FEATURE: BUSINESS CONTINUITY
FEATURE: BUSINESS CONTINUITY
CIOs in Africa do
consider it essential
that the business
have in place
contingency plans
for restoring service
after a disruption,
but are challenged
by the age-old issue
of managing legacy
infrastructure.
data centre online, but it does add to
the project budget.
While there is plenty of talk about the
hybrid cloud opportunity, in Africa there
still are not enough enterprises tapping
into the lower cost and flexibility
benefits of the public cloud. There
remains an assumption that data must
be kept on-premise due to perceived
security issues but, as attitudes change,
enterprises must look beyond simple
application testing in the public cloud
environment. It’s about using hybrid
cloud in a way that benefits the
individual business and its workloads.
But I will be clear, just putting an item
in the cloud doesn’t mean it is backed-
up, an on-premise and off-premise
backup strategy is required. The recent
news that Microsoft will be bringing
Azure data centres to South Africa
means the next year will hopefully see
an uptick in the number of businesses
using cloud across the continent.
We are entering an incredibly exciting
time for the African continent.
Significant opportunities are becoming
available to aid the case for business
continuity, but CIOs must increase the
understanding of a serious systems
outage to heads of business, because
in 2017 we shouldn’t still be discussing
‘if’ a business has a continuity plan. ¡
Comment by Brian Pinnock,
Cyber Resilience Expert, Mimecast
What’s holding Africa back?
There are several issues that hinder the
adoption of a continuity plan working,
but African organisations tend to be
faced with one initial major challenge to
a plan even being developed – budget.
Claude Shuck, Veeam’s Regional Manager for Africa
similar responsibility in its data centre.
As such, the mission-critical nature of
the data centre means it must be able
to continue operations in the event of a
disaster. Veeam enables IT organisations
to achieve an RTPO™ (recovery time
and point objectives) of 15 minutes or
less. That means that with Veeam, the
NDMC`s data centre will always
be available.
The value of training
Continuity training is invaluable and
should be an essential part of a CIO’s
business continuity plan. As we know,
disaster recovery and business continuity
plans often end up at the bottom of
the budget priorities list. Therefore, IT
cannot be the endpoint here. The entire
business should be trained to respond,
44
INTELLIGENTCIO
in a suitable way that allows it to know
how to respond and who to contact to
lower the business’ risk.
In addition, we’ve seen positive
results when the disaster recovery and
business continuity plans are factored
into change management. This means
business managers are more aware of
the changes that can now be made at
an application level that impede the
IT team’s ability to 100% backup
a system.
Companies need to have the peace of
mind to know that a business continuity
plan works, giving them the freedom to
remain focused on business as usual. A
CIO needs to make the decision whether
they want to recover from a disaster, or
simply cope.
CIOs in Africa do consider it essential
that the business have in place
contingency plans for restoring service
after a disruption, but are challenged
by the age-old issue of managing
legacy infrastructure. So, for many
businesses getting a plan drawn up
based on the enterprise’s institutional
risk stance and business continuity
needs is still a ‘to do’.
Outside of the organisation, high
quality bandwidth and low latency
connections remain the most consistent
challenge for organisations. In Africa,
there are certainly some bandwidth
issues that remain, such as degraded
cellular connectivity in outlying areas,
which makes mobile device business
continuity difficult.
There are several established data
reduction technologies that can be
used to overcome the bandwidth
challenge, including compression
and deduplication, WAN acceleration
and storage snapshots. The keen
IT professional can combine these
technologies to meet the business
continuity requirements to keep the
www.intelligentcio.com
CIO’s need to find a delicate balance
between continuity budget while
empowering employees to get
their work done and protecting the
organisation’s valuable assets. They
need to identify critical business
processes and assets broken down by
revenue driving process, supply chain
processes and critical IT systems
and applications that support these.
Ultimately, they need to understand
how the loss of electricity, phone
systems, Internet or email would
affect their organisation.
Impacts of such losses are typically
felt on company stock prices, loss
of brand value and reputation,
revenue loss and employee morale.
Sales can be lost or delayed while
customer and employee relationships
are tarnished. A 2017 study by
the Ponemon institute in the UK
showed a strong relationship
between an organisation’s cyber
resilience posture (which includes
risk, compliance, business continuity
and cybersecurity) and the time to
recover share price value, brand value
and revenue losses.
Extreme weather conditions, political
instability, infrastructural fragility,
including power and Internet services,
are all risk factors for Africa. Being
prepared for natural disaster or
political unrest is important but
www.intelligentcio.com
equally disruptive can
be localised flooding,
electricity blackouts or
targeted cyberattack.
Recent research by
Serianu in East Africa
showed that African
businesses experience
cyberattacks at least
on par with the rest of
the world but spend
considerably less on
cybersecurity.
Mimecast provides an
integral component
of any organisations
cyber resilience
strategy – always-on
secure email. Mimecast’s continuity
services help organisations to avoid
disruption while providing a 100%
SLA on email availability in the
event of an outage. Employees can
continue to access everyday tools,
like Microsoft Outlook or G-Suite by
Google Cloud, without disruption.
If PCs or the broader network
are affected, Mimecast provides
alternative email access points
through the web and our robust
mobile continuity apps.
Business continuity is a straightforward
proposition – identify existing
and evolving risks and threats and
recommend corresponding controls
to mitigate the potential future
impact to the business and parallel
monetary, share price, brand equity
and consumer trust loss. However,
the translation between threat and
risk is often miscommunicated and
thus misunderstood. Without a robust
framework for measuring business
benefit through risk, business continuity
can be perceived solely as an expensive
and unnecessary control. Risk appetites
can vary and as organisations grow,
their rigour in business continuity
planning can lag behind requirements.
Misunderstanding various risks and
the inter-dependence of critical
infrastructure and services can also
cause problems. ¡
INTELLIGENTCIO
45