Thursday, January 5, 2012

2011 Put the spotlight on Business Continuity Planning for Large Enterprises and SMB’s

Business Continuity Planning involves understanding risks such as natural disasters, facilities and supplier outages to a business, and putting into place a robust mitigation plan for prevention and response in case any risk is realized. BCP is important for both large and small enterprises. In large organizations, BCP is driven by a systemic organizational process.
Three significant events in 2011 which put the spotlight on Business Continuity Planning were:
·         Natural Disasters in Japan and Thailand along with their unanticipated consequences
·         Online Activism and Hacktivism in UK and Middle East
·         Cloud and Telecommunication outages from global providers
Natural Disasters in Japan and Thailand along with their unanticipated consequences
The earthquake, tsunami and resulting impact on the Fukushima nuclear plant created a disruption in power, population unrest, and withdrawal of expats which disrupted supply chains of Japanese firms. For most of the large Japanese firms, the floods in Bangkok came as a second whammy as this led to further shutdowns. In the case of Japan, the country was well geared to face earthquakes, but the Tsunami and its unpredicted consequences amply demonstrated that its difficult to model the vagaries of nature.
The three learning’s from these incidents are:
  1. Natural Disasters cannot be accurately modeled or planned for. They do happen and due diligence in site selection helps.
  2.  In Thailand, costly equipment was damaged because the communication was not in an international language or as timely to foreign managers, hindering precautionary actions. this has to be anticipated and built into the plan.
  3. Time to recover varied from a minimum of 3 months onward for large firms
Online Activism and Hacktivism in UK and Middle East
Online activism in UK and Middle East, arose spontaneously  triggered by a single event like the death of Mark Duggan in UK—a 29-year-old father of four shot dead after being stopped by the police—and in Egypt, Khaled Said, a 28-year-old businessman who was pulled from an Internet cafe and beaten to death by security forces. This resulted in the virtual shutdown of several countries for months and in some cases, turning of the Internet partly or wholly which impacted businesses. The extreme form of online activism, Hacktivism, saw significant hacks such as that of Sony Playstation Network by Anonymous, a Hacktivist group which halted the company operations for over a month and ran up a loss of 200m$.
The three key learning from these incidents are:
  1. Online activism or Hacktivism can spontaneously result in disruption at a scale which is unprecedented. An analysis of the stability of the political environment and its impact on the functioning of the country is paramount to BCP planning.
  2. Resetting a country involves a regime or policy changes that take years. Therefore do not expect a short term effect on business operations
  3. Social unrest in a recessionary world is on an uptick and is not solely related to third world countries as believed prior
Cloud and Telecommunication outages from global providers
There were several cloud and telecommunication outages of major service providers in 2011. Reddit, Foursquare, and Quora were among the many sites that went down recently due to a prolonged outage of Amazon's cloud services. These outages lasted 3-4 days on average, and were primarily due to the inability of the service providers to understand the complexity of their infrastructure. So despite there being a robust Business Continuity Plan by these service providers it did not factor in their inexperience due to the newness of the technology, and limitation in understanding technology underpinnings and their interactions. Failure of Telecommunication services by an Indian service provider a few days before New Year impacted year end sales as well as customer services for both large and small enterprises.
The three important learning’s from these incidents are:
  1. Organization’s sourcing to the cloud must ensure that they are contractually covered for such outages. Atleast for another year, companies should expect such outages as a given.
  2. SMB’s should take precautions to build BCP plans when cloud sourcing which involve, at minimum, work around processes and data backup. 
  3. Large organization must assist small suppliers build a business continuity plan through mandatory BCP specifications in supplier agreements aswells as regular audit, and awareness training
Related Reads

A Strategic Approach to Security Risk while CloudSourcing

Midsized service firms face business continuity issues if senior executives leave with operational data

In 2011, Natural Disasters highlight importance of Business Continuity Planning

1 comment:

  1. Good article and summary. I am particularly impressed by the third key 'learning' on the need for large organizations to assist suppliers in building a BC Plan to suit their recovery specifications. This observation/recommendation is hitting the nail on the head where large organizations that utilize services of third parties often find a glaring gap in the BC Plannning of their third parties being inadequate.