• Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Posts Tagged :

Sungard Availability Services

What business continuity lessons can be learned from disaster movies?

960 640 Guest Blog

By Chris Butler, Lead Principal Consultant, Resilience & Security, Sungard Availability Services

Disruption, a word which many businesses are very much used to now, can often have disastrous effects on productivity, output, company reputation, and ultimately the bottom line. On the other hand, that which we would call a ‘disaster’ in the enterprise world in most cases pales in comparison to the sensational disaster scenarios we’re used to seeing on the silver screen. 

For example, a cyber-attack which steals and sells user data could potentially have devastating consequences for scores of businesses and consumers alike, but doesn’t quite evoke the same feelings of excitement as a full-scale alien invasion or the impending impact of a planet-sized meteor. 

On the same note, in today’s world of hyper-extended supply chains, unexpected periods of application service downtime can send shockwaves of disruption around the world in a matter of minutes. While this scenario probably strikes fear in the hearts of supply chain specialists, zombie apocalypses or the rampaging of a giant, man-eating shark can arguably evoke these emotions amongst a much broader audience.

But while the forms of enterprise and Hollywood ‘disasters’ are clearly poles apart, many themes remain the same: outsider threats, technology problems, leadership loss, communication breakdown, environmental change, etc. Here we look past the special effects and extract the core business continuity themes which lie behind our favourite disaster movie scenarios. 

Don’t let individuals get lost in space

For those used to working in office environments, the future is likely to be characterised by more working from home or from other remote locations. Video conferencing and collaboration apps have worked well to emulate the office environment, but a sudden break in their functionality can cause critical communication structures to break down entirely, leaving individuals cut-off from their teams. 

In Gravity (2013), an unexpected incident leaves astronauts stranded in lower earth orbit with no team, no means of communicating with ground control, and no shuttle to take them back to earth. This is an extreme example of how people are at their most vulnerable when they are isolated, and can even start to panic or act irrationally when cut off from the rest of their team. It is for this reason that cyber-attack methods such as phishing and ransomware target isolated users, both of which saw a spike in usage as many countries went into lockdown.  

Organisations simply can’t afford to leave their workforce stranded in space and expect them to make their own way home. Disasters almost always scatter or raise barriers between people, therefore it’s important for individuals to be made aware of contingencies for communication disruption scenarios ahead of the fact. This should comprise spreading awareness of emergency contact chains and back-up communication systems to keep everyone on the path to recovery when disaster strikes. 

A loss of leadership leads to chaos

As anyone who’s seen Airplane! (1980) can tell you, pilots and co-pilots should never eat the same meal mid-flight, otherwise contaminated food could take both out of action simultaneously. While this is just one of a number of ludicrous happenings in this comedy classic, loss-of-leadership scenarios in the enterprise world happen surprisingly frequently – and are no laughing matter. 

A loss of leadership typically stems from unexpected events, from travel delays or restrictions to instances of sickness or compassionate leave. Organisations should therefore make clear which of the leadership teams’ responsibilities should be delegated to whom in the instance where one or many suddenly become unavailable. To make this work, a bottom-up approach to enterprise resilience is crucial, taking into account both operational and human elements of business continuity. 

Pilots cannot rely on there being a trained pilot and/or doctor amongst their passengers to miraculously save the day if they become incapacitated. Likewise, leadership teams shouldn’t leave resilience and continuity up to chance. By training proactively training staff, organisations can either spread responsibility across their organisations or implement and test a clear delegation structure to weather the shock of a sudden loss of leadership. 

Prepare for technology to be sabotaged or to malfunction

Technology is the driving force behind digital transformation in the world, but this also means that we are more dependent on reliable, highly available systems than ever before. The alignment between IT and operations has become such that today, the resilience of an organisation’s IT is tantamount to its overall ability to continue operating when disruption strikes. So, what technology disruptions should organisations be on the lookout for? 

Taking a lesson from Cloudy with a Chance of Meatballs (2009), a poorly understood or inadequately maintained piece of technology is likely to malfunction and can potentially wreak havoc, especially if that technology has a large base of end-users who rely on its availability 24/7. Additionally, as shown in Speed (1994), technology can also be sabotaged and held to ransom by unknown entities, using time pressure and the threat of harm to users to force organisations to fulfil their requests. 

Unlike the movies, organisations can rely on Disaster Recovery (DR) tools, such as data-centre co-location, cloud back-up and storage, and failover power & networking solutions, to prepare for a diverse set of potential technology disruption scenarios. In addition, organisations shouldn’t rely on a single ‘hero’ to swoop in and save the day. Sharing the burden of knowledge relating to the ins and out of IT infrastructure not only allows teams to react faster to disruption, but ensures the resilience and availability of their products, services and operations.  

Getting back to reality

Not every disaster scenario in the movies has its roots in science fiction or the supernatural. In fact, some have not only featured entirely plausible scenarios, but have been downright prescient. Take, for example, Contagion (2011)whose plotline revolves around the outbreak of a viral pandemic originating in South East Asia and resulting in the implementation of social distancing, self-isolation and a severe economic downturn. Clearly, there are not only indirect lessons to be learned from cinema. 

Disasters are unexpected by definition. The work of disaster movie writers, therefore, is not so much removed from the work of business continuity specialists. Both are responsible for imagining: a) scenarios which cause significant disruption; b) the extent to which said disruption will have short/long-term impact; and c) the potential solutions to put in place both before and after disruption takes place. At a time when business continuity planning is at the top of the agenda for all organisations around the world, now is the time for organisations to use their imagination and prepare for a wide range of potential disruption scenarios. 

