The show must (always) go on!

One aspect of IT that most people, within or outside IT, think is rather boring, somewhat negative and not very inspiring is the ongoing delivery of what IT are bringing – IS/IT services. This is called continuity management and includes painting the devil on the wall, tell everyone how dangerous he is, what will happen if the “shit hits the fan” and much more. Well, not really, but often we get this rather stereotype version of what continuity management includes. It also includes knowing what risks there are, how to manage these and what to do if, may god forbid, something really bad will happen, a crisis of some kind.

For us working with quality and IT service management, well governance of IT in general, this is an absolute no brainer. Is there really any logical reason why not everyone should do this?

Last week I participated in the Brasilian event “Global Risk Meeting 2015”, #GRM2015, and about 300 people working with continuity, risk and also compliance and the legal and regulatory aspects of our life in and around IS/IT. It’s always very fulfilling hearing the experiences, know-how and basically just to talk and mingle to people that has the same mindset as yourself right?

Being the CIOs best friend I of course need to stay in the all aspects of the IS/IT game and these aspects, the “dark side” of IT is a real jungle. Getting the latest updates about what hackers can do, for example tap a whole Wi-Fi network and rob your data, passwords and the whole lot from all the devices connected to that network, this only using a USD 75 device anyone can buy. There are sites that sells the services of hackers and cyber espionage is bigger than ever. All in all the cyber threat is very real and I guess it’s of no surprise to anyone that we are little prepared and know almost nothing about this. Did you guys for example know that only 1% of the intrusion in company networks are detected by internal control (firewalls etc), about 85% of all intrusion are actually only discovered by external parties such as suppliers or customers, and the worst of all, the average time an intruding attacker of the network remains inside the network/system is 200 days (!?!), please read the security reports from Verizon (2014) and Cisco (mid-year 2015) for more horrifying reading.

Knowing all this, and being the pragmatical and business oriented guy I am I really want to tell you to start considering the security, at least the information security. The protection we all believe is sufficient with the operating system firewall and the freeware virus checker is not enough. And the biggest problem is not the machines, it’s the people using it. So, right now, start getting informed and create awareness in your organization you hear! There are no excuses and the risks are very real. Also, things are really a whole lot business oriented now, an organization can do a lot without finding themselves in the cold when the business starts pulling the plugs based on poor performance or disturbance to the ongoing business operations.

Another thing I knew little about but always was curious to get to know it the bitcoin. Did you for example now it’s actually a computer protocol, like for example the Internet protocols. There is nobody that owns the bitcoin, gaining anything. It’s just a secure way to transport a value between two parties that does not have to know each other, talk, have contracts etc. Until now, the bitcoin has not had any real success, well besides a real boost back in 2011-2012 when drug traffickers and their customers used this virtual, uncontrolled “currency” on the Silk Road website to trade with drugs. You could say that bitcoin got a bad start and are still somewhat struggling from a bad reputation based on this, but the FBI shut down the Silk Road in 2013 and now this crypto currency is beginning to reach the “clean” markets. This is of course scaring the banks and of course it will also inevitably lead to a lot of banks and economical system to collapse since they cannot any longer feast on our blood for historic reasons. I mean, who visits the bank office today? Everything is done online using Internet, the bank fees for doing this is totally ridiculous. However, that is another story. Just, remember the name bitcoin, in a near future we will see the bitcoin really entering the global marketplace, first on a small scale but very soon all banks, credit cards and the other leaches will have real problems.

Ok, I just want to get back to the actual theme of this blog post, the ongoing delivery of our dear IS/IT services. I want to tell you all a little, short (I promise) story.

The company X was started, had a rocky first 5 years but based on a lot of hard works, a bit of luck and well-played management strategies they reached great success. They expanded, first to other cities, than to other countries, started to do business online, reached far places around the globe. The sky was really the limit, things were going really good. Only, during 2 hours one Tuesday, the company crumbled and then died the horrible death of dying due to the fact that they thought they were immortals and that all these boring IT guys talking about disaster recovery, continuity and risk management were just boring and needed to be kept in a place where they didn’t disturb and anger the business. Therefore, the power failure, followed by smoke from the overheated servers, starting of the fire alarm followed by the poorly prepared and even worse trained staff using the water-based fire extinguishers and connecting the water sprinkler system in the server room effectively destroyed 90% of the infrastructure. Since all data, all transactions and pretty much all information that was stored on those servers did not have any backup and there were nothing even close to real recovery options, company X was out of business for more than two weeks trying to get back on their feet. However, in this time and age, where everything moves fast, they only recovered partially and only a few months after the incident they closed down.

A dark story? Sure. How are you managing your information? Do you have a plan? Think about it, the small investment to get your continuity management going is cheap when considering what could happen. So, please don’t let me be an “I told you so” guy but rather the “look, great that you listened” guy ok.

Do the right thing people!