Can digital resilience be achieved beyond the IT perimeter?
Achieving digital resilience
The traditional meaning of resilience is akin to “keeping the lights on” referring to the ability to restart or recover physical infrastructure, such as a server, network switch, storage array or data center, in the event of an outage. This was often related to the data center's setup, including whether it had diverse power feeds, battery backups, or generators that were tested and ready to take on the full data center load if required.
This still matters - as evidenced by data center failures in the past year that led to prolonged outages of IT equipment and the digital service. But it’s no longer principally what is meant when businesses, governments, regulators, and others say that resilience postures need to be raised.
Newer references to resilience are perhaps better understood as digital resilience: the ability of a digital application or service to continue to operate should a problem emerge with any part of the infrastructure that supports it. This is a much broader conversation than a single data center.
Digital service delivery today involves an amalgam of infrastructure that the service provider owns or leases access to. This exposes digital service providers to third-party suppliers, suppliers of suppliers, and so on throughout the digital supply chain. A decision by a supplier that plays a role in powering the digital delivery chain can have upstream and downstream impacts. Without end-to-end visibility of that delivery chain, it can be difficult to pinpoint the root cause of any performance issue or disruption.
This is the modern meaning and challenge of resilience. It involves infrastructure under direct, indirect, as well as limited control. What sits outside organizations' purview is considerably harder to manage. Still, policymakers, governments, executives, and boards expect organizations to maintain resilience when delivering digital products and services - no matter where a service is hosted, what the user location is, or if an application is owned by someone else entirely.
Principal Solutions Analyst for Cisco ThousandEyes.
Digital resilience in the digital economy
As organizations continue to embrace the realities of today’s digital economy and adopt new technologies to satisfy the needs of both customers and employees, digital resilience has come into sharper focus.
For IT teams tasked with ensuring that every digital experience delivered is flawless and always on, assuring performance across environments that are outside of their control has become a difficult challenge and concern. Depending on the severity, a relatively obscure problem anywhere along the digital supply chain has been shown to be capable of impacting entire populations and regions. Such occurrences reflect a longstanding architectural challenge: namely, the need to locate and eliminate single points of failure.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The digital delivery chain is only as strong as its weakest link or component. That has generally led organizations to re-architect and continuously optimize their digital delivery chains to try to ensure they are not exposed to single points of failure. In the case that they remain exposed it has led to the implementation of controls or other countermeasures that shield their environment from an adverse change being pushed through by the supplier controlling that link in the chain.
When it comes to solving these challenges, it is not just an IT problem, it’s a matter of business continuity. At its core, achieving digital resilience means being able to prevent, detect, and respond to events that could disrupt digital experiences and harm business outcomes. Doing this means organizations will need to embrace new, proactive management approaches that include both the systems they own, as well as the ones they don’t.
Understanding the underlying dependencies
Governments globally are increasing their influence on future directions for resilience, in many ways acknowledging the complexities of today’s interdependent digital supply chains and emphasizing the need for continuous and meaningful assurance to safeguard access and usability.
Whether the EU’s Digital Operational Resilience Act (DORA) for financial services, the U.S. Federal guidance on digital experience, or Australia’s Security of Critical Infrastructure Act and accompanying resilience requirements, there’s recognition at the policy level that building resilience requires a concerted effort and focus; that resilience planning and architecture needs to be regularly tested; and of the need for preventative maintenance to address any detected weaknesses.
Under DORA, for example, banks, insurance companies, investment firms, and their third-party ICT providers must now meet an enhanced set of requirements covering risk management, the resilience of their networks, incident reporting, and much more. These requirements mandate consistent monitoring and vigilance—not only of the own IT infrastructure, but that of third-party partners too. This, in turn, is making financial institutions take full responsibility for their entire service delivery chain, even the parts they don’t directly control themselves.
Technology has a role to play and solutions for cross-domain visibility and digital assurance are enablers for organizations involved in digital service delivery. These capabilities help in understanding the underlying dependencies along the entire digital supply chain that impact end user experiences. It utilizes various technologies, including synthetic transaction monitoring (STM) and real user monitoring (RUM), with the aim of measuring and surfacing experience health in digital delivery scenarios, particularly where the user's perspective is located across the Internet from the application or service.
To meet the current and future needs for digital resilience, whether driven by government policy or other incentives, organizations may in future require a selection of visibility and redundancy options at their disposal - where that makes financial sense. Or, in simpler terms, to see their entire digital supply chain like they own it, and to have a backup plan for their backup plan.
We've featured the best business intelligence platform.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
Mike Hicks is Principal Solutions Analyst for Cisco ThousandEyes.