2015 Business Continuity Review
Just like IT systems are moving away from monolithic big-bang style releases to agile increments, so it seems is life in related areas.
Business continuity, enterprise computing, information security, and the major business systems that are affected by them – notably supply chains – seemed to have less thunder and lightning in 2015, and more trending cloudiness (or was it cloudy trendiness?).
Granted, there were a few exceptions, even in the continually spreading, scaling world of cloud computing. AWS (Amazon Web Services) reputedly became profitable.
This was an interesting development for a group (Amazon) as a whole that has spent years navigating through negative results. Meanwhile, Google suffered two outages of its public cloud services, one from lightning (yes, really) and one from DNS changes.
Otherwise, cloud continued to score points for resilience and associated aspects such as disaster recovery and DRaaS.
Overall, cloud computing seemed to be stabilizing into an oligopoly, a little like the mainframe market of 50 years ago. Maybe history, like the weather, really does repeat itself.
Information security, both in-cloud and on-premise, was somewhat higher profile during 2015. The top three threats for the year for cloud environments were (in decreasing order of importance) app attacks, suspicious activity, and brute force.
For on-premises data centres, the order was suspicious activity, Trojans, and app attacks (information from Alert Logic’s 2015 report).
A little decoding may be in order here. App attacks in this context are attacks on apps (or the stacks they run on), rather than by apps. Trojans and brute force need no further introduction. “Suspicious activity” turned out to be almost anything else.
On the other hand, thunderclaps and lighting bolts were present in 2015 in the form of certain high-profile IT security hacks.
Health insurer Anthem was a case in point and an interesting model for two reasons: how not inspire IT security confidence (critical data-at-rest was not encrypted); and how to recover corporate credibility afterwards (own up and spend big on helping possible victims out of trouble).
Educational toymaker VTech got into hot water for similar reasons. Compromised confidential customer data was hacked and was also shown to have been sent around by VTech without SSL or any other data-in-transit protection.
Naturally, business continuity went on outside the cloud as well. The most important risks to resilience turned out to be non-traditional ones, according to a report from insurance broker Marsh, although enterprises were less interested in insuring against them.
Marsh however thought that potential for insurers to sell their policies in this area would be greater in 2016. Perhaps this was a result of the insurance industry’s own big data crunching and product innovation coming out of 2015.
Harking back to information security, the report indicated 79% of the people interviewed saw reputational damage from data breaches as the biggest risk.
Also, 73% saw lack of crisis management planning as having the biggest potential impact on reputation. No prizes therefore for guessing what will top business New Year resolutions for 2016, although like the ones for losing weight, what will be the result?
Throughout it all, come rain or shine, supply chains continued to supply. Without many disruptions of note (no tsunamis), supply chain managers were able to get their heads down and tweak performance rather than having to repair breakdowns.
Indeed, this tactic may have contributed the most to enterprise business continuity overall, rather than spending time trying to decide whether risk managers or CEOs knew better about possible risks (the Marsh report shows these two groups in pronounced disagreement about certain risks).
At the same time, business continuity issues for supply chains during 2015 were still present. They included corporate social responsibility (such as ethical sourcing), the continuing need for people development, and the requirement for robust supply base management.
So while cloud and security hacks are still likely to underpin and flare up in 2016 respectively, our business continuity review considerations may prompt at least one change for the coming year: the gradual disappearance of the “fair-weather” (undependable) supplier.