Riaan Hamman

Companies are not always adequately prepared to recover critical IT systems in the event of a disaster, said Riaan Hamman, CTO at Puleng Technologies and a member of the Disaster Recovery Preparedness Council, as he addressed the ITWeb Business Continuity 2013 Summit in Bryanston recently.

Hamman highlighted some findings of a survey the council is undertaking, saying that, “’Disaster recovery’ are two words all IT managers and business owners fear. How can we predict disasters? What is the probability of a disaster occurring? Can we quantify that probability? Apparently we can, and it has already been done.”

According to Hamman, three of four surveyed organisations are at risk of failing to recover from a disaster or outage.

“The cost of losing critical applications has been estimated by experts to be $5 000 per minute,” he noted, adding that, in the survey, it emerged that some 36% of organisations lost critical apps, virtual machines and critical data files for hours, while 11% lost these for days.

“Especially at today’s rate of exchange, that equates to a substantial amount of money. The question is not if a disaster could happen, but when it would occur, how prepared are you for that scenario?”

Hamman revealed that a majority of organisations struggle with disaster recovery compliance reporting, and he believes this is an area ripe for automation.

Tshepo Masigo

James Grcic, MD of Computer Storage Services claimed that theft, loss, neglect and insecure practices are the biggest risks to data.

Keeping data safe is becoming critical for all organisations, particularly as they are faced with an infl ux in the volume of data they have to deal with each day. “On average, every IT-literate person has three to four computing devices or storage devices,” he said.

Controlling all data and locations is near impossible, said Grcic.

The demand for real-time, on-demand access is a reality for both business and personal purposes, he said. Due to the adoption of cloud and virtual technology, the past five years have seen the data curve grow exponentially.

Budgets are moving from hardware and infrastructure-centric capital expenditures (capex) towards service-based models (opex), Grcic noted, saying, “The budget power within many organisations is moving from the back-office (IT) to the front-office.

“Even three years ago, the focus of IT was more around centralised IT infrastructure – that’s how quickly and dramatically this shift towards the consumer has happened. The software giants are just beginning to recognise that the path into enterprise budgets is increasingly through these end-user devices, and are adapting their strategies accordingly.”

Enterprises are at a tipping point in mobility and bring your own device (BYOD) adoption, and should leverage these technologies to fuel growth, says Werner Lindemann, MD of technology solutions at Datacentrix.

According to Lindemann, key considerations need attention in order for mobility and BYOD to be successfully incorporated into an organisation’s day-to-day running.

“There are areas of business that are ready to adopt BYOD and mobility; these include: hosted virtual desktops, emergency/mass notification services, crisis/incident management software, work area recovery, and e-mail continuity,” said Lindemann.

<a href=

David Bollaert" />He noted that the benefits to companies deploying BYOD are that employees can stay connected from anywhere, during any disaster, at a fraction of the cost that comes with sourcing a permanent work area recovery site from a service provider. It also creates a real-time view of the supply chain for management from anywhere, he said.

According to Lindemann, new market opportunities are driven by client needs and with the rapid access to mobility, 90% of IT industry growth will be driven by mobile devices and apps, which today represent just 22% of ICT spending.

“CEOs need to develop new mobile and BYOD business models, and ensure employees are more mobile, while working with the CIO and IT departments. That way, they can implement strategies to support multiple device types and protect intellectual property of their businesses,” he said.

“Mobile initiatives are significantly impacting IT resources and becoming critical business tools.”

As the IT landscape evolves, companies that embrace social and technological changes originating from enterprise mobility and BYOD will be better equipped to lead the growth and future of the organisation, he concluded.

David Bollaert, senior business continuity management advisor at ContinuitySA, says that social media crises are on the rise, yet 76% of them could have been avoided with proper planning and internal investment by companies.

According to Bollaert, it’s important that companies understand what a social media crisis is, as well as the value social media provides when it forms part of the company’s business continuity management (BCM) processes.

“Characteristics of a social media crisis include information asymmetry and a decisive change from the norm, and it has potential material impact that could have negative results on the brand,” he said.

Bollaert believes that companies need to acknowledge any social media crisis. The first step (even if they don’t have all the information), is to respond first on the platform where the crisis broke, and then on all other platforms. This means answering questions via Twitter, Facebook, blog comments and beyond.

Companies also need to be sympathetic and remember that it’s not about winning, but about damage control.

Bollaert highlighted ways companies can maximise their social media capacity. These include embedding BCM through internal social media applications like Yammer, loading BCM actions on sites for easy access, and using YouTube to highlight exercises and simulations, amid other proactive uses.

“In a crisis, consumers need honest answers and they need them fast – and no messaging vehicle is better suited to meet this demand than those fuelling the crisis in the first place. Transparent engagements in the online communities where your customers already live provide a credible and direct channel for the answers they need.”

Governance of enterprise IT (GEIT) and business continuity management (BCM) should never be a gamble, said Carl Kruger, lead in Deloitte’s IT governance, IT risk and IT service management department.

Kruger believes organisations should view IT governance and BCM as enablers of business. “If your strategy is not enabling BCM, then you have failed already,” he said. “IT governance, similar to BCM, is pervasive and forms part of strategic and operational enterprise objectives.”

He noted that top management must manage GEIT as part of enterprise governance and that BCM should be an integral part of enterprise and IT governance. Just as GEIT focuses on value delivery and mitigating IT-related risk, he explained, BCM focuses on continuity of value delivery to stakeholders. “The extent of BCM as a practice should be clearly understood by the enterprise.”

He urged companies to adopt a BCM culture, saying certain values and behaviours contribute to the unique social and psychological environment of an enterprise. “In creating a BCM culture, organisations must define and continually communicate core BCM values and ensure awareness on enterprise BCM values equally among staff and clients.

Executives and management should lead by example, following core values, and management should empower staff to be creative and should reward innovation.”

After creating the culture, Kruger said enterprises should strive for continual improvement of the system. “Continual improvement should not focus on fixing errors, repairing faults, correcting problems, sorting issues or building workarounds.

“Continual improvement drives an organisation to be both analytical and creative in finding ways to become more competitive and more effective at meeting stakeholder expectations,” he explained.

According to Kruger, one of the best ways to formalise BCM, improve executive oversight and set direction of enterprise BCM activities, is to establish a BCM committee.

Do-it-yourself (DIY) disaster recovery, however, exposes companies to risk, and those looking to mitigate this risk should consider outsourcing, said Tshepo Masigo, business development executive at IBM.

He noted that, in a recent Forrester study, organisations were asked what their top hardware priorities were for the next 12 months; 60% responded that improving business continuity and disaster recovery capabilities were a high or critical priority.

“In Forrester’s recent budgets and priorities tracker survey from 2012, it was found that enterprises spent on average 6.2% of their IT budgets on business continuity or disaster recovery,” he said.

“And 28% of firms spend between 6% and 10% of their budgets on business continuity or disaster recovery. Since 2010, the average spend on business continuity or disaster recovery has grown almost a full percentage point. The need for human resources devoted to business continuity or disaster recovery is also on the rise.”

Forrester found that enterprises employ, on average, more than 31 full-time employees to support business continuity management corporationwide, Masigo added.

He also noted that, despite increased spend on disaster recovery, total cost of ownership (TCO) is a leading driver in outsourcing considerations.