Business Continuity and Disaster Recovery Technology Collaborative (RTechLab)
Below is a list of technology challenges Business Continuity Planners and Disaster Recovery Technicians experience with planning, response, testing and recovery technology. The purpose of the list is to identify technology challenges (Gaps: absences, limitations, weaknesses) the planning industry faces collectively and to collaborate as an industry to solve the challenges.
If you have identified a specific technology challenge which the industry faces and would like to contribute it to the discussion, please add it to the list below using the following guidelines and comment option. Please add only proposed share technology challenges, proposed edits to the challenges listed or questions to challenges.
Guidelines: If a major regional event occurred right now, what technology challenge(s) do you wish had been solved before the event took place? Of this list, which technology challenge affects the industry as a whole?
- The challenge may be a limit or constraint with existing technology or the absence of any technology for the function
- The solution would provide a major benefit or impact risk reduction to the industry as a whole if solved (life/safety, business impact, cost savings…)
- The solution design or criteria is optimal if driven by the user-base
Proving Cloud Resiliency
- Current state: Many 3rd party cloud solutions will not permit the customer access to testing and validate resiliency claim, exposing the customer to an unverified resiliency dependency.
- What’s lacking: The customer has to rely on contracted resiliency commitments instead of proof of resiliency from direct testing evidence.
- Pain point: Discovering untested breakpoints during an event.
- What’s needed: customer needs access to a reliable form of proof of resiliency equal to evidence from direct testing.
||Fast Backup and Restoration of Enterprise Cloud Data and Configuration
- Current state: The ability to quickly backup and restore cloud data and system configuration information is not available in enterprise environments. This poses a great challenge when responding to impacts and cyber attacks.
- What’s lacking: Customers need ability to quickly restore big data collections.
- Pain point: Slow restore times expose enterprises to long data restoration processes in worst case situations for mission critical functions.
- What’s needed: Tools are needed that can take a point-in-time snapshot (image or cache copy) of cloud data and environment configuration information. Imaging or caching software needs to be able to be quickly restored to enable recovery from a disaster impact or to roll back to last known good configuration (or data) when recovering from a virus attack.
||Communications Limitations within Continuity Community
- Current state: Communications tools that connect the broader BCP community (CPE, FEMA, NEDRIX, BCI, DRI & Universities) during an event do not fully meet the capabilities that diverse event situations demand.
- What’s lacking: Communication paths that can connect broader BCP communities which are robust and scalable to a variety of events.
- Pain point: Communications that connect communities can bottleneck or reach limitations in diverse events. This inturn can frustrate and breakdown response coordination and critical information sources.
- What’s needed: Efficient and dynamic connectivity tools for these communities to facilitate the sharing of strategy, information and resources. This will improve response, support, situational awareness and resource sharing.
Cyber-response and BCP Collaboration
- Current state: Many Enterprise Business Continuity Plans do not align cyber-security response and recovery plans with Business Continuity response and recovery plans.
- What’s lacking: Information Security often works independently. We need better alignment of strategy and inter-operability to concentrate risk mitigation and response efforts.
- Pain point: A cyber attack that fully disables a single system or series of systems can create the same impact to a business’ essential functions as other disaster types.
- What’s needed: Aligning the cyber-security response and recovery plan with the business continuity plan would reduce redundancy and create efficiency for both plans and provide a more comprehensive framework for responding to cyber-attacks.
Identifying Active Applications at Point-of-Impact
- Current state: When disaster strikes a data center, applications which are in use at the time are abruptly impacted and assessing which are being used at the time of event is difficult.
- What’s lacking: The ability to quickly identify which applications were being used at point of impact in diverse data centers.
- Pain point: Not being able to identify which tools were active at point of disaster can increase steps and time for identifying customer impact.
- What’s needed: Tools which can identify which applications are running in a data-center at the point-of-disaster. The capability to identify the applications that are actively being used at the point-of-disaster would help pinpoint the event impact to critical business functions, refine recovery priorities and data loss at point of impact.
Recovery Resource Reallocation During Event
- Current state: Organizations may have pre-event planned resources (e.g. fuel trucks for data centers, voice/data traffic, generators…) which can be redirected by government authorities to other organizations in need (e.g. hospitals…).
- What’s lacking: Effective alignment of strategies and resources between government and business resources for resource and response strategies to allow resources going where needed and proactively plan contingencies in reallocations.
- Pain point: The commandeering of resources by government or other authorities can pose significant technology resiliency risk by interrupting top priority essential functions of the well prepared.
- What’s needed: Tools and strategies to facilitate closer working relationship between government and businesses for resource and response alignment to avoid plan disruption from resource redirection.
Safely Performing Damage Assessment of Non-Intelligent Infrastructure
- Current state: Some critical assets cannot transmit information on their operational status because of a disruption in reporting capability or not having the feature for reporting status data.
