Crisis Management and Disaster Preparedness: An IT Perspective

Crisis Management and Disaster Preparedness: An IT Perspective

Every experienced manager, whatever field or department they work in, will have experienced at least a minor crisis during their watch. An unfortunate few will have been on duty during a severe crisis which may have ended up with the end of their tenure.

Knowing how to prepare for a crisis and to manage the situation when it arises can make careers, rescue institutions and, in the most dramatic cases, save lives.

Crisis management and disaster preparedness, as this article will attempt to illustrate, are two sides of the same coin with effective preparation reducing the frequency and severity of crises and crises, when they do happen, helping to improve future preparedness. Although crisis management and disaster preparedness is a very broad field, there is a growing realization that IT systems and devices are at the heart of many minor and major emergencies. This article focuses specifically on threats and solutions that have their roots in IT.

Defining a Crisis

In his ‘Handbook of Crisis and Emergency Management,’ Farazmand defined crises as ‘events and processes that carry severe threat, uncertainty, an unknown outcome, and urgency.’

As this definition makes clear, crises can appear out of the blue as an event, like an earthquake taking out a data center or a zero-day exploit. Equally, a crisis can be the end stage of an escalating process such as a mainframe going down after months of recurring problems. Most disasters have elements of both.

When a crisis happens, the emergency management skills of those in critical positions are thrown into the spotlight. They are forced to sink or swim and their careers can hinge on what decisions they make.

Although managers in this position may feel unfortunate, the truth is that any city or county manager can develop the skills needed to manage a crisis and any local government department can introduce crisis and emergency management training.

Some of the most important skills required for handling emergencies are rapid decision-making, composure under stress, clear communication and creative thinking.

Why creative thinking? Quite often, during an emergency, the BAU way of doing things no longer applies and the protocols and procedures that normally keep things ticking along nicely can start getting in the way of things.

That’s not to say that the rule book needs to be thrown in the trash. It’s just that a leader who is good in a crisis will choose which rules to observe and which ones need bending or breaking.

While this type of ‘firefighting’ is needed in an emergency, an effective manager should also have the long-term strategic vision and thoroughness to put measures in place to reduce the risk of crises happening in the first place. That leads us on to disaster preparedness.

Preparing for the Worst

When analyzing crisis management and disaster preparedness, the system of devices, network cables, wireless transmitters and cloud services that make up the IT infrastructure of a public organization is a microcosm of the threat landscape as a whole.

Just as earthquakes and hurricanes seem to strike out of the blue, so a section of the cloud can suddenly go offline or a local database can fail.

In both cases, the cleanup operation is always followed by an autopsy. Did seismologist readings indicate that a quake was imminent? Were evacuation policies triggered in the towns affected by a hurricane? Why didn’t the cloud provider’s failover circuits work? When were the in-house IT systems last inspected?

The inquiries often reveal that the sudden, unexplained crises did have a root cause after all and that the problem could have been avoided if those in charge had picked up on the warning signs. Even where individual human error is found, this is often a symptom of poor training provision and a weak system design which relies upon one single point of failure.

So if managers want to reduce the risk of facing a critical emergency, with their IT systems or other aspect of public management, they need to take disaster preparedness seriously. They need to cultivate an analytical mindset and be always on the lookout for anomalies and warning signs.

The good news is that due to the rapid advance of technology, there are now plenty of powerful tools and novel business models that can help public organizations to anticipate and eliminate developing threats and also provide assistance during a crisis.

How It Can Help with Emergency Response and Planning

While this article is not about persuading organizations to convert to cloud computing, there are two very good reasons for thinking about it: Big Data and artificial intelligence (AI).

While critics will point out, quite rightly, that the cloud has its disadvantages, when it comes to spotting and reacting to danger, cloud service providers and the top cloud-based security vendors have the heavy artillery locked and loaded.

Only the cloud has the storage capacity and processing power to analyze the vast streams of data that pass through an organization’s network. The leading security vendors have built devices and cloud-based services that can harness this power to spot a potential threat the moment it arises. What’s more, inbuilt AI programs can then learn from their performance to become even better over time. These intrusion detection and prevention (IDP) services work alongside next-gen firewalls and other security tools to provide a formidable barrier to incoming attacks.

As technology has become more sophisticated, the need for skilled IT management has increased. This has led to the establishment of the managed IT service provider or ITaaS (IT as-a-service). Outsourced IT firms can provide a suite of services including security monitoring and backup provision.

Training is another area where IT can help reinforce an organization’s security. It is now possible to access all the resources you need online, even via mobile devices, and to present them in a format that is much more accessible than the traditional model of external training providers and PowerPoint presentations.

Obstacles on the Road

What is preventing public institutions from embracing these exciting new cyber security tools? There are several obstacles that can get in the way of IT transformation.

Migrating to the cloud often means dispensing with legacy hardware that may have cost a fortune to develop and be tightly interconnected with how the department functions. Convincing the board to invest in a complex migration process with the promise of milk and honey at the end of it is a challenge, especially if the board members are not conversant with 21st Century computing.

Then there is the issue of choice. The marketplace is awash with vendors and service providers offering technologies that the average department manager will struggle to get their head around.

Sending sensitive public data outside of the organization may also be disallowed by federal regulations. Where it is allowed, managers may fear making the wrong decision and entrusting the protection of their networks to a company that will let them down during an emergency. To mitigate this risk, managers need to be thorough when developing an SLA with a managed service provider. As one provider of IT support in Los Angeles put it: “Making sure that an SLA is adequate to protect a business’s service in the event of both minor and major mishaps needs to take a central place in MSP negotiations.”

Every public department is different and there is no cookie-cutter solution that will guarantee perfect crisis management and total disaster preparedness. But from an IT perspective, there is certainly a lot more that some public organizations could be doing to position themselves to best face the challenges of this new decade.

About the Author :

Brent Whitfield is the CEO of DCG Technical Solutions Inc. DCG provides the specialist advice and IT Consulting Los Angeles area businesses need to remain competitive and productive, while being sensitive to limited IT budgets.

Brent has been featured in Fast Company, CNBC, Network Computing, Reuters, and Yahoo Business. He also leads SMBTN – Los Angeles, a MSP peer group that focuses on continuing education for MSP’s and IT professionals. DCG was recognized among the Top 10 Fastest Growing MSPs in North America by MSP mentor.

Share this now!

Leave a Reply

Your email address will not be published. Required fields are marked *