printer friendly version

30 years of business continuity

Hi-Tech Security Solutions spoke to ContinuitySA’s CEO Michael Davies in light of the company’s 30th anniversary celebrations.

Michael Davies

ContinuitySA has been through a few permutations over the years, from being part of the MGX group, to a management buyout in 2003 and finally being acquired by Dimension Data in 2014. Throughout all the changes, however, the company remained focused on providing the skills, technology and space to ensure customers would be able to keep their businesses running, no matter what type of emergency may happen.

In the early days of ContinuitySA, Davies says the company was primarily focused on IT DR (disaster recovery) as that was the main problem companies faced 30 years ago. Since then, customers’ requirements have changed along with compliance regulations and the expectations society places on companies.

As an example, he says that financial organisations were ContinuitySA’s primary customers in the early days. Since then, regulations have forced other industries to also incorporate business continuity into their business plans – these industries include pharmaceutical, medical, mining and more. (We use the term business continuity to refer to both business continuity and disaster recovery in this article.) Business continuity has expanded to include more modern threats, like ransomware and cyber-attacks.

Additionally, these plans must incorporate far more than only operational concerns. A critical aspect of an effective business continuity plan today is dealing with the media, for example. When an emergency is happening, companies can’t simply focus on getting the business up and running, they need to have a plan to talk to the media and keep everyone informed during and after the recovery process.

All about resilience

It’s all about resilience these days, says Davies. You can’t plan for every possible crisis, which means each company needs to have set processes and policies (and people) to deal with any type of disruption in our V.U.C.A. (volatile, uncertain, complex, ambiguous) world. Furthermore, it’s also not necessarily something that only happens to your company or environment directly.

We live and work in a global village that is only becoming more connected and inter-dependent. What happens on the other side of the world can have an impact on your business. With just-in-time manufacturing, for example, an earthquake in Japan could see an automotive company in South Africa not having spare parts for clients. Resilience is therefore crucial, for operations as well as for reputational continuity.

And reputation is critical these days. With social media and Internet news channels, bad news travels fast and personal and company reputations can be ruined in hours or even minutes – whether justifiable or not. Your ability to handle everything in a concise and clear manner is a vital aspect of corporate longevity.

Resilience is therefore becoming an integral part of every company’s business plan. Large multi-national banks may only be able to afford minutes of downtime, while a smaller company can handle a day or three of downtime, but all of them need to have a plan to get themselves operational and to handle any reputational fallout caused by a crisis of any nature, whether they caused it or not.

Enhancing resilience

Looking at how technology has advanced over the past three decades, it’s natural that the continuity solutions available have also advanced, both in terms of securing the latest technology and making use of it for continuity purposes. Davies highlights two technology elements that have made an impact in the business continuity space.

In South Africa we have seen dramatic advances in connectivity over the past few years. One business continuity result of this has been that data is no longer backed up to independent media and collected and stored by a service provider. Near real-time backups are now a reality, allowing ContinuitySA to keep one or more copies of customers’ data in completely separate locations. (Keeping backups on independent media has not fallen away, of course, but now primarily supports online backups that can reduce the loss window dramatically.)

Connected to this is the growth of cloud solutions. The cloud is finding increased acceptance in organisations as a means to store data, applications and even have data centres in remote locations, making failover and continued operations a little easier, but also more complex in a dispersed world. In addition, in a crisis, certain staff can even log in and work from home if the office is inaccessible.

This does not apply to every job, however, as call centre operators, for example, can’t be sent home. Staff in this category will still need a separate offsite location they can go to in case of a crisis. This has led to the growth in the number of seats ContinuitySA keeps available for clients in key locations across South Africa, Botswana, Mozambique, Mauritius and Kenya (seats refers to the number of workstations the company has available for clients – with about 11 000 m2 for work area recovery in Midrand alone – should they experience a crisis and have to move their staff to a different location).

Of course, advanced technology, while leading to amazing developments, has also led to amazing opportunities for cyber criminals. Business continuity plans today are therefore also being developed to deal with cybercrimes, such as malware, hacking and ransomware. In the case of ransomware, having a failover location for staff isn’t enough, the company needs to make sure it has a ‘clean’ backup it can get to work on – which naturally needs to be part of the business continuity plan.

Everyone is resilient

Looking ahead at how the business continuity/disaster recovery market will change in the next few years, Davies says the concept of resilience will become a common term on everyone’s to-do list. In contrast to ContinuitySA’s early days when business continuity was primarily an IT problem, today it has become a risk mitigation issue and the board and CEO must be involved in the plan as they determine the business’s appetite for risk.

In future, however, because of the ubiquitous nature of technology, resilience will be everyone’s directive and every person in the company will have their role to play in supporting the company’s resilience to crises of any nature. And a crisis today can include anything from natural phenomenon like floods or cyclones, to man-made problems like electricity failures, labour unrest, political violence and more.

Moreover, the continuity plans of the future will incorporate every touchpoint of the company, from financial results to operations, to corporate social responsibility and community relations, and we are seeing continuity planning in some corporations extending to self-provision of electricity and even water in some cases.

Fortunately, ContinuitySA has been doing this for three decades and its services are still in demand. The company continues to grow and there is little chance that business continuity services and expertise will experience a decrease in importance any time soon.

Share this article:

Further reading: