By Willem Olivier, GM: Africa. ContinuitySA
As we all know, the value of an effective BCM is becoming more widely appreciated as companies take sustainability more seriously. Nowhere is this more true than in Africa, where businesses are gearing up to take advantage of the continent’s opportunities but find their ability to compete hampered by unreliable national infrastructures and a lack of BCM experience. Many are finding that a credible BCM capability is a requirement for entering into solid partnerships with global companies, and to building a loyal customer base.
To many companies, it initially seems as though insourcing BCM makes the best sense—they reason it will be cheaper, everything will be under their control and they do not risk compromising data confidentiality. But in many cases these initial assessments fail to take into account the hidden costs and pitfalls of insourcing. Before making a decision, companies should consider the following issues:
Are there hidden financial costs? Building and equipping a recovery facility requires both capital and operating budget. Organisations should also not forget the expense of maintaining the equipment and facilities, as well as renewing the technology. Companies often forget that existing budgets such as facilities maintenance, will not be able to absorb the extra expense. Alternatively, removing expensive BCM infrastructure from the balance sheet is likely to be desirable, and syndication via an outsourcer invariable reduces costs substantially.
Are there hidden personnel costs? It’s unlikely your staff has the necessary specialist BCM expertise, so these skills will have to be acquired—at a cost. Almost certainly, extra staff will have to be hired as an effective BCM programme is complex and ongoing. And don’t imagine that your existing management capabilities (such as facilities management) will be able to absorb the extra work without hiring extra staff.
What are the hidden complexities of BCM? Commissioning a failover data centre and work-area recovery facility is actually the easy part of BCM on the vendor’s side — and it’s not that easy! Harder by far is developing the right business continuity plan in line with the company’s strategies and risk appetite, and putting in place the complex business processes needed to ensure that, in the event of a disaster, the business can recover. What happens if the only or one of your key BCM resources is ill or away when a disaster happens? And, most important of all, are you testing the BCM solution regularly, and feeding the results back into the plan to ensure continuous improvement? Chances are that you aren’t, simply because the time is never right, and today’s business is always the priority.
The answer for many companies is a combination of in- and outsourcing, a solution that hopefully gives them the best of both worlds. But when making the decision, remember that there is never a dress rehearsal for a disaster—it’s always for real. When the chips are down, having an expert by your side usually makes sense!]]>
The cyber security and business resilience session will be held at ContinuitySA media briefing session in Midrand on Thursday 19th May from 7h30 – 10.30. Seats are limited so register now at http://www.continuitysa.com/cyber-security-breakfast/
Aimed at C-level executives from board members to the CIO, CFO, COO, CTO and CEO the event will give answers to questions such as how to quantify a cyber threat? Reflect and get advice on how prepared you are for these threats and look at how the threat landscape can be monitored.
Ensure your business can achieve more than a basic level of #cybersecurity and safeguard your organisations business resilience from the current threat landscape for total peace of mind by attending this session.]]>
Many factors such as industrial action, extreme weather conditions, routing upgrades or hardware failure can all lead to extensive loss of data, the consequences of which could be catastrophic to your business.
Disaster Recovery as a Service, commonly known as DRaaS, is a comprehensive portfolio of services that offers a potential solution, however does it offer the full service that you would expect unless it is properly managed by a company with many years of expertise and a proven track record providing DRaaS.
In the ‘safe hands’ of a competent organisation like ContinuitySA, who efficiently design, set up and manage every facet of your customised data protection, you can have absolute peace of mind to focus on your business.
ContinuitySA offers a three tiered approach to DRaaS:
Server replication – Includes fully managed offsite data recovery centres to which you replicate your servers. Servers can be failed over in minutes. This protects physical, virtual and cloud hosted servers.
Managed Virtual Server hosting – Used for production hosting or secondary live servers. You are able to increase or decrease resources such as storage and memory at any time, without having to re-provision your servers.
Managed backup – Expertly managed disk based backup reduces your backup window, dramatically shortening backup times. Primary backup devices can be located at your premises, replicating to the recovery centre eliminating link bottlenecks.
There are substantial cost benefits to moving to a DRaaS model which also frees up your IT staff to focus on other projects.
ContinuitySA offers 24/7 expert advice, management, monitoring and reporting to give you…….
TOTAL PEACE OF MIND!]]>
When it’s time to find premises for your new business or when you are relocating or need extra office space, it’s interesting to consider the alternatives available. Should you deliberate about office renovations, take a new building or evaluate a resilient office space?
In addition to its core Business Continuity Management, ContinuitySA is offering resilient office space to companies who want the benefits of a fully managed office solution at a fixed monthly costs.
So what is our resilient office solution you may ask?
Our resilient office space is essentially a ready-made, customised office solution which is fully managed to get your business up and operating with the minimum of turnaround times in a business resilient environment at a fixed monthly cost. Equipped with optional desk top computers, furniture and flexible telephony options (Avaya, Mitel or your own) this solution can get you operational speedily. Access is available to our onsite data centre. UPS and diesel generators provide electrical back up during potential winter load shedding, and emergency water supplies are also available. Superior bandwidth connectivity is supplied with multiple WAN ISP’s.
Our facilities also offer onsite parking as well as being close to public transport nodes. 24 hour service desk support is on hand to support your infrastructure and around the clock security. A flexible approach to contracts, be they short or long term, allows you to build a best fit solution perfect for you as well as taking into account scalability during the contract period.
So if your business needs more space or you’re looking at alternative office solutions why not find out more. Contact us on email firstname.lastname@example.org or click here for more details or for somebody to contact you on what options and locations we have readily available.]]>
By Michael Davies, CEO, ContinuitySA
The final set of risks relate to geo-politics and, in particular, terrorism. Our team recognised that these are risks that are largely out of companies’ control, but they need to understand them and have mitigation plans in place.
We decided to include these risks particularly because Africa seems to be more and more vulnerable to them, terrorism in particular. It comes at a time when South African businesses, in particular, are looking to expand north in order to achieve the growth that is so elusive domestically. Unfortunately, many of the continent’s most attractive markets are also increasingly theatres for political violence. Kenya and Nigeria are two cases in point, with Al Shabaab active in the former, and Boko Haram in the latter.
Don’t forget that this risk applies also to your supply chain
Companies attracted by these markets must therefore take the time and trouble to understand the risks they pose, and put contingency plans in place. The safety of employees is of particular concern, and the threat of kidnap is also real. Companies have a well-established Duty of Care to their employees which does not end when at a border.
This is a highly specialised area, and it’s one in which the aid of specialists should be sought. Your insurance company is likely to be very helpful because the risk may be insured, and also your legal advisors would offer insight into what your obligations are. Both will have relationships with security companies that specialise in these types of risk, and who will possibly be able to offer information and counsel.
In conclusion, and looking at the five risks as a whole, we feel that it’s very important to consider the whole process of business continuity management, which underpins business resilience, in terms of your customers. You need to understand the extent to which they are relying on you, and thus on your ability to recover from a disaster.
On the plus side, positioning your company as a reliable partner, one that has taken the trouble to build resilience into its business model, can be an excellent marketing tool, and a way to build the company’s reputation in the market. The world is increasingly sensitive to risk, and partners that are seen be alive to risk are desirable.]]>
By Michael Davies, CEO, ContinuitySA
Like it or not (and none of us do), it seems that the brave new world of the Internet, and the resulting connected business environment, have created a whole new class of crime: cyber-crime. Cyber-criminals are legion, and exist in suburban bedroom in Iowa, lofts in Beijing and North Korea, and Internet cafes in Belarus and Estonia. They are highly skilled, often anarchist in mindset, and supported by an apparently limitless set of hacking tools available on certain illegal sites (the Dark Web),either for free or for relatively small amounts.
These criminals are motivated either by financial gain or the simple joy of cocking a snook at the establishment—probably a bit of both, to be frank.
