Click to learn more about author Steve Blow.
Resilience has long been a quality to which people aspire, seeking adaptability in both themselves and as a characteristic in others. From Forbes to Harvard Business Review to Fast Company, the concept of cultivating individual employee and collective workplace cultural resilience has surfaced as top-of-mind in the public consciousness in recent years. But resilience, “that ineffable quality that allows some people to be knocked down by life and come back as strong as before,” has long surpassed its use as a strictly personal attribute. That ability to bounce back, against whatever the market or other outside forces may throw, is now recognized as a critical element of long-term business plans.
Business resilience is now a key component of strategic plans for many organizations. From communications to product development to physical crisis, resilience is in every aspect of a business that can stand the test of time, including:
- Resilience against negative publicity in the form of crisis communications
- Resilience to a changing competitive landscape through a pivot in direction
- Resilience to operational disruption due to an unforeseeable disaster
When it comes to data, specifically, disasters come in all shapes and sizes, from obvious threats to hidden ones. Organizations today spend a lot of time, and money, focusing on cyber threats. But, as Wells Fargo recently discovered when one of its data centers had billows of smoke coming out of it, sometimes it’s basic disasters that impact IT.
The Evolution of Data Protection
Data protection is no longer solely about protecting data from natural and man-made disasters. Today, companies must be a phoenix, rising from the ashes of disaster more incredible than before. And they must do it quickly.
The impacts of disaster can be measured in a variety of ways – the downtime of a user app, the lost revenue a company experiences, or even the backlash on Twitter around the inability to pay for the items in your online shopping cart – meaning companies must be prepared for each potential catastrophe.
Today, it’s not just about backup or replication, or even just adding redundancy to the infrastructure layers or high availability into the logic layers. It’s about bouncing back.
The Road to Resilience
To be genuinely protected today, organizations need to move from the reactive (the traditional notion of data protection) and into the proactive (accounting for planned outages, potential attacks, unplanned outages, and yes, incorporating the reactive traditional notion of data protection). This may seem like a no-brainer, but many IT teams would confess that in the flurry of attending to the day-to-day needs of their organizations, they are constantly just trying to keep their heads above water. There is little to no time to proactively plan for outages that will happen, much less might happen.
Yet preparing for both anticipated outages and inevitable unforeseen disruptions remains a critical component on the road to IT resiliency.
It is critical to plan for expected outages as even anticipated unavailability can cause a problem for the business: disruptive upgrades, workload relocation, and cloud migrations, all of which are legitimate reasons for downtime, still incur substantial costs to the company for the outage.
The inevitable (yet unforeseen and unanticipated) disruptions require a contingency plan that goes beyond traditional backup. With security breaches and malware infections the norm rather than the exception, data protection must continue to evolve beyond simply preparing for the inevitable failure of data center systems we’ve seen.
So how do you begin to build a resilient IT infrastructure? It all starts with perspective.
Risk has been and will always be the enemy of IT. And the identification of risk is the first step in remediating potential system weaknesses to ensure a quick bounce back.
As you undertake this journey, however, it’s important to remember that risk isn’t limited to technology alone. Your risk identification activities should also involve processes and people.
Consider this: Your IT person knows everything there is to know about your systems, but one day he leaves. Has he correctly and sufficiently documented everything so that one of his peers can pick up where he left off? Or will the project be delayed because everyone else is entirely in the dark? In other words, is the concentration of knowledge a risk for your organization?
Control What Is Within Your Control, Design Around What Isn’t
As you work to become more proactive than reactive, you’ll have to account for the level of control you have relative to the concern you feel. For example, your wide-area links are an external risk that you have little power over; your telecommunications provider controls them. If something goes wrong on the telco network, you’re powerless to fix it and are at the mercy of the provider.
However, variables being outside your control doesn’t mean that you’re without mitigation options. You may not be able to control the telco network directly, but you can design around this issue. For example, are you utilizing diverse routing over disparate links owned by different providers? These sorts of decisions are part of IT resilience too. If you don’t have the reach to fix the real risk (e.g., the WAN link could go down), then you have to design around it (implement redundant WAN links).
You can also look for solutions to potential roadblocks that fall in both categories: those that are inside of your control and those that are outside of it. For example, taking advantage of recent developments in disaster recovery and data backup as they continue to converge. These technological advancements can aid your company in preparing both for the planned outages, and the unplanned. They can also ensure that, by converging your data protection strategy, you are taking a holistic approach to the road to IT resilience.
The art of IT resilience is the orchestration of multiple different processes and technical solutions to protect what is effectively a company’s crown jewels: the availability of its data and applications. The move, first to virtualization and then to software-defined computing and finally to all forms of cloud computing, has enabled the possibility of a whole different level of resilience. But with the luxuries of cloud computing and the ubiquity of the internet comes the responsibility of even more proactive planning.
There is growing evidence that resilience can be cultivated. Now is the time to start cultivating IT resilience within your organization.