Many factors such as industrial action, extreme weather conditions, routing upgrades or hardware failure can all lead to extensive loss of data, the consequences of which could be catastrophic to your business.
Disaster Recovery as a Service, commonly known as DRaaS, is a comprehensive portfolio of services that offers a potential solution, however does it offer the full service that you would expect unless it is properly managed by a company with many years of expertise and a proven track record providing DRaaS.
In the ‘safe hands’ of a competent organisation like ContinuitySA, who efficiently design, set up and manage every facet of your customised data protection, you can have absolute peace of mind to focus on your business.
ContinuitySA offers a three tiered approach to DRaaS:
Server replication – Includes fully managed offsite data recovery centres to which you replicate your servers. Servers can be failed over in minutes. This protects physical, virtual and cloud hosted servers.
Managed Virtual Server hosting – Used for production hosting or secondary live servers. You are able to increase or decrease resources such as storage and memory at any time, without having to re-provision your servers.
Managed backup – Expertly managed disk based backup reduces your backup window, dramatically shortening backup times. Primary backup devices can be located at your premises, replicating to the recovery centre eliminating link bottlenecks.
There are substantial cost benefits to moving to a DRaaS model which also frees up your IT staff to focus on other projects.
ContinuitySA offers 24/7 expert advice, management, monitoring and reporting to give you…….
TOTAL PEACE OF MIND!]]>
When it’s time to find premises for your new business or when you are relocating or need extra office space, it’s interesting to consider the alternatives available. Should you deliberate about office renovations, take a new building or evaluate a resilient office space?
In addition to its core Business Continuity Management, ContinuitySA is offering resilient office space to companies who want the benefits of a fully managed office solution at a fixed monthly costs.
So what is our resilient office solution you may ask?
Our resilient office space is essentially a ready-made, customised office solution which is fully managed to get your business up and operating with the minimum of turnaround times in a business resilient environment at a fixed monthly cost. Equipped with optional desk top computers, furniture and flexible telephony options (Avaya, Mitel or your own) this solution can get you operational speedily. Access is available to our onsite data centre. UPS and diesel generators provide electrical back up during potential winter load shedding, and emergency water supplies are also available. Superior bandwidth connectivity is supplied with multiple WAN ISP’s.
Our facilities also offer onsite parking as well as being close to public transport nodes. 24 hour service desk support is on hand to support your infrastructure and around the clock security. A flexible approach to contracts, be they short or long term, allows you to build a best fit solution perfect for you as well as taking into account scalability during the contract period.
So if your business needs more space or you’re looking at alternative office solutions why not find out more. Contact us on email firstname.lastname@example.org or click here for more details or for somebody to contact you on what options and locations we have readily available.]]>
By Michael Davies, CEO, ContinuitySA
The final set of risks relate to geo-politics and, in particular, terrorism. Our team recognised that these are risks that are largely out of companies’ control, but they need to understand them and have mitigation plans in place.
We decided to include these risks particularly because Africa seems to be more and more vulnerable to them, terrorism in particular. It comes at a time when South African businesses, in particular, are looking to expand north in order to achieve the growth that is so elusive domestically. Unfortunately, many of the continent’s most attractive markets are also increasingly theatres for political violence. Kenya and Nigeria are two cases in point, with Al Shabaab active in the former, and Boko Haram in the latter.
Don’t forget that this risk applies also to your supply chain
Companies attracted by these markets must therefore take the time and trouble to understand the risks they pose, and put contingency plans in place. The safety of employees is of particular concern, and the threat of kidnap is also real. Companies have a well-established Duty of Care to their employees which does not end when at a border.
This is a highly specialised area, and it’s one in which the aid of specialists should be sought. Your insurance company is likely to be very helpful because the risk may be insured, and also your legal advisors would offer insight into what your obligations are. Both will have relationships with security companies that specialise in these types of risk, and who will possibly be able to offer information and counsel.
In conclusion, and looking at the five risks as a whole, we feel that it’s very important to consider the whole process of business continuity management, which underpins business resilience, in terms of your customers. You need to understand the extent to which they are relying on you, and thus on your ability to recover from a disaster.
