In today’s business environment, it’s not a question of whether disaster will strike, but when. To recover effectively from a disaster, organizations must implement risk mitigation strategies before disaster strikes, and plan for the recovery of critical resources.
No one can predict when disaster will strike — but knowing what to expect if it does can buy precious time.
With our last blogs, Part 1: Accelerate Time-to-Value, Part 2: Continuous Improvement and Part 3: Reduce TCO we discussed major advantages that can be achieved by replacing traditional ERP by cloud ERP solutions. Today we will focus on keeping your digital business always on and resilient. There are a number of questions you might want to consider, including:
- Did you experience a major disruption? Do you know that outages caused by human errors happen 5x more often than those caused by natural or man-made disasters?
- Do you know the financial impact of an IT outage to your business? The cost of downtime per hour across U.S. industries was in the range of $90,000 up to $6.5 million.
- Do you comply with your industry regulations defining business continuity and disaster recovery (BC/DR)? Non-compliance penalties can be significant, ranging from $10,000 to $250,000 with possible imprisonment of up to 10 years.
- Do you have a BC/DR plan in place? According to Aberdeen Group only 59% of organizations have a BC/DR operations procedure document; 55% have a BC/DR plan that can be measured; and only 32% educate their IT staff on how to proceed during a crisis.
- Do you regularly update and test your BC/DR plan? According to Aberdeen Group only 50% have tested their BC/DR plan regularly; 34% have tracked and reported their BC/DR plan performance.
- Have you considered outsourcing your BC/DR? Forrester revealed that of enterprises doing DR in-house, only 59% were somewhat successful in meeting recovery objectives during testing, and at least 34% are not sure they could respond to a real disaster.
In increasingly complex modern ERP environments, the risk of disruptive events is not limited to the “four walls” of the organization. Modern ERP environments typically include external service providers that support part or all of a given process or processes, which are often mission-critical. CIOs must plan to maintain business continuity and recover from disasters when disruption involves external providers.
But many organizations lack comprehensive ERP business continuity plans. They struggle to ensure that ERP disaster recovery and BC disciplines meet their business resilience needs in this rapidly changing environment.
Cloud services and outsourcing introduce different risks. External service providers may be in a different location and have a different availability risk profile. They may face different geopolitical risks. They may not follow IT and information security best practices to the same level as your organization. They may be subject to different infrastructure risks — that is power availability, telecom redundancy and so forth. They may face different natural disaster-related disruptions. They may be a target of denial-of-service attacks and so forth.
In short, without careful review and consideration, you may not be protecting your business nearly as well as you think you are.
As you reflect on those questions, consider which of the following scenarios would best describe your current situation and plans to keep your digital business platform always on and resilient?
Do you know how major disruptions to your cloud ERP would impact your brand, image, revenue and customers?
In today’s global, digital and mobile business environment, one thing is certain: Downtime means lost opportunity, which results in lost revenue. In fact, we’re nearly to the point that an enterprise ceases to exist if its technology systems are down.
You need a business continuity approach that combines processes, people and technology and helps anticipate and plan for any potential disruption. You need to assess your precise needs and create a tailored and cost-effective business continuity strategy for your business. And these strategies must match your business objectives. Continuity plans have to be developed, and personnel has to be trained and ready.
Your business, including its IT environment, is not only complex and heterogeneous, it is unique. It is constantly facing change, expected and unexpected. You need to create and maintain agility to respond rapidly and appropriately to shifts in business goals, customer expectations, market trends, government regulations, IT staff and infrastructure and whatever else might come your way.
The following consulting modules (all of which DXC provides) can be used to assess your risk and business impact and create your unique continuity plan:
- Business Impact Analysis identifies processes that are critical to the livelihood of your business, the qualitative and quantitative business impact of downtime and target Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs).
- Risk Assessment defines the events and environmental surroundings that can adversely affect your business and provides an in-depth report identifying areas of risks, exposures and recommendations for improvement.
- Continuity Assessment evaluates your current continuity program and environment from a disaster prevention and preparedness perspective.
- Continuity Strategy and Roadmap helps define your business continuity strategy.
- Exercise Management determines whether your plan will achieve your predefined RTOs and RPOs through tests and simulations of predefined recovery procedures.
- Continuity Plan Maintenance updates your plan, based on the results of rehearsals, audits and assessments.
- Continuity Training enhances the ongoing success of your program through the development of training programs for management, business users and IT personnel.
Do you plan to replace your BC/DR solutions while you transform from traditional to cloud ERP platform? Are you aware that traditional disaster recovery solutions are no longer sufficient to protect digital business platforms?
