Understanding business continuity

February 2014 Security Services & Risk Management

The endemic lack of understanding of what constitutes proper business continuity and disaster recovery is putting entire industries in South Africa at risk, says James Beaumont, CEO at iSquared.

“Many companies confuse equipment – such as tape backup devices – with business continuity (BC), without understanding the real business requirements of BC. And when disaster strikes, they are woefully unprepared; often with crippling consequences.”

A recent survey of 250 local IT professionals commissioned by EMC highlighted a lack of understanding of business continuity. 74% of those surveyed are not very confident they can fully recover from a disaster, with 52% saying they had suffered from lost data or system downtime in the past year, and 38% reporting a loss of revenue as a consequence. Worryingly, 39% reported an increase in spending on backup and recovery following a recent disruption, bringing the confusion over the respective roles of backup, archiving and business continuity into stark relief.

Beaumont puts it into context: “Backup is when a user works on a file, spills his coffee on the console and the file becomes corrupted. He needs to go back to an earlier version of the file – a backup.

“Archiving is chiefly a compliance issue. SARS, the Financial Services Board, FAIS, and legislation such as POPI, all require some form of regulatory compliance relating to specific aspects of data storage. For example, companies in the health and safety industries need to store data for an infinite period of time. This data needs to live somewhere; hence, archiving.”

Business continuity, however, is more complex and far more business-critical. “If I’m a factory owner running a manufacturing resource planning and enterprise resource planning system and the system fails, my factory stops functioning. You need business and IT systems custom-built, designed and tested to fully restore your operations; this is business continuity.”

According to Beaumont, companies need to start by determining two things: how much data they can afford to lose in case of a disaster – the recovery point objective (RPO) – and how long they can take before they’re up and running again – the recovery time objective (RTO).

“Some companies will lose R10m per day if they’re down; others might lose tens of millions per hour. In these cases, the RPO and RTO will be very low. For a financial services client running a trading platform, the cost of not being able to effect a trade due to interruption of services could amount to billions of rands. In this case, the RPO is 0.”

New technology does allow companies to meet these low RPOs with less complexity and lower cost than before. Faster and lower cost bandwidth, accessibility of fibre in the last mile, and the advent of virtualisation technology and cloud-based services all form part of modern, world-class business continuity solutions. However, many companies are still stuck using antiquated technology.

The same EMC report showed that 44% of respondents still use backup tape to recover from a disaster, but that 82% would like to move away from tape altogether. Beaumont says that the audit firms are perpetuating this lack of understanding of proper business continuity by making physical tape backups a key requirement for an unqualified audit.

“On the one hand it forces companies to use unsuitable solutions for their disaster recovery needs. More alarmingly, however, is that many IT professionals are lulled into a false sense of security that tape backups will fulfil their business continuity needs. We need a radical shift in how business continuity is seen in a broader business context if we want to build truly effective and robust solutions that will meet the stringent demands of today’s business environment.”

For more information contact iSquared, +27 (0)21 671 5778, james@isquared.co.za

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Digital evidence handling in the cloud
Issue 5 2020, ET Nice , Security Services & Risk Management
Investigate Xpress is a free, cloud-based digital evidence management solution designed to make police forces more efficient and productive.

The evolution of security in residential estates
Residential Estate Security Handbook 2020 , Editor's Choice, Integrated Solutions, Security Services & Risk Management
Two large estates discuss their security processes and the ever-expanding scope of responsibilities they need to fulfil.

Bang for your security buck(s)
Residential Estate Security Handbook 2020, Alwinco , Editor's Choice, Security Services & Risk Management
Hi-Tech Security Solutions asks how estates can maintain a good security posture in the time of the ever-shrinking budget.

More efficient guarding through the effective use of technology
Residential Estate Security Handbook 2020, Technews Publishing, OnGuard, Stallion Security, Active Track , Security Services & Risk Management
Technology in its many forms can be used to optimise the efficiency and performance of on-site guarding.

Range of grid-independent power systems
Residential Estate Security Handbook 2020, Specialised Battery Systems , Products, Security Services & Risk Management
SBS Solar has a range of solutions to provide power, save on costs and above all provide peace of mind.

More than just compliance
Issue 5 2020, IACT-Africa , Security Services & Risk Management
SA is one year away from the Protection of Personal Information Act (POPIA) D-Day.

The benefit of thermal screening
Issue 5 2020, Technews Publishing, Sensor Security Systems , Security Services & Risk Management
How preventive screening with thermal cameras can help in the fight against COVID-19.

Resilience is critical for post-COVID business success
Issue 5 2020, ContinuitySA , Security Services & Risk Management
Of the many lessons we have to learn from the current emergency, perhaps the most crucial one is to ensure that business strategy and operations are founded on resilience.

Post-Coronavirus communications: kick start your small business
Issue 4 2020 , Security Services & Risk Management
In these uncertain times, how should small companies and startups in the business-to-business domain recommence their selling and communication processes?

The dashboard of the future
Issue 4 2020 , Security Services & Risk Management
Web-based Electronic Signature Dashboard offers quick access to eSignatures within the necessary legal parameters and incorporating advanced security.