services and be aware that cloud providers’ data centres can also go down, and build that risk into their business continuity plans.

• Utility risk. The off and on resumption of load-shedding by Eskom, the water crisis driven by the prolonged drought and infrastructure constraints in certain areas mean that water and power outages will be key focus areas of business continuity plans.

• Financial risk. Due to the COVID-19 pandemic, the global and local economies are in distress resulting in the country’s debt rating deteriorating along with other financial risks, including exchange-rate volatility.

• Supply chain risk. The global nature of business, and exacerbated by the COVID-19 pandemic, means that companies participate in long and complex supply chains risk exposures that affect the entire chain. When doing their business impact analyses, organisations need to give thought to the contingent risks they face thanks to their participation in supply chains.

• Geopolitical and socio-economic risks. Brexit negotiations, the US presidential elections and US-China trade negotiations remain key concerns. However, each region has its own risk profile which needs to be properly understood. This is particularly true of Africa where risk profiles vary quite significantly from country to country. Locally, the perceived inability of the government to take the necessary action to restore the economy to growth and create jobs remains a key risk driver, which is being further hampered by the pandemic.

• Socio-economic risks have been concerning South African businesses for decades, and the continued decline in growth prospects and poor job prospects will continue to be.

Hi-Tech Security Solutions: How important is business continuity in creating resilient organisations?

Michael Davies: Business continuity and resilience have become important items on the board agenda for a very good reason. We are living in a volatile, uncertain, complex and ambiguous (VUCA) world with accelerating change, and putting plans in place to avoid or overcome disasters is critical to any organisation’s sustainability.

One of the ways in which the BCM life cycle contributes to resilience is through regular testing and then feeding the results of that testing back into the BCM process. This creates a much stronger and more flexible framework to build resilience as regular testing can consider the changing environment.

Resilience is not a traditional investment, but it is a genuine one, a more resilient organisation is more likely to be successful over the long term despite today’s risk landscape. In those terms, the implied return is actually the value of the company and its future earnings.

For more information contact ContinuitySA, +27 11 554 8216,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Retail solutions beyond security
Issue 8 2020, Axis Communications SA, Technews Publishing, Hikvision South Africa , Editor's Choice, CCTV, Surveillance & Remote Monitoring
The need for security technology to deliver more than videos of people falling or stealing from retail stores is greater than ever.

The future of face recognition
Access & Identity Management Handbook 2021, Suprema, Hikvision South Africa, Technews Publishing , Editor's Choice
Is the current move to using face recognition in access control a result of the pandemic or will we see continued growth in the coming years?

Face recognition: the good, the bad and the not-so-pretty
Access & Identity Management Handbook 2021, Fulcrum Biometrics , Editor's Choice
Dave Crawshay-Hall, chief technology officer of Fulcrum Biometrics Southern Africa, offers some insights into the facial recognition and temperature measuring devices in use today.

Advances in UV technology for biometric disinfection
Access & Identity Management Handbook 2021, Ideco Biometrics, Technews Publishing , Editor's Choice
Ideco Biometrics has a new solution for disinfecting biometric sensors by using ultraviolet technologies to destroy most known viruses and bacteria.

No hackers!
Access & Identity Management Handbook 2021 , Editor's Choice
Observing the world where everything is connected, Scott Lindley, general manager of Farpointe Data offers a few cybersecurity tips for securing access control systems.

Wireless access at The Leonardo
Access & Identity Management Handbook 2021, Salto Systems Africa , Editor's Choice
The luxurious Leonardo in the heart of Sandton City has chosen Salto technology to provide for wireless access control as well as upmarket aesthetics.

The slow-motion AI explosion
Issue 9 2020 , Editor's Choice
What the slow and incremental shift into the artificial intelligence gear has meant for business and industry.

Looking ahead
Access & Identity Management Handbook 2021, Technews Publishing , Editor's Choice
Hi-Tech Security Solutions takes a brief look at some of the trends we can expect in the physical access and identity management market going forward.

The best DJ in biometrics
Access & Identity Management Handbook 2021, Technews Publishing, iPulse Systems , Editor's Choice
From a DJ to South Africa’s security industry disruptor, Gary Chalmers is leading the market into the ‘as-a-service’ business model.

Contactless identification
Access & Identity Management Handbook 2021, Technews Publishing, Suprema , Editor's Choice
Stephen G. Sardi examines two contactless identity confirmation technologies, along with some tips on choosing the right one for your needs.