63 interdependencies between all the data and platforms associated with an important business service, which introduces critical uncertainty into their planning. To avoid this, Kyndryl leverages its expertise and works with its customers to assess the recover point objective – the maximum amount of time before data loss exceeds an acceptable threshold – for their cloud-based workloads. “The first step, which can also be a fun and team-building event for the customer, is to conduct a cyber simulation,” says Bradley. “The scenario could involve, for example, experiencing both a denial-of-service attack and a ransomware attack at the same time. Everyone then comes together in mission control to plan and execute a recovery. Based on the size of the enterprise, whether it serves 10,000 or 100,000 customers, we can then simulate how long that recovery could take, and whether it meets their business impact tolerances or recovery point objectives.” “Depending on the storage types being used, we utilise our advanced Mass Restore Modeling tools to calculate how long the process would take to recover,” says Bradley. “With this simulation as a use case, we can assess recovery timelines for critical business services, such as an order or dispatch solution. In some instances, recovery might only take 18 hours, while in others, it could take eight days or longer. This exercise also helps us collaborate with the business to determine what an ideal recovery process would look like.” Ultimately, a well-prepared and tested business continuity plan can be the difference between a minor data loss and a public relations disaster. Understanding the real business impact can save millions. “Recovering a business process within two hours while losing only 10 minutes of data might cost $10 million,” says Bradley. “However, if the business can tolerate a 24-hour recovery timeline with a 24-hour data loss, the cost might be as little as $100,000. It ultimately becomes a business decision. Should you accept some level of risk and potential loss or should you invest heavily to minimise it? It’s important for business leaders to make that informed decision, knowing that in six months’ time, bad actors may develop a new attack vector that renders that investment less effective.” Photo: iStock/Kerkez
RkJQdWJsaXNoZXIy NzQ1NTk=