What do hurricanes, terrorist attacks, pandemics, computer viruses, tornadoes, and hackers have in common?
They can all disrupt your business operations. And depending upon the severity, each has the potential to cripple your company if you don't have adequate contingency plans in place.
Over the last decade or so, the business continuity and disaster recovery landscape has evolved substantially. We're coping with a wide variety of risks and threats that have emerged as a result of political issues, climate change, and advancements in technology. Fortunately, the development of new methods for protecting businesses has kept pace with the transforming environment.
The study annually surveys information technology executives in the U.S. and abroad to learn more about the latest trends in disaster recovery and business continuity. This year, 84 percent of U.S. companies surveyed reported they have plans in place to deal with unexpected disruptions, an increase of more than 10 percentage points over the last five years.
We've seen a clear increase in preparedness, as well as shifts in businesses' investments since we initiated the Business Continuity Study in 2001.
So what's on the minds of IT leaders right now?
Clouds on the Horizon
It's almost impossible to read a tech blog today without coming across "the cloud." And that's because cloud services have the potential to make a tremendous impact on the way businesses and their employees work.
With built-in scalability, flexibility and availability, cloud services also open the door for new ways of storing and protecting business data in a disaster scenario. We found that one in every four U.S. companies surveyed in the 2011 Business Continuity Study already uses cloud capabilities for contingency planning – and another 29 percent are considering doing so.
Cloud services can help companies overcome concerns regarding the expense of backing up applications, data, and other IT resources – an essential component of business continuity. Requiring little capital investment, cloud storage is a cost-effective way to ensure that employees have access to the tools they need to do their work, even when unexpected circumstances knock out primary systems.
Also, the on-demand nature of cloud services means that companies can tap into their data and apps quickly and easily, reducing downtime if a disruptive event occurs and only pay for those IT services when they need to test or invoke plans.
Some businesses express skepticism about the security of the cloud. Is it really a good idea to load a network-based server with critical business data? Doesn't it present an ideal environment for hackers? Can we rely on the cloud for business continuity purposes?
Cloud services, when delivered in concert with enterprise-grade security, can protect business data as well as – if not better than – traditional storage methods.
Many cloud providers offer service-level agreements (SLAs) that allow customers to specify what they need in terms of security, resource availability, reliability, and performance in the cloud. Critical applications and sensitive data require the highest level of protection – and it's worthwhile for a company to invest in making sure these resources are highly-secure, in the cloud, or in any type of hosting facility.
As trust in cloud services grows, more business leaders are embracing the flexible computing and storage capabilities that cloud services provide.
Eighty percent of U.S. IT executives surveyed in the 2011 Business Continuity Study indicated their companies are investing in new technologies this year. Of those respondents, a plurality (43 percent) plan to spend some of their budget on cloud computing. That marks tremendous increase in just one year: in 2010, only 21 percent of businesses intended to make cloud investments.
Mobility Creates Concerns
There's no question that mobile devices are prolific today. Unlike cloud computing, which many still count as an "emerging" technology, mobility has penetrated the business world and our personal lives. IDC, a leading industry analyst firm, predicts that device manufacturers will ship a total of 1.6 billion mobile phones in 2011.
With an array of different device types, smartphone operating systems, and carriers available to consumers, IT departments have struggled to maintain control over employees' wireless devices. People want to bring their own phones to work and use them to conduct business, but this practice can present a number of security risks.
The vast majority (82 percent) of U.S. IT executives surveyed in the 2011 Business Continuity Study expressed concern regarding security on mobile networks and devices. They're worried about a new kind of disaster, one that can disrupt operations just as easily as a hurricane or an earthquake and one that can have devastating effects on a business: cyber attack.
Over the past five years, cyber threats have evolved, and cyber criminals have grown more sophisticated. Individual hackers, organized crime groups, terrorists, and others use a broad variety of tools and techniques to infect computers and applications, mine for sensitive information, or disrupt service.
These security issues once applied only to the wired world, but widespread adoption of smartphone technology has revealed the rising risk of cyber attack in wireless environments. Expanded access to mobile applications creates new opportunities for malicious activity, and hackers are developing more innovative delivery mechanisms that exploit the increased security threats.
If attacked by viruses, botnets, or hackers, companies can experience significant revenue loss caused by theft, operational downtime, reputation damage, and destruction of digital infrastructure.
