After the disruption of the Covid-19 pandemic, businesses in all industries now realise that anything can happen at any time. No organisation is ever safe from disruption, and they all need to be ready to pivot operations quickly and efficiently in a crisis.
Business continuity has never been more important, and a company’s data centre strategy is paramount in keeping operations running and businesses open. Therefore, it goes without saying that data centre providers and managers are committed to continuously monitoring and evaluating risks around the world that may impact operations, employees, supply chains and customers.
So, more than two years after we first started grappling with the Covid-19 pandemic, where do the most pressing risks to businesses today lie? And how can companies prepare for what lies ahead?
Today’s risk landscape
For the team at Vertiv, designing business continuity strategies begins in the data centre – protecting the critical digital infrastructure that keeps organisations and societies running. In 2021, Vertiv put together an emergency preparedness checklist that reflects some crisis planning and data centre services recommendations. But, just one year on from devising these plans, it’s striking how much the world has changed.
“One year ago, the ongoing pandemic dominated our planning exercises, with the fallout of the Covid-19 crisis continuing to rock businesses of all sizes,” Kate Fulkert, global business continuity and disaster recovery manager for Vertiv says. “But today we spend more time on civil unrest, and more recently extreme weather conditions, than any other threat.”
In addition to the devastating destruction and health and safety concerns for those in the country and in nearby regions, the war in Ukraine has severe implications globally, putting further strain on supply chains, restricting commerce in Ukraine and Russia, and limiting communications with employees, suppliers, and customers in those countries.
“Sadly, civil unrest isn’t limited to Ukraine and surrounding countries – we have seen truckers in Canada grind over-land supply chains in North America to a crawl and various demonstrations limit or cut off access to worksites and important transportation routes,” Fulkert continues. “The war is taxing the systems in place and creating an environment that attracts bad actors, including cyber criminals. It is an ongoing and increasingly volatile situation, and sadly will be for the foreseeable future. Accordingly, businesses should work to develop business continuity and disaster recovery plans for employee communication, transportation, supply chain, and workflow, while ramping up cybersecurity training at all levels.”
Hybrid working has changed infrastructure requirements forever
Prompted by Covid, but enduring long after offices reopened, the widespread shift to remote or hybrid models also continues to cause challenges, not least a significant increase to the threat of cyber attacks.
“A distributed workforce means a boost in network endpoints, and each endpoint represents a cybersecurity risk,” Fulkert warns. “If your business is shifting to remote or hybrid work models, you must increase attention on network security and ramp up employee training on IT and operational security. It’s important to remember that a remote workforce does not absolve the employer of responsibility for employee safety. Crisis management and training must continue, but you must tailor it to the person and their location to ensure their safety and the security and continuity of their work product.”
A twelve-point continuity strategy
There is plenty to consider in the world of business continuity and Fulkert has shared the following guide to the components of successful crisis preparation:
- Risk assessment and the Business Impact Analysis (BIA): The critical first steps for a comprehensive recovery strategy. Perform the BIA to determine critical business functions and a risk assessment to identify potential mitigations or controls that could be applied. If there is an inherent risk present, could the site or some work be moved to alleviate that risk?
- Training plans: With more employees working remotely, businesses should introduce training to help employees know how to react to a crisis independently – including relevant resources such as shelter locations and Red Cross resources as well as information on who to contact. Staff should take advantage of regional weather and emergency phone apps too.
- Weatherproof the data centre: Consult with a data centre services provider that can help to harden data centre and edge facilities against such threats and be award that certain critical roles may even require uninterruptible power supply (UPS) backup power or redundant internet service providers. Create a checklist which includes physical procedures to be verified, such as ensure all doors and windows are shut tight, clear downspouts and drains, and remove or secure any outdoor equipment or movable fixtures. Also train employees who are working remotely on how to prepare for or respond to extreme weather conditions, which are becoming more common across the globe.
- Backup data: The process may change as employees shift offsite. Automatic backups should be implemented, and some on-site backups may need to be initiated manually, including backing up to the cloud – all data backed up should be hardened against cyber threats.
- Preparation for communication breakdowns: A remote workforce introduces challenges related to emergency communications. Develop lists with all available means of communication for all employees and reach out early with instructions on how to communicate in the event of communication interruptions.
- Emergency staffing: The preference for many companies today is to shift work virtually, but staff on site may still be required – and needed immediately – develop plans to replenish staff to ensure critical business functions are maintained.
- Contact vendors: As supply chains continue to lag, businesses should consider adding vendors and suppliers to their mass notification systems to ensure critical communications are not interrupted.
- Move away from a single vendor approach: Critical business functions should have more than one vendor in place in the event that vendor has a supply chain issue. Don’t single source vendors, instead have two to three vendors in your recovery plan to provide products and services.
- Build redundancy across your team and train them on emergency response: It’s critical today to build redundancies into teams. If one person is working remotely and can’t contribute, make sure there is a backup. Along with team redundancy, train team members to be prepared for various types of crisis events at work, home or out in the field. Conduct training so they can react to a crisis independently – include relevant resources in the community and information on who to contact. Employees should take advantage of weather and emergency phone apps too.
- Inform first responders: Many insurance providers are asking for floorplans to be shared with first responders. It’s a good idea, and one any organisation should insist upon even if the insurance provider isn’t.
- Consider the opportunists: Chaos provides cover for cyber criminals. Training employees on cybersecurity best practices is more critical than ever with the shift to remote work.
- Test your plans: Vertiv has increased testing of plans twofold this year and is expanding on the types of tests performed. Testing does not need to be complicated but is the best means to get recovery plans communicated.
“So, while the threats and risks to businesses across the world are changing, the need to prepare adequately with robust Business Continuity strategies is not,” Falkert concludes. “Crucially, processes, policies and plans must begin with protecting the critical digital infrastructure which keeps businesses up and running. For Vertiv this means concentrating firmly on the all-important data centre – which is widely recognised as the backbone of the economy.”