The statistics are truly frightening, as you have doubtless seen in news reports for many years—especially as a lot of cyber-crime is not reported to protect the victim’s reputation. Such an atmosphere of unrelenting threat is taking its toll: the recent Cisco 2016 Annual Security Report found that companies globally feel increasingly vulnerable to cyber-attacks, and less confident in the security measures they have in place.
Another study, RSA’s Cybersecurity Poverty Index shows that nearly 73 percent of global companies reported they had insufficiently mature levels of security. The survey further adds that the greatest security risk was the ability to measure, assess and mitigate cybersecurity risks, with 45 percent of the companies surveyed describing their capabilities in this area as “non-existent” or “ad hoc”. By contrast, only 21 percent reported that they are mature in this area.
The Cisco study found that small to medium-sized businesses have emerged as a potential weak link, spending less on Web security than in previous years. This connects back to the supply chain risk identified in a previous blog: many of the companies in your supply chain might fall into this category, making all their business partners as well.
Cyber-security is not just a technology problem, and it cannot be solved by the IT department. The whole company has to be made security-conscious, and security protocols have to be built into business processes. Only this approach will make the business resilient in the context of cyber-attacks.
Next time, I will conclude by looking at the fifth and final risk to bear in mind for 2016.
By Michael Davies, CEO, ContinuitySA
We’ve all imagined how we would cope with the aftermath of a nuclear attack or a violent revolution, when all the infrastructure on which we depend is destroyed. Foraging and hunting for food, chopping wood, finding a water source, learning to weave or work leather: what skills and tools would we need to survive?
The same thought process could be valuable in the business context. We are all highly dependent on information and communication technologies (ICT), a dependence that creates huge vulnerability. Although disaster recovery plans tend to begin with the ICT systems, there can be a delay in recovering them, so knowing which processes could be run manually—and how—would be a big step towards building in resilience.
For a retailer, it might be as simple as having a manual credit card machine on hand to cope with unavailable systems or a power blackout.
This back-to-basics approach will also help in the event that ICT systems stay down for longer than expected, perhaps caused by something beyond your control; for example, a national blackout or a terrorist attack that cripples the network.
Next time, a look at risk No 4—cyber-attack.]]>
By Michael Davies, CEO, ContinuitySA
Last time, I introduced the first of five risks that will affect African businesses over the coming year and into 2017. The second risk our team identified is one that has become more prominent over the course of the last several years: supply chain risk.
The first point to make is that today’s business environment is characterised by long supply chains and greater collaboration with business partners—something that introduces more risk into the equation. Risk can no longer be compartmentalised, so to build true business resilience you need to understand your key dependencies and how resilient your partners are.
The old adage about the chain only being as strong as its weakest link summarises this fact of contemporary business life.
One trend that is of particular concern is companies’ growing use of cloud providers to supply more of their IT requirements. Cloud itself is not the issue; the problem comes when a company assumes its cloud provider has the ability to recover from a disaster. Our best advice? Don’t assume your cloud provider has a good business continuity plan: check it out!
Another key risk relates to the ever-present danger of local utilities running into delivery challenges—a question mark now hangs over power and water supplies, and this threat could affect the whole supply chain. Even if you have measures in place to deal with a power outage, what is the impact if your supplier in goes down and cannot recover in time to fulfil your order?
One supply chain risk is of particular concern: How well prepared is your telecommunications service provider to deal with a prolonged power outage—for example, when communications masts cease to function because their batteries run down?
Next time, 2016 risk No. 3 in detail—are you prepared to go back to basics?]]>
By Michael Davies, CEO, ContinuitySA
At the end of every year, my executive team goes into crystal-ball mode, pooling our experience and insights to try and brainstorm the risk landscape for the year ahead. This time round, we came up with five areas of risk that African businesses should be thinking about.
Each blog in this series will cover one of the five.
