It’s not a matter of if your organization will fall victim to a cyber attack, but when. This isn’t meant to be a scare tactic, but simply a fair warning. If you’re in the IT business, cyber attacks pose a serious danger to both your corporate data and the continuity of your business operations. ITIL-based IT Service Continuity Management (ITSCM) is a tried and true methodology that you can use today to ensure the integrity of your IT assets and data in the face of growing attacks by hackers and cybercriminals.
When it comes to data and infrastructure, there are several key “vaults” that need protection, including live/production environments, backup, archive, testing and development, and backup and recovery. Moreover, each vault can be broken down into five key components that include infrastructure, connectivity, mobility, performance, and resilience.
Let’s start with infrastructure and the trends that will help you optimize your defensive efforts.
1. On Premise Gets Leaner
Much like your new year’s resolution to lose weight, on-premise data centers are trimming down too. Companies are constantly shrinking their datacenter footprint, not just to save costs but to enhance value. Many companies these days are moving beyond ROI and looking at “ROV” or “return on value.” CFO’s have the responsibility of managing budgets, and many of them focus on capital expenditures (CAPEX) rather than operating expenditures (OPEX), but there are tremendous benefits to working with subscription-based OPEX cloud computing models to complement on-premise data centers. Doing so not only helps cash flow but if there is a disruption or disaster, recovery is exponentially faster, leaner, more agile, secure and hassle-free. The value of bringing IT and DevOps back online in a flash supersedes the initial capital investment year after year in most cases. Having your infrastructure operational after a disaster ensures that you retain your ability to deliver IT service continuity.
2. 100 Percent Cloud Is a Mistake
One old adage tells us never to “place all the eggs in one basket.” And, the same holds true in the world of IT infrastructure and the cloud. It can be very tempting for executives to be drawn to the cost and recovery benefits of the cloud, especially for disaster recovery and testing. But, this practice is generally not recommended for live/production environments, and this is just one instance. ITIL-based IT Service Continuity Management fully supports the cloud in many of these cases, but it’s important to take the specific demands and objectives of your business into account before making the final decision.
3. Hybrid May Be Your Best Bet
A hybrid approach (on-premise + cloud) may be the best choice for live/production environments. IT Service Continuity Management thrives on a hybrid model because the risks are lowered significantly. Consider first that you remove the single point of failure (SPOF) by relying on both the cloud and on-premise IT assets. If one goes down, you are able to failover operations (in many cases fully) until the second unit is restored. Hybrid architectures are fundamentally designed to improve business continuity. Moreover, many IT managers and business executives alike prefer the convenience of being able to “touch” servers on site. Especially in cases where your IT resources are particularly strong on site, having equipment right in the room can make it easier to troubleshoot, in spite of the potentially higher cost of maintaining the system on premise. It’s important to compare your investments to the value they offer and build the most sensible balance of on-premise and cloud assets.
4. Connectivity Demands Resilience
With both the cloud and hybrid approaches, there is an increasing need for improved bandwidth across the board (call it a need for “larger Internet pipes”). But as your plan spreads to accommodate all of your data needs from East to West, you’ll need a resilience plan to diversify your bandwidth and eliminate the single point of failure in the event of a cyberattack. It just so happens that ISPs and telcos that handle much of your traffic have never actually been held liable or penalized for data breaches. Check out every major breach and you’ll find that this is the case. While a “conduit exception rule” exists in the healthcare industry (for entities that do not have to sign a Business Associate Agreement with Cover Entities), companies in most industries will be demanding better resilience strategies from telcos, cloud service providers, and ISPs.
5. Mobility Connects Users
A widely discussed topic these days revolves around where the primary home of the data operations will live. You’ve probably heard the notion of “cloud-first” but an equivalent tenet that is equally important is“mobile-first.” Cloud-first refers to where the data will reside, and mobile first justifies the ubiquitous mobile-based access to the network. Combine the model with “mobile-first/cloud-first” to account for mobile-based end-user devices connecting to the cloud to operate. In the first half of 2018, you will begin seeing more companies shrink their on-premise data centers to just 2/3 equipment, larger and diverse Internet pipes that make cloud applications their first priority for operations, and the use of on-premise as a fail-over with fewer infrastructure requirements.
6. The Drive for Peak Performance
We will also see more companies demand greater performance from cloud service providers and, in turn, cloud service providers will demand more from Internet Service Providers. And, it won’t be driven simply by a need for speed, either. The requirements will encompass value-added activities such as cyber resilience, advanced analytics, and predictive analytics to drive peak performance on a continuous improvement model based on a framework such as ITIL.
7. The Importance of Cyber Resilience
Cyber resilience is an important definition for companies to embrace, particularly in light of our earlier premise that it’s not a question of “if”, but rather when, your organization will fall victim to a cyberattack. Cyber resilience refers to a more strategic perspective organizations should take to cyber threats to create ongoing business continuity even when an attack occurs. Axelos, the owner of ITIL, has developed a complete framework called Resilia that is completely dedicated to cyber resilience. This may be just the beginning of the resilience trend as more organizations are hacked and data breaches continue to grow around the world. It is essential that companies plan for the worst. Cyber security measures alone are more tactical in nature but cyber resilience is a more forward-thinking model that can prepare your organization to win the cyber battle in the long run.
Our prediction is that more companies will become more cyber resilience-minded than simply cyber security minded. With so much at stake, will your organization be prepared, or just lucky?