With headlines daily pronouncing new threats from cyber-criminal activities and natural disasters of every stripe, how does a business protect itself, and its customers, from those risks? Steve Culver, Vice President and Chief Information Officer for Barnes & Noble College, explains how the company’s investment in technology, and declared mission to protect the customer experience, has resulted in the creation of impressive levels of systematic and operational redundancy to ensure and protect business continuity.
Ask business leaders today how careful can you be, and the answer is probably going to be not careful enough. From environmental disasters to cyber terrorism, operating a business in the 21st century can be fraught with hazards and the kinds of risks that have forced companies to develop some extensive precautions to ensure the continuity of systems vital to their customers. As a tool to reduce the impact of these kinds of hazards, risk management techniques can help identify, assess and prioritize the likelihood of these events and their effect on the business, but how prepared are businesses to protect themselves and their customers from the consequences of those exposures?
Last year, the National Centers for Environmental Information (NCEI) reported that there were eight major weather and climate disaster events across the nation with losses exceeding $1 billion. These included a severe drought, a flood, five major storms, and a winter blizzard, but as Steve Culver, Vice President and Chief Information Officer for Barnes & Noble College points out, it doesn’t even take anything on this dramatic of a scale to create a serious interruption to business. “Think of a back hoe working on a routine construction project that rips up a telecom line – those are the kinds of eventualities you have to be prepared for if you want to avoid all of your stores being down, with no one able to transact,” he says.
But Culver manages to sleep well at night because Barnes & Noble College, a company energized by what’s next, has put extensive preparedness measures in place to protect against exactly that kind of event — and far worse scenarios. “We’ve made a major investment over the past few years in diversifying our risk,” he says, pointing out the co-location of a second data center in New Jersey, and the establishment of an additional co-location data center in Atlanta. While risk managers will typically talk in terms of an N+1 redundancy, referring to a resilience level of at least one independent backup component, Culver believes that the precautions Barnes & Noble College has invested in effectively create redundancies across all three centers.
By its very nature, risk is unpredictable and the co-hosting of data among the various sites ensures effective disaster protection. “From a facility perspective you might have anything, from the effect of a natural disaster on that location to the more fundamental problem of key employees being unable to get to where that essential operational data is housed,” he says. For that reason, all of Barnes & Noble College’s key systems, including storage, processor, power and all the data housed on the company’s servers are protected with multiple redundancies.
Yet in planning for business continuity, Barnes & Noble College has focused less on the technology and more on the needs of the business itself, and the key processes required for the efficient functioning of over 743 campus stores and the customers they serve. And if a student’s inability to purchase a favorite collegiate sweatshirt doesn’t seem like a full blown disaster, consider the possibility of a major outage during spring break, when thousands of students are headed back to college, often during the peak of harsh winter weather. “Our core pillars are always going to include security and the ways we can ensure and maintain the customer experience,” Culver notes, pointing out that not all business risks are external or the result of an exotic disaster.
Recent history records myriad disaster scenarios emanating from a simple operating error by an IT contractor, or a negligent piece of computer code creating a critical business continuity event. In this regard, Sarbanes Oxley (SOX) compliance, which encompasses a company’s IT infrastructure, from server and network security to IT practices and operations, helps Barnes & Noble College maintain another important layer of security. “By the nature of SOX auditing levels, we have redundancy levels of risk management to ensure that only the proper, fully-trained people have access to these key systems — code can only be introduced with levels of review and testing before it can be brought into production,” Culver says.
With these kinds of precautions in place, a Barnes & Noble College campus partner in one part of the country need not be concerned about a major outage, hundreds of miles away, that might affect the Home Office. “We’ve worked, and continue to work, on every level and on every part of our systems infrastructure to reduce any area of vulnerability — any area of risk,” Culver maintains. And if the Barnes & Noble College approach seems to be excessively cautious, it might be well to look beyond the headlines of coastal weather events, tornadoes in the heartland, and the instability of political and technological climates. With a rising population, climate change and environmental degradation, the only certain thing about disasters is that one can never be too well prepared for them.
It’s a risk that Culver respects after being tested and successfully weathering New Jersey’s largest hurricane on record. “Hurricane Sandy made us understand how big the impact of a regional disaster can be,” he says, adding, “we thought that being 50 miles away from the epicenter of the storm offered us some protection, but Sandy taught us that’s not always going to be the correct assumption.”