Tag Archives: IT

IT/DR and the Ostrich Syndrome

Presentations from DRI2015 are now available in MyDRI.

6a00d8341ca4d953ef01a511fb6751970cThrive! Asia is highlighting “IT/DR and the Ostrich Syndrome: Lessons Learned in India, Applied Everywhere!” presented by Rakesh Pande of DRI India.  The panel provides information on creating a more efficient global travel process.

The view the presentation (and others from DRI2015) please visit our library on MyDRI (access is free)!

While there, be sure to look through our many other resources for resilience professionals.



How Much Does Disaster Recovery Cost?


To view this article in its original location, please click here.

Good disaster recovery may be what saves an enterprise from extinction. But disaster recovery planning and preparation has a cost in terms of time, effort and money. Senior management knows that a company will need to make an investment in order to build the robustness to survive an IT catastrophe. Now it wants to know how much that investment will be; not just to understand impacts on profitability, but also to be able to plan it appropriately to gain optimal protection with expenditure that can be controlled or phased over time.

There are two main ways to set about budgeting for a given expense. The first is use the last set of budget calculations and then factor in changes such as new or discontinued items and inflation. The second is to do the complete budget from the ground up (zero-based budgeting). Each method has its pros and cons. Whichever solution you choose, a good way to start is often to map out the major expenses including IT systems maintenance, specific DR items such as cloud storage or purpose-designed recovery solutions, utilities/power, and staff salaries. Additional expenses might then be rent, travel and third party assistance. Industry benchmarks where available can help to judge the realism of a budget, as can information about industry DR trends.

Next comes the question of who will pay for disaster recovery. The company as a whole pays for its own DR of course. However, the cost may be divided up among different departments according to their current use of IT resources and their DR needs (not everybody needs split-second data recovery). If your company is already running its IT department as a profit centre by billing groups according to usage, it may well make sense to finance DR in the same way. However, it is also important to maintain an overall perspective on DR expenditure to make sure that opportunities to leverage DR over several groups can be taken, thus lowering total costs and individual departmental contributions.

Keeping Business and IT Connected for Better Business Continuity


To view this article in its original location, please click here.

For many organisations, markets change fast as customer needs develop and competitors offer new solutions. Business people under pressure to get new products and services to market may ask more of the IT department than it can deliver at that moment. This friction can cause difficulties in communication and relationships between the two groups. From there, it can lead to fragile or fractured business continuity. The answer is systematic collaboration to ensure that plans are made ahead of time and that the organisation can take advantage of opportunities while avoiding performance issues and outages. Ideally, both parties will have a proactive role to play.

This dual proactivity is part of IT governance, the process by which organisations can make sure that interlinked business and IT goals are met. IT governance has two potential advantages. First, it helps organisations to manage their IT to prevent disasters and strengthen business continuity. Second, it stimulates innovation that then generates higher business growth rates. Naturally, business people must make their needs and expectations known. But with the right IT governance, IT is not just a provider of resources and services: it is also a contributor of business ideas.

The fact is that the IT department is involved with the organisation at practically every conceivable level. IT managers, for example the Chief Information Officer, are therefore in a great position to spot opportunities for streamlining, improving and innovating in business procedures and activities. It was this approach that gave courier company Federal Express a strategic lead over its competitors with a package tracking application jointly built by the business and IT sides of the company. While business people tell IT what they need, IT can tell business people about additional opportunities open to them. Potential disconnects are replaced by synergy that reinforces both business results and business continuity.

How the Consumer IT Market is Driving Business Continuity Management


To view this article in its original location, please click here.

For many aspects of IT, the business market takes its cue from developments in the consumer sector. Even if other items like servers, databases and virtualisation are still enterprise-centric, developments in tablet PCs and smartphones are driven first of all by what private users want. These mobile computing devices are accounting for an increasingly large part of IT everywhere. That means that if you want to see what will happen in the business market tomorrow, look at the consumer market today. Tablets and smartphones also open up new possibilities for effective business continuity management. But other consumer IT innovations are contributing to changes in BCM too.

Consumer IT has also given us social networks. At first they were a means for making friends, sharing news and expressing opinions. When business discovered the power of social media, it started to put them to use to run operations more effectively, share knowledge better and engage employees. It also spotted the potential for Twitter and Facebook, the two largest social networks, for keeping stakeholders and customers informed in times of crisis. Likewise, several project management software applications now offer internal Twitter-like and Facebook-like functionality for internal social networking to help project teams to better achieve their objectives.

However, that doesn’t mean that every consumer IT novelty will automatically cross over into business. Wearable computing for example may help you to keep tabs on your kids (which may be important), but business users don’t seem to have been convinced so far. One exception may be Google Glass. With its voice recognition, camera and miniature screen, it has already found its way into a number of business applications. It could also help in business continuity situations where hands-free real-time two-way information access and communication is required. And for the future? While Google makes up its mind about an official release date for Google Glass, the 3D web, mobile chips under your skin and the totally connected everywhere Internet of Things provide food for BCM thought too.

