Why Care about Technology Risks and Building Resilience?

This is the first post in a two-part series exploring the benefits of technology resilience. It defines technology resilience and describes its value to organizations. A subsequent post describes aspects of technology resilience and outline steps to implement a technology resilience program.

Technology resilience remains a new idea for some organizations. Even those who are familiar with its principles may have trouble articulating the benefit of strengthening their technology resilience, which can become a problem when it impedes leaders from making the case for core funding and executive sponsorship.

Technology resilience: what it is; what it isn’t

Technology resilience is one component of a strong business continuity and resilience program, including crisis management, disaster recovery and business resumption. It encompasses the practices, tools and processes that will ensure minimum acceptable levels of service — even in the presence of a disruptive event. Technology resilience seeks to reduce manual efforts associated with effecting a return to business as usual.

The concept of technology resilience is tangential to the notion of recovery, but recovery is different. Recovery is concerned with ensuring systems can be rapidly restored after disruption.

The difference between technology resilience and technology recovery is further highlighted by the architectural features that underlie each practice. Technology resilience is supported via architectural features like real-time or near-real-time replication of data, load balancing and distribution of workloads across fault domains, among others. Resilient architecture includes automation to scale up or avoid issues within any fault domain.

Without resiliency in mind — where technology architecture focuses on recovery goals only — system instances may not be entirely isolated. They may depend on a particular site. Data might be replicated, but with recovery time objectives measured in hours — not minutes. With only recovery in mind, application architectures feature numerous stateful components; automations are designed for migrating resources that survive an attack, or for recovering resources from backups, a time-consuming process.

Smart reasons to sponsor and fund technology resilience programs

When businesses successfully implement technology resilience, they achieve a wide range of benefits. Leaders who would build technology resilience, either with external help or by drawing on the skills of their own people, may want to take note of these benefits as they make the case for the funding and sponsorship that technology resilience programs will require.

Strategic

  • Preventing disruptions, data breaches and operational losses results in cost savings that quickly balance the technology resilience programs’ initial costs.
  • By minimizing disruption, technology resilience practices circumvent the reputational damage and erosion of stakeholder trust that technology failures incur.
  • Customers, partners, investors and other stakeholders are more likely to trust and engage with businesses that prioritize reliable and resilient systems, giving those with robust technology resilience a clear competitive advantage.
  • Stakeholders — whether investors, customers, partners or employees — favor organizations that are resilient. This stakeholder confidence leads to stronger relationships and opens the organization to increased opportunity.
  • Technology resilience facilitates innovation: when a business is confident in its resilience, it can explore opportunities for innovation and growth from a position of strength.
  • Organizations that are technology-resilient are also better at strategic planning, as the program encourages a more proactive approach to risk management. These organizations are planning for disruption and have established guidelines to mitigate its effects.

Operations

  • Mature technology resilience programs ensure business operations continue even during disruption. As such, these programs support operational resilience, avoiding downtime that interrupts revenue generation.
  • Technology resilience practices help businesses manage risk by anticipating and planning for cyber threats and system failures that lead to potential data breaches, financial loss, reputational damage and more.
  • A well-developed technology resilience program ensures compliance with regulatory requirements and guidelines in various jurisdictions which mandate data protection, data privacy and other business continuity capabilities.
  • A technology resilience program enables rapid adaptation and response to constantly evolving technologies and threats — while maintaining stable operations.
  • Through early identification of risks to critical systems, technology resilience focuses on securing and maintaining those systems, resulting in more effective management of resources.
  • Employee productivity and management’s ability to make decisions must be supported by robust technology resilience, since staff will be less likely to be affected by unplanned downtime and other disruptions.
  • Technology resilience programs foster a culture of preparedness, so businesses are better positioned to avoid risks with far-reaching consequences for their operations, finances, customer satisfaction and brand reputation. These programs protect organizational interests and help build competitive advantage over time.

While technology resilience is still a new idea for some organizations, the benefits described here make the case for building a program whose benefits quickly outpace the costs. In our next post in this series, we describe the aspects underlying successful technology resilience programs, and outline an approach to successful program development and operation.

To learn more about our technology resilience solutions, contact us or download our Guide to Business Continuity and Resilience and refer to Achieving Resilience Starts at the Top.

Damon Owen

Managing Director
Technology Risk and Resilience

Dave Cozzens

Associate Director
Technology Risk and Resilience

Subscribe to Topics

Protiviti’s #SIFMA #QuantumDawn VII After-Action Report reaffirms how vital it is for the financial services industry to prepare for the outage of a critical third-party service provider. Discover lessons learned from the biannual #cybersecurity exercise. https://ow.ly/tlhH50RT9Ri

Unlock valuable, real-time insights with #Microsoft DevOps Analytics View and #PowerBI integration. Discover the benefits, how to get started and why you’ll want Protiviti’s help. https://ow.ly/f9QL50RSSgx #ProtivitiTech

How can #tech leaders ensure their organizations are resilient and adaptable? One such way is by taking a leading role in periodic business impact analysis processes, says Protiviti’s Kim Bozzella. Read more in #Forbes: https://ow.ly/sucl50RO6TO #ProtivitiTech

Protiviti’s Christine Livingston contributed to #Harvard Business Review’s latest report, speaking on the ethical issues of #GenAI governance frameworks and the importance of connecting these with your company ethos and brand values. https://ow.ly/6mgL50RK5oX #ProtivitiTech

What is high-speed #quantum networking? How does it work? How fast is it? Listen now to host @KonstantHacker and @NoelGoddard2 from @QunnectInc as they explore this concept and potential business use cases. https://ow.ly/QHER50RK4SS #ProtivitiTech #Podcast

Load More