Strategic Business Continuity to Shift, Pivot and Remain Secure

Understanding that business continuity is about how people, processes and technology working together will help us achieve the new normal following COVID-19, and make sure that we can handle any future crisis.
A cybersecurity pro works to keep his organization safe and maintain business continuity during COVID-19

The unprecedented circumstances of the coronavirus pandemic have brought the business continuity conversation to the forefront in a big way. In a matter of weeks, organizations have been thrown in the deep end of facilitating and managing a remote workforce. Even the most tech-forward enterprises faced a learning curve, figuring out how to manage large-scale issues of operability and cybersecurity.

The obstacles have gone far beyond just scaling VPN infrastructure, too. While facilitating access to applications is naturally a prime concern of IT, no department – from HR to marketing to finance – has gone un-shaken by the shift. Organizations have been rising to meet the challenge — but it hasn’t been easy.

So how can they continue to manage, and set themselves up to succeed in future catastrophes? While the whole world may feel upside-down, sound methodologies can – at the very least – help guide us toward being as nimble as we need to be.

Determining Priorities In Business Continuity

Today’s world is a digital world. The amount of business that takes place online, though, can mislead us into thinking that maintaining access to critical apps is the key to keeping a business going. It’s certainly important, but system availability is only one piece of the business continuity puzzle. In reality, relationships between departments, people, processes and technology are what drive business – not technology alone. We understand this through exploring IT’s role in a business continuity plan.

An IT team might, for instance, run a failover test on a hybrid cloud environment, demonstrating that if a server in New Jersey goes down, a server in San Jose picks up the slack. This is, of course, an important part of maintaining continuity – but it’s not the starting point. Simply documenting the ability of servers to redistribute workloads does not necessarily speak to how well this technology will facilitate business continuity in the face of crisis.

There are countless other factors to account for to assure that the server continues to be of use in a worst-case scenario.

For example, an IT professional would have to ask the following questions:

  • Will using the failover introduce regulatory concerns?
  • Does the failover operate under the same service level agreements (SLAs) as the current one?
  • How do other servers and the programs that run on them relate to this one?
  • What effects will cascade from switching to failover?
  • Can the teams move and scale to support the new deployment?

How Technology Fits Into the Big Picture of Business Continuity

Technology can’t be considered in isolation. Each of these concerns, and many more, require input from multiple departments to get it right. Disaster recovery testing alone is not business continuity. Working with business leaders across departments to fully understand what everyone’s needs are prevents an organization from creating a strategy that looks good on paper but falls short in reality.

With that in mind, the inter-departmental team assessing business continuity must ask the following questions, in order:

  1. What does each department do?
  2. What are the processes that the departments carry out, and who does the work?
  3. What applications are used to do the work?
  4. What IT infrastructure is used to facilitate the applications?
  5. What data do the applications store, access and back up, and where does this happen?

In the best of times and in the worst of times, cybersecure business is conducted through an end-to-end flow of services. Knowing what that flow looks like down to the letter and understanding what it takes to keep it going can mean the difference between acceptable glitches and unacceptable downtime.

Plain, clear communication from tech and cybersecurity teams is another crucial part of business continuity. It’s easy to assume that the meaning of acronyms like RTO and RPO are obvious to all. Such lingo, while crucial for setting standards, can work against you when speaking to a general audience. Using everyday language that everyone understands is critical to succeeding.

The adage that failing to plan is planning to fail is absolutely true – but not all planning is good planning. A good business continuity plan must be cross-departmentally comprehensive, up to date and appropriately tested. We’ve seen the difficulties adherence to more relaxed protocols has caused, but we have a method for moving forward correctly as the world gets back up and running.

Cybersecurity In a Time of Great Disruption

As organizations worldwide rapidly scaled their work from home capabilities, anecdotes abounded of bottlenecks and crashes. Some companies routed users through complex, capacity-constrained remote access infrastructure to conform to policies, choking off access to business-critical apps. Others found that, having lost control of the computing environment, it was now impossible to deploy the requisite patches critical to facilitating secure operations.

To take the weight off, companies have moved toward models that are often viewed skeptically, or outright forbidden. Split-tunneling to avoid stressing VPNs. Bring-your-own-device (BYOD) policies because home devices are the only option.

Could anyone have seen this coming? Maybe.

Could this introduce potential cybersecurity threats? Maybe as well.

Managing cybersecurity is, after all, about weighing risk against possible threats – no matter what the circumstances.

The move then becomes, for IT pros, to educate staff on cybersecurity best practices for working from home, leveraging appropriate threat intelligence tools to catch things that slip through the cracks and so on.

For those in higher-level roles, it’s still about helping business leaders understand the risks and evaluate the options.

And for everyone, it’s time to learn, innovate and see how we can maintain our standards of secure computing in a time of sudden, seismic change.

A Call For Strategic Business Continuity Planning

In the midst of chaos, maintaining cybersecure systems becomes an even greater challenge. As we begin taking steps toward the new normal, it is more critical than ever to stay organized and to assess and appreciate the complexity, not just of our networks, but also of the connected systems of people and processes that they facilitate. 

As we look at business continuity and disaster preparedness writ-large, we must avoid the tendency to prepare only for situations identical to this one. Cybersecurity pros know that in the wake of a hack, companies start purchasing solutions to stave off that particular kind of system invasion, data breach or availability incident.

Rather than being reactive like this, we must be strategic. That means calculating acceptable risk and being aware of potential threats, our susceptibility to them and their potential impact. It’s critical that we set ourselves up to be as flexible as possible, armed with granular knowledge of our operations – to shift, pivot and remain secure no matter what we’re faced with.

CompTIA cybersecurity certifications impart the knowledge it takes to understand and secure the IT infrastructure critical to our lives and the people they connect. And so, as we get the world back up and running, bit by bit, they’ll be ever more important in setting the standard for navigating what might happen tomorrow – or in the far future. Stay safe.

Learn more about the CompTIA Cybersecurity Career Pathway and how CompTIA certifications help IT pros protect their organizations from cyber threats.

Email us at blogeditor@comptia.org for inquiries related to contributed articles, link building and other web content needs.

Read More from the CompTIA Blog

Leave a Comment