What you can learn from the Holborn outage – don’t let lack of IT planning get in the way of business continuity
We all like to complain about services going down just when we need them most. The wrong kind of weather – extremes of hot and cold – can wreak havoc with trains, and the road network can get snarled up fast. Utilities – especially energy and telecoms – have more downtime than you might expect, as interruptions are often local, such as the recent fire in Holborn, central London, which wiped out telephone and Internet connections for several days. As you try to get from A to B or keep on working in these scenarios, you ask, ‘Where are the backup and recovery plans?’ But what if your company is the one that fails to deliver as it should? Your own customers or internal sponsors and colleagues could be asking the same question.
In these days of the ‘always on’ economy, expectations for fast response have reached new heights, but many companies are not meeting everyday service needs, let alone being prepared for major problems. The latest report from the Institute of Customer Service reveals a majority of customers (62 percent) want a balance of price and service, with at least a minimum service threshold level – but the overall level of trust in businesses has fallen in the past few years. McKinsey, in a recent article on business-to-business (B2B) selling, notes that business buyers are becoming increasingly consumer-like in their behaviour and will prioritise suppliers they see with good reputations long before a salesperson knocks on their door.
If your business experiences a disaster, your problems are likely to be out there on social media before you know it, and your damaged reputation could prevent you from bringing in new business. Despite that risk, the Federation of Small Businesses (FSB) has recently found that three out of five (59 percent) of the small businesses questioned did not have a plan in place to deal with extreme weather conditions such as floods. The uncomfortable truth is many smaller businesses are unprepared for business continuity, not only in the event of a disaster such as a fire but also during day-to-day mishaps.
The word ‘disaster’ is relative. A malfunctioning application could prevent a field service engineer from ordering a key spare part. Perhaps your organisation could simply be unprepared for a sudden demand on bandwidth from people working remotely, with all that secure access to company networks entails. And any downtime on core IT systems and lack of network access from anywhere can rapidly unravel workflows and damage your reputation, as the productivity and morale of staff often depends on having reliable tools for their jobs.
Apart from staff, of course, IT is the lifeblood of most modern organisations, no matter what sector they’re in. While it may be impossible to have a plan that keeps you operating fully during a major disaster, too many organisations do not have a day-to-day set of procedures that will help them cope with less demanding events such as a temporary server outage.
Business continuity planning helps you address the need for highly available systems while ensuring your employees are able to continue doing their jobs. Conducting a business impact analysis will help you map your organisation’s locations, identify key assets and operations, and determine the critical processes and minimum resources you need to operate. The planning process should prompt you to consider the following:
- Do you have a solution for secure off-site data backup? Managed cloud storage with the ability to get a business back up quickly is provided by services such as BlackCloud and BlackVault, now available in the UK.
- Will your organisation’s network and applications be available outside of office hours? Managed servers and cloud computing can help ensure employees have access to the resources they need even if your office isn’t open.
- Does your organisation allow for network access from a range of devices, including people’s own smartphones and tablets? The so-called ‘bring your own device’ movement means that you can be more flexible in remote working, provided you address security requirements.
- Is your staff able to work remotely, whether from home or another office location? Virtual secure networking is advisable for core systems such as accounts.
- Will you be able to conduct meetings remotely? Audio, video and web conferencing systems allow you to set up virtual meetings – a dial-in system for telephone calls could be top of the list.
- How will your mobile staff, such as salespeople, access the Internet while travelling? There are many in-car and portable gadgets, such as those that set up an instant Wi-Fi hotspot for a group using a mobile phone network.
- What will you do if your Internet service goes down? A sensible option is dual Internet provision. Having an alternative cable, DSL or mobile Internet service in the office to call on could be vital if the primary service is not available.
For further advice on business continuity planning, there are several international and British standards and guidelines, many training courses and the Cabinet Office’s ‘Business Continuity for Dummies’.
If you think you already have a good plan, there’s one thing you should do now: test it before it’s needed. Less than a third of organisations have tested their plans in the last year, notes the Business Continuity Institute, but putting your plan to the test can help identify problems you never would have thought of. This is a lesson the accountancy firm Alliotts learned when it had to evacuate 70 staff in the recent fire in Holborn.
Alliotts had already moved its computer servers off-site, so after the fire, the company was able to keep on working by deploying staff to another office or to their homes to work through a remote login system. However, Alliotts also found that some staff were locked out of their homes because they’d left their keys in the evacuated office. Had this issue been encountered during a test, the company could have encouraged employees not to leave their house keys at the office.
Although Alliotts weathered its disaster, that’s not the case for all organisations. Consider those companies without plans at all! Many would be on a steep learning curve with regard to recovery in situations such as the one Alliotts experienced.
You can’t always predict when a disaster will happen, so the best thing to do is to plan for incidents now. If services go down when you – or your customers – need them the most, how will you respond?
By Matt Kingswood Head of Managed Services, IT Specialists (ITS)
Matt Kingswood is the Head of Managed Services of Midlands and London-based ITS, a nationwide Managed IT services provider. ITS is part of the US Reynolds and Reynolds company which has a strong heritage in data backup and recovery services. In his position, Matt is responsible for developing Managed IT services within the UK and is currently focused on the next generation of cloud and recovery products.
Matt has more than 20 years of experience in the information technology industry, and was formerly CEO of The IT Solution – a full service IT Supplier acquired by ITS. Since joining ITS, he has led efforts to introduce a range of managed services based on the new ITS cloud platform. Previously Matt had a career in technology for several top tier investment banks before founding and selling several companies in the IT services industry.
Matt has an MBA from The Wharton School of the University of Pennsylvania and a Master’s in computer science from Cambridge University.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.