We speak to Information Age about what CEOs need to know about new technologies that reduce risk and enable disaster recovery.
March 19, 2018
The misunderstanding of what’s available to particularly large international enterprises is leading to a disconnection between them and the innovations that exist on the market today.
To cut costs, there’s no need to outsource and many organisations are now choosing to insource because it offers them greater control over the IT and business operations. Companies, such as BA, should be leading the utilisation of the cloud. Yet there are claims that BA, while at the top of their game, don’t quite know what they are supposed to be doing.
The trouble is that many organisations are advised by teams from OEMs and at times, some vested interests can override the best solution. Companies and sectors can get a bit insulated, and so it can be worth it when organisations go outside of their own sector to see if innovation can be applied to their situation.
Innovation exists out there in the market, but it often doesn’t come from the large vendors these days, and CEOs often don’t have sight of it. For example, BA’s infrastructure goes back years. Beyond that, many organisations’ systems don’t lend themselves to migrating into the cloud.
Outages and breaches
In May 2017, the airline suffered a power outage. ‘British Airways counts cost of outage disruption’ headlined the Financial Times on 28th May 2017, adding: “Aviation experts say it is not just a BA problem, noting this is the latest of several IT system failures to hit airlines round the world. Last August, US carrier Delta Air Lines was forced to cancel about 2,300 flights over three days after a power cut near its Atlanta headquarters, while Southwest Airlines, the US low-cost carrier, had a similar issue in July because of computer problems. In that same month, United Airlines had to ground all of its flights for two hours because of a problem with an internet router.”
The likes of Uber and Google understand how to optimise the user experience because it’s a digital age, but even they can create their own problems. Fortune magazine reported in November 2017: “Mere hours after Uber admitted paying hackers $100,000 to delete masses of data they stole from the company and keep quiet about it, the first lawsuit has hit.
David Meyer also revealed in his article for the magazine, ‘Uber Is Already Getting Sued Over Its Gigantic Data Breach’, that a lawsuit was filed in a Los Angeles court.” He writes that Bloomberg states the filing says: “Uber failed to implement and maintain reasonable security procedures and practices appropriate to the nature and scope of the information compromised in the data breach.” The lawsuit arose after Uber was accused of covering up the breach.
If organisations stick data in the cloud, what’s going to happen with it from a GDPR perspective? The data has got to be encrypted because the miscreants – the hackers – are getting smarter. Data is encrypted with a key, and that key is needed at the other end to de-encrypt it. So, it is vital that CEOs understand their new infrastructure and all the security aspects around it. Too many people have been too slack about the security of personal data, and even companies like Uber can sometimes fail to protect it. They will therefore need to ensure that they meet the requirements of GDPR by protecting personal data.
BA’s and Uber’s incidents suggest that CEOs either need to educate themselves, to be educated, or to educate their staff on the consequences of such issues as those suffered by BA and Uber. IT needs to play a part in this exercise too, and that’s even though the constant pressure to lower IT costs exists. To complicated matters, IT is also asked to further integrate itself deeper into the business to drive increases in productivity and, if applicable, to drive sales rather than act as a support function.
IT budgets range from a few tens of thousands to multi-millions of dollars, but in IT there is always downward pressure from CEOs to maximise the return on those investments. Gold-plated solutions cost money, and so there is increasingly a push to analyse the risks against the rewards of implementing a solution. This has led to the viewpoint that it’s better to adopt new technologies than it is to keep propping up existing systems – or perhaps even to keep hush data breaches.
The risk-reward analysis therefore examines the risks of systems going down compared to potential loss in revenue, against the cost of installing and maintaining a high availability, disaster recovery facility. The problem is that some of the legacy systems just won’t go into the cloud. You can’t, for example, take an IBM mainframe and put it into an external cloud. Before even attempting such a task, you’d have to ask: “Is the cost of translating the mainframe apps too costly and too great?”
Look at a mainframe, you could say it’s an on-premise cloud infrastructure. The problem is the cost and the support that goes around it. The easier thing to do is to outsource your IT support functions to reduce costs. With mainframes, you get charged Millions of Instructions Per Second (MIPS) from the CPU. In the cloud, organisations are charged for moving data in and out of the cloud. So, your organisation will be charged in one way or the other.
DR: KFC’s lessons
The rise of the cloud from an IT perspective is interesting. The potential of massive cost-savings prick up the ears of even the most lofty and remote CEOs. Yet, focusing on cost alone when making what could be a major sea change in one of the fundamental pillars supporting every aspect of a business has to be considered and balanced. So it’s sensible to consider both the risks and the rewards of moving to the cloud. This may be for base computing, storage for archiving or disaster recovery.
There is no point in rushing ahead without some form of risk assessment. Although not an IT issue, just look at the KFC debacle in the UK, where the stores ran out of chicken and had to temporarily close their shops. So, what has the lack of chicken got to do with IT? The restaurants are similarly battling to keep costs down because customer’ incomes are being increasingly squeezed. This is putting pressure on all parts of the supply chain. This is also happening in the IT industry.
KFC’s answer was to use a single transport contractor with a single distribution point. So, what caused the problem? Well, there was a crash on the motorway just outside the distribution centre. This created a backlog of trucks trying to exit the distribution centre, and so the whole system went into meltdown. The parables of this can be taken directly into the cloud.
The cloud, whilst hugely versatile, is typically not under your own organisation’s control – you control your protected environment, but not the cloud. Just like the KFC lesson with only one distribution centre, a single cloud model that looks after your most precious asset – your data – has just the same risks associated with it. Therefore, there needs to be at least three disaster recovery sites to ensure that business continuity can be maintained, and that systems can failover even when human error, a hacking attack (or some other form of cyber attack), or a natural disaster occurs.
>See also: The real damage of a ransomware attack is felt in the downtime
The problem is that companies such as BA have too many legacy systems and applications. Although you might expect such a large company as BA to lead the utilisation of the cloud, questions need to be considered about whether the cloud meets their service level agreements (SLAs). BA has invested in mainframes too, and so it’s important to remember that the cloud isn’t for everyone. The mantra that it’s cheaper and better in the cloud doesn’t always apply.
However, BA does have a failover environment, but it is unclear whether anyone has got to the bottom of why it didn’t kick in when the power outage occurred. BA lost all the corporate experience and all the intimate knowledge of its infrastructure and procedures by outsourcing. So, I therefore wonder if the days of outsourcing are numbered. Are outsourcing companies making a profit? CEOs, therefore, need to take hold of these questions to consider whether the risks of outsourcing IT are still justifiable.
CEOs need to share their vision with IT. CEOs don’t usually get involved at a certain point. It’s a numbers game and CEOs can’t look at the numbers in isolation. IT and other aspects of the company should be integrated with the CEO’s vision of the company and how it can be translated into encompassing IT within the different corporate pillars.
So, to put disaster recovery into the cloud and to reap the cost benefits, organisations must be cloud-ready because they must be able to run their applications there. The cost can be prohibitive, insofar as big legacy programmes are concerned. Yet, the cost of having more than one disaster recovery site to ensure service and business continuity with the help of WAN data acceleration solutions, such as PORTrockIT, is far cheaper and safer than not acting now to mitigate any future IT calamity – whether it has been caused by human error, natural disaster or by hacking. The key lesson is that prevention is far better than any cure. CEOs, therefore, need to invest in innovation today.
There is so much pressure on CEOs to cut costs. This can be achieved because of the many innovative, low-cost technologies available, and yet CEOs choose to optimise rather than rip out the technologies they already possess.