Key Takeaways
- Rising operational disruption makes scalable resilience essential, but organizations commonly fall into traps like seeking “silver bullet” technology or relying on “hero worship” of individual experts.
- ResOps provides a scalable framework that integrates people, processes, and technology across ITOps, SecOps, and DevOps.
- Executive sponsorship at the CEO level helps drive accountability and prioritize resilience as a strategic discipline.
Cyberattacks, cloud complexity, and AI-enabled threats are creating constant operational challenges for enterprises. To help meet business requirements in this increasingly disruptive environment, organizations need to move beyond separate recovery tools, teams, and plans to resilience as an integrated operating model.
In a recent webinar, Phil Goodwin, research vice president for IDC’s worldwide infrastructure programs, joined me for a fireside chat to explore how organizations can move beyond fragmented approaches to build resilience that scales.
Why Organizations Need a New Resilience Framework
As organizations engage in daily firefighting while keeping up with new technologies and addressing new initiatives, they rarely have time to step back and reassess whether their approaches still meet requirements. But as isolated incidents become systemic disruption, this conversation has become essential.
In a simpler era, organizations focused primarily on backup and recovery. Large-scale disruptions such as Hurricane Sandy brought disaster recovery onto the agenda. Intensifying cyberthreats like ransomware added cyber resilience and business continuity to the list. Each evolution brought new capabilities, but many organizations simply bolted new approaches onto what they were already doing rather than addressing these expanding requirements holistically.
When separate teams manage different pieces with different tools and policies, gaps may emerge that can slow recovery. Despite years of investment in cybersecurity, organizations are still struggling with recovery.
More recently, AI has accelerated the urgency for a more integrated approach by reshaping both threats and defenses. Despite increasing AI investments, many businesses are delaying AI rollouts due to ongoing concerns about governance and security vulnerabilities.
On the other side of the cyber front, bad actors are using AI to create deepfakes, target users with more sophisticated and convincing phishing, and exploit vulnerabilities at scale.
Resilience operations – ResOps – treats resilience as a continuous operating discipline rather than a collection of separate tools and teams. By bringing together ITOps, SecOps, and DevOps under a unified framework, ResOps helps transform resilience to keep pace with systemic disruption.
Avoiding Common Mistakes in Resilience Planning
Even organizations that recognize the need for change often fall into traps. One is the “silver bullet” problem, which focuses on technology as the solution. Leaders want to believe that buying the right tools will solve everything, but technology alone can’t deliver positive business outcomes without proper integration and process.
“Hero worship” is another common pitfall – relying on talented staff members with expertise residing in their heads rather than in documented processes. Heroism can’t scale, and reliance on specific individuals creates vulnerability when people leave or responsibilities shift.
To move past these traps, you have to think differently about your operating model. Instead of focusing primarily on technology and people, consider the team you’ll need to build, including executive sponsorship, IT operations and security leadership, and senior leaders from the business side.
The team’s charter should focus on defining business outcomes first: What does resilience need to achieve for the organization? What KPIs, SLAs, and processes should be established to meet these requirements?
Building Resilience Operations from the Top Down
As a board-level priority, resilience requires support from the highest levels. ResOps gains the most traction when the CEO is involved, helping set resource priorities and driving accountability across the organization. With executive sponsorship in place, senior leaders including the CIO, CTO, CISO, and general managers can task their staff with implementation.
This approach can scale across organizations of all sizes. Even small to midsize companies can bring together cross-functional teams that include business stakeholders, IT teams, and people tasked with data security and network security. As they grow, this structure can scale with them, adding headcount within specific resilience disciplines while maintaining an integrated approach across the resilience operations chain.
ResOps reflects the ways teams across IT operations, SecOps, and DevOps need to work together within organizations. Data recovery and data security have become so closely aligned that within IDC, researchers across these disciplines now collaborate frequently on client engagements.
Applications now need to be designed with threat actors in mind, incorporating zero trust architectures and assuming that something will go wrong. ResOps provides the framework for this convergence, bringing security and operations tools together into a unified model to address threats and disruptions of all kinds.
ResOps as a Shared Industry Framework
ResOps is an operating model, not a product, and can benefit companies regardless of the specific tools they use. As Phil observed during our chat, “It really requires that community involvement where people pitch in from different perspectives, different vendors, different organizations, and different teams, just like DevOps or SecOps.”
For organizations struggling with constant disruption and the growing complexity of AI-enabled threats and defenses, ResOps offers a path beyond fragmented resilience approaches. By bringing together people, processes, and technology in a unified operating model, ResOps turns fragmented recovery efforts into enterprise-wide readiness.
Watch my full fireside chat with Phil to see how ResOps can help you build enterprise resilience that scales.
FAQs
Q: What is resilience operations (ResOps)?
A: ResOps is an operating model that integrates IT operations, security operations, and DevOps into a continuous discipline. Rather than treating disaster recovery, cyber resilience, and business continuity as separate capabilities, ResOps brings people, processes, and technology together under a unified framework to help create scalable enterprise resilience.
Q: Why is executive sponsorship important for cyber resilience?
A: Executive sponsorship – ideally at the CEO level – helps drive accountability and priority for resilience initiatives across the organization. This top-down support is essential for organizations trying to move beyond fragmented approaches to integrated resilience operations.
Q: Can small and midsized organizations implement ResOps?
A: Yes. ResOps applies across organization sizes. The framework scales in complexity as organizations grow, making it accessible to mid-market firms while remaining effective for large enterprises.
Q: Why do IT and security teams need to work together for resilience?
A: When IT operations, security operations, and DevOps teams collaborate rather than work in silos, organizations can help build more resilient infrastructure to address evolving threats.
Q: How should organizations get started with resilience operations?
A: Start at the top by securing executive sponsorship at the CEO level. Next, form a cross-functional team including IT operations, SecOps, and business stakeholders, and have them define the business outcomes resilience needs to deliver for your business. Conduct a threat assessment to understand the risks you need to address. Only after these foundational steps should organizations focus on selecting technologies and developing detailed processes.
Chris Mierzwa is Senior Director, Portfolio Marketing, at Commvault.
