Putting the “Business” in “Business Resilience”
English is a wonderful language, if you like euphemisms. However, sometimes clear communication can be impeded when a phrase loses some of its meaning as a result of being used to describe something less attractive.
One good example of this is “Disaster Recovery” or “DR.” It is intended to describe all the various tools and disciplines involved in ensuring an organization can deal with (and recover from) unexpected negative impacts, such as power outages, fires and hurricanes. Instead, DR has often been used as a glamorous euphemism for backup and recovery.
Of course, backup and recovery are, in many ways, foundational to a proper DR context. But together they’re just one aspect of a complex technical response to an essential business need: to stay in business. Then again, so is DR.
And that’s the problem: approaching this discipline from the technical bottom up obscures the reason for it, distracting from the fact that it’s all about keeping a business viable.
The time has come, then, to get back to business, to understand the role of technology from a business perspective, and to look at what it means to ensure the uninterrupted viability of the business using the technologies that support it.
What Does Storage Have to do With Business?
In the beginning, businesses bought computers to handle data. Many of these original computers were mainframes or their predecessors. All of them cost a lot of money, and were expected to generate and/or save their owners even more.
But accidents happen. In fact, back then, they happened quite easily. Punch cards, tapes and disks could easily be damaged, destroyed or just misplaced.
Consequences happened. Business consequences. And it didn’t take long for the businesses that paid the bills to mandate a proactive solution to such problems.
So, backups happened. Then, after some number of floods, fires and other disasters, off-site backups happened.
This was the beginning of storage management.
Over the years, it evolved into backups, tape management, hierarchical storage management and storage resource management—first on the mainframe, and then on other business computing platforms.
And it was all about proactively keeping the business viable.
Where Does Security Fit In?
Of course, not every technologist who ever said, “Oops!” had just damaged a physical storage medium. Sometimes they’d deleted or changed something they shouldn’t have.
And sometimes they did it without realizing it. Or perhaps they even did it surreptitiously and on purpose. You can’t recover from something you don’t know happened.
That’s where computing security comes in. By allowing only authorized access, a whole lot of “oops” and fraud are prevented. And that’s about business, because a business that can’t trust its data—such as financial data—is on shaky ground. And a business that can’t prevent confidential data from being exposed to competitors is in grave danger indeed.
How About the Network?
When the mainframe was the center of the computing universe and everything was connected to it, network outages were generally just local access issues. Once a terminal or controller was restarted or replaced, everything was back as it should be.
Those days are long gone. Now, most applications and nearly all businesses run on multiple servers and often cross-platform. There may still be a mainframe in the picture, serving up data and established applications, but generally there are many other computers and servers in the mix as well.
The good news is that modern networks, generally using TCP/IP, have built-in redundancy. However, they can still fail, or be brought to their knees by suddenly increased usage or reduced capacity.
They can also become points of incursion from outside threats.
In all of these cases, if the network is not behaving as expected, business may not be getting done, either by users at their workstations, or by multi-platform applications that rely on connectivity to share and update production information.
As a result, everything from network monitoring and management to firewalls and intrusion detection has become standard in a truly resilient enterprise.
What Other Technologies Support Business Resilience?
Then there’s automation and performance monitoring. A computer tends to be able to recognize and respond to a problem much more quickly than a human. If that problem is a sudden and immediate threat to business computers, humans may not even notice it until those computers have stopped working. And by that time, it may well be the business people who alert the technologists to the problem, because it has impacted their ability to transact.
Performance monitoring software can detect such problems before they become performance issues, and then notify automation software, which can take corrective actions long before any business user would notice any problems.
Of course, those are just preventive measures. Then there’s recovery. It’s more than just having backup hardware and data. It’s about a complete, functional, well-documented environment, ideally up and running within moments of a major failure. The longer it takes to be back up and running after an outage, the less likely the business is to recover.
What Other IT Factors Affect Business Viability?
Y2K is over, and the business world seems to have survived it pretty well. But hopefully we all learned a lesson about taking the future into account in our designing production systems. It wasn’t the last “roll-over” we’ll encounter, and some of the solutions put in place were just medium-term stopgaps.