First, though, a brief reflection on the notion of business resilience itself. Once upon a time, we spoke only of disaster recovery, which really related to a company’s IT systems. As it became more apparent that IT could not be seen as separate from the business, we started considering IT risk in the context of business processes—recovering from an IT outage was more than just getting the systems back up and running. To do this properly, we had to develop ways of drilling down into exactly what a company did, and the relative importance of each business process (and thus its enabling IT infrastructure). Only once this business impact analysis was completed could we know which processes needed to be up quickly, and which ones could be a little delayed. This analysis in turn affects how to allocate resources and budget for a business continuity management strategy that actually works.
Over time, business continuity management matured and standards were created. The growing sophistication of the business impact analysis has now come to be seen as an invaluable tool for doing much more than identifying risks: it helps the company to understand itself and its true priorities better, and thus makes it better able to overcome the challenges of today’s business environment generally.
In short, it makes the business more resilient to anything.
The first of the five risks that should be occupying your attention during 2016 is the need to address leadership issues, particularly with regard to the CIO. Deloitte’s 2015 Human Capital Trends Report shows that 86 percent of companies globally see developing leaders as a critical challenge. We think African CIOs are under considerable pressure at the moment as they move from their traditional IT support role into one that demands innovation leadership. Technology is disrupting business, and thus the CIO is the natural person to help the rest of the C-suite understand what the sources of disruption are likely to be—and, even more challenging, how to become disruptors in their own rights.
In a way, everybody is competing with Amazon, or a company like Amazon, these days.
One example: CIOs don’t just face the challenge of putting the technology and processes in place to provide insights from the analysis of big data. They have to help the business work out how to respond to those insights.
We all felt that a related factor is that in today’s interconnected, unstable global economy, crises of one sort of another are more frequent. CIOs, along with the rest of the C-suite, are under pressure like never before, and the business needs to work out how to mitigate this very real aspect of leadership risk. Firefighting mode isn’t the best way to plan for the future.
Next time, a look at the second risk to consider in 2016.
 Available at http://dupress.com/periodical/trends/human-capital-trends-2015/?id=us:2el:3dc:dup1179:eng:cons:hct15.]]>
Black swans are unexpected events with profound, even catastrophic effects. When they’ve happened, most people try to rationalise them and how they could have been prepared to deal with it. But the truth of it is that a black swan is so unexpected it’s virtually impossible to foresee it.
The Twin Towers is perhaps the classic black-swan event of recent times. It changed the face of geopolitics and while there were many theories about how the authorities should have seen it coming, this is just the perfect vision of hindsight.
“Business is becoming more and more vulnerable to such high-impact, unforeseeable events thanks to the uncertain global, and thus complex, business environment. For one thing, organisations are employing ‘just-in-time’ inventory strategies and supply chains are becoming more critical which dramatically increases our risk exposure; for another, there’s the pressure to be a 24/7 business,” says Michael Davies, CEO of ContinuitySA. “No getting away from it: there are just more potential points of failure.”
However, Davies continues, there’s one black swan that is keeping everybody in South Africa awake at nights: a national blackout or a sustained regional blackout. Because it would affect the whole grid or a section of it, such a blackout could last for days or even longer.
Although most commentators, and Eskom itself, believe either of these to be a remote possibility, Davies feels companies should give thought to how they would handle such an eventuality.
“Even though it’s unlikely, the consequences would be devastating so it’s just as well to have a plan in place,” he says. “In addition, understanding what would be required will also make your business continuity planning for the inevitable ‘normal’ load-shedding better.”
Davies offers the following points to consider.
At the same time, Davies advises that companies should give some thought to other high-impact, unexpected risks. He identifies cybercrime as one area of concern. While this type of crime is becoming more common, many companies do not realise how common because those who suffer such an attack generally do not publicise the event to protect their reputations.
Other challenges to which companies might not be giving enough thought include fire and flooding, especially in shared premises where one is vulnerable to the poor planning of fellow tenants.
“Whatever the colour (or size) of the swan, the only way to cope with the unexpected is to build a resilient organisation—one that is structured to cope with the unexpected,” Davies concludes.]]>