The implication of new technology for the requirements for assuring the continuity of business in the event of failures, successful cyber attacks, and other disruption of normal operations is just one of the major challenges to business continuity. Coupled with budget pressure, gaining funding and commitments from the LoBs, driving toward consistent BC/DR standards compliance across vendors and services, dealing with pandemic and ever growing security threats, and the need for increased public and private cooperation, the emergence of virtualization technologies and the cloud has created a set of implications for the enterprise that cannot be ignored.
However, the principals of business continuity planning and disaster recovery remain applicable to the cloud computing model. Cloud computing requires that business continuity and disaster recovery professionals be continuously engaged in vetting and monitoring of resource virtualization and cloud computing plans and operations. The key to challenge is to collaborate on risk identification, recognize interdependencies, integrate, and leverage resources in an effective way.
The Name of the Game - Enterprise Risk Management
The effectiveness of the Enterprise risk management program, in which business and service continuity is a primary discipline, is of course one of those implications. Organizations are faced with trading traditional technology risks and controls for new business and enterprise risks when sourcing strategies move technology infrastructure and responsibilities beyond the legacy data center environment and toward virtualized resources, virtualized business processes, private and public cloud services. This in essence causes a shift away from traditional enterprise technology control thinking (e.g., access management, change control, data security, infosec, backup, disaster recovery, and business continuity) and more toward service provider relationships, capabilities, and accountabilities, or in a nutshell, to business risk management - less technology to manage, less technology risk to some degree, and more complexity and business risk.
Cloud as a Business Continuity Enabler
In addition, the technologies that are virtualizing the data center and all business and organizational processes surrounding it create new opportunities to transfer and distribute technology and business risk management to third parties in ways that, if well conceived and implemented, will reduce the overall risk to the enterprise. For example, cloud services can serve as an important component to quick recovery, low data-loss business-continuity solution of the SMB market. Regularly synchronizing business operations with a Unisys, EMC, Google, Rackspace, Microsoft, Amazon or other cloud service can make information and applications immediately accessible for a number of business failure scenarios. For larger organizations, cloud storage provides the ability to disburse data across multiple geographies and reduce single points of failure. Assuming they have created machine images that mirror their production environments, businesses can rapidly recover into the cloud without paying to run an entirely redundant data center 24x7.
Role of Information Governance
Information governance is one starting point for cloud business continuity initiatives. Information governance programs for the cloud are designed to help organizations protect, manage, and develop data, applications, and infrastructure as a valued asset, while maintaining a reasonable cost-to-risk ratio. Working across risk disciplines, including business continuity/DR, information governance programs ensure that technology and business virtualization initiatives, functions, and principles result in an infrastructure and service arrangements for managing high-quality operations that are available, reliable, consistent, auditable and secure.
Action Item: COMING SOON - ALL YOUR DATA TO AND FROM THE CLOUD. Organizations should embrace virtualization and cloud computing as a business continuity enabler. Build business continuity and resiliency requirements into the journey toward data center resource virtualization, business process virtualization and application encapsulation, and internal and external cloud services.
Footnotes: