Recent news – Oracle
systems hacked, Delta system down, Amazon system outage are becoming very
common news. We have all the technology and solution to avoid these situations.
IT security and business
continuity has always been a concern for IT professionals. Worldwide political
events, privacy concern, regulatory demands, external attacks, corporate
financial crises, and identity theft have contributed to making security
management and systems resiliency a boardroom level priority. Enterprises want
to make their IT Infrastructure resilient and they also understand the need to
maintain service levels to satisfy today’s dynamic business. Maintaining a
secured and highly resilient system needs innovative thinking.
We will notice Business continuity of most enterprises focus
upon a defensive resilience posture, it consist of three building blocks –
Recovery, Hardening and Redundancy – these are widely recognized as vital
ingredient for successful business continuity plans. A defensive posture is
useful in protecting the organization and its revenue streams but it does not
directly help the bottom line.
An offensive resilience posture also consists of three
building blocks, which are focused upon improving the organization’s
competitive position – Accessibility, Diversification and Autonomic computing.
In practice these building blocks can be used all together or in various
combinations depending upon need. For example diversifying operations might
allow hardening to be limited other than at sites where critical applications
and data reside. The resiliency building blocks are illustrated
diagrammatically bellow.
I consider business resilience encompasses business as well
as IT and it can be thought of as spanning six discrete layers: Strategy, Organization, Process, data/application, technology and facilities/security.
Strategy includes:
1.
Governance Strategy
2.
Financial strategy
3.
Continuity strategy
4.
Communications strategy
5.
New product/services strategy
6.
Risk management.
Organization includes:
1. Roles
2. Responsibilities
3. Structures
4. Skills
5. Cross-organizational
cooperation
Process Includes:
1. IT
Process
§
Change management
§
Problem management
§
Incident management
§
Availability management
2. Business
Process
§
Sales Order
§
Financial
§
CRM
§
Claims processing
§
Business controls and System Management Process
(IT Infrastructure Library)
3. Cross-Functional
Process
§
Business Continuity
§
Quality Management
§
R&D
§
ERP
Applications and Data include:
1. Data
security
2. Data
storage
3. Application
architecture and design
4. Backup
and recovery
Technology Includes:
1. Hardware
architectures
2. System
software
3. Middleware
4. Networks
5. Delivery
channel
6. Disruptive
technology
Facilities and Security include:
1. Physical
and logical security
2. Safeguard
access
3. Power
protection
4. Environmental
considerations
5. Security
Architecture of the Systems / IT Infrastructure
This model itself is scalable and can be applied to an
enterprise, to an individual location, a key business process or IT system.
Clearly, a number of lower level considerations embedded in each layer. For
example, the Facility/Security layer should consider various aspects of
physical and logical security, power protection and environmental
consideration. Business Resilience
achieve by implementing continuity, availability, security, recovery and
scalability spanning and supporting six discrete layers outlined above combine
to deliver Business resilience.