The first-ever conference held on WhatsApp had industry experts from GHTP group and IBM discuss business continuity and resiliency.
BY TEAM HOTELIER INDIA
The ubiquity of new devices such as iPhones and iPads, the passing of more stringent legislations that cover consumer privacy and data protection, and the increase in crime from both outside and inside an organisation’s perimeter are some of the things adding to the complexity of risk in organisations today. On top of that is the need for many organisations to have a declared disaster recovery plan or continuity strategy to make sure they are resilient for Data Driven, Business Driven or Event Driven (eg. flood, fire, earthquake, and tsunami) disasters. In the light of these challenges, how ready is our industry and how equipped are the hotel properties? For a business that works 24×7 and is always on, business continuity and resiliency are major concerns.
The idea of having a multi-pronged discussion, without displacing anyone from their comfort zone led to probably the first-of-its-kind conference that used WhatsApp as the platform. With 60 members of the GHTP group that constitutes 100 CIOs from leading hotel brands and allied industries globally discussing the various aspects of the problem with experts from IBM, giving insights into the various solutions available, it became an engaging event that stretched much beyond the stipulated time.
The expert panel of Khushru Siganporia, director- IT, Indian Hotels Company Limited, CG Prasad, IT head, Ecohotels, Vikas Prasad, industry & enterprise leader, IBM India, South Asia and Bala, IBM was moderated by Harish Chandra, CIO, Sarovar Group.
Even as Chandra introduced the topic asking what are the elements that risk an enterprise today, the members were ready with their queries for the panel. Prasad got the conversation rolling by saying that though it is time for everyone to move towards IoT (Internet of Things) and Cloud, there is still no clarity on the ownership and responsibility – and this increases the risk factor. Siganporia clarified that most Cloud providers would have SLAs (service-level agreement) that would safeguard to an extent. Joining the conversation, Bala explained that any IT disruption (malicious or otherwise) that causes key business operations to fail, can affect business and reputation. What is often not appreciated is the extent of damage this can cause. Another study reveals that in some industries, costs related to downtime can consume as much as 16% of the revenue.
Siganporia drew attention to the fact that apart from external threats, employees, and disasters and, in case of smaller hotels, owners not able to invest in proper fall backs are also threats.
Joining the discussion, a few members pointed out the lack of policies and procedures and how in view of technology penetration and business continuity, Data Recovery (DR) setups are becoming important. Both Prasad and Siganporia conceded that the lack of understanding of the existing IT policies and procedures and very little control is mainly because there are no chief information and security officers (CISOs) at properties or even the group level in most places.
Bala rued the fact that there are more fire drills conducted than BCP (Business Continuity Planning) testing. Vikas clarified that BCP is a very vast subject and would differ from organisation to organisation. While backup addresses a very specific need, BCP is a much comprehensive process wherein you ensure the continuity of your business and DR is an element of the overall BCP.
Siganporia asked the members to analyse how sure and safe is the data in their own organization. On BCP, Vikas explained that most of BCP design is based on the Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) that a business defines. “Whether it is a hotel or any other large or small enterprise, the fundamentals of the BC plan is the same and is decided based on the RPO and RTO. Which, in simple terms, means how much down time can the business afford,” he said. Prasad pointed out that RPO and RTO becomes irrelevant to small hotels. Siganporia commented that we first should be convinced that the data is important and we need to take care of it, and then convince the management of the same and not wait for disaster to strike.
Chandra pointed out that today IT business has shifted to distributed, integrated networks of technology that provide information within the enterprise and the entities of the value chain. “All IT components, including distributed open systems, mainframes, desktop and mobile personal computers, and workgroup servers must interact seamlessly to ensure accessibility to the information deemed critical by business,” he said.
Vikas conceded that data is the most important thing that any organisation needs to protect. Data is the ‘New Natural Resource’ and there is no way that any business shouldn’t protect it, he averred. Prasad advised that for any BCP the amount of money invested should be as per the level of RTO and RPO. Vikas elaborated that a terror attack would need a BCP for the complete workplace and IT outage would trigger the need for a redundant Data Center.
On an enquiry from a member on smaller hotels managing their data at offsite locations, Vikas explained that there are hosted Cloud solutions available for individual hotels. Siganporia pointed out that the GHTP group members should synergise and help each other. And suggested that organisations like IBM should create a hospitality BCP site at common rates so that all hotels can benefit. Vikas said that off-site backups is one of the ways to maintain safe keeping and is a regulatory requirement, but he also warned that the efficiency of restoring back-ups is very poor. “You should consider a redundant site if you have your Data Center hosted in your premises. Then you can explore various options like Hosted Service Providers or Cloud Service Providers and we should look at innovative ways to design our DR. Let it not only be a redundant site that is used only in case of disaster. One can keep the non-core applications or test and develop from that environment.”
Drawing from the Taj experience, Siganporia shared that more iconic and impactful enterprises will have more external threats as the hacker gets more visibility.
Responding to a query from Dominic Vijay, CIO of Vana Retreats, if India is ready to accept the Cloud solution from a security point of view, Vikas revealed that Asia is adopting Cloud much better and faster than Western countries. Siganporia summed it up well by saying that it is time to let experts into the system for increased efficiency.
Chandra then steered the discussion towards the technologies that de-risk hospitality industry systems and data. Bala explained that Cloud is the answer. As long as there is good internet bandwidth, any Cloud Service Providers POD can be accessed. Vikas revealed that Business Continuity is the oldest business for IBM and is seeing traction in India in the last five years. He also shared that Cloud is the answer to cost-sensitive smaller units. Placating the fears of security breach, he said that security is much better than what most of us imagine. “Moreover that is the basic need for any Cloud service provider. Most of the Cloud DR or DC providers sign up on SLA basis.” Sharing the IBM offerings, Vikas said that IBM offers Cloud Solutions for DR to organisations as large as Taj and also to ones who have only a couple of servers.
Raman Rama, global CIO of JHM Hotels pointed out that the challenge most people face is the uniformity of data when switching from current servers on site to the DR site. Uniformity of data, Vikas ensured, is something that service providers like IBM sign up on. But Zero Data Loss needs a lot of application support, technology and deep pockets for investments. “You need to first put a value for your data and then see what is the value of protecting it, and decide based on applications. That is why it’s not an IT game, it’s a business game and they get what they pay for,” Siganporia opined.
Dheeraj Gehani, CIO of Delhi Airport revealed that there is 200% fallback for complete systems at Delhi Airport with separate locations to fallback that is tested every six months. He then enquired if the hospitality industry had matured to that level. Siganporia responded that while the industry might not need this, many of the critical apps are not even designed to work in pure BCP. This is where the need for an expert arises who can give a hassle-free BCP. Appreciating the fact that hospitality is a cost-conscious industry, Vikas shared that the brand has cost-effective solutions available.
On a concluding note, Vikas offered a Free Risk Assessment to the GHTP group and also a walkthrough of the IBM Cloud Resiliency Center in Mumbai.
