Continuing our review of our predictions for 2013, most people believe that IT will still dominate BC thinking but will be refreshed under the issues raised by cyber threat, big data, cloud and mobility services and social media. Worries about a myriad of cyber fears will start to move on from its hype phase to a more sophisticated, nuanced understanding of the main issues, threats and vulnerabilities.
Strangely, however, the biggest concern many organizations still worry about is the oldest of all business continuity issues - IT or Telecom disruption. This has had a considerable revival in the past year, perhaps highlighted by the surprisingly long outages being experienced by a major bank and more than one mobile telecom network provider.
I know that many people feel that this should no longer be a serious problem; IT DR has been around for the best part of four decades and every conceivable means of protecting data and systems has been perfected. Surely by now, the IT technical world should be able to deal with operational problems without compromising customer service and information delivery. They certainly shouldn’t create their own problems by poor change management or individual error.
During the past three decades, information security has also been viewed as a core protection discipline built on three pillars – confidentiality, integrity and availability. In many ways security has to be a compromise between these three elements. The need to protect against unauthorised access (confidentiality) has to be balanced against the access needs of authorised users (availability). Locking down a system to guarantee total security, will make it unusable in any practical sense. However, once the system is open for use it is potentially open for corruption and abuse.
Thus the integrity of the system and the associated data is compromised and it might be difficult to identify how, when or where the corruption was introduced. This makes conventional disaster recovery back to a guaranteed safe point very risky. Nevertheless in the days of really modern technological advances it is curious that a major concern for 2013 is still about how to protect basic large-scale transaction handling systems.
The more things change – the more they stay the same (Jean-Baptiste Alphonse Karr, 1849).