Newsletter

HOME Contact Technical Website OUR SERVICES Applications Networking Security OUR CLIENTS Client List Testimonials Case Studies FRAGMENT Current Release of Fragment CONTACT Careers ABOUT US Our Founder Our Vision Media and News Services Agreement Privacy & Terms

Is Your BCP a Statistic?    

In 2010, CDW, a leading provider of technology products and services, conducted a straw poll¹ on Information Communication Technologies (ICT) and security incidents showing the impact to business, both threats experienced and adopted preventative measures. In this paper, we’ll provide insight and mitigation recommendations for their findings.

Key poll results:

• 6% of business disruptions were caused by a cyber-security attack.
• 25% of businesses experienced a network disruption of 4 hours or more within the last twelve months.
• 97% of businesses suffered detrimental effects from network disruptions over the last year.

But what do you consider detrimental? One man’s hiccup is another man’s catastrophe. The poll didn’t provide dollar values resulting from the disruptions. Every business is different. I’ll leave it to you to calculate how much your business would suffer in the event of outages for 1, 4, or 8 hours.

Picking the Low Hanging Fruit
According to the poll, 82% of noted disruptions were caused by non-human intervention. That is to say, in-house and contract staff didn’t make a mistake. As the numbers below indicate, the only mistake was the lack of redundancy, testing and scheduled maintenance.

• 21% of disruptions were caused by a loss of telecomm services to facilities.
• 29% of disruptions were caused by hardware failure.
• 32% of disruptions were caused by a loss of power.

With redundant systems in place, the loss of telecomm services and the hardware failures is avoidable. The power loss damages are harder to avoid as not all hardware is equipped with a multi power supply option. However, a lot of enterprise network hardware is configurable in pairs allowing for high availability configuration when not equipped with dual power supplies. This allows each device in the HA configuration to be connected to a separate UPS or power source in order to achieve higher availability.

Testing the failover solution(s) is as important as configuring for failure prevention. Without testing the solution, you should assume it will fail too. A scheduled and reliable testing procedure allows you to know that your always-on solution will indeed live up to its name.

Dealing with Disasters – After the Fact
The numbers below show 64% of all respondents had an ICT services disruption serious enough to impact business, or at least that they experienced an incident which pointed to potential risk. I’m left wondering how many of respondents uttered the phrases “should have” or “would have”. Both are bad for business as they indicate that decisions were made without forethought or planning or that the facts were put aside in favor of perceived cost savings.

• 30% of businesses plan to improve network connectivity to avoid network disruptions.
• 34% of businesses plan to update their BC/DR plan.

With a little bit of planning ahead, many of these incidents and most of the potential risks are avoidable. While proactive planning has its cost, reacting after the fact is always more expensive. All too often organizations need to experience the disruption in order to learn what fails. Then they spend the time to fix the problem and work to ensure it doesn’t happen again. This is reactive and pricey, especially when there are cost-effective preventative alternatives available.

A thorough business risk analysis highlights the areas where disaster is more likely to strike, how much the damage will be, and what is to be done to reduce chance of it happening. This reduced risk position then becomes the organization’s business continuity plan or BCP.

One more poll result about the need for a BCP before we move on:

• 82% of respondents indicated disruptions could have been reduced or avoided by implementing a comprehensive business continuity/disaster recovery (BC/DR) plan.

Maintaining the Information Flow
The responses below to three separate questions show that ICT has become a utility much like the city water supply or the electrical grid. Both infrastructure systems are built with heavy redundancies and are maintained by highly skilled technical staff under the direction of knowledgeable managers.

• 22% of businesses say lost employee communications is a top negative factor with network disruptions.
• 34% of businesses report that lost customer communications is a major negative effect of network disruptions.
• 57% of businesses report productivity loss is the top negative effect of these disruptions.

ICT infrastructure carries the load of the entire business. Small business relies on email to communicate with clients and vendors. Enterprises rely on ERP, payroll, documents, and unified communications.

Conclusions
Have a business risk analysis. Obtain and deploy equipment with built-in redundancies. Double up on network equipment and connectivity. Develop a business continuity plan proactively. You can ensure that your ICT infrastructure is always-on.

¹ A straw poll is a means gathering data or information where the respondents are limited to Yes or No.




2010 CDW Security Straw Poll: Data Loss Is Corporate Enemy Number One, online at CDW

PDF this PageFragment - Current Release

---

Articles

Administration IT Roles and Responsibilities App_Sec BCP STATS On Passwords Spending Enough Planning to Fail Living With the Enemy A Reason for Policy Mission Critical Messaging – Do you have a policy Globalizing the SMB High Availability: People and Processes Case for Project Management Risk Management

Networking On Routing VLAN Tutorial IPs 4 Golden Rules WAN Technology primer DHCP Primer Your Head in the Cloud(s) DNS: Terms and Process VPN Surfing Challenge Network Slowdown Importance of Time High Availability: Technologies

Security Spammers Go Full Circle Beyond the Lock The Guardian at the Gate A Web of Trust Data Breach Notification

Misc Electricity Primer Documentation-101 Data Control Open Source in the Enterprise Closing the Loop Helping IT to help you Your ICT Keystone