How resilient is your data?
The Bank of England is asking organisations including UK banks, building societies, and PRA-designated investment firms to demonstrate how operationally resilient they are.
Organisations are being asked to identify important Business Services and set Impact Tolerances for these services. Firms are then being asked to take action to ensure they are able to deliver their Important Business Services within their Impact Tolerances.
Testing against severe but plausible operational disruption scenarios will then assist firms to identify vulnerabilities and take mitigating action.
Understanding your data, especially data in flight, (transactions as well as files being transferred around the organisation) essentially your data as it moves from one point to another, is crucial for demonstrating you are operationally resilient. Not only does it help answer the question about how resilient your data is but helps support a wider end to end thinking.
It will take organisations beyond the normal application and infrastructure view of the world. All too often we see organisations focus on software and tin and not on the customer data in flight. We can buy that software anywhere, we can install software and reconfigure as we wish, but can we get our customer data back?
We have all observed organisations having a tough time, not because infrastructure or applications have failed but because the data in its databases wasn’t correct or reconcilable with at least one very public failure in recent years. It is not as simple as making sure you can restore and reconcile, it is a question of how long that might take. For a bank, anything beyond a few hours is disastrous.
There is so much to consider when responding to these regulations but by understanding data in transit across your important business services, your APIs, your batch, and by capturing corresponding volume data, you can ‘anchor’ your mapping and response to what’s really material.
These specific points will be explored in a series of blogs over the coming months
- what data in transit is,
- how it can help you develop a mature response to regulations (including a definition of your important business services and setting impact tolerances to prioritizing vulnerabilities)
- how it can provide increased transparency for your major change programmes and simplify incident and recovery management
- how best to maintain data in transit information assets to avoid repeating analysis over and over again
- the specific challenges we have observed, and
- how you might overcome these.
For example, it is unlikely that you will be able to rely upon siloed Subject Matter Experts to define and baseline the performance of your Important Business Service(s). The crux of this is that applications and infrastructure alone do not make an Important Business Service.
Rolling up your sleeves now, analysing system-generated logs to target specific transactions, batch processes and volumes, essentially your data in flight, could save you a huge amount of money and time in responding to regulations and if maintained correctly support BAU and large change programmes moving forward.
One last thought, many organisations have layered complexity on top of complexity over the years, imagine the power of taking away that ‘noise’ and truly understanding through data in transit analysis what’s material in terms of your customers being able to fulfil a service.
What will become possible with the better quality of decisions you can make?