On the plus side, positioning your company as a reliable partner, one that has taken the trouble to build resilience into its business model, can be an excellent marketing tool, and a way to build the company’s reputation in the market. The world is increasingly sensitive to risk, and partners that are seen be alive to risk are desirable.]]>
By Michael Davies, CEO, ContinuitySA
Like it or not (and none of us do), it seems that the brave new world of the Internet, and the resulting connected business environment, have created a whole new class of crime: cyber-crime. Cyber-criminals are legion, and exist in suburban bedroom in Iowa, lofts in Beijing and North Korea, and Internet cafes in Belarus and Estonia. They are highly skilled, often anarchist in mindset, and supported by an apparently limitless set of hacking tools available on certain illegal sites (the Dark Web),either for free or for relatively small amounts.
These criminals are motivated either by financial gain or the simple joy of cocking a snook at the establishment—probably a bit of both, to be frank.
The statistics are truly frightening, as you have doubtless seen in news reports for many years—especially as a lot of cyber-crime is not reported to protect the victim’s reputation. Such an atmosphere of unrelenting threat is taking its toll: the recent Cisco 2016 Annual Security Report found that companies globally feel increasingly vulnerable to cyber-attacks, and less confident in the security measures they have in place.
Another study, RSA’s Cybersecurity Poverty Index shows that nearly 73 percent of global companies reported they had insufficiently mature levels of security. The survey further adds that the greatest security risk was the ability to measure, assess and mitigate cybersecurity risks, with 45 percent of the companies surveyed describing their capabilities in this area as “non-existent” or “ad hoc”. By contrast, only 21 percent reported that they are mature in this area.
The Cisco study found that small to medium-sized businesses have emerged as a potential weak link, spending less on Web security than in previous years. This connects back to the supply chain risk identified in a previous blog: many of the companies in your supply chain might fall into this category, making all their business partners as well.
Cyber-security is not just a technology problem, and it cannot be solved by the IT department. The whole company has to be made security-conscious, and security protocols have to be built into business processes. Only this approach will make the business resilient in the context of cyber-attacks.
Next time, I will conclude by looking at the fifth and final risk to bear in mind for 2016.
By Michael Davies, CEO, ContinuitySA
We’ve all imagined how we would cope with the aftermath of a nuclear attack or a violent revolution, when all the infrastructure on which we depend is destroyed. Foraging and hunting for food, chopping wood, finding a water source, learning to weave or work leather: what skills and tools would we need to survive?
The same thought process could be valuable in the business context. We are all highly dependent on information and communication technologies (ICT), a dependence that creates huge vulnerability. Although disaster recovery plans tend to begin with the ICT systems, there can be a delay in recovering them, so knowing which processes could be run manually—and how—would be a big step towards building in resilience.
For a retailer, it might be as simple as having a manual credit card machine on hand to cope with unavailable systems or a power blackout.
This back-to-basics approach will also help in the event that ICT systems stay down for longer than expected, perhaps caused by something beyond your control; for example, a national blackout or a terrorist attack that cripples the network.
Next time, a look at risk No 4—cyber-attack.]]>
By Michael Davies, CEO, ContinuitySA
Last time, I introduced the first of five risks that will affect African businesses over the coming year and into 2017. The second risk our team identified is one that has become more prominent over the course of the last several years: supply chain risk.
The first point to make is that today’s business environment is characterised by long supply chains and greater collaboration with business partners—something that introduces more risk into the equation. Risk can no longer be compartmentalised, so to build true business resilience you need to understand your key dependencies and how resilient your partners are.
The old adage about the chain only being as strong as its weakest link summarises this fact of contemporary business life.
One trend that is of particular concern is companies’ growing use of cloud providers to supply more of their IT requirements. Cloud itself is not the issue; the problem comes when a company assumes its cloud provider has the ability to recover from a disaster. Our best advice? Don’t assume your cloud provider has a good business continuity plan: check it out!
Another key risk relates to the ever-present danger of local utilities running into delivery challenges—a question mark now hangs over power and water supplies, and this threat could affect the whole supply chain. Even if you have measures in place to deal with a power outage, what is the impact if your supplier in goes down and cannot recover in time to fulfil your order?
One supply chain risk is of particular concern: How well prepared is your telecommunications service provider to deal with a prolonged power outage—for example, when communications masts cease to function because their batteries run down?
Next time, 2016 risk No. 3 in detail—are you prepared to go back to basics?]]>
By Michael Davies, CEO, ContinuitySA
At the end of every year, my executive team goes into crystal-ball mode, pooling our experience and insights to try and brainstorm the risk landscape for the year ahead. This time round, we came up with five areas of risk that African businesses should be thinking about.
