Resilience

 

Image from Pixabay

Barely recovered from World Password Day, the calendar shows us a campaign from an adjacent field: from 16 May we celebrate Business Continuity Awareness Week. And because business continuity management (BCM) is about as important as information security, this event also deserves attention in the Security (b)log.

BCM is the field that – as the name suggests – is concerned with the continuity of business operations, under what they call ‘unfavorable circumstances'. The word disaster plays an important role in this. The BCM people want to prevent these, and if one does occur, they want to control it as best as possible. Disaster is defined as an unexpected event with such negative consequences that regular problem-solving activities are insufficient to restore the normal situation. In addition to the continuity of the business process, they also have an eye for the safety of employees and visitors and for the reputation of the organization.

The motto of the upcoming special week is 'building resilience in the hybrid world'. Now I'm always a bit wary of mottos of conferences and other activities, because they’re often a bit pompous, while in the end it's about filling the program with contributions that are as appealing as possible and which are preferably presented in a nice way. Anyway, let's peel this motto off.

That hybrid world from the motto, that is of course the world we live in since the coronavirus conquered the world. Before the world became hybrid for us office workers, it was almost pure: we worked in the office, people with young children might have a fixed working day at home, a single daredevil didn’t show up at the office on two working days. During the pandemic, this turned into a situation that was even purer than the old one, but completely at the other end of the scale: from one day to the next we were all working entirely from home. In those two years I went to the office five times to do things that could only be done there. And then you still needed permission from your department head.

When the light came into view at the end of the covid tunnel, we started doing the opposite of what we used to do: we went to the office once in a while. And we prepared for that new hybrid world, because one thing was certain: we would never go to the office full-time again. And that impacts the way in which we have to look at continuity management. That is a statement, not necessarily a fact.

There is a data center just outside my residential area. I pass there every now and then and every time there is at most one car inside the gate. And that's basically how it should be: a technician only comes by when something is wrong, or for routine maintenance. In contrast, the complexes that house our own data centers also have an office function. A few thousand employees walked around every day, pre-corona. In our hybrid world, that has changed drastically. On any given day of the week, more colleagues work from home than at the office. What does that mean in the event of a disaster?

On the one hand, this is a disadvantage, because you are much less likely to have the necessary people present to cope with the event, simply because they are not in the office at the time. But yes, “together” is something very different today than it used to be. We meet virtually just as easily, although many will agree that in certain situations you can work together more smoothly if you are together in real life. In the event of a disaster, you may consider this flexibility as a luxury.

On the other hand, working from home is an advantage, for exactly the same reason: many people are not in the office. If it is a physical disaster, such as a fire, you do not have to worry about colleagues who are not there. An evacuation will be completed more quickly and the number of potential victims will be smaller. Furthermore, if part of the office workplaces are no longer available due to the disaster, you do not have to search for an alternative location: the affected employees have to 'just' work from home continuously for a while. Nowadays you no longer have to perform technical feats for this, because the necessary infrastructure is already there.

However, the reasoning in the two preceding paragraphs only applies if the disaster has not affected the infrastructure required for working from home. We must develop the necessary resilience there, insofar as this has not already happened. The rest of BCM is business as usual for which hardly anything changes in the hybrid world.

By the way, today is Friday the 13th. A perfect day to talk about disaster.

 

And in the big bad world…

This section contains a selection of news articles I came across in the past week. Because the original version of this blog post is aimed at readers in the Netherlands, it contains some links to articles in Dutch. Where no language is indicated, the article is in English.

• Apple, Google and Microsoft are joining forces to enable secure, passwordless logins.
• you can’t disguise your advertisement as a service message.  [IN DUTCH]
• data about you and your house may be on the street.  [IN DUTCH]
• cabinet members  are setting a bad example with the use of private mail and chat apps.  [IN DUTCH]
• the European Commission wants to use mass surveillance in the fight against child pornography.
• IT services and products in Germany can receive a security label from the government.  [IN DUTCH]
• managed service providers are often the target of cyber threats.
• Many websites leak your email address and password, often before you click send.
• Colonial Pipeline may be fined for a ransomeware attack on the company.