Have you heard the term, "a rising tide lifts all boats"? It's an aphorism that refers to the broad, positive effect that benefits all participants of something such as a strengthening economy or a particular public program. For example, as the economy improves, theoretically so does the prosperity of businesses and individuals. Here's another example that's near and dear to my heart. Business resiliency (BR) is the ability an organization has developed to quickly adapt to disruptions while maintaining continuous business operations and IT systems, and safeguarding people, assets and reputation. The more resilient an organization is, the better their strategy execution, profitability, sustainability, competitiveness and innovation. BR also lifts the tide for other factors, like risks. What I mean is generally, a resilient organization does a better job at identifying, measuring and mitigating risk than one who is not.
The most recent Gartner Magic Quadrant for IT Risk Management evaluated governance, risk and compliance (GRC) software (and coincidentally names RSA as a leader) that perform IT risk management. When we think of BR, we usually relate it to the "business" and don't necessarily correlate BR to IT risk or as a factor in reducing IT risks. However, let's try to separate the two. Gartner states that the definition of IT risks for the purpose of their report are those within the scope and responsibility of IT, the IT department or IT dependencies. Now, let's identify those business processes or functions within any given organization that don't rely on IT systems or the IT department. Wait, I'm counting....uh, zero. In this day and age, the business has become synonymous with IT systems and capabilities.
In a 2015 study by Protiviti, a global internal audit consulting organization, on top risks cited by executives and boards, they included among top strategic risks - the rapid speed of disruptive innovations and new technologies, mobile applications and other internet-based technologies; and operational threats such as information security and big data - with cyber threats being a top five risk. These are all IT risks but each has deep business implications.
BR is not only a trait of successful organizations, but is also a risk mitigation strategy and approach to address business and IT risks. BR speaks directly to the heart of IT risk management by implementing strategies and tactical steps to mitigate the risk of IT dependencies that can create uncertainty in daily tactical business activities; reducing IT risk events resulting from inadequate or failed internal processes, people or systems; and improving the availability of services, including incident management and disaster recovery.
I'm proud that RSA was again named a leader and we have the capabilities to help organizations build business resiliency and address business and IT risks. Send me your thoughts at Patrick.firstname.lastname@example.org. Also, check out our Community page for more information on the MQ series. https://community.emc.com/docs/DOC-41831