When the admin runs out, what about your business continuity

Maintaining business continuity, i.e. the ability to undisturbed implementation of the main processes that bring income to the company, is one of the tasks that are often delegated to representatives of the IT department. Due to the high involvement of information technology in business processes, the IT department seems to be the cell best prepared to handle any unforeseen situations in the form of hardware failure, user errors or deliberate actions by intruders. Is this assumption correct? Unfortunately, not entirely.

Indeed, technology is one of the main factors that have the greatest impact on the performance of any organization and, at the same time, a factor that fails relatively often. Therefore, when we think about business continuity, first of all, solutions aimed at ensuring operation in the event of failure are verified. They are most often limited to redundancy, i.e. redundancy that allows uninterrupted operation in the event of damage to one of the system components. Another category of security are backup systems, which are to make the environment immune to situations related to data loss as a result of a failure, user error or deliberate action to our detriment. Both backup systems and solutions ensuring high availability (HA) are something without which the IT department would not be able to fulfill its business function. If they were not there, the first failure would have serious consequences for those responsible for maintaining the ICT environment.

However, is it enough? Each, even the most perfect system must be operated and maintained by its administrators. People responsible for the implementation and servicing of systems often acquire their knowledge for years. Despite a certain standardization and repeatability of technology, this knowledge is often specific and depends on the characteristics of a given environment. Thus, even the best system may turn out to be ineffective, or even useless, if there is no person responsible for it. And here we come to the heart of the issue. If we delegate the entire responsibility for maintaining business continuity to system administrators, what will happen when they run out?

READ ALSO  Security incident in the protection of personal data

It is worth asking yourself this question in advance. In my career, I have met several times with cases of sudden (overnight) resignation from the administrator's job, whose knowledge was crucial for the company's operation. Complications that may arise after such an incident pile up overnight and can lead to a serious crisis. There are known cases of companies that completely disappeared from the market as a result of loss of trust on the part of customers after the lack of a key employee made it impossible to handle a critical failure.

Can it be prevented? Of course. You should realize early on that the IT department is a resource like any other and you should take care of its adequate protection. Below, I present some important elements that should be included in the procedures that make up a business continuity plan:

  1. The IT department manager should be obliged to ensure that the knowledge within his cell is evenly distributed among employees. This should be facilitated by internal training, where more experienced employees share their knowledge with younger colleagues.

  2. Technical documentation should be an indispensable element of any system. Each implementation of a new technological solution should be documented in detail and understandable in such a way that the person using this documentation would be able to take care of the system.

  3. Access data to all systems should be stored in a specific place which, apart from security, guarantees emergency access in the event of the absence of any of the key employees. It's a good idea to create and deposit additional administrative accounts and passwords outside of your IT department.

  4. Emergency procedures (the so-called disaster recovery) should be written down and regularly verified in terms of their feasibility. Even the best specialist can make a mistake under stress and time pressure. In order to avoid this, at the time of the failure, he or the person replacing him should use the documentation that describes the steps necessary to perform the actions.