|
As you know, fluctuating business conditions are a double-edged sword. Almost any risk—whether it comes in the form of an opportunity or a threat—requires a response from your business. If you respond inappropriately or too slowly, you could lose ground to your competitors. For example, while too much success may not sound like a threat to your business, it can become one if you’re not prepared to handle a surge in customer demand. For example, when Victoria’s Secret televised a fashion show during the 1997 American foot-ball Super Bowl, the company was unable to scale to meet the ensuing demand for access to its Web site, resulting in significant performance degradation and customer dissatisfaction.
On the other hand, a disruption in business operations and services, whether from a natural disaster, a terrorist strike, a cyber attack or a simple malfunc-tion, can seriously reduce your revenues and even do long-term damage to your brand. Industry estimates indicate that upwards of 40 percent of organi-zations without business continuity and recovery plans will go out of business within a few years of a major disaster.
The best response to the threat of disaster is to combine several disparate risk-management strategies into a single, integrated resilience strategy that will allow your organization to adapt and respond rapidly to opportunities, regulations and risks—in order to maintain security-rich business operations, be a more trusted partner and enable growth. Because such an approach addresses both the posi-tive and negative ramifications of risk, IBM uses the term “business resilience” to distinguish between this comprehensive strategy and narrower approaches, such as disaster recovery, high availability, security and business continuity.
In the past, businesses typically have addressed these concerns separately. However, many companies now recognize that it’s more cost-effective to combine them into a single, integrated strategy. A holistic approach can help minimize risks, maximize opportunities and address compliance needs—all at the same time. But how do you perform a holistic risk assessment of your entire enterprise without missing any critical element? IBM has found that an object-oriented framework can help you model your total business infra-structure and identify issues that must be addressed to make your business more resilient.
The business resilience framework—an object-oriented approach
IBM has spent years analyzing what is necessary to ensure business resilience. In the process, IBM has identified a collection of components—called objects—that together can be used to model your entire business infrastructure. Inspired by the concept of database objects, these components have attributes that help define them in terms of their ability to address the six basic require-ments of business resilience. Objects can share similar attributes, and these shared attributes, in turn, help define the relationships among objects. And objects with shared attributes can be grouped into object classes. Companies can then use these classes to understand common issues and to speed the deployment of improvements and upgrades designed to promote resilience.
As Table 1 demonstrates, two or more separate objects can exist within a class and share multiple attributes as well—in this case, the attributes of owner and documentation. As values are assigned to each attribute, you can see whether each of these objects has, for example, the same owner. If, indeed, they do share an owner, for example, John Smith, you can begin to under-stand the consequences for your organization of losing John Smith. In the table, the attribute “John Smith” affects both change and problem manage-ment, so the ability of your business to continue operations in the face of such a loss could be restricted.
The same type of analysis may also be applied throughout the organization, so you can assess whether you have undue risk associated with any indi-vidual, technology or business process. Once you identify these single points of failure, you can then develop failover techniques and redundancies for certain types of object attributes. At the same time, you may also learn that some objects have attributes that can be consolidated for more efficient risk management. For example, under change management, you could find that you have multiple values for owner and control attributes.
|
