Resilience Uplift - Good for Human & Technology

My favourite song is - "Rise Like a Phoenix". Why I said so?

Everyone of us may have felt the power of resilience at least once in our lives. The "bounce back" from the raging storm - whether it flows around you or through your systems; is worth living for. Just like a phoenix!

Today, the borders between Humans & Machine is constantly getting thinner, through the advent of Technical disruption. Hey! there are startups who are experimenting on nano-pills which will have nanobots flowing through our bloodstream helping the process of building antibodies faster and destroy the evil bugs.

Recently IDC & Zerto wrote a brilliant white paper titled - "The State of IT Resilience" (link shared below). The white paper was very insightful in many ways. They had done an intensive study of 500 Organisations of various sizes and have shared some stunning figures.

Over the past 50 years, the average lifespan of S&P 500 companies has shrunk from around 60 years to closer to 18 years. To succeed, companies must be digital transformers while managing the data required for new business initiatives. IDC estimates that worldwide spending on digital transformation technologies will reach $1.18 trillion in 2019, an increase of 17.9% over 2018. 

Regulations across the world especially financial regulations are implementing stringent laws for enabling resilience but they may not be up to the level required. The brunt of that & lack of preparedness is evident in the rise of IT spendings - just to uplift resilience. As computers and automation led the charge through the last few decades, companies, organizations and governments focused their efforts on revitalizing the IT infrastructure through Industry 4.0. The industry 4.0 is moving towards Automated physical systems, Smart Cities, Internet of Things, Robotics and Blockchain - organisations are scrambling to constantly change their tools, process and people (not really) to become more resilient.

So what does that mean? It means that the Business Leaders within an organisation must take Resilience seriously and infuse capabilities in the build of their applications and services to adapt faster else impacts can be:

• Topline or Bottomline impacts;
• Sluggish adaption w.r.t. competition;
• Loss of Customer's Goodwill and Trust.

Now convert them in numbers and you will see the impact to all these are quite heavy. So resilience uplift is a must for any organisation who wants to have that competitive edge in the market please, is it not?

Resilience is also deeply tied with risks too. A CRO's job is to identify, strategise and manage the risks, but the resilience is a different ball game all together. To some degree you can plan for resilience using predictive risks within the defined boundaries and linear system behaviour. Well, today the machines are constantly trying to mimic the human behaviour (minus the empathy & feelings) and many things around us are constantly changing. If Resilience is good for humans what about the machines then? I have seen many big corporation gets a hit every now and then; either because of a change in policies, legal & regulatory requirements, change in technology or simply the change of human behaviour. So, what does the word resilience mean to senior executive?

IT Resilience is defined as an organization's ability to maintain acceptable service levels through, and beyond, severe disruptions to its critical processes and the IT systems which support them.

Huh! so boring. What does it really mean then? Very simply when the s*** hits the fan you should still be able to giggle; that exactly what it means. Well! you may frown a little bit but you will be OK. So how you do you do an assessment and what controls would you like to explore?

Resiliency is uplifted by coherence of discovery, design, development, test, and deployment, which allows for rapid response to changing environments all while still maintaining internal balance.

Here are some questions to ask?

1. What security and threat controls are there in their development process? Look at their Development process and find out whether they have anything in their development process which basically manages threats; mostly the answer is no. Everyone thinks that the Solution Designer is doing this and the SD in the team thinks that our infrastructure team is doing this and like wise. It goes in a Chicken & Egg circle. Do you remember the famous story around Nobody, Somebody and Anybody? I am sure you do.
2. When did they last do a drill or a simulation? Mostly the answer is "BIG No". All of us have faced a fire drill in our workplace but what about the IT system's fire drill equivalent? It is not there at all.
3. What are the unknowns you may be dealing with? You may get a "BIG No" again. The architecture is seldom designed to reorganise itself to deal with things which crosses the boundaries of predictability and linear behaviour.

The answer to these 3 questions above would what a head of the IT functions should ask the person who is pitching to sell a resilience solution or a service. This is where the game changes to next level.

Welcome to Resilience Uplift

So let's look at some of the things which is a good hygiene if you are looking to uplift the resilience of your IT systems or just planning for one.

Create a "culture" of experimentation with the boundaries - Agile way of working has already transformed lots of organisation in a manner where they have adopted experiment as a way of evolving - the famous Build, Measure and Learn paradigm is everywhere. Can we build resilience in the architecture to totally isolate the system in an unknown calamatic occurrence OR even more importantly can our architecture co evolve with the changing environment? Yes, it can be done! That's how you cross your boundaries. Both ways, your resilience will be uplifted.

Awareness & Mitigation of the butterfly effect - When a little unknown changes comes in your environment the whole system goes for a toss; when this happens it is called a butterfly effect. One of the way to mitigate that is to use Double Loop Learnings by Chris Argyris and Schon. What does it mean? In the word of Donella Meadows, the famous author - thinker - scientist - teacher - writer says:

When the error detected and corrected permits the organization to carry on its present policies or achieve its presents objectives, then that error-and-correction process is single-loop learning. Single-loop learning is like a thermostat that learns when it is too hot or too cold and turns the heat on or off. The thermostat can perform this task because it can receive information (the temperature of the room) and take corrective action. Double-loop learning occurs when error is detected and corrected in ways that involve the modification of an organization’s underlying norms, policies and objectives.

A multiple implementation of double-loop mechanism in the architecture and systems keeps the IT organisation much more resilient than their peers.

There are many more strategies which helps the Senior Managers to re energise their systems with the right resilience so that next time when an "unknown" change comes they do not have to spend a huge amount of time, money, downtime and bad user experience in trying to mitigate the effects of an "unknown"

Be Resilient!

References:

IDC & Zerto's White Paper titled - "The State of IT Resilience"