by Thor Olavsrud

How IT Can Achieve Operational Resiliency

Apr 30, 20135 mins
Backup and RecoveryComplianceDisaster Recovery

Today's complex IT environments make maintaining 'always on' availability more challenging than ever before, even as IT has become central to most business operations. IDC's David Tapper says organizations must adopt a plan for achieving operational resiliency.

IT is now at the center of most organizations’ operations, enabling or touching upon just about every aspect of business. As a result, availability is more important than ever before.

But maintaining uninterrupted business operations is also becoming more complicated than ever before, as the IT environments of most organizations now involve a complex mixture of hybrid legacy infrastructure, middleware and application technologies, as well as new capabilities that involve virtualized servers and public and private cloud resources. But these challenges can be overcome.

“With today’s changing and complex IT environment and so much discussion around topics such as big data and security, enterprises face challenging expectations from customers, employees and partners,” says Jack Dziak, executive vice president and general manager of Managed Services at SunGard Availability Services.

“To ensure they maintain an expected level of continuous business operations, whether for daily operations or when unexpected events occur, organizations must employ a new paradigm of operational resilience. For many, that will require a ‘hybrid IT’ approach,” Dziak says

“What do the following events have in common: cyberattacks, severe weather, health pandemics and power outages?” David Tapper, vice president of Outsourcing and Offshore Services at research firm IDC, asks in a new white paper, Lack of Operational Resilience Will Undermine Enterprise Competitiveness: A Strategy for Availability.

“They all drive organizations to develop a very sophisticated means of ‘availability’—maintaining uninterrupted business operations. The key to success is building availability processes for operational resilience that integrate, orchestrate and align the priorities and objectives of line-of-business (LOB) executives, such as CXOs and VPs/managers of business processes, with those of IT,” Tapper writes.

Operational Resiliency Requires Data Governance, Disaster Recovery and ITSM

Creating operational resiliency requires three availability building blocks, Tapper says: information security and data governance, business continuity/disaster recovery and IT service management.

Tapper notes that IDC interviewed more than 900 LOB and IT executives across a range of industries in the U.S. and U.K. and found that while LOB and IT agree about the importance of operational resilience, they have differing views on what constitutes it.

IT is largely focused on business and IT services that are “always on” and available, Tapper says, as well as the capability to respond to and minimize the effect of events that disrupt operations. But LOB has a much broader view of operational resilience, he says.

While LOB managers identify “always on” as a key characteristic, they are also concerned with the capability to make changes to existing business processes quickly, to provision new services quickly and to support the alignment of consumption of services with payment.

Together, both LOB and IT managers say they expect one day or less of downtime annually, or 99.7 percent or greater uptime.

5 Recommendations for Achieving Operational Resiliency

Tapper has five recommendations to help organizations achieve operational resilience:

  • Develop Key Performance Indicates (KPIs), a risk profile and a blueprint for operational resilience. “Organizations need to define their level of operational resilience via targeted leading KPIs across business factors (e.g., customer support, sales) and IT services capability (e.g., availability, RPO, speed of service provisioning),” Tapper writes.

    “Organizations should also create a comprehensive risk profile that incorporates all critical factors both internally and externally that will impact these KPIs. Finally, organizations can use the KPIs and the risk profile to create a blueprint of business and IT objectives and the associated people, technologies and processes required for the level of operational resilience required,” Tapper writes.

  • Perform gap analysis. Once you’ve established your KPIs, risk profile and blueprint, you should identify areas of strength and weakness via a gap analysis. “This gap analysis must assess the alignment (or lack thereof) between LOB and IT objectives as well as the alignment of enterprise priorities with market needs to help further identify areas to address,” Tapper says.
  • Implement strategic change initiatives. With the gap analysis in hand, focus on the areas you’ve identified that need improvement. Tapper suggests picking two or three areas to focus on first; success in those areas can be used to pursue larger initiatives.
  • Develop a holistic enterprise-wise governance and risk management system. Tapper says organizations must build an enterprise-wide governance system that can manage the key components of operational resilience.

    “This system ultimately will need to incorporate all of the organization’s people, processes and technological capabilities, as well as include external stakeholders such as supply chains, business partners, service providers and customers and those that could have additional strategic influence on the organization (e.g., media, governments, investors),” Tapper says.

  • Incorporate an optimal sourcing model for operational resilience. You need to develop a sourcing model that brings together in-house resources and outsourced resources, Tapper says. Focus on managing across traditional services and cloud services.
  • Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for Follow Thor on Twitter @ThorOlavsrud. Follow everything from on Twitter @CIOonline, Facebook, Google + and LinkedIn. Email Thor at