The pandemic is particularly likely to accelerate the digitalisation process for many organisations. How have COVID-19 and the pervasive technological changes changed the IT Disaster Recovery profession? What are the differences in IT DR post-COVID-19, and how to mitigate and recover?
This is a summary of the presentation by David Tay on 25 May 2023.
IT disaster recovery planning is a critical component of organisational resilience, aiming to minimise downtime, data loss, and disruptions caused by unexpected events. As technology and business environments evolve, new IT disaster recovery planning trends emerge to address emerging challenges and enhance recovery capabilities.
This presentation explores the current IT disaster recovery planning trends post-COVID-19, highlighting their significance and potential impact on organisations.
Recently, there has been a significant shift in consumer behaviour and business operations, primarily driven by the COVID-19 pandemic. Public spaces, such as retail stores and restaurants, have seen a decline in foot traffic as people increasingly opt for online shopping and food delivery services. This transformation has given rise to the dominance of e-commerce and digital entertainment platforms like Netflix.
Additionally, remote work has become the norm, reducing the demand for office spaces. As a result, the critical change observed is the acceleration of digital transformation and digitisation across various sectors.
Discretionary spending has taken a hit during the pandemic, with job losses and a reluctance to return to physical office spaces. This has forced businesses to adapt to the changing landscape.
Digital transformation, which typically took several years to implement successfully, became a necessity rather than an option. Companies had to digitise their operations to survive in this new environment. However, this rapid shift has not been without challenges, as 72% of businesses reported negative impacts on their supply chains, resulting in delays and disruptions.
Despite the difficulties posed by the digital transformation, there is also a silver lining. Approximately 11 per cent of businesses have seen positive impacts, particularly in diversifying and strengthening their supply chains. This transformation has encouraged the exploration of alternative sources and logistics solutions, opening up opportunities within the challenges.
While the shift in consumer behaviour and spending has brought about significant changes, it has also forced companies to adapt and innovate, with risks and opportunities emerging in this evolving landscape.
In IT, Disaster Recovery Planning (DRP) is undergoing significant changes in today's digital landscape. With the increasing digitisation trend, many businesses are moving their operations to the cloud.
However, it is essential to note that the cloud comes in various flavours, such as Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS), along with private, public, and hybrid cloud options. The choice of cloud type impacts the necessity and feasibility of Cloud to Cloud Disaster Recovery (DR) solutions.
For organisations utilising SaaS offerings like Microsoft 365 or Oracle Fusion ERP, the responsibility for disaster recovery often falls on the service provider, given their built-in resilience and redundancy features. However, planning for disaster recovery becomes more complex for those using PaaS or IaaS, where they host their applications on cloud platforms like Azure or Google Cloud. In such cases, cloud-to-cloud DR solutions may be necessary but also challenging due to platform and application compatibility considerations.
In terms of IT and data centre infrastructure, organisations must now prioritise resilience by design, considering the evolving threat landscape that includes cyber threats. This means that disaster recovery should no longer be an afterthought but an integral part of the overall design and architecture. This approach aligns with the "security by design" concept, emphasizing proactive measures to protect against potential disasters.
Organizations must collaborate closely with their cloud service providers and application vendors to ensure that Disaster Recovery plans remain resilient when adopting cloud-based services. They must consider how to design applications that can seamlessly transition between different cloud platforms if needed. While moving to the cloud is a goal for many, certain industries and specific applications may still require on-premises data centres due to regulatory, security, or customization needs.
Lastly, when comparing cloud security to traditional data centres, it's essential to understand that neither is inherently more secure. Both have their vulnerabilities and strengths. Cybersecurity breaches concern cloud providers and traditional data centres, making robust crisis management, operational resilience, and business continuity plans crucial for any organization. As the digital landscape evolves, adapting to new technologies and continuously improving security measures will be essential for protecting critical data and services.
IT disaster recovery planning has evolved significantly recently, with several critical considerations emerging. Traditionally, disaster recovery plans were built on the premise that all employees worked at a primary data centre or office location. The plan was to activate, modify, transport, and relocate everyone to the disaster recovery (DR) site when a disaster struck. However, the rise of remote work has complicated this approach. In a dispersed workforce, gathering employees at a DR centre becomes a significant challenge, as they could work from various locations, including homes and cafes.
Additionally, the attack surface for IT systems has expanded drastically with remote work. In an office setting, securing a few entry points could be sufficient, but when employees work remotely, their home networks may lack robust security measures. This means that the risk of cyberattacks increases significantly. Hence, IT disaster recovery plans must include measures to enhance security, especially when the attack surface is much broader than before.
Cloud migration has become a prevalent trend in IT disaster recovery planning. The fusion of physical and digital aspects, represented by the "Phygital" (a fusion of physical and digital), is a growing phenomenon. Disaster recovery plans must adapt to this new reality, where not everything is as clear-cut as being either physically in the office or digitally in the cloud.
Again, with heightened expectations for service uptime and zero downtime, businesses must balance achieving 100% availability and cost-effectiveness.
