As the British Standards Institute (BSI) has found, the numbers are starting to hit home, especially within the major business arena. In its annual survey of the FTSE 250, the BSI found that 51% now rate themselves as being very well prepared for an IT systems failure. While this figure is hardly overwhelming, it is a vast improvement on the 27% who said they were very prepared in 2006. Such a jump in one year suggests that businesses are becoming increasingly aware that they can barely sustain their business without IT. Overall, notes the BSI, the awareness of the importance of adequate provision for enterprise-wide business continuity is growing.

The provision for more robust business continuity is, in many instances, being baked into procurement processes and often involves the offsetting of risk through the use of third-party service providers. Increasingly, notes Aydin Kurt-Elli, CEO of co-location provider Lumison, businesses are choosing to pare down their in-house hardware, most notably servers and telephony infrastructure, and rely instead on hosted providers such as data centre operators and virtual contact centres. Given that business continuity heavyweight SunGard Availability Services finds that hardware failure is by far the chief reason for IT disruption (leading to the invocation of disaster recovery plans in 56% of cases), this strategy seems particularly persuasive. Because such providers often load-balance across several locations and exploit the scale provided by multiple large customers, they are able to provide far higher levels of resilience than the average company deploying hardware in-house.

Ever more frequently, businesses that once regarded this kind of outsourcing primarily as a cost-saving strategy now consider it a key part of their BCP. Software-as-a-service (SaaS) is a good example. By using web-based software from a variety of third-party ‘on-demand’ providers, businesses can attempt to eliminate the risk of a wholesale outage caused by physical damage to working premises. In the 2007 floods, for example, many organisations used this model to maintain operations in alternative locations. For smaller companies, adds BT’s Madelin, this is a cost-effective strategy.

Mobile working has also increased the physical flexibility of operations, and thereby the diversification of risk across the organisation. In particular, restricted desktop access – again experienced during last year’s flooding – is mitigated by mobile working facilities. But it is critical, adds Kurt-Elli, that as companies aim to diversify their risk across providers, they also make efforts to understand and, if possible, view the business continuity relating to those partners. Diversifying and outsourcing should reduce the impact of physical disasters but, cautions Madelin, there “is no silver bullet”.

Further reading

Back to the Effective IT 2008 Report contents page

Securing the future Central identity management systems are now a chief priority, but biometric technologies continue to disappoint

Staying afloat The flooding that hit the UK last summer proved a severe test for disaster recovery measures

Find more stories in the Security & Continuity Briefing Room.