Archive for the ‘business resilience and continuity planning’ Category

10 things we learnt in 2010 that can help make 2011 better

December 23, 2010

This is the end of a tough year for many organisations across all sectors. We found ourselves snowed-in last winter, were stuck abroad due to a volcano eruption in spring, suffered from the announcement of a tightened budget in summer, and had to start making drastic cost-saving plans following the Comprehensive Spending Review in autumn. Data security breaches and issues with unreliable service providers have also populated the press.

Somehow the majority of us have managed to survive all that; some better than others. As another winter approaches it is time to ask ourselves: what helped us through the hard times and what can we do better to prevent IT disruptions, data breaches and money loss in the future?

Here are some things to learn from 2010 that may help us avoid repeating errors and at the same time increase awareness of current issues, for a more efficient, productive and fruitful 2011:

1- VDI to work from home or the Maldives

Plenty of things prevented us getting to work in 2010; natural disasters, severe weather and industrial disputes being the biggest culprits. Remote access solutions have been around for a long time, but desktop virtualisation has taken things a stage further. With a virtual desktop, you’re accessing your own complete and customised workspace when out of the office, with similar performance to working in the office. Provided there’s a strong and reliable connection, VDI minimises the technical need to be physically close to your IT.

2- Business continuity and resilience with server virtualisation

Server virtualisation is now mainstream, but there are plenty of organisations large and small who have yet to virtualise their server platform. When disaster strikes, those who have virtualised are at a real advantage – the ability to build an all-encompassing recovery solution when you’ve virtualised your servers is just so much easier than having to deal with individual physical kit and the applications running on them. For anyone who has yet to fully embrace the virtualisation path, it’s time to reassess that decision as you prepare for 2011.

3- Good Service Management to beat economic restrictions

With the recent economic crisis and the unstable business climate, the general message is that people should be doing more with less. It’s easy to delay capital expenditure (unless there’s a pressing need to replace something that’s broken or out of warranty) but how else to go about saving money? Surprising, effective Service Management can help deliver significant cost-efficiencies through efficient management of processes, tools and staff. Techniques include rearrangement of roles within the IT Service Desk to get higher levels of fix quicker in the support process, and adoption of some automatic tools to deal with the most common repeat incidents. Also getting proper and effective measures on the service, down to the individuals delivering it, helps to set the bar of expectation, to monitor performance and improve processes’ success.

4- Flexible support for variable business

An unstable economic climate means that staffing may need to be reduced or increased for certain periods of time, but may need rescaling shortly afterwards. At the same time epidemics, natural disasters and severe weather conditions may require extra staff to cover for absences, often at the last minute. Not all organisations, however, can afford to have a ‘floating’ team paid to be available in case of need or manage to get contractors easily and rapidly. An IT Support provider that can offer flexibility and scalability may help minimise these kinds of disruption. In fact, some providers will have a team of widely-skilled multi-site engineers which can be sent to any site in need of extra support, and kept only until no longer needed, without major contractual restrictions.

5- Look beyond the PC

Apple’s iPad captured the imagination this year. It’s seen as a “cool” device but its success stems as much from the wide range of applications available for it as for its innate functionality. The success of the iPad is prompting organisations to look beyond the PC in delivering IT to their user base. Perhaps a more surprising story was the rise of the Amazon Kindle, which resurrected the idea of a single function device. The Kindle is good because it’s relatively cheap, delivers well on its specific function, is easy to use and has long battery life. As a single function device, it’s also extremely easy to manage. Given the choice, I’d rather the challenge of managing and securing a fleet of Kindles than Apple iPads which for all its sexiness adds another set of security management challenges.

6- Protecting data from people

Even a secured police environment can become the setting for a data protection breach, as Gwent Police taught us. A mistake due to the recipient auto-complete function led an officer to send some 10,000 unencrypted criminal records to a journalist. If a data classification system had been in place, where every document created is routinely classified with different levels of sensitivity and restricted to the only view of authorised people, the breach would have not taken place as the information couldn’t have been set. We can all learn from this incident – human error will occur and there is no way to avoid it completely, so counter measures have to be implemented upfront to prevent breaches.