Each blog in this series will cover one of the five.
First, though, a brief reflection on the notion of business resilience itself. Once upon a time, we spoke only of disaster recovery, which really related to a company’s IT systems. As it became more apparent that IT could not be seen as separate from the business, we started considering IT risk in the context of business processes—recovering from an IT outage was more than just getting the systems back up and running. To do this properly, we had to develop ways of drilling down into exactly what a company did, and the relative importance of each business process (and thus its enabling IT infrastructure). Only once this business impact analysis was completed could we know which processes needed to be up quickly, and which ones could be a little delayed. This analysis in turn affects how to allocate resources and budget for a business continuity management strategy that actually works.
Over time, business continuity management matured and standards were created. The growing sophistication of the business impact analysis has now come to be seen as an invaluable tool for doing much more than identifying risks: it helps the company to understand itself and its true priorities better, and thus makes it better able to overcome the challenges of today’s business environment generally.
In short, it makes the business more resilient to anything.
The first of the five risks that should be occupying your attention during 2016 is the need to address leadership issues, particularly with regard to the CIO. Deloitte’s 2015 Human Capital Trends Report shows that 86 percent of companies globally see developing leaders as a critical challenge. We think African CIOs are under considerable pressure at the moment as they move from their traditional IT support role into one that demands innovation leadership. Technology is disrupting business, and thus the CIO is the natural person to help the rest of the C-suite understand what the sources of disruption are likely to be—and, even more challenging, how to become disruptors in their own rights.
In a way, everybody is competing with Amazon, or a company like Amazon, these days.
One example: CIOs don’t just face the challenge of putting the technology and processes in place to provide insights from the analysis of big data. They have to help the business work out how to respond to those insights.
We all felt that a related factor is that in today’s interconnected, unstable global economy, crises of one sort of another are more frequent. CIOs, along with the rest of the C-suite, are under pressure like never before, and the business needs to work out how to mitigate this very real aspect of leadership risk. Firefighting mode isn’t the best way to plan for the future.
Next time, a look at the second risk to consider in 2016.
 Available at http://dupress.com/periodical/trends/human-capital-trends-2015/?id=us:2el:3dc:dup1179:eng:cons:hct15.]]>
Black swans are unexpected events with profound, even catastrophic effects. When they’ve happened, most people try to rationalise them and how they could have been prepared to deal with it. But the truth of it is that a black swan is so unexpected it’s virtually impossible to foresee it.
The Twin Towers is perhaps the classic black-swan event of recent times. It changed the face of geopolitics and while there were many theories about how the authorities should have seen it coming, this is just the perfect vision of hindsight.
“Business is becoming more and more vulnerable to such high-impact, unforeseeable events thanks to the uncertain global, and thus complex, business environment. For one thing, organisations are employing ‘just-in-time’ inventory strategies and supply chains are becoming more critical which dramatically increases our risk exposure; for another, there’s the pressure to be a 24/7 business,” says Michael Davies, CEO of ContinuitySA. “No getting away from it: there are just more potential points of failure.”
However, Davies continues, there’s one black swan that is keeping everybody in South Africa awake at nights: a national blackout or a sustained regional blackout. Because it would affect the whole grid or a section of it, such a blackout could last for days or even longer.
Although most commentators, and Eskom itself, believe either of these to be a remote possibility, Davies feels companies should give thought to how they would handle such an eventuality.
“Even though it’s unlikely, the consequences would be devastating so it’s just as well to have a plan in place,” he says. “In addition, understanding what would be required will also make your business continuity planning for the inevitable ‘normal’ load-shedding better.”
Davies offers the following points to consider.
At the same time, Davies advises that companies should give some thought to other high-impact, unexpected risks. He identifies cybercrime as one area of concern. While this type of crime is becoming more common, many companies do not realise how common because those who suffer such an attack generally do not publicise the event to protect their reputations.
Other challenges to which companies might not be giving enough thought include fire and flooding, especially in shared premises where one is vulnerable to the poor planning of fellow tenants.
“Whatever the colour (or size) of the swan, the only way to cope with the unexpected is to build a resilient organisation—one that is structured to cope with the unexpected,” Davies concludes.]]>
Although we are still enjoying the heat of the summer it will not be too long before winter is here and with it the increasing threat of loadshedding. So the timing is opportune to examine what power back up solution you need to cope with this impending possibility.