9/11 happened, and we all woke up to another reality: capricious malice. It can’t be fully foreseen or prevented, and sometimes it can’t even be recovered from. Still, as General Dwight D. Eisenhower said, "In preparing for battle, I have always found that plans are useless, but planning is indispensable." Or, to put it another way, failing to plan is planning to fail.
As if those factors weren’t enough, businesses started doing themselves in from the top down. After what seemed like an epidemic of willful mismanagement, regulations began to pour in to prevent further such indiscretions, including the now famous Sarbanes-Oxley, a.k.a. SOX. Failing to comply with such regulations can lead to significant sanctions, and even a loss of business viability.
The good news is there are technology solutions to respond to each of these business resilience drivers. Better software, more scrupulous implementations and tighter configurations: it all comes down to conscientious responsibility.
However, even in IT, sometimes the business resilience drivers and solutions aren’t just about technology.
An important case in point is the mainframe technology work force.
Thinking back to the original business resilience issues on the mainframe, some of the same people who were around to encounter, resolve and prevent them are still running today’s mainframes. In fact, well over half of today’s mainframe technologists are within a very few years of retiring. And if it took decades to build them, they certainly won’t be easily replaced in a matter of months.
But why does that matter to the business?
It matters because over 60% (some say over 75%) of the world’s corporate data still reside on mainframes, and those mainframes are expected to run 7 x 24 with better than 99.999% uptime (that’s less than 5 minutes downtime per year). You can only achieve that with a workforce that’s experienced, dedicated, expert and present.
Beginning to hire a new generation of mainframe technologists just as the last of the previous generation walks out the door is a recipe for disaster, and one from which an organization may not readily recover. It is a dangerous fallacy to assume that an organization can just pull the trigger on some “silver bullet” such as moving to another platform or an outsourcer at the last minute.
The “New Responsibility”
You can’t stop the future; you can’t even predict it with a high degree of reliability much of the time. But you can create it.
There’s a dawning awareness in the business world that not only do consequences happen, but they can be intentional. Having experienced the consequences of failing to plan, of management by arbitrary decree, and of business-as-usual in a changing world, the time has come to take ownership of medium-to-long-term results.
As this realization and the various accompanying regulations begin to take hold with organizational management, the business climate and culture can be expected to change. It’s not just about the bottom line or stock price—though they remain important. It’s about long-term viability and prosperity.
And it’s about scrupulous planning and designing of an enterprise-wide IT architecture that takes into account all the platforms and business needs today and tomorrow, and not just the latest hype technologies.
That’s real business resilience.
Conclusion: Getting Back to Business
With all the details to account for and things that could go wrong, it may seem easy to end up mired in the “paralysis of analysis.”
So, it’s time to take a step back and get some perspective.
When you’re driving a car, you don’t normally worry about what could go wrong. You may take regular steps to preempt problems, such as keeping the car maintained and the gas tank full, but most of the time you’re behind the wheel, you’re focused on your destination, not the technology that’s enabling you to get there.
In the same way, your IT environment is not about dealing with problems. It’s about enabling your business. As long as you take regular and conscientious measures to keep your IT environment alive, well and supporting your business, it doesn’t have to be a source of paralysis or potential threat.
That’s where having solid partnerships in place can make all the difference. By working with a partner that understands the business mandate of IT and can enable you with management software and related services to take care of the details, you can stay focused on the bottom line, and ensure that your technology is an enabler, not a distraction.
About the Author: Reginald (Reg) Harbeck is CA’s Global Mainframe Solution Manager. In the two decades since he received his Bachelor’s Degree in Computer Science he has worked with operating systems, networks, security and applications on mainframes, UNIX, Linux, Windows and other platforms. Reg has been with CA for over nine years, during which time he has met with and presented to IT management and technical audiences in Europe, the Middle East and many locations across North America, including at Gartner, IBM zSeries, CMG, SHARE and CA WORLD user conferences. Reg is the published author of several whitepapers and articles, which are also available online.
|
