It’s not hard to spot an organisation that isn’t fully resilient. Every week, it seems, another organisation or institution makes headlines for suffering a power outage, cyber-attack, or another unplanned crisis. Only recently, a user in a low-level hacking forum published the phone numbers and personal data of hundreds of millions of Facebook users for free, showing that even the top tech organisations struggle to prevent increasingly sophisticated cyber attackers
So if Facebook occasionally struggles with its enterprise resilience, how, exactly, should organisations approach it? What are the core ingredients that make an organisation better able to avoid, withstand and bounce back from unexpected and potentially damaging incidents?
According to a survey conducted on behalf of Sungard AS, 33 percent of respondents believe a resilient enterprise identifies emerging threats and understands their impact; 31 percent say preparedness is essential; 30 percent feel clear direction from leadership is paramount; and 29 percent believe strong and supportive communication among key stakeholders is a must.
Drilling down deeper, true enterprise resilience — especially in today’s technology-dependent business environment — is the result of baking resilience into an organisation’s infrastructure architecture, application architecture, backup and recovery architecture, security posture, governance and change management.
These are the five pillars of resilience, and they’re all intertwined, with application tiering underpinning how they are best leveraged.
- Infrastructure architecture
Infrastructure architecture consists of all the servers, storage, network, and other hardware upon which an organisation’s applications run, whether that hardware exists in a private data centre or is managed by a cloud infrastructure service provider.
Hardware and network failures or downtime resulting from power outages are signs that an infrastructure architecture isn’t fully resilient. Redundancy in an infrastructure architecture can be expensive to build. And enterprises don’t always have enough team members with the expertise needed to build, manage, and maintain redundant hardware. Consequently, more companies are turning to the cloud for infrastructure redundancy to overcome those challenges.
- Application architecture
Applications are the lifeblood of most enterprises today. When they fail, organisations can lose millions, suffer brand reputation damage and more. To avoid this, applications must be tiered. Tier 1 applications, for example, are critical to revenue generation and should be prioritised in terms of redundancy and resilience over less-essential Tier 2 and Tier 3 applications.
Applications must also be architected to fully take advantage of the infrastructure’s redundancy and scalability. Here again, cloud infrastructures make more sense over traditional mainframe-based private data centres. Cloud infrastructures can offer redundancy and scalability that’s far more affordable and scalable than what private data centres can offer.
By default, some applications can’t immediately switch over to a secondary server, CPU or storage hardware when the primary hardware it runs upon becomes unavailable. These applications must be rearchitected to take advantage of local as well as geographically dispersed infrastructure redundancy.
- Backup and recovery architecture
Every business needs a reliable and isolated backup to be resilient. A company’s backups help it bounce back from cyberattacks, ransomware attacks, or other events in which data has been corrupted or becomes inaccessible. In the event of such a cyberattack, a company must roll back to a predetermined recovery point to keep operations going. And ideally, backups should be isolated off the network so that the data contained within them can’t be erased or corrupted by either internal or external malicious actors.
A company’s recovery point determines how much data loss it will have and determine how quickly it can get up and running again. Determining what those acceptable recovery points and recovery times are will help should help dictate the backup and recovery solution best suited to an enterprise’s needs for application and data resiliency.
- Security posture
All security posture’s foundation should include basics such as firewalls and anti-virus software. Beyond that, posture must take into account a multitude of both internal and external attack vectors and incorporate robust methods for bolstering security against those vectors. Those methods include intrusion detection systems (IDS) and intrusion prevention systems (IPS) as well as identity and access management (IAM) systems to control – at a granular level – who can access data and what they can do with it. Data breaches in which outsiders gain access to sensitive information, such as credit card numbers, often result when organisations don’t have a robust security posture.
The ranks of criminal hackers seems to be constantly growing, while hiring cybersecurity talent is an ongoing challenge for many companies. Consequently, organisations may need to tap outside experts to help them build and fortify their security posture.
- Governance and change management
Companies must consider the answers to a few key questions to help build resiliency into the governance and change management process. How is it rolling out changes across production and recovery environments? If a change to one application is made, what’s the impact to other applications? How are changes being tested so that they won’t cause problems when they’re rolled out?
In traditional governance and change management, changes are tested in a test/dev environment and released into production on a monthly schedule. For many enterprises, a better approach is Continuous Integration/Continuous Delivery (CI/CD), in which changes are automated and then immediately validated, making the process of rolling out changes more efficient — and resilient.
Enterprise resilience: complicated but essential
Building resilience into an organisation via these five pillars can be complicated, time-consuming and potentially costly. However, business leaders and IT teams must ensure they take the time to do so as they are essential to keeping operations humming along under adverse and unexpected conditions.
If resilience in these five areas seems beyond an organisation’s grasp, there is an abundance of experts who can help companies put together a plan and take the first steps. While it may seem daunting at first, it is absolutely worth persevering to ensure long term success.