Gartner gospel: Business continuity

LAKE BUENA VISTA, Florida -- If the IT industry has any fear of traveling, it wasn't evident here on the first day of Gartner's Symposium/ITxpo 2001. Even in these trying times, the event opened on an upbeat note at one of Disney's Orlando area resorts. The ceremonies began with a spine-tingling rendition of the Star Spangled Banner  by Gartner VP and accomplished harmonica player Richard Hunter. The anthem was applauded wildly by a packed ballroom of IT executives. Florida Governor Jeb Bush then took the stage to thank the more than 6,000 attendees for showing their patriotism, putting their fears aside, and traveling to the Sunshine State. Events such as the Gartner Symposium, Bush told the crowd, give the local economy and Florida's ailing tourism industry a much-needed boost.

Next, Gartner CEO Michael Fleisher got down to business, telling the audience of CIOs, tech execs, and IT managers that enterprises must get back into game 100 percent. "When we continue to play ball, we win, and the bad guys lose," he said. Fleisher went on to describe how these different and difficult times led Gartner to shift the priorities of many sessions, focusing on the event's major theme this year: business continuity. He then introduced a panel of Gartner analysts specializing in business continuity, including security analyst John Pescatore who recently blacklisted Microsoft's Internet Information Server.

Gartner analyst Donna Scott, who specializes in 24/7 uptime research, emphasized that in times of disaster, companies cannot afford to be planning for a disaster; rather, they must be executing their business recovery and resumption plans. Following her lead, the panel enumerated the many threats to business continuity and, in some cases offered tactical and strategic recommendations.

The panel's high-level recommendations, although lacking the detailed advice to be offered up later in the conference, did range from common sense ideas to measures that go beyond the responsibility of most IT departments.

The panel cited, for example, how most companies do not have up-to-date contact lists for their staffs, suppliers and customers -- a critical oversight should a disaster strike. Such lists should include alternate methods of contacting everyone, and standards should be established for less conventional communication methods such as instant messenging.

Coming off his perfectly executed harmonica performance, Gartner VP Richard Hunter talked about the threat from within -- employees who have access to sensitive assets. His recommended preventive measure: regular background checks.

Security analyst John Pescatore talked about external threats, citing the experience of storage vendor EMC. When a hacker tampered with a public document regarding EMC's financial condition, the company's stock price was virtually halved, causing significant business distraction and disruption. Later, Pescatore presented to a standing-room-only session under the guise of a red herring -- "the grand unified theory of Internet security." The most exploited vulnerability, Pescatore said, is a misconfigured server, and not the delayed application of security patches.

Going beyond a research company's traditional purview, Gartner analyst Roberta Witty emphasized many of the human issues involved in disaster preparedness. Witty suggested that companies consider more distributed environments, with key executives located in geographically dispersed offices. Although she suggested that there's a sweet spot between one central location and a fully distributed scenario, Hunter also cautioned "there is still no technology that provides the same juice of face-to-face contact."

Coming up later in the week: In addition to more traditional sessions on topics such as CRM, Web services, and XML, the conference will include presentations and vendor exhibits geared at giving technology executives the details they need to shore up the IT infrastructure. That infrastructure is considered by many, including Governor Bush, to be an essential component of freedom's ability to endure its latest threat.