To Deal With Technology Risk, Focus on Resilience Posted on January 8, 2015 by Tim Burke Have you noticed how people are talking more about risk these days? Not surprising, given the spectacular nature of recent hacks. Even reinsurers express worry: in a poll last fall, 40% ranked cyberattacks as the most threatening emerging risk of 2015. Yet, cyberattacks threatening your systems’ security and your data’s privacy are only part of a much larger risk problem. This greater scope of risk is more about effect than cause – if you contain your risk strategy solely to cyberattacks, you’ll leave yourself exposed on other fronts. Much of today’s corporate risk comes from the rapid digitization of a broad range of business processes, creating new kinds of risks beyond the scope of traditional, siloed IT systems. From the hyper-connectivity required by cloud services, mobile devices, and collaboration tools to virtualized data centers, software-defined networks, big-data cleanup/analytics, and a whole lot more, each ‘digitization’ brings with it new dimensions of vulnerability that test an enterprise’s resilience. What you’re really risking These days, technologies evolve in complexity so rapidly that you may have a tough time recognizing the kinds of technology risks that translate to serious business threats. Do you know, for instance, how well your data backup systems are working, and which of your operations will continue functioning if data is lost for a day, a week, forever? What happens if your data transmission protocols don’t comply with privacy rules affecting your business — and it’s discovered by a regulator? How long will your customers tolerate your Internet absence when your complex virtualized data center goes dark and stays that way? Answering for these sorts of issues after-the-fact can devastate an enterprise, and that is why it’s so important that you manage technology risks (read: business threats) proactively. Proactive risk management can save you money and boost business resilience. Recently, one Quest customer had us come in to assess their disaster recovery (DR) preparedness and develop a new business continuity plan as they prepared to launch their second data center. When our engineers showed them what a new data center would require to completely meet their needs, they opted instead for a DR-as-a-Service (DRaaS) capability that cost less and improved their cybersecurity stance. Taking a strategic approach to risk and resilience A good way to think about business risk is to put it in the context of resilience — defined by one expert as “the capacity of an organization to plan for and adapt to change or disruption through anticipation, protection, responsive capacity, and recoverability.” As technology-business integration grows tighter and more sophisticated, smart companies get proactive about risk and resilience. In my next post, I’ll take a look at how to do that.