The goal of a Business Continuity policy is to document what is needed to keep an organisation running on ordinary business days as well as times of emergency. When the policy is well-defined and clearly adhered to, the company can set realistic expectations for Business Continuity and Disaster Recovery processes. Industry experts share insights on the aims of a Business Continuity policy, what is needed to keep an organisation running on normal business days as well as times of crisis.
A Business Continuity policy is the set of standards and guidelines an organisation enforces to ensure resilience and proper risk management. Business Continuity policies vary by organisation and industry and require periodic updates as technologies evolve and business risks change.
According to ResearchAndMarkets.com, The Business Continuity management solutions market is poised to grow by US$387 million during 2020 to 2024 progressing at a compound annual growth rate (CAGR) of 15% during the forecast period.
Leona Mentz, Regional Operations Manager: Asia, Middle East and Africa, BT, said Business Continuity is not just about the nuts and bolts of keeping operations going in the event of a crisis. Mentz said it requires a careful understanding of the appropriate people, processes, technology, information and supplies in delivering essential activities.
“Furthermore, the surge in a distributed work environment resulting from the COVID-19 pandemic has seen connectivity becoming more important than ever. With more organisations becoming reliant on cloud-based solutions, access provides the veritable glue that holds operations together,” she said. “Of course, there are other considerations to improve existing Business Continuity policies such as the physical environment of home workers (for example, do they have privacy for video conferences) and what will happen during times of unreliable power supply? During these uncertain times, having the right capabilities in place before a disruptive event does require some predictive planning. This means that even existing policies that would have been considered sufficient pre-pandemic need to be reviewed and, where applicable, enhanced.”
Lorna Hardie, Regional Director, VMware Sub-Saharan Africa, said African businesses are beginning to fully embrace the underlying concepts of Digital Transformation, with opportunities ripe to overhaul legacy infrastructure and applications, and replace them with more innovative ones.
Hardie said mobile infrastructure and the cloud form just part of the equation of what the modern African business needs to remain competitive in a digital world. “Fundamentally, organisations require modern applications capable of unlocking the true value of the data at their disposal. Strong relationships between organisations and their technology partners are critical. Most businesses in a competitive landscape want to remain solely focused on maintaining growth and not be stuck in the bits and bytes of their cloud transformation,” she said. “This is where refocusing on Business Continuity software across the continent will be a key step. It is one thing to embrace Digital Transformation. Still, if the underlying organisational systems and processes are not in place that supports newer technologies, then their sustainability will always remain in question.”
Business Continuity guidelines
With CIOs on the continent looking to improve their Business Continuity policies given the rapid change in IT, many are grappling with how to develop robust guideline.
According to Hardie, companies across Africa faced significantly accelerated timelines for Digital Transformation projects last year. For example, noted Hardie, many retail and consumer goods businesses had to start delivering complete e-commerce sales fulfilment virtually overnight. “The same was true for public sector institutions forced to support fully remote operations for day-to-day educational and government functions. Those in the financial services industry needed to account for a struggling economy’s challenges while competing for business amid a rise in online payment and government subsidy programmes,” she said. “Media and entertainment businesses faced similar competition for a public’s attention that increased time spent streaming media while largely confined to their homes.”
Hardie explained that the central theme tying this together is the cloud’s value and the need to embrace digital business models. “Even though this is nothing new, companies who have been hesitant to transform their operations to become more cloud-centric can no longer afford to sit on the fence. The realities of the pandemic made the extended timelines for this transformation irrelevant. This is especially the case when it comes to Business Continuity policies,” she said. “The cloud enables businesses to fund strategic IT projects with operational expense. While this affords’ flexibility depends on each company’s approach to cloud financial management, it is now a critical building block as businesses approach the new normal. Therefore, any Business Continuity policy must reflect the cloud as a central component that serves as the means to remain operational despite uncertain external conditions.”
Mentz explained that in today’s environment, increased bandwidth and remote working capabilities have become key elements of a Business Continuity policy. These are driven by a foundation built on high-speed connectivity. “With remote working increasingly becoming a more accepted norm, organisations must ensure that they are cognisant of the kind of access available to home-based employees. This is integral to maintaining business operation at a time where people are working from any number of different geographic locations,” she said. “With the focus turning to the connectivity aspect of Business Continuity, organisations must be aware of the resultant strain placed on networks and infrastructure. Along with this, a shift towards a more secure way of approaching Business Continuity is required. The home routers and devices of workers do not provide the same level of protection as what happens inside the relative safety of the corporate network.”
Cybersecurity
Sebastiaan Rothman, Cloud Solutions Architect, Altron Karabina, said cybersecurity is emerging as critical to Business Continuity and growth in 2021 because dispersed workforces and heightened IT threats call for deliberate actions to ensure security is robust.
“As business leaders review and consolidate many of the dramatic operational and workforce changes that were implemented in response to the health crisis, cybersecurity is coming to the fore as a major risk to Business Continuity,” Rothman said. “Existing threats to companies in the form of data breaches, social engineering and phishing attacks, for instance, have now been amplified with employees working from home and IT teams having significantly less oversight over user behaviour. On a global scale, the cyberthreat to Business Continuity and economic stability is so large that ‘cybersecurity failure’ is listed among the top five risks in the World Economic Forum’s Global Risks Report 2021.”
According to Veeam’s Hardie, one of the most common side effects of increased public cloud usage is a lack of standardisation for configuration. “The cloud’s distributed nature can make companies move faster, enabling anyone to access the resources they need on demand. However, this also prevents security teams from fully understanding how these resources are configured, whether these configurations expose cloud accounts or sensitive data to the public or how these implications may affect industry regulations compliance,” she said. “This security awareness must be integrated into the Business Continuity policy to ensure that data remains protected regardless of the platform used, the cloud environment adopted or the solutions that run on top of these layers to empower a distributed workforce.”
Rothman added that for South African businesses, a dual pressure is also looming in the form of the Protection of Personal Information Act (POPIA) which came into effect in July 2020 – and carries with it major financial and reputational risks for businesses that don’t comply. “Yet while this risk landscape can appear both daunting and overwhelming for businesses already under operational pressure, there are immediate, cost effective and accessible steps to take in order to become both more secure and to ensure data security compliance,” he noted. “Arguably, however, it must begin with an understanding that cybersecurity and information assurance are not technology problems: these are business challenges that are usually solved by implementing robust business processes (in addition to strategic technology solutions).
Compliance and security
Rothman explained that leaders need to understand that becoming compliant does not make an organisation secure. Just because you have a control in place doesn’t automatically make it effective. And sadly, in many instances, the lack of maintenance or skilled management of these controls render them almost useless from the outset,” he said.
With this in mind, Rothman has some immediate and practical steps to consider on the journey to bolstering cybersecurity (and ensuring business sustainability in the long term).
According to Rothman, harnessing existing assets by configuring them correctly and creating visibility with smart monitoring solutions will go a long way in bolstering cybersecurity and ensuring Business Continuity in an event of disaster.
Hardie emphasised that the strength of any Business Continuity policy can be measured in terms of how it easily can be adapted during unanticipated market dynamics or global events. “This makes digital foundation technologies so crucial as is the innovation required to support evolving business use cases, customer demands and technical requirements,” she said.
She explained that to embrace a cloud vision for Business Continuity and organisational longevity does not only come from understanding the characteristics of applications and matching them to the characteristics of different clouds. “It is also about having the ability to deploy, manage and secure those applications across clouds. The intrinsic value of multi-cloud is flexibility and choice. But companies risk agility if they fail to address the biggest operational challenge for managing a multi-cloud environment – silos,” she added.
Click below to share this article