Small and medium sized businesses (SMBs) may not think in terms of risk management on a daily basis, but a recent question from a reporter got me to thinking about the issue. The question concerned liability for downtime – in B2B or B2C contexts.
Unlike bigger firms which may be required under law or through vertical industry regulation to provide certain uptime guarantees, smaller enterprises are usually just liable to their clients. What “soft” promises and or “hard” contractual commitment have been made? Let’s face it – for a small firm, losing a single big client can be far more damaging to its prospects than a big firm being fined by a regulator.
A lot of the recent focus in the SMB sector has been on desktop compliance issues–asset management to drive license currency and manageability, in order to avoid problems from the likes of the BSA. On the server side however things are not so clear–uptime is quite a contentious issue–how do measure it? For an SMB the tougher issue is actually how do you pay for it – that is, reliability availablity and scalability (RAS) follow a law of diminishing returns–so uptime becomes almost a yield management issue–what do i pay for what uptime, without overpaying or under provisioning?
For larger enterprises with big IT staffs there are dedicated teams considering these kinds of issues. Even more so in the light of SarbOx 404, which is driving a more process driven, architected, disciplined approach to service management.
But what of small firms? In terms of liability this will be a question of contractual or regulatory drivers. The first step is obviously to identify any relevant red tape. Even small firms have regulations to abide by.
Meanwhile what kinds of service levels are being offered to which constituencies? Are these in business terms (batch EDI transactions between 4 and 6 am, for example) or in terms of bits and bytes (99.99 network availability)?
The former is far more useful in assessing liabilities. The critical question is what is the *business impact”. There are no easy answers to become more business process aware–even smaller organizations can use frameworks such as COBIT and ITIL to help understand mapping issues between infrastructure and business services.
This space is really heating up in terms of vendor offerings too – business service management for SMBs. FrontRange of Goldmine fame recently launched a service management suite, while BMC acquired Magic to fill out its SMB customer base, following on from its purchase of Remedy. BMC has made a more specific investment focus of the small to midrange space than competitors CA, HP and IBM. Of the framework vendors BMC is probably the most aggressive in plans to drive business service management (BSM) as a volume opportunity. Meanwhile the likes of Landesk continue to do well in the PC asset management space, without breaking more broadly iinto BSM.
BSM enables an organization to map its current and future capabilities against the needs of the business, and identify risks and potential rewards for additional technology investments. That kind of insight helps a business no matter what size it is, whether Fortune 500 or Father and Son. Assessing liability is basically impossible without an up to date asset and configuration management system, tied to an identified business service. That is where BSM comes in.