In recent years, the market for IT resilience services has been evolving in interesting ways. A look at the resilience marketplace reveals acquisitions, partnerships and cross-branding products and services.
Common components of IT resilience include business continuity and disaster recovery (BC/DR), incident response, emergency notification systems and cybersecurity measures. While some may argue that cybersecurity is a separate discipline, because a security breach can affect an organization's ability to conduct business, for our purposes, we'll include it in the umbrella term of resilience.
So what is going on in the IT resilience market? Thanks to consolidations, there is a growing number of larger and all-inclusive firms that can provide one-stop shopping for resilience customers of all sizes. Smaller boutique firms that specialize in one or two products do well by focusing on SMBs, while the larger firms focus on large and multinational customers.
Below, is a list of seven areas that have seen the most change in the IT resilience market. Please note that the following analysis should be considered the author's view, as it's based on recent observations and years of experience in the profession and not on statistical evidence.
This article is part of
Growth of cloud-based resilience firms
When cloud-based service firms first appeared and offered resilience services, their initial offerings were for systems and data backup services. Over time, they realized that they could increase their revenues by adding services that help clients improve their ability to recover from disruptive events.
As such, the firms began offering managed disaster recovery services, such as emergency failover and failback for critical applications and specialized systems. These services were called disaster recovery as a service (DRaaS) and included support to develop DR plans for an organization's data.
Today, it's possible to find cloud-based firms that offer DRaaS, a broad range of backup services, business continuity as a service, incident response and emergency notification services.
Acquisition of emergency notification systems
Thirty years ago, only a few BC/DR software products were available. Some were fairly powerful, using relational databases to organize data, while others were largely based on word processing using preset templates.
Today's offerings range from simple products based on templates to multicomponent products with BC/DR planning capabilities and support for business impact analyses (BIAs), risk assessments and DR plan testing. One major addition to standard products is the emergency notification system.
A few of the industry-leading software firms have acquired emergency notification technology, which they integrate with their BC/DR services to provide a seamless transition from incident detection to emergency notification. Conversely, some emergency notification system vendors have acquired resilience software firms to expand and enhance their emergency notification capabilities.
All-inclusive software packages
Today, industry leading resilience software firms offer end-to-end packages to their clients. These packages may include BIAs, risk assessments, DR plan development, and testing and emergency notification services. Specialized resilience modules are fully integrated into a seamless package. Customers can start with one package, such as BC/DR planning software or an emergency notification package, and add more elements as their needs dictate.
Be sure to ask if the software vendors adhere to industry business continuity standards, such as the global standard International Organization for Standardization 22301:2012 and the U.S. standard National Fire Protection Association 1600:2016, as well as specific regulations for industries such as banking and finance.
Software products offered by consulting firms
Not to be undone by their software vendor colleagues, some medium-to-large consultancies have added software tools to their existing consulting capabilities. These can include any of the DR tools we've mentioned previously, and they can help a consultancy provide added value to its clients, as well as additional revenue sources.
Some consultancies also partner with software firms to add value to both organizations: consulting firms get the software while the software vendors get consulting services.
Emergency notification systems are more sophisticated
While emergency notification system technology still provides rapid communication to one or many entities in an emergency, as well as message receipt capabilities, systems can now be mapped to entire organizations, regardless of how large and globally diverse they might be. No matter where employees are located, today's systems can quickly locate them and send messages.
Most major systems can integrate with other IT resilience systems, so the emergency notification component adds considerable value to other technologies.
Enhanced work area recovery services
Aside from hot, warm and cold disaster recovery sites, work area recovery has rapidly become a highly desirable and cost-effective option for BC applications. In addition to well-appointed and comfortable cubicles and conference rooms, today's work area recovery vendors provide more customer-friendly environments, including amenities like child care, in addition to traditional food service, voice and data communications and internet access.
Vendors also work with clients to plan and execute BC tests in which employees relocate to a designated alternate work location.
Resilience firms offer cybersecurity systems
Perhaps the most interesting development in the market is the inclusion of cybersecurity resources by traditional IT resilience vendors. For cloud-based vendors, cybersecurity is a natural added value offering, provided the vendor can successfully demonstrate that their products and services are secure and not vulnerable to unauthorized access or other attacks.
For resilience vendors, cybersecurity features naturally complement their traditional services, turning them into truly full-service resilience vendors. The converse is also true, as cybersecurity vendors recognize the value of incorporating resilience activities into their product portfolio.
Should you outsource IT resilience to a third party?