Continuity Planning: What the office really means to businesses

960 640 Guest Blog

Dr Sandra Bell, Head of Resilience Consulting, Sungard Availability Services

In spite of best intentions, protective measures, vigilance and forward planning, organisations will always be at risk of losing their workplace due to reasons such as fire, flood, extreme weather, or structural collapse. Likewise, even if the fabric of the buildings themselves are serviceable, access may be denied due to contamination, lack of power or water or being within a police cordon following a terrorist incident.

Regardless of what caused the issue, the result is the same – the loss of a normal place of work. It may be for just a few hours in the case of a utility outage or it may be for many months, or even indefinitely, for more severe incidents. However, what does “losing your workplace” actually mean for an organisation, and what is the best thing to do about it? 

The cost of workplace office loss to an organisation

The true cost of losing a workplace office is always greater than the actual physical loss. The loss not only means that you can’t meet the physiological and security needs of your workers to enable them to do the work that you pay them for which causes immediate operational disruption.  Butut you can also no longer coordinate and manage their activity or meet their higher-level needs such as to belong, contribute and grow, leading to lower morale and engagement.

Modern technology has, in most cases, allowed information to be disconnected from place and time, which means, with a little forward planning and investment, it is fairly straightforward to get the office occupants up and running at alternative locations such as home, hotel, rented office or a purpose built disaster recovery facility. 

However, research shows that if we fragment the workplace without paying attention to the management and coordination activity or the social and recognition needs of our workers following an office disaster, the costs can be very high indeed.

When we look at the cost of business disruption, the 2018 Allianz Global Claims Review reports that the average insurance claim for business interruption is more than $3m, almost 40 percent higher than the average cost claimed for property damage. The same research also shows that the losses are now being driven by indirect impacts such as loss of confidence in the organisation, loss of customers, fines, penalties and lawsuits – impacts that can only be mitigated by people in the disrupted organisation pulling together as a team. 

In short, the threats that have the ability to prevent a workplace operating as it should can be physical, virtual or reputational and all impacts are financial. Indeed, the largest losses are now being driven by the indirect impacts rather than the direct property damage and operational disruption requiring businesses to re-think how they accommodate the workforce in the event that they can’t access their office. 

How to reduce the impact of a workplace office loss 

The most effective way to reduce the impact of a workplace office loss is to instantaneously pick up the whole thing, people, information, management, personal knick-knacks, support structure etc. and transplant it somewhere else that is equally easy to get to and has the same feel and culture as the original. However – we are operating in the real world and things are not quite that easy.

Good physical security and building resilience such as ensuring you are not in a flood plain, have more than one power and communications links to the building etc, are a good starting point. Likewise, the Business Continuity Institute’s Good Practice Guidelines offer four basic recommendations to the loss of building and work environment, to help mitigate the immediate operational disruption, which it’s worth every business considering: 

  • Diversification: having a separate location where the activity occurs in parallel so if one location is lost the work can carry on at another location – albeit with the negative consequences of an increased workload for the undamaged building occupants and loss of activity for those who normally work from the damaged building.
  • Replication: having a separate premises that has all facilities required to undertake an activity, but it is not currently being used. 
  • Standby: a separate premises that has some of the facilities required to undertake an activity, but additional facilities will be required before the activity can be undertaken. For example, a physical premises but where an operational copy of the IT system to support the activities of the people is held in together with a backup of its data that needs to be loaded and tested with manual switching to be made live.
  • Post-incident acquisition: where suitable premises can be acquired which may or may not already have the facilities required to undertake an activity.

But, beware, there are a number of pitfalls that need to be negotiated to get the most out of these strategies.For example, many organisations have a plan that includes relying on people being able to carry out their normal activities remotely from their home. However, unless the organisation is in the fortunate position to be able to issue users with a second laptop that lives at home, you can never be sure they will be available at time of incident. Many people are not at their desks when a crisis happens, and the vast majority of people do not take their laptops home each night. Equally, does the user have sufficient and suitable space for working from home?  Likewise, is it safe? The employer still has a responsibility to ensure a safe working environment for staff even when working from home.

Alternative workplaces can also be troublesome. Do they have the right connectivity? Is it secure? Who else are you sharing the space with? Is it somewhere that you would be happy holding client meetings? 

Addressing more than just the immediate losses 

As we’ve seen above workplace offices are not simply warehouses that provide shelter and warmth to individuals who carry out their tasks autonomously. They provide a rich environment for interaction and innovation and enable efficiency by specialisation. They are designed so that the output of the whole is greater than the sum of the parts, and the mitigation of losses requires more than just alternative accommodation to be provided.

The risk environment that organisations operate in is now characterised by uncertainty, complexity and risks with adversaries and the magnitude and frequency of the losses is driven primarily by how an organisation as a whole responds rather than how they mitigate the immediate operational disruption of losing their premises in the first place.

We are finding that organisations that adopt a holistic stance and incorporate point business continuity solutions such as workplace and IT disaster recovery into a larger resilience strategy suffer fewer losses because they are able to address all aspects of the corporate culture and the loss of a workplace becomes a minor operational blip as opposed to a full blown disaster. 

Image by Michael Gaida from Pixabay