Resilience doesn’t just happen
Resilience isn’t something you can just go out and buy. Sure, you can procure a service-level agreement with a specific provider for a specific service, for example, telecommunications, application hosting or cloud services. But that service is just one part of a larger, integrated, end-to-end business process where the overall resilience is only as strong as the weakest element in the chain. Such a process requires people, facilities for them to work in, technology that enables them to perform the entire end-to-end process, and an exchange of data with other vital processes in the business. To be effective, resilience is something that must be designed into every aspect of this process.
Resilience isn’t one-size-fits-all
Not all processes have the same resilience needs. Trading floor processes usually have near-zero tolerance for disruptions, where millions of dollars may be lost if a commodity or currency trade cannot complete on time. A delay of hours or even days on a demographic analysis of last quarter’s sales, on the other hand, may be tolerable for a business.
Over the years, the security and resilience industry has developed many sophisticated technologies that, when thoughtfully combined, can all but eliminate individual technology failures – in some cases, even entire data centre failures – as a source of business disruptions.
Outdated processes are no match for cyber-threats
Cyber-threats greatly complicate the art of resilience by design. Traditional resilience design techniques (server clustering, data replication, multiple physical routes in communications networks) may still be necessary, but they are no longer sufficient. After all, what good are two perfectly synchronised, geographically distributed copies of infected data?
Maintaining required levels of total operational resilience requires building cyber-resilience into business services, with not only appropriate levels of technological resilience but also a logical consistency of user data and configuration data.
We do have to be careful in our designs, though. We don’t want to inadvertently propagate (at the speed of light, no less!) logical corruptions or malicious infections. For “crown jewels” data, it’s vital to have mechanisms in place to ensure a known good copy exists – encrypted, immutable, and electronically isolated from operating data.
Take the next step
Not sure where to start? Kyndryl offers a Resilient Architecture Design service that works in concert with the Kyndryl Cyber Resiliency Framework. Our consultants and architects work with you to use preparation, protection and practices to design right-size resilient capabilities into the foundation of your business services.
Resilient Architecture Design starts with defining various resilience tiers in your business. Then, for each element in the end-to-end environment (for example, Unix servers), it defines what characteristics of that element are required to support the various end-to-end services tiers (for example, active-active capability across geographically disbursed sites, single-site clustering only, or a single-site server with remote server that can be activated with a certain time).
Kyndryl Cyber Resiliency Framework is designed to protect your environment from malware, quickly detect its presence should it get through your defences, limit the impact should it become activated, and provide a clean environment into which clean data can be restored to quickly get your business back online.
With more than 30 years of experience designing, building, and managing many of the world’s most sophisticated and resilient IT environments, Kyndryl has the skills, experience and global reach to help you realise an environment with the appropriate level of resilience for your company.