If 100% prevention of an outage (whatever the cause) is unachievable, a better strategy is cyber resilience.
As Mickey North Rizza, program vice president, Enterprise Applications and Digital Commerce at IDC, puts it:
“Digital resilience is a requirement in the digital-first world. Rapidly adapting to a business disruption requires a business to leverage its digital capabilities within its enterprise application portfolio. Modular, intelligent applications are helping the organization leverage the data and gain insights to better maneuver the organization so it can remain resilient and capitalize on the changed conditions.”
In other words, instead of pursuing invulnerability, enterprises should make sure they are resilient to outages and able to recover business operations rapidly when (not if) these occur.
Weston explains that Kyndryl starts with a business risk assessment, looking across the enterprise at its business processes and installed security tools and plans. “Once we understand what the risk is today, we’ll be able to provide a programmatic approach to improving that organization’s resilience posture,” she says. “That risk assessment is programmatic, starting with what you have today and what you need to shore up, given the evolving landscape of threats.”
Kyndryl uses a combination of a reference architecture and domain expertise tailored to the requirements of different industries: manufacturing, retail, healthcare, and so on.
There is a long list of as-a-service technologies that, collectively, cover core-to-edge cyber resilience. (See “Kyndryl’s Security and Resiliency Offerings.”)
“I would rank all of them as pretty core to your cyber resilience strategy,” Weston says. “Each one maps to the ability to anticipate, protect, withstand, and recover. Whether you have them internally or you procure them from a vendor, I don’t think you can prioritize one over the other.”
In the shadow of rapid technology change, a skills shortage, and rising levels of cybercrime, organizations making rapid shifts to hybrid multiclouds often leave themselves vulnerable.
Many will be best served and protected by using a managed service from a partner that can bring to the table risk-assessment advisory services, a portfolio of automation and integration services, and domain expertise.
In execution, this partner will cocreate the security and resilience strategy for cloud, multicloud, and hybrid environments and should not highlight one technology or platform over another.
“Why go in and ask a client to rip and replace when they’ve already placed all their investment into that environment — that’s not efficient,” says Weston. “What we can say, regardless of what you have installed and invested in, we can help you enhance that so that you are meeting all of your cyber resilience needs and expectations, or we can manage it for you.”
Organizations are finding it increasingly challenging to anticipate, withstand, and recover from adverse conditions, stresses, cyberattacks, and cybercompromises. But properly protecting business applications and operations from outages and cyberattacks is easier with the right partner at your side. In the quest for agile infrastructure using hybrid multicloud, having a partner that fully understands both operational and security complexities is increasingly considered to be stakes.