Ask the Expert: We see a lot of resiliency efforts focused on IT Operational Resiliency. Who else needs to be involved in a strong Enterprise Resilience program?
David Pearson, Co-Founder and CTO of Iceberg Networks discusses some of the questions he’s hearing about enterprise business resiliency. The following is an edited transcript of the conversation.
We see a lot of resiliency efforts focused on IT Operational Resiliency. Who else needs to be involved in a strong Enterprise Resilience program?
Unfortunately, the simple answer is everyone. If you look at where the real drive has been coming from recently around operational resiliency, there have been a number of changes in regulations. The Bank of England, for example, has published some guidelines around organizational and operational resiliency and a lot of that is being driven by some failures in the banking system. They are starting to drive people towards a model where regardless of what is going on, you need to be able to continue delivering your core services. It starts in the banking world where a failure in organizational resiliency results in the banks not being able to deliver money to people and if you can’t get the money flowing, your economy suffers dramatically.
The regulators are starting to push organizations to be able to treat even a crisis situation as situation-normal from a resiliency perspective. Many of the cases where organizations have been brought to their knees by cyber issues has really been why the focus has been on IT. For example, a major hack of a bank and some major element, such as their accounts, has failed. This is the result of an IT issue, but many of the other failures are not the result of an IT issue.
Now the whole world is starting to drive towards the fact that if I need to maintain “normal operations”, even in a crisis situation, I would need to involve almost every part of my organization. Just because there is a crisis situation going on doesn’t mean I don’t have audit and compliance requirements. I need to be able to maintain my compliance posture, even in a crisis situation. I need to make sure my people are productive, but if I have a longer term outage, how do I maintain my culture throughout that event? It’s touching on HR, audit, IT and every other major part of operations. Back to the “Why?”, in the event of a crisis situation, you’re able to, at least for the most part, continue operations normally. When the situation does return to normal, you’re able to return to normal with it. If there’s a new normal, you’re able to adjust to that new normal.