A critical system is a software application that is core to the most important processes of an organization, which can directly impact the company’s cost, revenue and risk structures. Examples of critical systems include applications that:

”¢    Generate revenue
”¢    Contribute to operational control
”¢    Foster customer and partner loyalty
”¢    Help satisfy regulatory pressure
”¢    Enable competitive advantage
”¢    Reduce product or service delivery time

With the appropriate business-critical support services, organizations can manage the increased complexity within their IT environments, increase return on their IT investments, respond to stringent regulations and compliance requirements, and defend against increasingly sophisticated and targeted security threats.

But, just as one product or technology varies from another, business-critical support services also vary in size, scope, and depth of expertise, which can leave organizations perplexed about what type of service is best for their business.

Mission Critical Business Operations
The key to determining the right business-critical service offering is to first understand the overall business impact of unplanned downtime of an organization’s mission critical system. The way an enterprise develops, deploys and maintains critical systems correlates directly to the overall success of the business. An organization’s bottom line suffers when these critical systems have the following issues:

”¢    Cannot be deployed on time
”¢    Suffer from availability, performance, reliability or scalability shortcomings
”¢    Cannot be maintained or upgraded to meet dynamic business requirements
”¢    Require excessive IT labour or system resource cost

Companies that have implemented multiple technologies and rely on a combination of hardware and software to deliver critical business solutions cannot afford unplanned downtime. Most businesses in the financial, manufacturing, telecommunications, healthcare, and government sectors need to successfully manage several platforms and devices with minimal disruption.

Sophisticated and targeted security attacks further increase the strain on the IT environment. Another layer of complexity comes into play when organizations need to comply with government and industry regulations, such as C-SOX.

Business Risk Management
Today’s complex IT environment requires organizations to build appropriate threat-management and vulnerability-management programs to manage risks and monitor the systems deployed to support critical business processes.

Enterprises that successfully implement business-critical support services incorporate technology risks into a more encompassing process of business risk management. A complete technology-management and risk-management program incorporates the following principles:

”¢    Understand the requirements of the business process being assessed, including concerns over financial loss, damage to reputation, loss of intellectual property and regulation requirements, among other business-specific risks.

”¢    Understand failure modes, including knowledge of how specific system compromises or failures can affect a business process and its relative risk.

”¢    Map failure modes to a specific response which is critical to managing risks that require a response, such as disclosure of data that may have reporting requirements.

”¢    Put in place detective controls and operational monitoring so that, when a failure mode occurs, it is detected without delay and the appropriate response is enacted.

With advanced multi-vendor expertise, flexible support plans, and innovative support technologies, mission critical support programs are an important component of a balanced and effective IT risk management program.  An advanced support service will offer a unique blend of both proactive and reactive services, including a designated account manager, onsite visits, and accelerated response and time to resolution.   

Common Best Practices for Vendor Management
There are several best practices to follow that can help ensure the best experience when working with a vendor’s business-critical support service:

”¢    Communicate with the vendor frequently and leverage their knowledge and expertise to gain a better understanding of the process and technology needed to mitigate IT risks and maintain a secure IT environment. 

”¢    Develop an ongoing relationship with the support account manager by scheduling onsite meetings to enhance his or her knowledge of the IT environment and to develop a customized plan for proactive support.

”¢    Implement proper controls and policies to ensure certified configurations. 

”¢    Demand rapid response and time to resolution for high severity incidents.  Since most organizations cannot afford unplanned downtime, it is critical that the support team accelerate their response to quickly resolve issues within their customer’s IT environment.


The Difference Maker
In addition to working with a support team for fast and reliable reactive services, organizations should also work with a vendor for predictive, prescriptive, and proactive support services, which are critical for preventing and mitigating issues within the IT environment. Best in class vendors offer the following proactive support services to ensure the complete security and availability of the data within their IT environment, as well as to ensure the protection of technology investments. 

”¢    Configuration assessment: Configuration assessment is a proactive service for documenting and analyzing an IT environment, which can be useful in identifying problem areas before a critical issue arises. An annual configuration assessment is recommended and will pinpoint configuration errors, provide a high-level “point-in-time” picture of the environment, mitigate data loss and service disruptions, and contribute to ongoing stability.

”¢    Network assessment: A network assessment uses network-sampling techniques to send and monitor predefined packets of data along the same path travelled by an application, and measures the end-to-end performance of a network. The assessment can help identify causes and pinpoint potential network problems that may impact the performance and overall operation of software, or business operations. 

”¢    Disaster recovery testing service: A disaster recovery testing service offers a review of the organization’s disaster recovery plan and onsite technical support during the testing period. With most mission critical support offerings, organizations can request an onsite engineer for a predetermined number of days to help test the disaster recovery strategy. More importantly, this will help prepare for a more timely and successful recovery of operations in the event of an actual disaster.


The Bottom Line
An effective business-critical service ensures that an organization’s complex, multi-vendor, heterogeneous IT environment has a greater ability to operate in the face of unplanned downtime. In the emerging threat landscape and with business’ increased reliance on digital communications, enterprises face security risks that are increasing in complexity, frequency and malicious intent. For their mission critical systems, organizations need to demand comprehensive proactive services as well as world-class reactive support. Vendors should not simply be an IT provider, but an integral part of an organization’s IT framework.

Michael Murphy is Vice-President and General Manager, Symantec (Canada) Corp.