The CIO Diaries: Resilience Beyond Digital Transformation

Information Systems (IS) become more and more complex as the number of solutions in the IS space keeps rising; each solution promising different but convergent gains. The question no longer remains how to transform your IS strategy to meet your organization’s digital needs but how to remain resilient in uncertain times.

Managers of IS today make decisions out of a complex, contradictory, and dynamic landscape of big data that is available but has a short relevance lifecycle. This means that decision-makers spend more time making informed decisions today than they did a few years ago with fewer and less complex systems.

In this article, I posit that creating a resiliency strategy goes beyond digital transformation and offers some strategies for designing a resilience plan.

Your resilience strategy - beyond the systems

Beyond Big Data Analytics is the question of whether the systems producing data can withstand the shocks and ambush that surprises all of us (Not to mention the Covid-19 pandemic and the digital transformation it rapidly fast-tracked). Consequently, there is a need to embark on a journey of IS resilience if your organization will be able to seamlessly adapt to change while protecting its business and customers from all types of disruptions and disasters (Ambush and Shocks) - incomplete knowledge, interoperability, and surprise.

Business leaders today demand both stability and disruptive innovation – two key variables that used to be on different sides of the continuum. Your ability to balance these two competing pressures will determine success for your IS team, with your digital transformation journey underpinned by disruptive innovation whiles your resilience journey is underpinned on stability against adversity.

In this tag of war, however, there is a third and perhaps most important factor – Productivity and Business Continuity, which tends to suffer.

Resilience is not only about the systems. It has more to do with the decisions that lead to making the systems resilient. Your resilient plan may encompass an array of decisions such as:

• Which services may only need load balancing to prevent the event of overloading a particular system?
• Which services will demand a backup (online and/or offline)?
• Which services will need a disaster recovery solution (including Geographical redundancy and their corresponding recovery time objective and recovery point objective)?
• Which services will need a high availability solution?
• Or which services will need a combination of the above strategies

Your resilience program should therefore:

• Avoid monopoly & be flexible: A monopoly of resilience decisions may lead to widespread disruption. Monopoly may emanate from the strategy itself, using the same vendor (s) or not properly prioritizing services. In providing Disaster Recovery (DR) services as a resilience measure, geo-redundancy is a good choice. However, it may not be needed for every ‘critical service’. Instead of planning for a single failure scenario, look into the possibility of other failure scenarios occurring and the right strategies to curtail them.
• The big picture: The big picture is ensuring productivity and business continuity. Your resilience strategy should hence go beyond striving for immunity and incorporate the need for productivity and business continuity. Most often, IS Managers and CIOs receive a list of services all classified as ‘critical’ by their respective business unit owners (Marketing, Finance, Operations, Customer Support, etc.), demanding that they ask the more relevant question: what is my resilience tolerance level?

What is your resilience tolerance level?

In answering this question, IS Managers and CIOs should first define the various tolerance levels and the respective strategies that would be applied for each resiliency strategy. Investment decisions would then be justified and then resilience classifications done together with the business owners for each service.

Most importantly, however, the investments should be justified. If data available reveal that a particular system has not had downtime for 8 years, it would be difficult to justify a Disaster Recovery (DR) spend. On the contrary, however, resilience is about being ready in times of uncertainty. Hence offering a DR for such a system may amount to ensuring readiness for uncertainty. But is the investment justifiable?

In conclusion

Your IS resilience journey is not a ‘quick fix’. It is a gradual journey of policy creation and an array of strategic decisions that need business alignment and investment justification with results to show.

To avoid creating resiliency strategies out of incomplete and irrelevant data, a detailed business impact analysis of the organization's IS portfolio should be conducted to address the risk appetite of the various business units and the organization. This should be accompanied by a thorough engagement of the various business units to determine policies, risk levels, and investment options (For example, how much it will cost to create resiliency as against the revenue being generated from such a system).

Finally, IS Managers and CIOs should continually revisit their resiliency strategies and update them as new and more relevant data becomes available.

Author: Kwadwo Akomea-Agyin is a seasoned business professional with 12+ years of progressive experience in Project Management, Consultative Business Development, and Digital Transformation solutions. He is a member of IIPGH and a regular contributor to this column.

Contact Kwadwo on WhatsApp: +233544341374 | Email: kojo.e@live.com | Skype: Kwadwo_2010