|
CONTINUITY PLANNING IN THE NEW MILLENIUM THE ACCELERATING CONVERGENCE OF DISCIPLINES In the new Millennium, look for more significant changes in the way we do business. One area that is underway, is the accelerating convergence of the information security and continuity planning disciplines. Quite simply, as disruption tolerances shrink to hours, minutes and nano-seconds, the business continuity planner must move into areas of computer viruses, unauthorized access, denial-of-service attacks, and other hostile actions where potential abuse and misuse can seriously disrupt critical operations. THE RISING WORLD OF E-CONTINUITY URGENT NEEDS FUELING CHANGE Additional forces and influences are summarized below: Continuity Planning – More than ever, the burgeoning web of electronic interdependencies is creating the potential for minor failure to cascade throughout the enterprise and beyond – a virtual meltdown. This exposure to potentially catastrophic disruption of critical business activities must be dealt with aggressively and thoroughly. New technologies for survivability and fail-over, combined with careful disaster prevention and business continuity planning, are needed to eliminate potentially catastrophic architectural flaws and single points of failure. We must develop new tools and measurement techniques for e-business vulnerability assessment, business impact analysis, evaluation of recovery and continuity alternatives, and replacement for the recovery and continuity exercises that have offered false comfort for so many years. Traditional software-based and hard-bound recovery plans will give way to exciting new continuity-driven technology that will allow modeling, simulation and prediction of potential failure points, disruptions and defined responses. New products for documenting complex e-business processes and relationships will be desperately needed for all of this to work. Network Security – Explosive growth in networking has brought all aspects of information technology into highly integrated and efficient business-oriented processes. At the same time, this degree of automation and electronic integration has created electronic pathways reachable by interlopers from anywhere on the globe, which poses a serious threat to the continuity of mission-critical systems. Careful attention to security in the implementation of these electronic highways is essential to minimizing devastating compromises and business losses. At the same time, highly sophisticated security technologies and schemes will vastly complicate continuity planning and thus must be factored into new and forward-thinking solutions. New security software for intrusion detection and response will also serve to document business processes and relationships, and will be useful in creating modeling and simulation capabilities for business continuity purposes. Maintaining global synchronization of highly integrated but dislocated and encrypted databases in the midst of a dissembling network, for example, sounds like the continuity planner’s worst nightmare. It could well be. Privacy – Increasing focus upon consumer privacy, federal legislation and mandated controls demands a more aggressive approach to protection of sensitive personal information. At the same time, new security technologies are now making it possible to reasonably plan, design and implement the level of safeguards required to protect these records. These changes have dramatically increased the ante for failure to apply adequate safeguards. Mandated control and accountability requirements for consumer information, particularly as it flows through surging Internet-based business-to-consumer relationships, will require new thinking, advanced record protection and retention, and business continuity solutions. New federal guidelines and proposed legislation, especially dealing with patient medical records, increasingly speak to continuity planning issues. THINKING "OUTSIDE THE BOX" About the Author |