Successful business operation depends on the continuity of IT systems, and it simply isn''t enough for an organization''s business resilience strategy to just consider point products or single systems.
If your enterprise lacks a comprehensive strategy for using its IT systems to optimize business resilience, you're not alone. Business resilience includes strategies for business continuance—maintaining operations during and after a disruption—but also improves the organization's overall ability to do its business. It refers to the operational and technological readiness that prepares organizations to make daily operations efficient and cost-effective, respond quickly to opportunities with the potential to increase competitive advantage, and react appropriately to unplanned events.
Enterprises need agility to roll out new applications, react to market changes and competitive threats, support business processes, and communicate with employees, partners, suppliers, and customers. The IT resources many enterprises rely on today include not only the data center, but also the company's LAN infrastructure, storage area network (SAN), and the WAN that interconnects all locations, applications, and users. Successful business operation depends on the continuity of all of these systems. Because everything upon which a business depends is part of an interconnected system, the entire system must be resilient. Therefore, a business resilience strategy needs to take into account how IT systems interact with each other. Not look at mere point products or single systems but view business resilience in a holistic fashion such that IT systems interoperate to achieve organizational goals for business agility and continuity.
There are six components in a business resilience strategy: network resilience, applications resilience, communications resilience, workforce resilience, security, and network management.
Network Resilience
As a strategic business asset, the network is the foundation for business activities and communications that translate to revenue. Network resilience is the result of deliberate design, implementation, and operational practices using an integrated architecture supported by lifecycle services to attain a flexible, secure infrastructure that maintains connectivity, optimizes network performance, and delivers intelligent services during ordinary and atypical circumstances.
Network resilience begins with a high-availability network, which integrates network domains and technologies into an interoperable system that automatically reroutes around failures and ensures consistent conformity to security policies.
Some enterprises deploy lowest-cost, point-product solutions from several vendors without realizing how that approach diminishes their ability to deploy future products and services, and without counting the cost of network downtime. Robbing the organization of the benefits of system-wide network intelligence can increase the complexity and expense of network operations.
Today many more enterprises are deploying a resilient network, which provides flexibility to adapt an infrastructure to future services and applications with minimal disruption. One emerging technology is radio-frequency identification (RFID), which facilitates inventory management in the shipping and warehousing industries. RFID technology may be adapted to future applications in other industries. Enterprises that already have a resilient network can easily incorporate RFID systems when they need them. A resilient network has end-to-end intelligence that segments (through virtual LANs, virtual SANs, or WANs), prioritizes (through quality of service), and protects (through encryption) RFID traffic without requiring major upgrades, just configuration of existing features. To facilitate adaptation to emerging technologies, enterprises also need a strong relationship with a networking vendor that offers worldwide, world-class service and support. This relationship helps enterprises track and solve problems quickly with access to online training, documentation, and software upgrades, a 24-hour help desk, rapid sparing, and onsite assistance as required.
Applications Resilience
Vital to a business resilience strategy, business continuance systems maintain operations during and after unplanned events. While disruptions certainly result from major events such as earthquakes, flooding, or hurricanes, even more often they are brought on by a power outage or a car that won't start.
While some applications might require data center mirroring to preserve transactions, others might have higher tolerances for data loss, application downtime, and user accessibility. A resilient network increases applications resilience. Network intelligence complements server and storage technologies to maintain application availability. Offloading processor-intensive tasks such as encryption, compression, and load balancing into the network increases application resilience and scalability by freeing server and storage processors to perform their core duties.
The trend toward data center consolidation redefines how enterprises attain optimal applications resilience. It begins with redundant network components and server clusters.
Communications Resilience
Many enterprises have yet to take full advantage of IP communications. They install an IP PBX [private branch exchange] but stop there. However, IP voice applications can be part of restructuring the way to increase agility. It's easy and inexpensive to do over an IP network. Converged networks dramatically enhance communications flexibility for both daily operations and disaster recovery. Features such as extension mobility allow employees to use their own phone numbers from any IP phone in the global enterprise network. Unified communications simplify message retrieval by combining voice mail and e-mail into one service that employees can access through a computer or telephone. IP videoconferencing and IP video telephony reduce the need for travel.
Telephone service is the IT function most essential to conducting business; therefore, the network that supports it must be highly available. Branch-office routers must include features that maintain local telephone service and PSTN access should the WAN link to the central management service fail. IP call centers should allow remote agent access from home when weather conditions make commuting difficult or dangerous.
Workforce Resilience
Closely aligned to applications and communications resilience is workforce resilience, which strives for anytime employee accessibility to applications and services from any location. In the campus, conference rooms with wireless LAN access eliminate the traditional "battle for ports." Road warriors can carry a preconfigured broadband router and IP phone kit that allows them to connect to the corporate network from a hotel room and enjoy the same services they would have access to if they were directly connected at the campus. Teleworkers use a similar means to set up home offices with secure, always-on VPN access to the corporate network. Such flexibility increases employment options, worker satisfaction, and productivity.
Multilayer Security
The most highly available and intelligent network isn't resilient without adequate protection. An integrated approach to resilience makes it easier to apply and enforce consistent security policies throughout the enterprise.
Attacks such as distributed denial-of-service (DDoS), information theft, and worms and viruses can cripple an organization's ability to do business. For example, after surfing the Internet, an employee can innocently introduce a worm or virus to the corporate network through a remote-access connection. Endpoint security coupled with network-based policy enforcement can stop the infection before it spreads by prescreening user PCs before allowing them to log into the network. This cooperation between computing and network elements creates a synergy that provides stronger protection than either system can accomplish alone.
Network Operations
Both elusive and critical to a successful business resilience strategy is network operations. Many enterprises purchase multimillion-dollar IT infrastructures, then manage them manually, which is one reason why so many organizations struggle to control operational expenditures. According to Sage Research, 39 percent of network outages are caused by configuration errors, 27 percent by upgrade errors, and 10 percent by data entry errors. Investing in and using integrated management systems, network operators can eliminate configuration errors and speed up routine processes through automation. For example, it takes 93 hours per year for an operator to manually change passwords in 800 devices each quarter, with a 5 percent error rate. Automating that process drops the error rate to zero and takes less than one hour per year.
Assess Your Resilience
As with any journey, enterprises can plan a cost-managed path toward resilience goals when they know how resilient their IT systems are today. Assessments offer valuable insights about what an enterprise is already doing well and identify areas where it can improve both infrastructure and operations. Organisations thus need to invest in extensive lifecycle-based services to help them with assessment, design, implementation, and operations for a highly available and secure network.
Authored by Ranajoy Punja, Vice President Marketing, Cisco Systems
