How to implement a cloud-based business continuity plan
Safety of employees and the continuation of core business operations are two key objectives which underpin an organisation’s approach to survive a crisis. In most cases, the survival of the organisation is at risk due to the loss of critical resources (people/systems/budget) during and after a crisis. Could and is the same thing happening to your business?
Preparing an organisation well ahead through Business Continuity Management ensures organisational resilience but is dependent on its BCM maturity and deployed model. The requirements to achieve such business continuity system proficiency (for Availability, Integrity, and Confidentiality) are governed by an underlying system which is:
Having a cloud infrastructure to achieve an organizational BCMS site adds many more benefits to the above requirements.
Environmental change has increased the occurrence of natural disasters across the globe. Organisations have endured during these times, but have come with significant losses. Pandemics, earthquakes, floods, massive fire outbreak have a longer sustained effect on the functioning of the business. Many organisations face challenges with business operations as employees are stranded in various locations with uncertain return dates.
Moreover, it has been observed that malicious entities have started exploiting organisations with targeted attacks, using social engineering (i.e., phishing), ransomware, and Advanced Persistent Threats (APTs).
Any disruption in business will impact financial growth or profitability, customer satisfaction or experience, and reputation. It is paramount that organisations respond to such a crisis with a comprehensive action plan to increase resilience against future disruptions and prepare for rebound and growth. Implementing a robust, secure and efficient Business Continuity Management System (BCMS) within the organisation is imperative.
While disruption is mostly seen in numbers of hours and days, concerning the CV19 outbreak, its impact will be protracted, potentially for many months. Disruption has come in various forms to organizations such as:
An organisational BCMS ensures a holistic approach to guarantee the safety of the employees and the continuation of business-critical services. A typical BCMS will provide necessary guidance in the domains of Crisis Management (People Safety), Disaster Recovery (IT Systems), Business Recovery Process (Critical Business Systems), and continuous operational support (through People, Process and Technology).
As part of BCMS, the organisation performs Business Impact Analysis, Gap Assessment, Business Continuity Planning, Maximum Tolerable Period of Disruption, Recovery Time Objectives, Recovery Point Objectives, IT Resource Availability, and much more. A detailed Short-term and Mid-term objectives from a CIO perspective is covered here.
A Crisis Management framework, highlighting the essential requirements are covered in another blog.
It is not possible to implement a BCMS without considering IT Systems availability. IT Disaster Recovery, a subset of BCMS ensures that IT objectives are met by being able to support business and to meet and even exceed the set SLAs during the time of crisis. Traditionally an organisation uses a different allocated BCP Site away from the main offices. These remote sites have the IT Systems such as Laptops, Desktops, and Printers etc. available, secured and ready at the time of crisis. These systems should have access to organisational data seamlessly. Also, IT System’s access from these remote sites to the datacenters should be in place.
Also, an alternate IT DR site is required for hosting the critical applications, thus ensuring the availability of the applications and access to live data of the organisation in case the main Data Center goes down.Implementing Business Continuity Management Systems are mentioned as a requirement in many of the Information Security standards such as ISO/IEC 27001:2013, UAE Information Assurance Standard, HIPAA, Cloud Controls Matrix etc. There are some standards which depict a detailed framework on the implementation of BCMS within your organization, such as ISO 22301:2019, ISO/IEC 27031:2011.
In case you want to check how resilient your organization is towards a disruption, kindly visit Digital14’s assessment page here.
Organisations are exploring innovative ways to use technology platforms that will benefit their business, e.g. hosted corporate and business applications, virtual hosts, and serverless computing.
There has been a significant increase in the demand for implementing cloud infrastructure as it benefits the organisation in multiple ways. The confidentiality, integrity and availability embedded in cloud services help the organisation to streamline their values, processes and technology from legal regulations, ethics and due diligence perspective.
An organisation cannot afford to have it's business continuity system compromised during a disaster. Major cloud players assure uptime of 95 to 99.9% in their respective SLAs which fits the requirement of supporting a BCMS site. The following are key benefits for implementing an organisation's application in a cloud infrastructure:
Management may be reluctant to having organisational data stored within the cloud because of the risks associated with data location and control. If sensitive or organisational data is stored on a global cloud platform, it can be stored beyond the local/national law enforcement's jurisdiction. The following are some of the Drawbacks of having organisational data on cloud:
Considering the above drawbacks, it is a good practice to consult experts when designing and deploying your organization’s enterprise architecture and to apply appropriate security controls. Please refer to Blog1 and Blog2 for further details on managing the challenges of data sovereignty through UAE sovereign cloud approach and the requirements to be considered.
The traditional method of BCP requires the People, Process and Technology available in remote sites to ensure that the organisation remains resilient during the crisis. The following are some of the benefits considering the organisation’s BCMS is managed in the cloud infrastructure:
With the onset of your esteemed organisation’s objectives to drive a business continuity management program, possibility of utilising cloud services should be considered in light of its advantages for an organisation from a cost as well as Information Security perspective.
A guided approach is required to achieve a robust Business Resilience and Continuity program through the usage of cloud services. With high expertise in the domains of Business Continuity and Cloud Infrastructure solutions, Digital14 team would be delighted to support you in your desired journey to enhance business continuity planning, maintain security, compliance, and achieve your business goals.
We, at Digital14, have a strong background rooted by our subject matter experts in the area of cloud infrastructure and BCMS to ensure your organisation’s safety and security during any crisis. Visit Digital14.com today to learn more about our cybersecurity services, advisory services, and assessing your cloud strategy in accommodating organisational Business Continuity and Resilience.
Connect with Digital14 to help you achieve security.
Connect with us