Understanding business continuity

February 2014 Security Services & Risk Management

The endemic lack of understanding of what constitutes proper business continuity and disaster recovery is putting entire industries in South Africa at risk, says James Beaumont, CEO at iSquared.

“Many companies confuse equipment – such as tape backup devices – with business continuity (BC), without understanding the real business requirements of BC. And when disaster strikes, they are woefully unprepared; often with crippling consequences.”

A recent survey of 250 local IT professionals commissioned by EMC highlighted a lack of understanding of business continuity. 74% of those surveyed are not very confident they can fully recover from a disaster, with 52% saying they had suffered from lost data or system downtime in the past year, and 38% reporting a loss of revenue as a consequence. Worryingly, 39% reported an increase in spending on backup and recovery following a recent disruption, bringing the confusion over the respective roles of backup, archiving and business continuity into stark relief.

Beaumont puts it into context: “Backup is when a user works on a file, spills his coffee on the console and the file becomes corrupted. He needs to go back to an earlier version of the file – a backup.

“Archiving is chiefly a compliance issue. SARS, the Financial Services Board, FAIS, and legislation such as POPI, all require some form of regulatory compliance relating to specific aspects of data storage. For example, companies in the health and safety industries need to store data for an infinite period of time. This data needs to live somewhere; hence, archiving.”

Business continuity, however, is more complex and far more business-critical. “If I’m a factory owner running a manufacturing resource planning and enterprise resource planning system and the system fails, my factory stops functioning. You need business and IT systems custom-built, designed and tested to fully restore your operations; this is business continuity.”

According to Beaumont, companies need to start by determining two things: how much data they can afford to lose in case of a disaster – the recovery point objective (RPO) – and how long they can take before they’re up and running again – the recovery time objective (RTO).

“Some companies will lose R10m per day if they’re down; others might lose tens of millions per hour. In these cases, the RPO and RTO will be very low. For a financial services client running a trading platform, the cost of not being able to effect a trade due to interruption of services could amount to billions of rands. In this case, the RPO is 0.”

New technology does allow companies to meet these low RPOs with less complexity and lower cost than before. Faster and lower cost bandwidth, accessibility of fibre in the last mile, and the advent of virtualisation technology and cloud-based services all form part of modern, world-class business continuity solutions. However, many companies are still stuck using antiquated technology.

The same EMC report showed that 44% of respondents still use backup tape to recover from a disaster, but that 82% would like to move away from tape altogether. Beaumont says that the audit firms are perpetuating this lack of understanding of proper business continuity by making physical tape backups a key requirement for an unqualified audit.

“On the one hand it forces companies to use unsuitable solutions for their disaster recovery needs. More alarmingly, however, is that many IT professionals are lulled into a false sense of security that tape backups will fulfil their business continuity needs. We need a radical shift in how business continuity is seen in a broader business context if we want to build truly effective and robust solutions that will meet the stringent demands of today’s business environment.”

For more information contact iSquared, +27 (0)21 671 5778, [email protected]





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Risk management and compliance enforcement
Security Services & Risk Management
Having a risk management and compliance programme (RMCP) is not just a procedural formality; it is a legal requirement under Section 42 of the Financial Intelligence Centre Act (FICA).

Read more...
The dangers of poor-quality solar cables
Security Services & Risk Management Smart Home Automation
Reports indicate that one in six fires attended by South African firefighters is linked to substandard solar installations, often due to faulty wiring or incompatible components.

Read more...
Growing risks for employers
Security Services & Risk Management
With South Africa’s unemployment rate exceeding 32% and expected to rise beyond 33% this year, desperation is fuelling deception in the job market. Trust is no longer a given, it is a gamble.

Read more...
Chubbsafes celebrates 190 years
Gunnebo Safe Storage Africa News & Events Security Services & Risk Management
Chubbsafes marks its 190th anniversary in 2025 and as a highlight of the anniversary celebrations it is launching the Chubbsafes 1835, a limited edition 190th-anniversary collector’s safe.

Read more...
New law enforcement request portal
News & Events Security Services & Risk Management
inDrive launches law enforcement request portal in South Africa to support safety investigations. New portal allows authorised South African law enforcement officials to securely request user data related to safety incidents.

Read more...
Continuous AML risk monitoring
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
AU10TIX, launched continuous risk monitoring as part of its advanced anti-money laundering (AML) solution, empowering businesses to detect behavioural anomalies and emerging threats as they arise.

Read more...
Growing risks for employers
Security Services & Risk Management
With South Africa’s unemployment rate exceeding 32% and expected to rise beyond 33% this year, desperation is fuelling deception in the job market. Trust is no longer a given, it’s a gamble.

Read more...
Managing mining physical security risks
Zulu Consulting Security Services & Risk Management Mining (Industry) Facilities & Building Management
[Sponsored] Risk-IO, a web app from Zulu Consulting, is designed to assist risk managers in automating and streamlining enterprise risk management processes, ensuring no steps are skipped and everything is securely documented.

Read more...
SAFPS issues SAPS impersonation scam warning
News & Events Security Services & Risk Management
The Southern African Fraud Prevention Service (SAFPS) is warning the public against a scam in which scammers pose as members of the South African Police Service (SAPS) and trick and intimidate individuals into handing over personal and financial information.

Read more...
Rewriting the rules of reputation
Technews Publishing Editor's Choice Security Services & Risk Management
Public Relations is more crucial than ever in the generative AI and LLMs age. AI-driven search engines no longer just scan social media or reviews, they prioritise authoritative, editorial content.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.