Managers of IS today make decisions out
of a complex, contradictory, and dynamic landscape of big data that is
available but has a short relevance life-cycle. This means that decision-makers
spend more time making informed decisions today than they did a few years ago
with fewer and less complex systems.
In this article, I posit that creating a
resiliency strategy goes beyond digital transformation and offers some
strategies for designing a resilience plan.
Your resilience strategy - beyond the systems
Beyond Big Data Analytics is the
question of whether the systems producing data can withstand the shocks and ambush
that surprises all of us (Not to mention the COVID-19 pandemic and the digital
transformation it rapidly fast-tracked). Consequently, there is a need to
embark on a journey of IS resilience if your organization will be able to
seamlessly adapt to change while protecting its business and customers from all
types of disruptions and disasters (Ambush and Shocks) - incomplete knowledge,
interoperability, and surprise.
Business leaders today demand both
stability and disruptive innovation – two key variables that used to be on
different sides of the continuum. Your ability to balance these two competing
pressures will determine success for your IS team, with your digital
transformation journey underpinned by disruptive innovation whiles your
resilience journey is underpinned on stability against adversity.
In this tag of war, however, there is a
third and perhaps most important factor – Productivity and Business Continuity,
which tends to suffer.
Resilience is not only about the
systems. It has more to do with the decisions that lead to making the systems
resilient. Your resilient plan may encompass an array of decisions such as:
Which services may only need load
balancing to prevent the event of overloading a particular system?
Which services will demand a backup
(online and/or offline)?
Which services will need a disaster
recovery solution (including Geographical redundancy and their corresponding
recovery time objective and recovery point objective)?
Which services will need a high
availability solution?
Or which services will need a
combination of the above strategies
Your resilience program should
therefore:
Avoid monopoly & be flexible: A
monopoly of resilience decisions may lead to widespread disruption. Monopoly
may emanate from the strategy itself, using the same vendor (s) or not properly
prioritizing services. In providing Disaster Recovery (DR) services as a
resilience measure, geo-redundancy is a good choice. However, it may not be
needed for every ‘critical service’. Instead of planning for a single failure
scenario, look into the possibility of other failure scenarios occurring and
the right strategies to curtail them.
The big picture: The big picture is
ensuring productivity and business continuity. Your resilience strategy should
hence go beyond striving for immunity and incorporate the need for productivity
and business continuity. Most often, IS Managers and CIOs receive a list of
services all classified as ‘critical’ by their respective business unit owners
(Marketing, Finance, Operations, Customer Support, etc.), demanding that they
ask the more relevant question: what is my resilience tolerance level?
What is your resilience tolerance level?
In answering this question, IS Managers
and CIOs should first define the various tolerance levels and the respective
strategies that would be applied for each resiliency strategy. Investment
decisions would then be justified and then resilience classifications done
together with the business owners for each service.
Most importantly, however, the investments should be justified. If data available reveal that a particular system has not had downtime for 8 years, it would be difficult to justify a Disaster Recovery (DR) spend. On the contrary, however, resilience is about being ready in times of uncertainty. Hence offering a DR for such a system may amount to ensuring readiness for uncertainty. But is the investment justifiable?
In conclusion
Your IS resilience journey is not a
‘quick fix’. It is a gradual journey of policy creation and an array of
strategic decisions that need business alignment and investment justification
with results to show.
To avoid creating resiliency strategies
out of incomplete and irrelevant data, a detailed business impact analysis of
the organization's IS portfolio should be conducted to address the risk
appetite of the various business units and the organization. This should be
accompanied by a thorough engagement of the various business units to determine
policies, risk levels, and investment options (For example, how much it will
cost to create resiliency as against the revenue being generated from such a
system).
Finally, IS Managers and CIOs should
continually revisit their resiliency strategies and update them as new and more
relevant data becomes available.
Author: Kwadwo Akomea-Agyin is a
seasoned business professional with 12+ years of progressive experience in
Project Management, Consultative Business Development, and Digital
Transformation solutions. He is a member of IIPGH and a regular contributor to
this column.
Contact Kwadwo on WhatsApp:
+233544341374 | Email: kojo.e@live.com | Skype:
Kwadwo_2010
Source: www.iipgh.org
No comments:
Post a Comment