Godzilla vs. The Blob: Making your business truly unstoppable through agility and business continuity
Growing up, I loved to watch “classic” monster movies. From the stop motion genius of Ray Harryhausen to the rubber suit monster brawls of Godzilla, I ate it up (usually with a bowl of popcorn). And just like any kid, I would wonder which monsters would come out on top in a free-for-all. Two of the biggest contenders were always Godzilla and The Blob. On one side, you have the “King of All Monsters”; giant, unstoppable, and when he arrived, you knew exactly what you were dealing with. On the other, you have the ultimate adaptable lifeform - able to absorb any organic matter, flexible enough to squeeze through the smallest hole, and given enough time, can grow large enough to engulf entire buildings. You’d be able to argue for hours on why one was better than the other, and never make any headway.
Of course, the years pass by, and I find myself engrossed in different conversations with fellow systems administrators. However, even though the topics may have changed, there are a few times where history repeats itself. A big topic this year is business continuity, and how businesses have handled stay-at-home orders during COVID-19. This disruption is unlike anything we’ve seen in recent times and has opened a lot of eyes to more fluid business models (cloud computing, work from home, etc). But there are those who say that the risk of taking the business “out of the office” is greater than than any benefits they would see.
Have you been pondering whether taking the leap to move your department or business to a more agile model is worth the investment? Let’s take a closer look and see who the stronger “monster” in business is!
Godzilla - Oh no, there goes Tokyo!
In our Battle of the Businesses, Kaiju Corporation is a city stomping powerhouse whose business model is strictly in-house. They keep their IT services on site and employ a robust and excellent staff to keep those services running and protected. Power generators and failover network connections assure that they stay running in the face of adversity. All company information is held securely behind their own walls. This is our Godzilla in the battle - a monolithic entity that is well defined, easy to recognize, and nearly impossible to stop.
The Blob - It creeps, it leaps, it glides and slides…
On the other side of town, a rival company has arrived from outside of town. Blobco embraces the concept of flexible business in all aspects. They have no permanent structure - even their office is a shared co-working space. They utilize cloud-based computing for every activity and encourage their employees to work from home whenever it is convenient. Just like its movie counterpart Blobco can change its form to meet the situation, and just like Kaiju Corporation it is nearly impossible to stop.
Who’s the stronger “monster”? The one who makes a plan!
From a day to day operations standpoint, both Kaiju Corp and Blobco are able to handle all sorts of business demands normally; in our comparison, both companies are able to do the same amount of “damage” economically. But being able to maintain that continual movement forward, they have to maintain a minimum level of functionality in the case of adversity.
Maintaining business in the event of a disruption is referred as Business Continuity. The best businesses have a strong Business Continuity Plan (BCP) that addresses the requirements they need to do business, and what steps are needed if any of those pieces in the service chain are broken.
Let’s go back to our two players - the IT manager of each company has just found out that they do not have a BCP on file, and being a driving force for making sure that their business succeeds, they assemble their resources to make sure they’re able to handle anything the world can throw at them.
The first steps in battle - identify your enemies, then yourself.
“If you know the enemy and know yourself, you need not fear the result of a hundred battles.” - Sun Tzu
The first part of creating a fully fledged BCP is first mapping out all aspects of your business. Get an inventory of all your systems, how each one interacts with each other, how users interact with resources and other users - don’t leave any stone unturned.
Once you have all these pieces laid out, then start brainstorming ways that each piece can be affected. Get creative! Just because an idea seems to be so outlandish it doesn’t seem feasible, it should still be considered - imagining a completely new risk could identify weaknesses that more predictable risks would have missed.
Kaiju’s Risk Analysis - Proven strength behind a strong defense…
Kaiju Corporation’s centralized structure makes it easier to defend as they control every aspect of their IT, from their network connections back to the physical servers. Their thick defenses shrug off almost any attempt at attack by hackers, viruses, and other rogue agents. However, the costs of setting up and maintaining that security and infrastructure is significant, They have to dedicate a large budget to buy equipment, pay for software licenses, hire and manage the expertise to keep all that operating.
Their risk analysis comes up with many ideas, and it seems that just about every idea is being handled. Power outage? No problem, we have generators. Hacker gets into a server? All set - we have an incident response plan to contain and minimize damage. Company targeted by a malicious botnet? Change a rule on the on-site firewall, no worries.
… but not entirely invulnerable.
However, someone comes up with “a structural failure causes Kaiju Corp’s building to suffer a partial collapse and many of their servers suffer irreparable damage”. This is the equivalent of dropping a nuclear bomb on Godzilla - it’s enough to stop them dead in their tracks. To recover from this with their current business model, they would need to purchase new equipment, recover from backups, set up new offices… all of which takes time, during which time they won’t be able to do business. Client relationships would suffer as a result.
Blobco’s Scenario - Hard to strike a moving target…
Blobco, on the other hand, relies on established cloud-based services for their defenses. They don’t need a dedicated systems engineering team to build and maintain a variety of servers - by hosting their operations in the cloud, their local IT group can focus more on maintaining their data rather than worrying about replacing servers. As Blobco is a small company, the overall costs are generally much lower - they only need to worry about paying for what they use.
Blobco’s risk analysis starts out by identifying more physical risks to their infrastructure. Building fire? Everyone already has a work-from-home plan. Laptop crashes? Data’s already stored on the cloud - no need to recover from backup. They simply just shift their approach and keep going around the obstacle.
… but there’s also risk in stretching thin.
But there’s a new hire to the IT team who comes up with a question that freezes everyone in place:
“What would happen if the cloud goes down? Who’s responsible if one of our vendors suddenly goes under or loses data?”
The decision to go with a cloud service vendor means that you are entrusting your data to the security level that the vendor provides. If Blobco uses the services of a vendor that does not have a defined security profile, they now are susceptible to the same vulnerabilities that the vendor is. Let’s say Blobco has a specific cloud vendor for their service request management process - they love the interface, it runs smoothly, but for some reason they glanced over the fact that there is nothing in the contract that says the vendor is responsible for taking regular backups. Now that vendor has a minor system crash that takes out the database that is storing Blobco’s account data. The vendor quickly spins up a new instance and restores the access to service, but now Blobco’s historical information is lost. Since there is nothing in the contract that states that the vendor is responsible, it is now time and material cost on Blobco’s part to recover.
Who is the winner? Whoever learns and adapts.
After discussing within their own teams, each company has decided that they need to adopt some practices that makes them a little more like the other. Kaiju puts it in their project plan to investigate moving some of their communication tools such as e-mail to the cloud. Blobco begins a review of each of their vendor contracts to make sure that any potential gaps in responsibility are covered. At the end of this exercise, both companies win, not because one is better than the other, but each one has recognized their own weaknesses and made changes to strengthen their own position.
How would you fare?
Just like kids arguing over which monster is the best, conversations like this can go on all day. The best route for your business may not be the same as someone else. But instead of simply taking sides, consider a hybrid between the two. How scary would a Godzilla sized monster with Blob-like capabilities be? Ask yourself or your team these questions:
- How could our business be stopped in its tracks?
- How long would it take us to recover basic requirements in case of said events?
- How can we avoid or lessen the impact?
- What risks would we take on by moving to an in-house/cloud solution? Are they greater than the current risks we are trying to mitigate?
How can cloud hosted services make your company more flexible? How can you better secure your existing cloud services? If you’re interested in seeing how cloud services can work for your situation, we at Smartt would be glad to discuss your current needs and how we can strengthen your business continuity through our various offerings.
Now, if you don’t mind, I’ve got a bowl of popcorn waiting and Godzilla vs. Hedorah in the DVD player.