The year resilience paid off

Issue 8 2020 Editor's Choice, Security Services & Risk Management

Business continuity has become top of mind for everyone over the recent months. Of all the things business leaders worry about back in 2019 that could impact business negatively, a pandemic must have been close to the last item on the list.

Unfortunately, prepared or not, we were hit with lockdowns, social distancing and a new set of rules, as well as more economic pressure on businesses in 2020 than we could have imagined. Many have had to close their doors and many others have been forced into retrenchments and drastically cutting back on spend.

Michael Davies.

2020 is the year when those who have been promoting business continuity and resilience finally got to experience their “I told you so” moment, although the moment was not nearly as satisfying given all that has happened. This year was the melting pot for companies as they were forced to innovate, invent and pull rabbits out of hats to survive.

Planning for these unexpected events is sometimes seen as a waste of time and money, but if one waits until disaster strikes to try to make a plan, it’s too late. To find out more about what business continuity options and services there are available to companies in South Africa and up north into Africa that want to be resilient when disaster strikes, Hi-Tech Security Solutions spoke to Michael Davies, the CEO of ContinuitySA (part of Dimension Data), a company that has been driving the business continuity and disaster recovery market for many years.

Hi-Tech Security Solutions: What should companies be looking at when considering business continuity? Which aspects of business will be impacted?

Michael Davies: Organisations should consider people, process, and technology in terms of improving business continuity and resilience for their organisations. In order to cover comprehensive business continuity management (BCM) and resilience options the things to consider are:

• Business Continuity Plans incorporating business impact analysis, risk assessments, threat assessments, considering single points of failure, recovery time and point objectives etc. It is the plan by which the organisation avoids or minimises disruption to the business.

• Data. Whether residing on local or cloud servers, data issues (as well as the connectivity required) need to be reviewed, evaluated and protected (cybersecurity) with backup abilities so it may be recovered if necessary.

• Process. Once business continuity plans have been created and reviewed, awareness and testing of plans is a very important element of ensuring that they work and are valid. The testing and awareness should cover the full spectrum of people, process and technology.

• Top management buy-in is essential for BCM programmes to be successful and collaboration within the organisation is a key ingredient for success.

Hi-Tech Security Solutions: Who offers these services and what do they entail?

Michael Davies: From an advisory perspective, the large auditing companies provide these services, as do focused business continuity companies such as ContinuitySA. When it comes to work area recovery, there are far fewer providers available as this is a niche service – ContinuitySA being the largest independent provider in Africa.

For data replication and backup there are several companies to choose from, however, we do recommend selecting a company that specialises in backup and recovery as many IT companies will promote data backup but do not have the experience or proficiency in helping clients recover should there be a data loss or cyber breach.

Hi-Tech Security Solutions: What are the various disaster recovery options available, from offsite backups to cloud and other solutions?

Michael Davies: Advances in technology have been revolutionary in terms of being able to allow people to work remotely and from home. This ability provides a great deal of flexibility to organisations’ business continuity plans (BCP) and has changed the way organisations retain backups and design disaster recovery plans.

Private and cloud computing solutions provide flexible solutions in the retention and backup of data. However, organisations are advised to check and test the recovery capabilities of their cloud solutions to ensure that their BCPs are viable. Few organisations rely on the tape backups popular some years ago, but replication to and storage of backups to offsite devices is popular. This is especially important if they are not connected to the organisation’s network as a protection against cyber breaches and ransomware that may infect any network connected device.

Triangulation replication and backup where data is stored in three different places at the same time is preferred in some industries as a robust method of ensuring data is available for recovery purposes when recovery time objectives and recovery point objectives are minimal.

Hi-Tech Security Solutions: What is your ‘big picture’ overview of the market and current trends in the industry given the unusual year we have had?

Michael Davies: The global risk outlook continues to be challenging and we recommend that organisations use their governance, risk and compliance (GRC) activities to create robust frameworks that support business resilience. We recommend that risks are not viewed in silos, but rather as part of a complex whole. If that is the case, then GRC activities can be used profitably to develop an integrated risk picture and response. GRC will help guide this process, particularly when the organisation has multiple sites in different geographic areas.

Some trends to watch in the future are:

• Cyber risk. As organisations and business generally continue to digitise, cyber risk grows. It is important that organisations pay due attention to the basics of cybersecurity, ensuring they have the right people, processes and tools in place. Organisations should recognise the increasing cyber risk associated with the growing use of cloud services and be aware that cloud providers’ data centres can also go down, and build that risk into their business continuity plans.

