The Hidden Threat of IT Centralization
Why the next outage could paralyze us more than a pandemic?
Companies don’t like to talk about it. About what if scenarios. What if the email client goes down? What if the accounting system goes down? What if the virtual server with the database stops working? But the reality of today directly demands such questions and this is because of the ability to keep companies running.
The reason is the global interconnectedness of systems. Surveys show that the world mostly relies on a handful of large providers (Cloud Market Share), who then use each other in their supply chains.
The consequences of outages of giants such as Google, Microsoft, IBM or Cloudflare are dire. So let’s take a look at the characteristics that make the hidden threat of global IT centralization such a problem, and what your company can do to minimize the risk of failure in this global elite club.
Hidden Threats
One fails, all follow
On the outside, online services appear to be products of one company. For example, when you purchase accounting SaaS, you rely on the provider under whose name the software is sold to handle everything.
However, such a program has to run somewhere, and you rarely encounter the infrastructure for its operation being owned directly by the provider of the software. Do you see where the threat lies?
Your accounting provider may have everything taken care of and in top order, but their cloud infrastructure provider may not. Once a problem occurs at the cloud level, everything running on it collapses like a house of cards.
Therefore, it is not a good idea to leave the burden of backups and processes in the event of an outage on the service provider. The one who should be proactive in finding out who is interfering in the supply chain should be your company. Otherwise, you are like a small boat on a huge ocean tossed by a violent storm.
Recommendation: Find out how many suppliers you actually have in your IT – both direct and hidden. Then, based on this structure, create a business continuity and disaster recovery plan that fits your situation.
Illusion of robustness = false security
When companies are looking for service providers, brand often plays a big role. It often happens that the winner is a company with a well-known name. This gives the service a mark of quality, certainty and security. But the larger the supplier and its technological ecosystem, the more often problems can occur.
In practice, simple logic works: the more robust the system, the more fragile it is. It is easier to overlook something in it and a bad intervention can affect a much larger number of elements.
If a company uses a large supplier and perhaps even more services from a given company, it creates a single point of failure (SPOF) in its IT. One service is recommended, followed by others.
Recommendation: Talk to your vendors about how they handle SPOFs and what mechanisms they have in place in the event of a failure.
Hidden interconnectedness of systems
Let’s look at this problem from another angle. What do your IT systems and your employees rely on? Shadow IT is increasingly penetrating companies. Among other things, this can cause system dependencies that are hidden from the IT department.
In the event of a problem, IT people have no idea what, how, and why it is not working. This prolongs the resolution time and increases costs and loss of profits. The same can happen in the case of an unsystematic approach to the API. The principle of the problem is different, but the result is the same.
Recommendation: Prepare a detailed architecture of deliveries within the IT environment, including their dependencies. Such a scheme will help you find cracks and the greatest vulnerabilities in your operation.
The fragility of digital economy
IT outages are not just about the cost of fixing them. Every minute that something in the company is not working as it should means profit loss. So if a company sees measures against outages and minimizing consequences as a cost, then this cost needs to be compared with the potential for lost profit if such measures do not work.
If a company is willing to see the costs of business continuity and disaster recovery as an investment, then it can calculate the return on investment very well. Every minute of downtime means zero income.
Recommendation: Calculate how much one hour of downtime would cost your company – and compare it to the costs of prevention.
Failure in transparency and testing
We follow up on preventive plans. These must exist not only on paper, but they need to be regularly tested, adjusted and taken into account. It’s like when a company has a backup generator, but doesn’t pay a single second of attention to it during the year. When a problem occurs, the generator doesn’t start because it is in a neglected state.
Business continuity and disaster recovery plans must not get into such a situation. They always involve technological elements and they must be up-to-date and ready for action. This is not possible without regular testing.
Recommendation: Be honest and open about what measures the company actually has in place for times of emergency. Don’t regret the costs you spend on preparedness.
Dependence vs. sovereignty: Europe at a crossroad
It is no secret that dependence on American technology giants has also hit Europe. The entire continent is thus exposed to a huge potential problem in the event that the Big Three and Co. are unable to supply their services to the EU for any reason.
However, there is a solution for every situation, so European, and therefore Czech, companies can also choose from local suppliers. This will ensure their partial or complete ability to be digitally sovereign.
Recommendation: Have an analysis of your current IT needs and an overview of your systems and infrastructure prepared. Then, based on this, have potential adjustments prepared with sovereignty in mind.
The solution is not necessarily to return on-prem
It might seem that when the cloud offers so many hidden threats, it is best to return to good old hardware, i.e. physical servers located in the office or server room.
But this is unnecessary jumping from extreme to extreme, when there are many opportunities for efficient operation on the line of possibilities. The basic question is: what do we need? Plans for restructuring and streamlining IT operations can then be based on it.
Recommendation: Take the obligations associated with NIS2 as an opportunity to strengthen the resilience of your company even in the event of a system failure. Don’t be afraid of analyses that point out changes that need to be done.
Ready for when, not if
IT system outages are inevitable. Even companies that take special care to ensure smooth operation will encounter at least some planned downtime. The success of your company depends on your readiness for eventualities that few of us like to admit. Don’t rely on luck – in IT operations, nothing works better than a well-prepared what if plan.
But you don’t have to be alone in making it happen.
