Establishing Digital Trust: Don't Sacrifice Security for Convenience
And industry analysts say that difference in opinion is affecting companies' continuityplans, leaving them at risk of being unprepared for or even ignorant of the businessinterruptions that a disaster could cause.
''I'm not sure business, even today, understands the depth of the problem,'' says DanWoolley, a vice president with SilentRunner, a network security company out of Virginia.''Disaster recovery and business continuity are huge issues but it's often overlookedbecause technology is pretty reliable. The business guys can get on the network and gettheir email and do their thing pretty reliable, so they fail to recognize the significanceof what would happen if we did take a major hit.''
And a study released this week shows that IT leaders aren't feeling nearly as safe as theircolleagues on the business side.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i Fourteen percent of business leaders surveyed said their important business information isvery vulnerable to being lost in the event of a disaster, according to a report releasedjointly by EMC Corp., a network storage solutions company, and RoperASW, a marketing andconsulting firm. However, 52 percent of IT managers at the same companies said their datawas very vulnerable if a disaster were to strike.
The study, which surveyed 274 executives at major U.S. business, also showed that 9 percentof business execs think it would take three days or more to resume normal businessoperations after a disaster. That number is compared to 23 percent of technology executiveswho said the same thing.
''The gaps were surprising considering all the recent attention focused on preserving andgaining access to business information and the need, in general, to be able to effectivelyrespond to any sort of disruption in business,'' says Edward Keller, CEO at RoperASW.''There's also a general feeling that the focus on corporate governance and regulations inthe area of business continuity are going to bring issues like this even more into theforefront. Once compliance and reporting is on the table, it's clear that the businessleaders and their IT counterparts are going to have to get in sync with exactly what theircapabilities are.''
Gordon Haff, an analyst with Illuminata, an industry analyst firm based in Nashua, N.H.,says disaster recovery efforts -- such as offsite backup, secondary energy sources, backupISPs and mirrored systems -- gained a lot of attention after the terrorist attacks of Sept.11, 2001. But that attention didn't necessarily transfer into money being spent and plansbeing put into place.
''Thoughts of disaster recovery didn't really start on Sept. 11 but that certainly very muchelevated its visibility,'' says Haff. ''But this isn't a new idea for the financial servicesindustry, for example. But across all the industries as a whole, it's relatively new in thescheme of things.''
And Haff points out that IT leaders need to sit down with business executives and do someheavy calculations. Figure out what information is most business critical. Figure out whatpart of the system is most in danger of going down? How much down time could the businesshandle without suffering too much? How much would it cost to put specific businesscontinuity systems in place? Is the risk greater than the cost of implementation would be?
''These are all important questions,'' says Haff. ''The answers are going to be differentfor every different company... A financial services company in California arguably has aneed for a more expensive disaster recovery plan than another company does. How much you arewilling to pay will depend on what degree your business as a whole needs to be up andoperating.''
And Haff points out IT managers won't know any of these things until they spend some seriousface time with the suits.
''It's a matter of IT understand what the CEO's and CFO's business-level requirements are,''says Haff. ''It's a matter of sitting down and talking.''
And it's IT's responsibility to make sure that these talks happen and that the business sideis clear on the risks associated with a major disaster, according to SilentRunner's Woolley.
''The thing is that people have been complacent,'' says Woolley. ''We haven't had any majortake downs or viruses that have really shut people down. Combine that complacency with thecurrent business climate. But if business executives don't think they're at risk, it'sbecause there's so much they don't know.''