DRJ's Spring 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 31, Issue 2

Full Contents Now Available!

Wednesday, 20 December 2017 22:22

SWS-2 Editorial

Written by  Michael Herrera

What are the Top-3 threats to organizations today?

Outsourcing or third-party risk: Organizations must provide oversight of third-party providers. You can outsource the work, but you cannot outsource the risk/responsibility.

The fact is, your company can have the best business continuity program in the world, but if your critical vendors are vulnerable, you are vulnerable. A chain is only as strong as its weakest link, and an enterprise is only as robust as its least disaster-proof critical supplier. It’s an unnerving thought but also a fact of life in an interdependent economy.

Your company takes a gamble every time it relies on a third-party provider for an essential part of the business—whether it’s for payroll services, call center operations, production facilities, IT services, or anything else. Service providers are an extension of your company and multiply your chances for a disruption. So, if your critical vendors don’t take business continuity as seriously as you do—and have a plan in place to show for it—then it may be time to reassess those relationships.

Third-party risk can be assessed and managed, but the process needs to start early in the relationship. Follow these steps to ensure that your vendors continually stay on top of their business continuity risk: Add business continuity language to your service contracts; identify which service providers are critical to your business mission; identify a point of contact for business continuity for each critical vendor; create and send a business continuity questionnaire; analyze the responses; identify an action plan to address gaps; and follow up.

IT Risk:

Our reliance on technology will continue to leave organizations vulnerable to IT failures of all kinds, whether the failure is caused by a natural disaster or simple human error; if the cause is internal or external; or if your cloud provider suffers a technical glitch, a data breach, or simply goes out of business.

Cyber risk/data security:

Data breaches are happening so frequently nowadays that we no longer talk about if your organization gets hit, but when. Before it happens, consider the valuable data you have, what could be compromised, and the possible repercussions should a breach ever occur. Also take into consideration any regulatory requirements that might make it necessary to bolster your protection. Needless to say, ensuring IT security is a lot more challenging in recent years with the dramatic rise in the use of mobile devices, employee-owned hardware, third-party apps, and cloud-based data storage.
From the business continuity perspective, we divide IT security issues into these categories:

  • Your employees. The key to making sure your employees are helping keep your organization safe rather than exposing it to danger is hiring the right people and training them properly.
  • Your employees’ personal devices. More companies are allowing employees to bring their own devices to the office and use them for work. This includes laptops, cell phones, and tablets, as well as the desktops they might use when working at home. This is great from the point of view of business efficiency and flexibility. But, the increase in the use of employee-owned devices creates a lot of new challenges from the security point of view.
  • Your cloud service. People tend to assume that the cloud is security nirvana. They assume that the people running their cloud service are highly compliant and that because the cloud company might be bigger than their own organization, it must therefore be more secure. None of these things is true. The cloud is just another data center, just another piece of technology. You should vet your cloud company just like you would any other third-party provider.
  • Your third-party apps. The availability of dependable, high-performing third-party apps to do things like store and process information, handle customers, and handle phone calls and messaging is truly amazing. But when the business depends on the app, the business is only as secure as the app.
  • Standards. Here we are talking about such standards as PCI (for credit cards), HIPAA (for medical information), and HITECH (for health information technology). If your company has to meet the standard, then any system or device you do business on has to meet the standard.


What areas of BC/DR do you think organizations should be investing in to secure their resiliency for the next 3-5 years? (Where should they put their money?)

Making resilience a part of day to day business operations and decision making. IT/DR resilience cannot stand alone. Business recovery is always the ultimate goal and we need to strive to understand business needs and priorities and implement the right DR solutions to ensure that those needs are met. The top 3 goals are to protect the enterprise, mitigate business and IT risks, and ensure the continuation of operations.

Resiliency is more than purchasing a backup power source, moving your applications to the cloud or enabling your employees to work from home.


Would you consider the influx of Millennials with the exiting of baby boomers to be a challenge to the technology changes in the resiliency industry? (i.e.: loss of knowledge Vs incoming training needs)

The transition from a workforce populated mostly by baby boomers to one of Millennials certainly poses some challenges for any field. The potential for the loss of decades of hard-earned knowledge of the baby boomer generation cannot be ignored, but perhaps it can be balanced out by the eagerness and technical sophistication of the Millennials. This “me” generation excels at collaboration – why not engage them more fully in working with the “outgoing” generation to transfer their insight and knowledge in a way that combines the strengths of both generations?

Spring World 2018 Session - The BIA from the IT Perspective