Digital resilience is the outcome of organizational action taken to rapidly deploy or modify digital technologies to address the negative impact of shocks—such as the pandemic—in the interests of maintaining organizational sustainability. An example of an action in response to the pandemic is video conferencing, without which many organizations would have gone out of business. Digital resilience is thus a risk control for continuity risk, where the capability to sustain an organization in the presence of shocks helps build and reinforce consumer trust in the organization. Digital resilience facilitates this by helping to ensure that the organization can continue to deliver its products and services to consumers, come what may.
The scope of digital resilience extends beyond the organization’s infrastructure and platforms, though; it also includes the vendors supplying digital products and services (including cloud-based vendors) to the organization as well as the key personnel that hold detailed knowledge of the digital environment and its supporting processes, without whom the consequences of a shock would be more devastating and longer lasting, if not fatal, for the organization.
Digital resilience also requires the capability of the organization to respond positively to the impact of shocks to its data. Examples of data shocks are a data breach, privacy noncompliance or data loss due to corrupted media as the result of an electrical malfunction. And these are all also part of data resilience.
Critically, an organization’s data are the constant—the cornerstone—where organizational infrastructure, platforms, applications, people and processes are continually updated. That is because, irrespective of the digital upgrades or new technology required for digital resilience, an organization’s existing data will be migrated (ported) to the new environment. Data are thus a more durable asset than technology. While an organization can operate on its old platforms with its data— albeit at great risk in the presence of a shock—moving to a new platform without porting an organization’s data would mean that it would be unable to perform any of its business obligations, with possibly fatal consequences. In other words, a data shock could have disastrous consequences for an organization, irrespective of how resilient the technology is. Therefore, effective data resilience is instrumental for effective digital resilience.
The cloud has become a key tool in the achieving cost-effective data resilience. However, the cloud is not a silver bullet given the outages that cloud vendors themselves experience. Ironically, these are the very same outages that cloud vendors and system integrators tout as a benefit for use of the cloud over on-premise solutions.
But without well-defined roles and responsibilities for data (data governance), any attempts at data resilience will be compromised. Even more, data governance complexity increases significantly for data in the cloud because now detailed knowledge of the cloud vendor becomes another requirement for resilience, as does knowledge and assurance of the vendor’s practices on the organization’s data. Data governance practitioners not understanding the distinction between on-premise data governance and cloud-based data governance pose a major operational risk to their organizations.
Paradoxically, highly complex multicloud strategies are among today’s newest proposals for data resilience, just in case one cloud should go down. In the interest of data resilience, whether a single cloud vendor or a multicloud strategy is being pursued, the concentration of enterprise scale cloud technologies in three major vendors should be of significant concern to the organization’s chief risk officer, chief executive officer and board of directors.
Ultimately, data resilience is the heart of digital resilience because it ensures the resilience of existing data in the context of deploying new or modified technologies in response to a sustainability-threatening shock. However, data resilience is more than just being about (cloud-based) data availability. Data are a more durable asset than the organization’s technology, and therefore knowledgeable data people and carefully crafted data processes are needed to ensure that the appropriate governance is exercised to best affect data resilience in its function as the cornerstone of digital resilience.
Editor’s note: For further insights on this topic, read Guy Pearce’s recent Journal article, “Real-World Data Resilience Demands an Integrated Approach to AI, Data Governance and the Cloud,” ISACA Journal, volume 3, 2022.
ISACA Journal turns 50 this year! Celebrate with us—and do not forget you can still receive the print copy by visiting your preference center and opting in!