Several loadshedding solutions exist and one needs to be careful not to go over the top and spend excessively on developing a solution or over engineering what is actually required. One of the most effective solutions is to have a backup electrical power generator that can take over the load of your business or home. If you only install a generator without an Uninterruptable Power Supply (UPS), you have 2 options of starting the generator when the power fails, one which automatically detects the power is out and the second where you have to switch the power over to the generator manually. The latter obviously being the less expensive solution. Both solutions without a UPS will have a blackout period before the generators starts up and delivers power.
If you want to go the solar route or generator route you would need to consult with an engineer or electrician that knows what they are doing. When installing a solar solution the best is to combine this with a battery solution, electrical switchgear, controller (the brain) and an inverter to switch the direct current (DC) to alternating current (AC) which house and office buildings use. Back up for appliances such as element heaters, kettles, geysers, electrical stoves or anything that uses an element to heat up something is generally not a good idea when only using batteries and a solar solution. Installing a solar panel also requires the optimal amount of sunlight which is normally achieved in South Africa by using a 27 degree angled roof which is north facing to the sun.
Other solutions when considering cooking and heating to combat loadshedding, are to use gas stoves and heaters. There are gas water heaters available that will heat up water as you open a tap. You can also install a solar water heater and geyser. The gas and solar water heater market in SA is now well developed and provides some great and innovative solutions.
What about lighting? Another option is to use emergency LED battery power lights installed at key locations in your house or office building. These lights are normally connected to a power source that continuously charges the light. When the power fails these lights switch on automatically.
The most critical issue to understand about loadshedding or loss of power is that it can happen at any time. The cause can be a scheduled outage or something like a substation failure in the suburb which could take days to fix. Over the past few years we have been provided with a schedule for loadshedding detailing when and for how long. However as we have all experienced these are not always that accurate and so extra planning and back up is often required.
As an organisation it is also best to ensure you have an automated switchover generator and a UPS. Most importantly a business should never switch back immediately to street power when it returns after loadshedding. In many cases the load is too high on the affected area causing power dips or there are unwanted spikes that run through the electrical system causing damage. The electrical switchgear is very sensitive to this and easily damaged. It’s best to give it at least 15 minutes before switching back to street power.
Planning is critical not only around the engineering side, but also understanding the needs of your business with regard to power demands. Ideally conduct a Business Impact Assessment (BIA), develop a strategy and then write a Business Continuity Plan (BCP). The strategy will be to involve the technology team, business and management of an organisation to decide on the best strategy to deal with loadshedding or prolonged power outages. If the service the company provides is critical and cannot afford downtime, the solution will be to develop a system that can supply uninterrupted electrical power.]]>
Management 101 says that “If you can’t measure it, you can’t manage it”; disaster recovery 101 puts it somewhat differently, “If you don’t test it, then it’s not really a disaster recovery plan”.
To be frank, when a disaster happens, when the power outage drags into the second day, is no time to discover that some component of the recovery plan isn’t performing!
The only way to ensure that there are no nasty surprises is to document the recovery procedures and schedule regular testing of the entire business continuity plan, including the IT disaster recovery portion. Care has to be taken to ensure that the IT disaster recovery plan, usually the preserve of the IT department, is aligned with the overall business continuity plans that cover the business processes and people.
At a practical level, business continuity testing is often performed on a unit-by-unit basis, but it makes sense to test the effectiveness of the IT disaster recovery plans as a whole—in fact, IT testing can be run separately. Adopting the previous blog’s suggestion of using virtualisation to mirror the entire production environment, such a test could be performed without any disruption to the normal running of the company. In fact, switching between the production and disaster recovery environments would be a normal routine.
One additional point needs to be made. Disaster recovery needs always to cover loss of data, but there are instances in which recovering from loss of service might not make sense—for example if clients are impacted by the same power outage. Unless they have effective disaster recovery plans in place, they would not be able to trade with you, and so the best option might be to remain “down” until power is restored.
In conclusion, by focusing on the current power challenges facing South African businesses, our intention is not to be unduly alarmist. As already stated, we believe the threat of a national blackout is very small indeed. However, we do think that prudent risk mitigation has to take account of the possibility of power blackouts that are longer than the usual four hours, and that could affect entire regions. Such eventualities will need creative thinking, and we have tried to give some insight into the thought processes companies should be following.
As always, please feel free to contact ContinuitySA to discuss how to put a solid, practical business continuity plan in place.]]>