18 July 2012 was an important day for those of us who pay attention to international standards. Why? Because it was the date that ISO published this document on the pending makeover of the management systems standards.
One could look at this purely from a surface perspective (i.e. how a management system standard is organized) and completely miss the point!
“So, what’s the point?”, you might ask?
It’s about demonstrating conformance, people!
Many questions abound in various discussions about cloud services. How fast must the disk be? How big must the server be? It is interesting that these questions mimic those of traditional in-house (localized datacenter) architecture. Or is it? Has the myopic nature of silo based organizational IT structure permeated the cloud? Unfortunately, yes (http://blog.engagedconsulting.com/?p=234).
As part of a recent discussion on the subject, a topic was put forth as “NAS Cloud with Solid State Drives: Is there any advantage of using SSD over SATA, SAS, FC, ISCI when it comes to doing cloud over NAS? Any Performance numbers published on same?” A few responded with varying levels of inquiry to the requirements while also indicating the fact that IOPS (I/O per second) was not the real issue when considering what disk was appropriate for cloud storage. The discussion went further…..
How is an organization doing? Is it structured appropriately? Do the people have the right skills? Are there hindrances to attaining organizational goals? What hurdles exist in employee satisfaction? Does the market recognize the organization of note? All of these are great questions to answer when looking to understand what the current state of an organization is. However, many pundits would say that the only judge of an organization are its people. That is debatable.
A quick scan of search engine results and tweets regarding the development of business continuity and disaster recovery plans will yield a significant number of results for you to go look at and research. In fact, there seems to be an overwhelming bias towards the planning portion of these two areas. Indeed, this bias can be seen in almost any area — it is not unique to just these two. I think that one of the reasons for this bias is the fact that few organizations actually make the investment to create credible plans. Still, that’s not what this post is about. This post is about what happens to those organizations that invest resources in creating their plans and then stop.
Why is this a problem? It’s just like the old joke/saying:
“In theory, theory and practice are the same. In practice, they’re actually different.”
Whether or not we actually think that’s funny, it’s actually pretty accurate. Because when something goes wrong during the execution of the plan, someone will undoubtedly say something along the lines of “well, that wasn’t supposed to happen like that”. Why something actually didn’t go “according to plan” is irrelevant, when you’re in the heat of a response effort. You just know that it didn’t work the way it was supposed to. That’s why I’m calling this post “Famous Last Words”.
Let’s consider this in some more detail.
Lets consider, if you will, that there are multiple layers of Enterprise Architecture. One aspect is the business aspect. Another aspect is divisional aspect.
The basic premise of people, process, and enablement applies in either case. I would agree with the argument that organizations worldwide have lost the art of Enterprise Architecture as is obvious by the numerous structures and departments littered across the landscape of business today. Even more substantial is the structure of governmental bodies proliferating the map (i.e. take IT – 27 CIOs for one department of the US Government). Read the rest of this entry »
There are multiple ways to look at recovery time objectives (RTO – how much time we can be without) and recovery point objetives (RPO – how much we can afford to lose). If we look at it from a top (business level) down (IT level), there would be a similar concept to a simple criticality rating that may be indicated that eliminates portions of data (that support business functions) that are not “critical” and some that stays critical that would flow from the following elements:
- Business Impact Analysis (BIA) that identifies business risk
- Business Continuity Plan (BCP) that outlines recovery of business function (including IT as a business unit – mangement structure, procurement, etc.)
- Recovery Point and Time Objectives for BC (Business Continuity)
- Disaster Recovery Plan (DRP) for the recovery of technology to support the deemed critical business functions outlined in the BCP
- Recovery Point and Time Objectives for DR (Disaster Recovery)
- Application Matrix for coorelation between physical infrastructure with application functionality
- Single Points of Failure for application matrix
- Synchronization requirements for multiple data stores to eliminate corruption (i.e. different time stamps or multiple access point for shared data)
This describes how any Backup (Operational Recovery as I like to call it) system supports the business in the event of disaster and are longer due to the massive effort to focus on recovery of entire business unit(s), business location(s), and/or data center(s). One important item to note: backup / operational recovery is _not_ disaster recovery; however, every good disaster recovery plan has backup / operational recovery in it. So, this is one perspective of RTO / RPO, and it is separate from what is needed from a day to day or operational perspective. This is why I like to call it operational recovery. Read the rest of this entry »
I recently read the following blog article by Nicole Blake Johnson (http://t.co/2Yr0Sqq) and about fell out of my chair. I see it time and again throughout many government and commercial enterprises. Organizations that are way out of whack. How can an enterprise be any where near efficient, agile, cost effective, rigorous, and results oriented with so many layers of bureaucracy? 27 different CIOs and 10 Deputy CIOs for the same governmental department? Really? Seems like a lot of redundancy, overlapping responsibility, conflicting strategies, complexity, contradictory standards, and excessive cost. No wonder many are skeptical of IT. Read the rest of this entry »
I was recently following a discussion on LinkedIn about what Law Firm staff should do to help IT. There were many responses over a period of three months. One response likened IT to fire fighters and staffers to arsonists (LOL – Ben Schorr). Ironically, the specificity of law is not unique to this problem. Legal firms have their own life-cycle and cadence that is certainly unique. The problem of communication and integration of IT and business is worldwide and ubiquitous in all industries. Read the rest of this entry »
There have been many Interesting comments discussions about Cloud Computing over the last year. In fact, many have predicted that Cloud Computing has the same goal as Pinky and the Brain (Pinky asks Brain, “what are we going to do tonight?” The Brain answers, “The same thing we do every night, Pinky. Take over the world!”). The issue of what is “cloud computing” is extremely relevant as every vendor in the world is trying to spin it unique to them. Ownership of assets is not necessarily what the “cloud” is about. Unfortunately, technology is required to send and receive content; thus, elimination of assets via the cloud is a mirage. Read the rest of this entry »