Familiar computer network problems are no longer just casting a long shadow over the airline industry, but the broader IT industry is also being put on notice.
These well-publicised IT outages – which by any other name can be called a disaster – are often the direct result of outdated infrastructure and lagging strategies for IT resilience, disaster recovery and compliance.
Unfortunately, many organisations fall into this group. However, the airline industry has a history of focusing more on proactive security measures rather than on disaster recovery planning and preparedness, which puts them in a sticky situation when – not if – outages occur.
The biggest, headline making, consequence of a disaster striking is the grounding of hundreds of flights, pictures of stranded travellers and damage to brand reputation, and that is before revenue is even factored into it.
>See also: How an IT outage could determine the US election
This is probably why the U.S. federal government is getting more involved to ensure airlines update their technology solutions. A letter has already been issued to the CEO of United Airlines, questioning the company’s preparedness for an event like this and inquiring whether the company could have prevented the IT failure.
As the letter states, “in a world where consumers can find, purchase, and check in for flights from their smartphones, IT failures should not be grounding entire airline fleets. Now that three of the four largest air carriers have recently experienced significant disruptions due to IT failures, it is time for airlines to update their IT systems for the jet age”.
The time for ignoring the need for IT resilience is long past
United, Delta and other enterprise-class organisations, although slowly, are realising how unprepared their IT environment is.
The reasons for these IT outages are broad and cover everything from hurricanes to ransomware, hackers to human error, and even common power failures. However, large, global organisations do not have the luxury to focus only on prevention.
For CIOs and IT admins, IT resilience means being 100 per cent prepared to dynamically respond to disruptions that impact operations by ensuring critical data and applications are always available to ensure business continuity.
Recent advancements in cloud-based technologies have made this simpler and cheaper as companies shift from using CAPEX-based infrastructures to OPEX-based infrastructures such as Microsoft Azure.
Equally as important is enabling enterprises to simply and regularly test their disaster recovery infrastructure with little to no impact on the business, which also helps to maintain compliance with industry regulations.
A second line of defence is the best defence
2016 was a year full of headline making outages, ransomware attacks and data breaches for businesses big and small, and it looks as though 2017 will be no different, so businesses need to not only be prepared for an outage, but have a plan in place to maintain critical business operations during this type of event.
While traditional IT security efforts typically focus on creating a perimeter fence, that is no longer enough. There are too many opportunities for hackers to get past these initial defences to not have a well-constructed secondary layer of defence in place.
Every person in an organisation, to some extent, relies on data and applications to do their job, maintain a competitive edge and meet customer demands.
>See also: 4 lessons learned from the Delta’s power outage
A hacker only needs to be right once to gain access to a company’s data, whereas a company has to be secure 100 percent of the time to prevent an attack, and this is very difficult to achieve.
The second layer of defence must include being able to quickly, and as completely as possible, recover critical data using proper tools and processes to help significantly reduce, if not invalidate, the impact of a breach.
Traditional backup is fine, but businesses operate quickly and don’t want to restore operations to how they were yesterday or in some cases even 12 hours before.
But, it is critical to rigorously test a business continuity and disaster recovery strategy to ensure that it is ready to go in a crisis. The strategy needs to go beyond threat detection and prevention to incorporate “after-the-fact” recovery technology with minimal data loss for true IT resilience.
Disaster recovery and cloud go hand in hand
Companies are quickly realising that incorporating a hybrid cloud approach into a disaster recovery strategy, with the right partners in place, can actually be quite simple, affordable and serve as a great entry point to the cloud.
IT teams working in the cloud can anticipate issues and move their data and applications before the damage hits. Proactive movement of data is impossible in a traditional datacenter, but for those organisations embracing a virtual, cloud-ready IT environment, it is a reality.
In the case of a hack or outage that strikes without warning, organisations can react within minutes. Lacking infrastructure dependencies that prevent easy movement, critical applications, including online reservations and flight check-in for airlines, can securely live and move between multiple on-premises and cloud environments.
>See also: How can you make critical I.T. events less critical?
The U.S. government action on United Airlines demonstrates that uninterrupted IT is clearly top of mind for law makers and should be for compliance-heavy industries like air travel, healthcare and financial services.
Each time a data centre or IT disaster takes over headlines, CIOs and IT professionals everywhere shudder. The IT industry cannot continue ignore downtime plaguing others and assume it will never happen to them.
Looking back on these predictable but often avoidable moments, the IT community can break the cycle but only if they are ready to revisit their infrastructure solution stack and disaster recovery strategies so their organisation does not become a breaking disaster headline.
Sourced by Peter Godden, VP of EMEA, Zerto