In today’s threat environment, you must protect your data, your customers, your revenue, and your brand value. That’s increasingly hard to do with older IT platforms. Such legacy systems cannot ensure always-on operations, do not support anywhere and anytime connectivity, and fail to meet industry best practices for security and compliance.
There are clear limits to legacy technology: Pre-digital latency that slows time to market; ERP downtime in an always-on demand economy; and tech systems that constrain rather than drive positive strategic outcomes.
The simple fact is this: Organizations that employ traditional ERP solutions today have a competitive disadvantage. Problems can include longer project lead times, poor flexibility and scalability, weak security and compliance, insufficient availability due to planned/un-planned downtime, and the high cost of dedicated SAP support. Stick with those traditional solutions, and you will fail in a digital business world.
Instead, you need enterprise-grade performance from your most important business applications. That requires always-on performance, on demand scaling, real-time analytics, and true consumption-based pricing. And you need it all in a secure, resilient, as-a-service platform. To accelerate the journey to a digital business future, you must transform to the SAP on-demand model.
By renovating your core systems to a true agile digital business platform — for example, by shifting ERP solutions to a cloud environment — you can remove the technology constraints that hinder strategic business outcomes.
DXC offers Enterprise Solutions On Demand (ESO) for SAP capability (see Figure 2). This solution provides enterprise-level features such as high availability, disaster recovery, portal and security — a true agile (on demand) business platform, providing cloud ERP (SAP in this instance). In fact, we are the only vendor providing a true aPaaS solution for SAP.
Do you want to significantly reduce time to resolution for any kind of incidents appearing in your cloud ERP platform and user experience? Do you want to benefit from continuous improvement of your solution and processes?
In order to drive performance and user satisfaction, our ESO for SAP model leverages the monitoring of key IT and business processes via agents and dashboards. A continuous improvement process automates the detect-to-correct processes for known incidents.
Agents and dashboard (see Figure 3) tools drive continuous improvement and enable proactive, business-oriented visibility of the entire SAP environment. Monitoring and agents are applied not just in the infrastructure layer but up through the SAP applications layer and into the business processes they enable. In this way, you can drive your IT and business processes proactively, addressing issues before they become issues.
Detect-to-Correct (D2C) process automation (see Figure 4) enables an always-on business based on high availability and disaster recovery service levels (SLA 99.95%; Recovery Time Objective is about 1 hour; Recovery Point Objective is about 15 minutes). D2C uses predictive capabilities to improve end-user experience while reducing the number of incidents by up to about 50% and time to resolution by up to 25%.
By leveraging immediate key performance indicator (KPI) insights, ESO for SAP supports the reduction of critical business process failures by up to about 25% and decreases business process incidents by up to about 30%. For some incidents in the SAP environment, an automated D2C process can reduce problem resolution time even by 98% (see Figure 5).
Do you want to avoid “planned” disruptions from your cloud ERP production?
Given the flexibility of cloud-enabled technologies, our ESO for SAP solution can be used to avoid other disruptions of the production system. A separate replicated environment can be leveraged to proactively protect against planned and unplanned downtime from testing activities or forensic investigations.
In particular, a testing clone can easily and quickly be made of your SAP environment or a subset. The clone can then be used for non-disruptive disaster recovery testing, patch testing, quality assurance, and other purposes. This can be done without turning off or impacting the production.
Typical non-recovery uses for cloud SAP include:
- Quality assurance (QA) and user acceptance testing (UAT) Unlike unit testing, QA and UAT should be done in an environment that is as similar as possible to an organization’s actual production workplace. The cloud environment, with fully replicated data, is ideal for these processes.
- Software updates and patches— The cloned SAP environment can be used to test new operating system releases, software releases and software patches.
- Forensic analysis— When a serious security event occurs, organizations may pursue an in-depth forensic analysis to identify the cause or perpetrator of the security breach. This examination could be done in the cloned test environment, which remains fixed in time. This enables the changing production environment to continue to support standard business processes.
Do you want to provide “best-practice” security? Any enterprise-class ERP solution must fully support in-country data sovereignty and residency requirements. You should also demand encryption for at-rest and in-transit data, as well as compliance with HIPAA, ISO, PCI and other regulatory and best-practice security demands.
Author: Joachim Mayer
Joachim Mayer is the DXC global marketing manager for continuity services and Enterprise Solutions On Demand for SAP. With prior experience in product management, sales enablement, sales, and consulting he provides insight from this diverse experience in this blog.