Is Your BCP a Statistic?    


In 2010, CDW, a leading provider of technology products and services, conducted a straw poll1 on Information Communication Technologies (ICT) and security incidents showing the impact to business, both threats experienced and adopted preventative measures. In this paper, we’ll provide insight and mitigation recommendations for their findings.

Key poll results:
  • 6% of business disruptions were caused by a cyber-security attack.
  • 25% of businesses experienced a network disruption of 4 hours or more within the last twelve months.
  • 97% of businesses suffered detrimental effects from network disruptions over the last year.
But what do you consider detrimental? One man’s hiccup is another man’s catastrophe. The poll didn’t provide dollar values resulting from the disruptions. Every business is different. I’ll leave it to you to calculate how much your business would suffer in the event of outages for 1, 4, or 8 hours.

Picking the Low Hanging Fruit
According to the poll, 82% of noted disruptions were caused by non-human intervention. That is to say, in-house and contract staff didn’t make a mistake. As the numbers below indicate, the only mistake was the lack of redundancy, testing and scheduled maintenance.
  • 21% of disruptions were caused by a loss of telecomm services to facilities.
  • 29% of disruptions were caused by hardware failure.
  • 32% of disruptions were caused by a loss of power.
With redundant systems in place, the loss of telecomm services and the hardware failures is avoidable. The power loss damages are harder to avoid as not all hardware is equipped with a multi power supply option. However, a lot of enterprise network hardware is configurable in pairs allowing for high availability configuration when not equipped with dual power supplies. This allows each device in the HA configuration to be connected to a separate UPS or power source in order to achieve higher availability.

Testing the failover solution(s) is as important as configuring for failure prevention. Without testing the solution, you should assume it will fail too. A scheduled and reliable testing procedure allows you to know that your always-on solution will indeed live up to its name.

Dealing with Disasters – After the Fact
The numbers below show 64% of all respondents had an ICT services disruption serious enough to impact business, or at least that they experienced an incident which pointed to potential risk. I’m left wondering how many of respondents uttered the phrases “should have” or “would have”. Both are bad for business as they indicate that decisions were made without forethought or planning or that the facts were put aside in favor of perceived cost savings.
  • 30% of businesses plan to improve network connectivity to avoid network disruptions.
  • 34% of businesses plan to update their BC/DR plan.
With a little bit of planning ahead, many of these incidents and most of the potential risks are avoidable. While proactive planning has its cost, reacting after the fact is always more expensive. All too often organizations need to experience the disruption in order to learn what fails. Then they spend the time to fix the problem and work to ensure it doesn’t happen again. This is reactive and pricey, especially when there are cost-effective preventative alternatives available.

A thorough business risk analysis highlights the areas where disaster is more likely to strike, how much the damage will be, and what is to be done to reduce chance of it happening. This reduced risk position then becomes the organization’s business continuity plan or BCP.

One more poll result about the need for a BCP before we move on:
  • 82% of respondents indicated disruptions could have been reduced or avoided by implementing a comprehensive business continuity/disaster recovery (BC/DR) plan.

Maintaining the Information Flow
The responses below to three separate questions show that ICT has become a utility much like the city water supply or the electrical grid. Both infrastructure systems are built with heavy redundancies and are maintained by highly skilled technical staff under the direction of knowledgeable managers.
  • 22% of businesses say lost employee communications is a top negative factor with network disruptions.
  • 34% of businesses report that lost customer communications is a major negative effect of network disruptions.
  • 57% of businesses report productivity loss is the top negative effect of these disruptions.
ICT infrastructure carries the load of the entire business. Small business relies on email to communicate with clients and vendors. Enterprises rely on ERP, payroll, documents, and unified communications.

Conclusions
Have a business risk analysis. Obtain and deploy equipment with built-in redundancies. Double up on network equipment and connectivity. Develop a business continuity plan proactively. You can ensure that your ICT infrastructure is always-on.

1 A straw poll is a means gathering data or information where the respondents are limited to Yes or No.


Orginally published May, 2011


2010 CDW Security Straw Poll: Data Loss Is Corporate Enemy Number One, online at CDW

PDF this Page
Fragment - Current Release


Articles
Administration

IT Roles and Responsibilities
App_Sec
BCP STATS
On Passwords
Spending Enough
Planning to Fail
Living With the Enemy
A Reason for Policy
Mission Critical Messaging – Do you have a policy
Risk Management
Case for Project Management
Globalizing the SMB
High Availability: People and Processes
Networking

IPs 4 Golden Rules
WAN Technology primer
VLAN Tutorial
DHCP Primer
On Routing
DNS: Terms and Process
VPN Surfing Challenge
Network Slowdown
High Availability: Technologies
Importance of Time
Security

The Guardian at the Gate
Spammers Go Full Circle
Beyond the Lock
A Web of Trust
Data Breach Notification
Misc

Electricity Primer
Documentation-101
Data Control
Open Source in the Enterprise
Closing the Loop
Helping IT to help you
Your ICT Keystone

eSubnet Services

Contact us regarding your network,
security and Internet services needs




All content © eSubnet 2003-2014
ESUBNET ENTERPRISES INC. TORONTO CANADA