IT disaster recovery planning faces new challenges due to the changing work landscape, expanded attack surfaces, cloud migration, and balancing service uptime expectations. While the goal remains the same—minimizing business disruption—it's essential to consider the cost implications and adapt the plan to accommodate dispersed workforces and evolving technology landscapes.
Effective communication, comprehensive business impact analysis, and a realistic approach to downtime are crucial components of a modern IT disaster recovery plan.
In IT disaster recovery (DR), professionals like yourself constantly navigate a landscape of volatility, uncertainty, complexity, and ambiguity (VUCA).
The world is becoming more unpredictable in macro and microeconomics, while technology trends like cloud computing while simplifying certain aspects, introduce new layers of complexity.
To counter volatility, having a clear vision of the role of DR and Business Continuity Planning (BCP) is essential. Understanding your organisation's core business functions and critical assets, often called the "Crown Jewels," is crucial. This knowledge lets you prioritise what must continue running during a disaster. It's about identifying the essential processes and resources that cannot afford to fail.
In the context of evolving methodologies for DR, the traditional 6R approach (Response, Recovery, Resume, Restore, Resilience, and Return) remains a fundamental framework, whether you are working with on-premise or cloud-based systems.
While the tactics and tools may evolve, the core principles of DR and BCP don't change. The key is adapting your recovery and restoration strategies to the technology landscape while staying rooted in these foundational principles.
Emerging technologies like AI and automation (like RPA) significantly enhance DR practices. They can assist in identifying potential disaster scenarios, evaluating threats, and generating insights to inform your DR plans. However, it's crucial to remember that these technologies are only as effective as the questions you ask them.
Proper training and understanding of your organisation's unique risks and challenges are prerequisites for using AI effectively in DR. Remote work policies have gained prominence, and they need to be re-evaluated in the context of DR. With a distributed workforce, activating your DR team and ensuring effective communication become more complex. It is critical to ensure remote workers can participate in DR efforts and understand their roles during a crisis.
Lastly, effective communication and crisis management are paramount. Transparent and efficient communication can distinguish between a successful recovery and chaos during a disaster. Investing in robust communication strategies and crisis management procedures is a constant necessity in the ever-evolving world of IT disaster recovery.
In assessing the need for solutions across different industries and companies, it's evident that a one-size-fits-all approach does not exist. Each industry has unique characteristics, and even within the same sector, individual companies may have distinct requirements due to varying business models.
For example, the needs of a construction company will significantly differ from those of a real estate giant like Capital Land. Furthermore, the scale of a business, such as a ten-billion-dollar company versus a 100-billion-dollar one, introduces additional variations. Consequently, there isn't a universal solution, but there is a framework that can be universally adopted.
The proposed framework for addressing business challenges begins with a focus on desirability. This involves understanding the business impact, human impact (e.g., data security concerns like PDPA compliance), and other specific needs. Once the desirability factors are clarified, the next step is to assess feasibility. This entails determining if the solution is technically viable and financially sustainable. For instance, while requesting zero downtime may be desirable, it may not be feasible when transitioning between different cloud providers.
This framework parallels the approach when building solutions, emphasising the 3P framework of platform, process, and people. It encourages businesses to define their platform requirements, align processes accordingly, and ensure that employees are effectively trained to utilise the platform within the established processes. While this framework isn't the only one available, it provides a logical and adaptable foundation for addressing a wide range of business challenges, catering to the unique needs of each situation.
"Learn a series of new terminology, "Resilience by Design", "VUCA 2.0", and "Phygital".
"If we are moving more and more to the cloud, is there a shift in focus of the IT team from infrastructure support to IT Security?"
"I agree that an alternate site can be looked at differently now than before the pandemic. From my experience, the alternate site option also included data centres in that site, but with advancements since remote working is preferred instead of alternate site, and find data centre redundancy on different platforms like the cloud."
"There are new risks in the new digital world. It is so accurate a big risk is assuming everything will be recovered for you when using the cloud. Hot DR is a solution, but few know how the processes are automated. Need to document these automated processes for future references and understanding."
"Even with Cloud technology, there are still availability and security issues. The key is to ensure crisis management and communications plans are ready."
"Security by design. Glad the emphasis is there, too! The importance of BIA and identity must go on while having a positive mindset is to provide degraded services and bite the bullet."
"DRP needs to be agile and adaptable. Like the VUCA 2.0 illustration."
"Vendor risk dependency in a crisis ... got me thinking of more engagement and involvement to know vendors in-depth."
IT disaster recovery planning is constantly evolving to address emerging challenges and meet the changing needs of organisations. Be prepared to embed "Resilience by Design" and adapt to "VUCA 2.0."
Cloud-based disaster recovery, hybrid IT environments, automation, cyber resilience, testing and validation, integration with BCM, compliance considerations, and remote workforce considerations are some of the key trends shaping the landscape of IT disaster recovery planning.
The session is moderated and recorded by Dr. Goh Moh Heng.
BCM Institute offers the BL-DR-3 Blended Learning DR-300 IT Disaster Recovery Implementer and the BL-DR-5 Blended Learning DR-5000 IT Disaster Recovery Expert Implementer.
Please feel free to send us a note if you have any of these questions. |