• Utility risk. The off and on resumption of load-shedding by Eskom, the water crisis driven by the prolonged drought and infrastructure constraints in certain areas mean that water and power outages will be key focus areas of business continuity plans.

• Financial risk. Due to the COVID-19 pandemic, the global and local economies are in distress resulting in the country’s debt rating deteriorating along with other financial risks, including exchange-rate volatility.

• Supply chain risk. The global nature of business, and exacerbated by the COVID-19 pandemic, means that companies participate in long and complex supply chains risk exposures that affect the entire chain. When doing their business impact analyses, organisations need to give thought to the contingent risks they face thanks to their participation in supply chains.

• Geopolitical and socio-economic risks. Brexit negotiations, the US presidential elections and US-China trade negotiations remain key concerns. However, each region has its own risk profile which needs to be properly understood. This is particularly true of Africa where risk profiles vary quite significantly from country to country. Locally, the perceived inability of the government to take the necessary action to restore the economy to growth and create jobs remains a key risk driver, which is being further hampered by the pandemic.

• Socio-economic risks have been concerning South African businesses for decades, and the continued decline in growth prospects and poor job prospects will continue to be.

Hi-Tech Security Solutions: How important is business continuity in creating resilient organisations?

Michael Davies: Business continuity and resilience have become important items on the board agenda for a very good reason. We are living in a volatile, uncertain, complex and ambiguous (VUCA) world with accelerating change, and putting plans in place to avoid or overcome disasters is critical to any organisation’s sustainability.

One of the ways in which the BCM life cycle contributes to resilience is through regular testing and then feeding the results of that testing back into the BCM process. This creates a much stronger and more flexible framework to build resilience as regular testing can consider the changing environment.

Resilience is not a traditional investment, but it is a genuine one, a more resilient organisation is more likely to be successful over the long term despite today’s risk landscape. In those terms, the implied return is actually the value of the company and its future earnings.

For more information contact ContinuitySA, +27 11 554 8216,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

FortiGuard labs reports disruptive shift of cyber threats
Issue 1 2021 , Editor's Choice
Threat intelligence from the second half of 2020 demonstrates an unprecedented cyber-threat landscape where cyber adversaries maximised the constantly expanding attack surface to scale threat efforts around the world. Adversaries proved to be highly adaptable, creating waves of disruptive and sophisticated attacks.

Retail solutions beyond security
Issue 8 2020, Axis Communications SA, Technews Publishing, Hikvision South Africa , Editor's Choice, CCTV, Surveillance & Remote Monitoring
The need for security technology to deliver more than videos of people falling or stealing from retail stores is greater than ever.

Decentralised operations is where it’s at
CCTV Handbook 2021, G4S Secure Solutions SA, Technews Publishing , Editor's Choice
Control rooms are evolving into operations centres that serve a variety of applications, such as risk management, surveillance, process management, network monitoring, personnel management and asset management.

Advanced enterprise storage architecture
CCTV Handbook 2021 , Editor's Choice
Storage start-up 22dot6 launched an advanced enterprise storage architecture design for the commercial market, the industry’s first software-defined TASS (Transcendent Abstracted Storage System) architecture.

Recover your margins with services
CCTV Handbook 2021, Technews Publishing , Editor's Choice
The security industry has reached yet another inflection point with the rise of the cloud, specifically with its utility in security services which have become an operational expenditure reality.

The reality of the cloud
CCTV Handbook 2021, Technews Publishing , Editor's Choice
One unmistakable take-away from this year’s CCTV Handbook is that no matter whether it’s a hybrid or an ‘all-in’ model, the cloud is the new frontier for surveillance operations.

Keeping Century City safe since 2016
CCTV Handbook 2021 , Editor's Choice
ATG Digital and Century City are celebrating five years of access and security control innovation. The relationship started with visitor registration digitisation and evolved into a collaborative partnership that birthed several custom-built solutions.

SABS updates national standard on fire detection and alarm systems
Issue 3 2021 , Editor's Choice
SABS has recently published a revised version of its SANS 10139 code of practice, which brings South Africa in line with fire safety standards similar to those in the United Kingdom and Europe.

Finalists for the inaugural South Africa OSPAs have been announced
Issue 3 2021 , Editor's Choice
The independent panel of judges nominated by supporting associations have selected the 2021 finalists for the Outstanding Security Performance Awards (OSPAs).

The drone era in residential security has arrived
Issue 3 2021, Fidelity Services Group , Editor's Choice
Fidelity Services Group is taking the lead among security providers and introducing drones, under the banner of Fidelity Drones, in specified residential estates in the greater Fourways area in Johannesburg.