Our thoughts are now with the resilient people everywhere who are now challenged to restore a semblance of order to a world upended by an unusual massive weather event.
That being said, I believe there is the small spark of opportunity for selected IT leaders to use this very dramatic and very public event to drive a more meaningful discussion with their executive teams around business continuity.
And as I often say "don't let a perfectly good crisis go to waste".
Like so many folks online, I despair at vendors who #stormjack a crisis and attempt to turn it into a marketing opportunity. I find it crass and insensitive, as do many others obviously.
That being said, there is a very real and palpable issue between IT leaders who fully understand the threats and know how to best prepare -- and the willingness of business leaders to invest in that kind of comparatively expensive IT insurance.
Having worked at EMC for so very long -- and, inevitably, been fully engaged in many discussions of this kind -- I think there might be an opportunity for certain IT leaders to re-engage in an important discussion that (unfortunately) needs an occasional massive disaster to bring it more clearly into focus.
Why Is This?
The risks are well understood, the various strategies are well understood, multiple technologies are clearly understood, the processes and methodologies are familiar, there are a variety of consumption models available and a wide range of service providers who can help.
No, most definitely it's not a supply problem -- it's clearly a lack of demand for this kind of insurance. Not lack of demand from IT; lack of demand from the business to protect themselves.
So, I've sort of come up with my own explanation as to why this might be.
Many business leaders don't fully understand the IT risks they're exposed to.
Conversely, these same people are fully conversant with financial risk, operational risk, etc. -- and are more than willing to invest in various forms of insurance against these risks.
Since they don't fully appreciate IT risk, they're unwilling to invest.
Many business leaders see this as an IT problem, and not a business problem.
It would be nice to live in a compartmentalized world where every business function "owns" a problem (and the solution!), but this is rarely the case.
In the real world, many business priorities transcend a single functional unit (e.g. blaming the sales team for poor sales), and that's where the executive team earns their living -- getting to the root of the challenge, and orchestrating resources and talent to come up with the right solution.
Many businesses have become more digital than most people realize.
If the IT services aren't there, business just can't be done at any level. You're essentially out of business until things come back.
Having a sustained inability to do business is a risk on the same order of a massive quality problem, defect or recall. Your customers can't depend on you anymore. And blaming other parties (e.g. your service provider, etc.) won't cut it -- trust me.
Now, if your product or service is "sticky" in nature (high switching costs, etc.) you might be able to weather a brief outage at reasonable cost to the business. But so many products and services today have low switching costs, which means if you're not available, they'll go find someone else who can do the job.
A Lack Of Willingness To Invest In Protecting Against"Black Swan" Events
When failure modes are frequent and well-understood, there's a willingness to invest in protection. For example, meet anyone who runs an IT shop in the Florida area, and they've got a pretty good handle on how to protect against hurricanes coming through.
The scrambling occurs when we're faced with an event that is hard to predict and infrequent in nature. Hurricane Sandy, an earthquake or tsunami, a nuclear meltdown, a massive power grid failure, and so on. Since these sorts of events are infrequent in nature, we're not thinking about them as part of our day-in, day-out risk mitigation scenarios.
And thus we're badly exposed when they do happen. In some sense, we need to protect against our own human biases in perceiving and reacting to risks.
Back To The Original Thesis
There's nothing like a good crisis to focus people's attention. Sad, but inevitably true.
We've now have a clearly documented (and somewhat unusual) crisis at hand. Could this be an opportunity for certain IT leaders?
Many IT organization I meet with have fantastic BC/DR capabilities: redundancy, geographical dispersion, well-exercised contingency plans, disaster drills and so on. More importantly, they have a culture of risk identification and mitigation -- not just in the IT organization, but across the business.
Others are not so fortunate. The desire to invest in better IT protection has to compete with other business priorities: new product development, expanding the business, and so on. One set of investments clearly leads to more revenue and profitability. Another set of investments provides a useful hedge against things that are relatively unlikely to happen, but could.
And for this second group, I'd hate to see them waste a perfectly good crisis.