Trends in Business Continuity Planning: Not What Everyone Expected

As we have passed the first anniversary of the events of September 11th, 2001, Global2000 organizations are demonstrating a continued resolve in developing and maintaining business continuity (BC) programs, and appear to be committed to funding these efforts over the long term. This should come as little surprise to most CIOs as security/BC has appeared as the No. 1 one or No. 2 budget line-item increase in virtually every Wall Street CIO spending survey since the fourth quarter of 2002. What is surprising many industry watchers and consultants are the strategies being employed by leading IT organizations to address the increased requirement for business continuity preparedness.

The events of 9/11 occurred during, and contributed to some of the worst economic market conditions in recent history. Spending on BC programs may be a top IT priority, but it is a high priority in a negative-growth budget year nonetheless. The combination of increased risk and adverse economic conditions have created an environment that demands efficiency in business continuity planning efforts, which has resulted in the following trends:

• Operational Efficiency Initiatives Continue: IT organizations continue to execute on data center, call center, and other consolidation and centralization efforts in the pursuit of cost reduction objectives. This is contrary to much of the prevailing wisdom published immediately after 9/11, which predicted a trend towards the geographic distribution of operations sites to mitigate risk. To be blunt, most organizations are more concerned about maintaining thin margins in a weak economy than they are about an operations site getting hit by an airplane. This continued consolidation activity should not be misinterpreted as a disregard for risk mitigation and recovery planning, rather that leading IT organization are electing to consolidate operations to a small number of large, efficient, and very secure sites.
• Increased Focus on Client-Side Recovery Needs: The events of 9/11 had an unprecedented impact on client-side operations with over 75,000 seats lost. Most Global2000 corporations have had well-defined BC plans for data center operations for years, but few have had formal client-side (user workspace as defined by a desk, workstation, network access, and telephone handset) recovery plans in place. This is changing.
• A Reduction in Site Separation: The trend in site separation (distance) between production and recovery sites is towards less distance, not more. Excessive production/recovery site separation increases recovery times and increases costs. Organizations are favoring effective, affordable recovery plans that address the vast majority of disaster events, as opposed to ineffective, expensive recovery plans that can theoretically survive a catastrophic regional event.
• Increasing Popularity of Internal Recovery Site Provisioning: Price increases in the commercial recovery site provider market since SunGards acquisition of Comdiscos Availability Services business unit last year, in tandem with more aggressive recovery time demands by business executives is driving the trend towards in-sourcing of recovery site provisioning. Internal site provisioning simply offers testing flexibility and recovery service levels typically not available in the commercial market, and at an increasingly small cost premium.

Had the catastrophic events of September 11th, 2002 occurred instead on September 11th, 1999, we may have seen a very different response on the part of IT organizations. Consistent with the excesses of the bull market of the late 1990s, lavish spending on BC programs and technologies would have likely been the norm. However, these programs would not be sustainable, and very short-lived in the current economy. If there are some positives that can be taken from these two very negative events, one may be the forced discipline that has forged durable BC programs.