7- ISO27001 compliance to avoid tougher ICO fines

The Data Protection Act was enforced last year with stricter rules and higher fines, with the ICO able to impose a £500,000 payment over a data breach. This resulted in organisations paying the highest fines ever seen. For instance Zurich Insurance which, after the loss of 46,000 records containing customers’ personal information, had to pay over £2m – but it would have been higher if they hadn’t agreed to settle at an early stage of the FSA investigation. ISO 27001 has gained advocates in the last year because it tackles the broad spectrum of good information security practice, and not just the obvious points of exposure. A gap analysis and alignment with the ISO 27001 standards is a great first step to stay on the safe side. However, it is important that any improved security measure is accompanied by extensive training, where all staff who may deal with the systems can gain a strong awareness of regulations, breaches and consequences.

8- IT is not just IT’s business – it is the business’ business as well

In an atmosphere where organisations are watching every penny, CFOs acquired a stronger presence in IT although neither they nor the IT heads were particularly prepared for this move. For this reason, now the CIO has to find ways to justify costs concretely, using financial language to propose projects and explain their possible ROI. Role changes will concern the CFO as well, with a need to acquire a better knowledge of IT so as to be able to discuss strategies and investments with the IT department.

9- Choose your outsourcing strategy and partner carefully

In 2010 we heard about companies dropping their outsourcing partner and moving their Service Desk back in-house or to a safer Managed Service solution; we heard about Virgin Blue losing reputation due to a faulty booking system, managed by a provider; and Singapore bank DBS, which suffered a critical IT failure that caused many inconveniences among customers. In 2011, outsourcing should not be avoided but the strategy should include solutions which allow more control over assets, IP and data, and less upheaval should the choice of outsourcing partner prove to be the wrong one.

10- Education, awareness, training – efficiency starts from people

There is no use in having the latest technologies, best practice processes and security policies in place if staff are not trained to put them to use, as the events that occurred in 2010 have largely demonstrated. Data protection awareness is vital to avoid information security breaches; training to use the latest applications will drastically reduce the amount of incident calls; and education to best practices will smooth operations and allow the organisations to achieve the cost-efficiencies sought.

Adrian Polley, CEO

This article has been published on Tech Republic: http://blogs.techrepublic.com.com/10things/?p=2100

Advertisements

IT workforce continuity

December 17, 2010

Do you have a people continuity plan for your IT Support?

Business resilience and continuity planning is becoming more and more important as organisations increasingly understand its value and the position IT has in achieving it. However, in Business Continuity Management not all elements are given the same significance. Many organisations focus on securing their data with constant back-ups, others are more concerned with minimising email or server downtime – but the measures taken might not be so effective if there is insufficient support staff to deal with them. How many organisations have a BCM strategy that addresses IT workforce continuity?

Data recently disclosed by The Chartered Management Institute (CMI) revealed that 71 per cent of senior managers recognise Business Continuity Management as ‘important’ or ‘very important’. At the top of the list of perceived threats that can cause disruptions which may potentially have a significant impact on costs and revenues there is the loss of IT. Over half of participants in ‘The 2010 Business Continuity Management survey’ also recognise skills and people loss as being a possible threat. However, their BCM plan does not always cover these. Only a quarter of organisations have a plan that includes remediation towards a potential loss of people and 40 per cent have a plan for loss of IT. There are no statistics concerning a continuity plan for IT Support people specifically, but as more and more businesses become reliant on IT this is an issue that should not be ignored.

Natural disasters, bad weather and flu epidemics, which are among the threats which cause the most workforce loss, may result in a number of IT engineers being unable to carry out their job. A reduced number of technicians who can’t deal with the amount of incidents can leave users unable to work as a consequence. Even simple everyday absences due to holidays or sick leave can cause disruptions to the normal IT Support service that may affect the business.

There are two main issues that need to be addressed in planning for workforce continuity – distance and presence. To overcome the distance problem, organisations should take measures that can allow staff to access the system remotely, choosing the appropriate virtualisation tools. This can benefit both employees who can then work from home, trains or abroad and Support staff, who can access servers and desktops remotely and resolve incidents from a distance.

In some cases, however, physical presence is required or preferred. Not only in the event of a disaster but also in the more ordinary case of personnel on leave or being ill, it may be necessary to provide appropriate substitution with the same level of knowledge and skills. Immediate availability might also be required to avoid disruptions which would cause the service to lose on quality and efficiency, or costs to the business including financial loss, low client satisfaction and loss of reputation.

