As employees increasingly take a ‘mobile-first’ approach to their use of computing technology, this creates new challenges for organizations; and especially for business continuity managers.
Companies today are taking new approaches to how their staff work and achieve their objectives. In the US, more than 105 million employees will be classed as mobile workers by 2020, according to research by IDC. In the UK today, around 48 percent of employees can be classed as ‘mobile workers’ that travel for more than 20 percent of their working week, according to Strategy Analytics. This trend will only increase.
Alongside this shift in how employees are working, companies are changing how services are delivered. Cloud-based applications are becoming common within enterprises of all sizes. Microsoft’s Office 365 is now used by around a quarter of all US public sector bodies, with Google Apps not far behind. With just under half of all these organizations using cloud-based office productivity suites for their email, this is nothing short of a fundamental shift in how central IT services are provisioned.
Today, there are more options available for business communications as well. Conversations once limited to face-to-face meetings, fax, phone calls and email might now begin on social media and continue via phone conversations or chat applications. While the role of email is not going to diminish as a ‘system of record’ for communication, the range of options open to people across the business is ever-increasing.
What do all of these trends mean for business continuity teams? Well, the need for disaster recovery and backup of data has not decreased, but it is different. These changes mean that traditional data protection methods might not capture all of the data that people create as part of their working lives. Relying on protection of central applications is therefore not going to be enough.
The impact on compliance: the need for collaboration
Many traditional approaches to protecting data rely on all that new information being created and stored centrally. When individuals can create new files that make use of personally identifiable information and save that data either locally on a tablet or in a cloud service without ever touching a corporate IT device, this opens up the potential for data loss and risk. In the past, it was always possible for a company laptop to be lost with sensitive data contained on its hard drive; today, the nightmare scenario is that IT will not know about that sensitive data being created at all. The proliferation of data onto more devices, accessible from more places through applications or services that are not directly owned and managed by IT is all too easy to imagine.
While this growth of data can put compliance efforts at risk, this can also be an effective spur to action as well. For example, the European Union has put together a new draft regulation in place around the safety and security of personal data. The General Data Protection Regulation (GDPR) includes a notice that any infringement of personal data through loss or theft can potential result in damages equating to four percent of an organization’s annual revenues. This represents a huge incentive to invest in better data protection strategies ahead of the regulation coming into effect in 2018.
Putting proactive continuity and compliance in place
All continuity efforts are geared towards ensuring that business operations can get back to normal as fast as possible after an incident. This could be a minor issue that can be fixed through the fast recovery of IT systems; alternatively, a major disaster may require the full-scale implementation of operations at a secondary site while the primary incident is dealt with. Either way, DR planning involves having up to date versions of critical data, processes and operations in place that staff can then use.
This is a big contrast with compliance activities. In the event of an audit, the typical approach that IT teams will have to undertake is to search through available email records and files around a specific topic. This represents a big potential time investment. However, just like any disaster, these audit events can’t be predicted in advance, so many companies choose not to invest here if they can avoid it.
The problem is that more data is being created on mobile devices without touching central IT systems. If an audit event does come up, then the IT team can find themselves unable to build up the full picture of what really took place. What if the critical communications took place over a channel that did not have its data adequately backed up, or the user forgot to save their data centrally rather than on their own device? Is the data stored on a cloud service rather than on a central IT system?
To prevent this from becoming an issue, it’s possible to take a more proactive approach to data protection. Rather than existing traditional approaches to capturing data that rely on centralisation of data, it’s worth looking at how data created on mobile devices can be added to the business continuity planning process instead.
As documents are created, they can be scanned automatically to check for personally identifiable information that needs to meet compliance rules around security. If and when one of these files is created, the necessary rules on security and retention can then be applied. This approach is more practical than relying on human intervention; indeed, it should be based on taking the same ‘ease of use’ priority that mobile app developers have to bear in mind.
As companies seek to remain competitive in today’s business landscape, the use of cloud services and mobile devices is increasing in size and scope. Individuals want more flexibility in how they work, while IT teams are looking to keep data protection plans in place that track against these new work patterns. As more and more employees become mobile workers, business continuity planning and DR strategies will have to move into this ‘mobile first’ world as well.
* This article was original published on Continuity Central on January 20, 2016 and has been edited for length.
This year marked the third consecutive time that inSync was ranked #1 by Gartner, further establishing Druva’s foothold as the global leader in converged data protection. Download the report to learn how enterprise endpoint backup is solving for much more than simply backup.