KL2014 Featured Speaker: Murari Kalyanaramani

The DRI KL2014 Regional Conference and Awards of Excellence will be held in Grand Millennium, Kuala Lumpur, Malaysia. The theme this year “Managing Crisis and Organizational Resilience – Issues and Challenges” will feature a comprehensive program that includes a pool of variety speakers from different industry and countries, who will share on emerging threats and issues that we face today.

In preparation for the conference, Thrive! Asia is featuring the topics and profiles of select speakers.

Murari Kalyanaramani, CBCP

Murari Kalyanaramani, CBCP
Global Head of Service Architecture & Integration, British American Tobacco (BAT) (Malaysia)
Topic: Business Continuity Management – IT Opportunities and Challenges

Murari is a seasoned IT & Information Risk Management professional with over 14 years experience in Information Security Management, Business Continuity Management and, Outsourcing & Supplier Management.

He is currently Global Head of Service Architecture & Integration for British American Tobacco responsible for IT Services Strategy, Service Design & Transition, Supplier Management, Global Software Asset Management and IT Process, Risk and Compliance Management. Murari was previously Global Head of IT Security Services for BAT responsible for Enterprise IT Security Management, IT Security Operations , Identity & Access Management . The role included managing business continuity governance over strategic IT outsourced service providers.

Prior to joining BAT, Murari was attached to PricewaterhouseCoopers (PwC) Malaysia where he was the Lead Manager for the Information Assurance and Threat & Vulnerability Management (TVM) group. During his stint in PwC, he delivered and managed numerous Information Security, Business Continuity, Business Process & Systems Assurance and Third Party Assurance Services engagements for clients in various industries including the government sector.

Disaster Recovery is Purely an IT Function – Or is It?


To view this article in its original location, please click here.

There is a temptation to consider disaster recovery as an IT-specific activity, conducted by IT staff to get IT systems running properly again after an incident or a mishap. Part of that notion is true. Disaster recovery is a term that is reserved for computer systems and networks, and recovering after an IT outage. With enterprises and organisations increasingly dependent on information technology, that also makes DR a large and essential part of business planning. However, as IT-centric as disaster recovery may be, trying to make it the exclusive responsibility of the IT department could be a big mistake. Here’s why.

If IT systems are down, departments must be able to continue functioning. Even e-commerce websites need some backup mechanism whereby they can continue to accept orders, whether this is as sophisticated as a mirrored online store or as basic as a temporary email address on another system. Being able to continue functioning in adverse conditions of any kind is the definition of business continuity. In the event that IT systems fail, it doesn’t matter whether you call it ‘BC’ or ‘enterprise DR’. The fact is that departments and business units must plan ahead to be able to operate in the absence of computer systems. Sitting back and trusting in the ability of the IT department to get things running again is insufficient, to say the least.

And while IT is battling to bring systems and networks back up again, somebody needs to give appropriate information to stakeholders – including customers – about what happened and what is being done to fix it. There are not many IT departments that combine excellence in both technical knowhow and relationship management. To calm down external ‘interested parties’ is the job of the public relations director or, often as not, the CEO. Indeed, as ‘enterprise DR’ involves the whole organisation, who better than the CEO to lay down the DR law by which all departments must abide? So while disaster recovery is naturally IT-centric, effective DR will often involve not just the IT department, but also the business continuity manager and the CEO too.

Disaster Recovery, the Workforce and the Swing of the Pendulum


To view this article in its original location, please click here.

Business started with people. Then came machines, followed by information technology. With IT running business (so to speak), disaster recovery was focused on IT. In fact, the one thing that was often conspicuous by its absence in DR planning and management was people. Now, with declarations like ‘our people are our greatest asset’, there’s a swing back towards emphasising the need to ensure the workforce is just as well-prepared for recovery as the IT systems and infrastructure it uses. Here’s our alphabetical list of items to check now to be even better prepared for any future IT incident or disruption.

  • Authority. Recovery is underpinned by employees having the authority to get things done, and knowing they have that authority. Disaster recovery plans must clearly state who does what and when, and who should step in if the first person in authority is cut off from the rest of the workforce.
  • Breadth of skills. Cross-training already offers the benefit of varying work activities and opening up new career possibilities. It may also be crucial in a time of crisis in order to start up strategically important IT activities again. Make sure employees regularly exercise additional skills they have learnt.
  • Connectivity. The workforce needs to be able to use essential IT systems, which means being able to connect to them from alternative locations or from home if required.
  • Discussion. Employees engage better in recovery procedures when they can voice suggestions and opinions during the planning process. Likewise, two-way communication for exchanging the right information at the right time between employees and management is crucial for optimal recovery.
  • Empathy. Disruption that hits IT, especially in terms of natural disasters, may also have an impact on employees and their families in the homes. Counselling and psychological support may also be of vital importance.

Many of these points must be addressed when disaster recovery planning is being done. You won’t have time to figure them out when an IT disaster hits, so you’ll need to make sure they’re properly in place beforehand.