Some organisations might be able to get by without the full team on board, for instance those where IT efficiency and continuous availability are not a priority. Others, perhaps large corporations with a preference for keeping staff internal, might be able to afford a team of ‘floating’ engineers that are paid to remain available in case of need, or to employ contractors every time they require a substitution. But for most organisations the need to have ongoing high-quality support is strong and having a floating team or individual contractors is not financially or logistically convenient. For them, it might not be possible to obtain this sort of workforce continuity without resorting to external help.

Let’s take financial firms for instance, where business is heavily reliant on IT and time is literally money. For them, disruptions and downtime can have a very high cost and even determine their success or failure. Cost-efficient and reliable IT Support is vital, and so is immediate cover. For them, external support might be a solution – flexible and scalable co-sourcing can offer skilled technicians for emergency and long-term cover.

Some providers offer standardised services that can cover all the basic needs, ideal for organisations with little need for bespoke solutions. Others are able to offer more flexible and tailored solutions, for instance providing staff with characteristics which meet certain requirements within a short time space. Personnel is employed full-time by the provider as multi-site engineers, ready to work wherever the need arises and for any period of time, and trained to a wide range of skills and knowledge which they can apply to different environments. The difference with individual contractors is possibly in the quality a provider can offer thanks to SLAs that guarantee a high level of service.

There may be different strategies to suit different organisations, but it is true for all that efficient IT cannot be possible without efficient management of the IT Support team, which include a workforce continuity strategy specifically addressed to them. Planning in advance is vital to keep the IT system running during disruptions that affect the organisation. It is through a comprehensive Business Continuity strategy which covers Support that an organisation is able to prevent or minimise disruptions that may otherwise have an effect on costs, revenue and, ultimately, reputation.

Pete Canavan, Head of Support Services

This article appears in this month’s BCS Service Management newsletter and online on the BCS website: http://www.bcs.org/server.php?show=conWebDoc.38344

Best Practice and Virtualisation: essential tools in Business Resilience and Continuity planning

March 25, 2010

Life in Venice doesn’t stop every time it floods. People roll up their trousers, pull on their wellies and still walk to the grocer’s, go to work, grab a vino with friends. And when it’s all over they mop the floor, dry the furniture, and go back to their pre-flood life. How do they do it? They choose not to have carpet or wooden flooring, keep updated on water level and have a spare pair of boots right next to the door. This is called prevention.

When it comes to faults in IT systems, both common and rare just like flooding can be, prevention is not better than cure – it is the cure, the only one to allow business continuity and resilience.

Complicated machinery and analysis are a thing of the past: nowadays planning is extraordinarily easy thanks to the expertise given by Best Practice processes, and new technologies such as virtualisation that can bring user downtime close to zero.

First of all, it must be noted that virtualising servers, desktop, data centre is not something that can be done overnight. Planning is needed to avoid choosing the wrong solution, perhaps based on what the latest product on the market is and on media talk rather than what works best for the specific needs of one’s business, and to shun possible inefficiencies, interruption of business services, or even data loss during the process. Best Practice, then, comes across as the essential framework in which all operations should be carried out in order for them to be successful.

Any change made to the system, in fact, needs a mature level of Best Practice processes such as world-renowned ITIL (Information Technology Infrastructure Library) in place, to guide organisations in planning the best route in dealing with all operations and incidents, and are a key tool for avoiding inefficiencies in money and time, and improving the performance of the IT department and of the business as a whole.

Once this is sorted, you can think about going virtual. From a technical point of view, virtualisation is gaining importance in business resilience and continuity planning thanks to the progress made by new technologies. Products such as VMware’s Vsphere, for example, allow what is called “live migration”: capacity and speed of the virtual machines are seen as an aggregate rather than individually, and as a consequence not only the load is more evenly distributed, for faster, smoother operations, but whenever a machine crashes resources are immediately accessible from another connected device, without the user even noticing and without interrupting the procedure.

Moreover, data is stored on a virtual central storage so that it is accessible from different source and does not get lost during system malfunctions, making business resilience faster and easier.

Guided by the expertise of Best Practice and with the help of virtualisation products that suit individual needs and goals, business resilience and continuity planning will not only come easier, but also make results more effective, allowing organisations to deliver their services and carry out their operations without fear of interruptions, inefficiencies or data loss.

 

Pete Canavan, Head of Service Transition

 

This article is in April’s issue of Contingency Today, and is also online at: http://www.contingencytoday.com/online_article/Best-Practice-and-Virtualisation/2242