On the bright side, businesses can prepare for wireless security breeches, just as they would for any other disruptive event. Companies that use mobile devices for business should consider protecting themselves with services such as mobile user authentication, network intrusion detection and prevention, mobile data storage, and mobile device encryption.
In the case of cyber attacks, a proactive approach to planning and securing data, devices, and networks can help businesses avoid disaster altogether.
No More Snow Days
We've seen dozens of examples of disasters and severe weather since the start of this year: tornadoes in the U.S., the Japanese earthquake and tsunami in April, and the Rio de Janeiro mudslides and floods this January, to name a few.
In extreme conditions, many people want to hunker down and stay at home, rather than make dangerous treks to work. High rates of absenteeism, however, can seriously impact a company's ability to function.
Remote access plans are a fundamental part of business continuity and disaster recovery planning. Enabling employees to work outside of the office can help companies maintain their customer service, minimize disruption to their business processes, and protect the health and well-being of their staff during a disaster scenario.
As part of a continuity plan, remote access means more than simply permitting workers to conduct business from home. It also involves setting up infrastructure and testing it in advance to ensure that employees can perform effectively and securely outside of the office. For instance, remote Virtual Private Network (VPN) access can extend the availability of critical business processes, applications, data, work centers, and networks to employees, virtually any time and almost anywhere.
This year, 80 percent of U.S. respondents in the Business Continuity Study said their companies have systems in place that allow all or most employees to work remotely. In 2008, only two-thirds of the businesses surveyed had established remote access plans. The 14 percentage-point increase indicates a trend toward better preparedness and greater acceptance of mobile workforces.
Mobility factors directly into many business continuity plans – not only through remote access solutions, but also in terms of mobile device and wireless network use. More than three-fourths (78 percent) of companies indicated that employee use of mobile devices plays a role in their disaster recovery strategies. In addition, 64 percent include wireless network capabilities in their business continuity plans.
Armed with mobile devices and wireless networks, companies can contact customers, partners, and suppliers in emergency situations. Employees can send and receive e-mails on their smartphones to keep up with urgent business. With audio and video conferencing tools built into many enterprise devices today, people can carry out meetings from almost anywhere in the world.
While IT leaders may have concerns about cybersecurity in today's highly mobile environment, they're still moving forward with implementing mobility strategies for their businesses and even incorporating mobile networks and devices into their contingency plans.
With all of these options for working outside of the cubicle, snow days might be a thing of the past. But your company is better positioned for success as a result.
Shifting Environments, Constant Purpose
Companies prepare for unexpected circumstances to keep business going – no matter where, no matter what.
The key reason for business continuity and disaster recovery planning hasn't changed and probably never will. In order to stay profitable, protect employees and satisfy customers during disasters and other disruptions, companies need to plan for any and every reasonable scenario and develop methods for dealing with the consequences.
Threats evolve and new technologies emerge. According to our U.S. 2011 Business Continuity Study, innovations such as cloud computing, advanced mobility solutions, and remote access capabilities can simultaneously raise concerns and solve problems for IT executives in charge of continuity planning.
Business leaders must carefully balance risks and rewards to determine the course of action that works for their companies. Technology plays a critical role in business continuity and disaster recovery planning today. With that consideration in mind, it's easy to see the importance of updating continuity strategies regularly: to fortify businesses with the best defenses against the latest risks.
It's also essential to test processes to ensure that everything works seamlessly if and when a disaster strikes.
And it's critical to start planning now, instead of waiting until it's too late.
2011 Business Continuity Study Methodology
The 2011 Business Continuity Study is based on an online survey of 401 Information Technology (IT) executives in four U.S. metropolitan areas: Dallas/Fort Worth, Los Angeles, Atlanta and Washington, D.C. The study was conducted by e-Rewards Market Research with companies having total revenues of more than $25 million. Surveys were obtained between Feb. 23 and March 17, 2011.
All survey respondents have primary responsibility for business continuity planning, representing 18 major industry areas in addition to local/state government. Sixty-nine percent represent companies with locations outside of the U.S.
Chris Costello, AVP, As a Service Solutions, AT&T Business Solutions, and her team are responsible for helping transform AT&T's Cloud-Based Service strategy into integrated solutions that are delivered in an As a Service model. Costello led the acquisition of an application services company and integration with AT&T's hosting business. In 2010, Costello achieved "Top 10 Woman in Wireline Services" as well as a Hosting & Cloud Infrastructure services "Leaders Quadrant" rating by Gartner Group.