- What’s lacking: The ability to identify damage to our assets within a disaster zone and the impact to customers (business & residence) without putting personnel at risk.
- Pain point: Identifying damage to unresponsive assets that are within a disaster zone puts people and resources at risk. Existing technology does not report this information on non-intelligent devices. In order to assess the damage, teams of individuals must go into the disaster zone and manually survey the damage.
- What’s needed: Smart sensors that can broadcast this information to computers using RFID tech would reduce the risk even when traditional data communication paths are disrupted.
||Total Cost of Ownership Prices Companies Out of Market
- Current state: Total cost of ownership (initial cost, maintenance, cost of customizing) is often underestimated and many good planning tools are too expensive for mid-size or small businesses leaving the plans undone or not optimized.
- Whats lacking: Recognition that high costs and incomplete cost pictures are putting companies at risk of not completing a plan
- Pain point: Cost of customizing major planning applications to company specifications slows the process and taxes resources. We’ve observed with several clients where the cost of customizing the major planning applications to the company’s specifications slows the process and taxes internal resources for getting to an actionable plan.
- What’s needed: Affordable and complete and inclusive cost estimates for tools.
||Planning Tool Customization Challenges
- Current state: Time demands for customizing major planning applications to company specifications slows the development process and taxes resources.
- What’s lacking: Understanding by solution providers and customers that complexity in both requirements and tool features hinders the process for building a tool.
- Pain point: The time required to customize the major planning applications to the company’s specifications slows the process and taxes internal resources for getting to an actionable plan exposing risk period.
- What’s needed: The capability to customize tools simply and quickly
Building The Perfect Plan
- Current state: Many organizations look to build the “perfect plan” by creating specifications so demanding that attempting to incorporate them early in the planning phase delays the process of getting to an actionable plan.
- What’s lacking: An approach using realistic and attainable milestones.
- Pain point: This creates a risk of having no plan while attempting to build the perfect plan. Also, by attempting to build a “perfect plan”, organizations can create a set or requirements that can often be unattainable by the organization.
- What’s needed: Planning tools, plan development strategy and requirements need to be flexible and scalable to facilitate changing and growing needs with the organization’s BCP Program Maturity. Tools and programs need to facilitate creating a near-term actionable plan that can scale-up with the program. The near-term plan provides a basic response capability were an event to occur while working to build a plan and program that meets the organizations validated risk tolerances. Setting “ideal plan” specifications based on regularly reviewed risk tolerances validated by senior management, creates a framework where the organizations ideal requirements will adjust as better data and realism around what is needed is refined.
||Accurate Risk Management Tools
- Current state: Risk management tools are limited for assigning risk measurements and process/strategy support.
- What’s lacking: Risk Inventory Analysis method which apply realistic quantitative or qualitative risk assessment methods for in-depth strategy development.
- Pain point: Performing a risk assessment on scenarios without valid quantitative or qualitative basis creates risk of strategies and planning based on false assumptions.
- What’s needed: Risk assessment tools that incorporate validated probability data such as actuarial tables from insurance companies which also enable mature strategy scenario development capability.
Diverse Report Tailoring Demands
- Current state: Creating reports for different groups or teams to the user’s specific needs can be complex and time consuming. The reports are necessary to facilitate better understanding of risk, systems, applications, staff, departments, etc, that have been affected during an incident.
- What’s lacking: An approach for building reports that are simplified and time efficient.
- Pain point: The time and complexity challenges risk the likelihood on incomplete plans and exposing the company to risk:
- What’s needed: Tools and reporting need to be designed with simplicity and time efficiency as a priority
Recovery Expense Management Challenge
- Current state: During a disaster, we incur significant expenses with vendors to support recovery teams.
- What’s lacking: Accounting tools that support expense management during disaster recovery
- Pain point: Managing recovery expenses, for either personnel or capital expenditures, is very challenging because the process is disruptive to standard accounting procedures and software. We develop large pools of small receipts for reimbursement. The volume is time consuming, manual and expensive to process. In addition, managing our recovery of expenses with our customers and regulators is time consuming and expensive due to the volume of unique support expenses involved.
- What’s needed: Tools that can manage high volume of unanticipated accounting need for disaster impact accounting
Point-of-Disaster On-demand Solutions for the Unprepared
- Current state: In a regional disaster, there is always a percentage of the business and non-business population which will not have a plan.
- What’s lacking: There are few tools available that provide very basic point-of-disaster support to organizations that have not created a plan or organized response resources.
- Pain point: This group poses a risk to the larger community by increasing need for others to redirect resources in aid while the unprepared face direct impact risk.
- What’s needed: Simple standardized report templates and tools that are not-tailored would facilitate and help organize basic response. Simple communications information, procedures and data recovery strategies that could be rapidly distributed in a low cost kit would help the unprepared and Emergency Response teams minimize the impact of redirecting resources from the prepared.