It started with IT server virtualisation and then continued with cloud computing. Instead of physical machines running a company’s own software applications, we now simply have interfaces to virtual instances of these things. Computing resources are no longer located in a specific piece of equipment on a company’s premises. They are ‘somewhere’ in the cluster of virtualised servers, or on the network, or in the cloud. Software as a Service (SaaS) takes it all a step further: now not only are businesses relieved of the need to buy and run their own hardware, but there’s someone else to look after the software too. The potential advantages of budget flexibility, resilience and scalability are clear. But that doesn’t change the need to continually verify solid business continuity management, from one end right through to the other.
Within IT, development teams often exploit this notion of virtualisation to accelerate and improve testing at early stages. This makes sense when testing individual software modules before they are integrated into a complete software application. By simulating interactions and correct responses from external systems, any problem can be immediately localised to the individual module being tested. Problem resolution speeds up without sacrificing quality. At the integrated application level however, the rules change: now testing has to be done without ‘faking’ any of the interactions, to see if the application will stand up to use in the real world.
The same is true of business continuity management. BC test plans must include all the components that make an organisation function correctly, whether or not those components are physically located on site or owned by the organisation. No unjustified assumptions can be made about the performance or the availability of virtual entities. Even if you are using the most reputable and reliable of cloud computing providers, if your own connection to the network fails, so will your business continuity. Be prepared to any get third-party providers involved so that you can do realistic end-to-end testing of your business processes to prove your business continuity plan really is in good shape.