The HUB is pleased to share an interview with 43-year industry pioneer, Pat Corcoran, Global Strategy Executive, IBM Business Resiliency Services. Pat exemplifies what the Risk and Resilience HUB is all about — vision, passion, connection and collaboration. From his involvement in IBM’s crisis response efforts after 9/11 and Hurricane Sandy, to his regular participation in conferences globally on the topic of business continuity and disaster recovery, Pat is an expert in his field. He is a 43-year veteran of IBM who, with professional IT, services and management experience, is responsible for creating and managing the global strategy and direction for IBM Business Resiliency Services. Pat retires from IBM on August 19, 2020.Congratulations Pat!
HUB: What were some of the early challenges of the industry?
In 1989, after many IBM clients asked us to “officially” get into the “Disaster Recovery” business, we did some research to build a business plan to justify a move into this business. The industry focus, at the time, was IT and the research identified that our approach should be “business recovery.” So, to make a connection between the two, we called this new business “IBM Business Recovery Services.”
IBM was new to the industry but had a very good reputation in IT and was the largest IT hardware vendor globally. At the time, IBM was going up against other strong competitors in the market, including Comdisco, SunGard, SunData, XL/Datacomp and more. One of our greatest challenges early on was that clients thought we could only handle IBM equipment, but during this transition we were very active in acquiring non-IBM hardware to support clients to meet their needs.
In the late 80s, the recovery industry was primarily tape-based. Then, in the early 90s, a number of industry analysts published reports that Electronic Vaulting, or data replication, was going to become the primary backup method. They were right, but the timeframe was too aggressive. It didn’t catch on as fast as analysts initially thought. In my opinion, we are now moving into this environment via cloud.
HUB: How did you see organizations deal with DR/BC and how has that changed over the years?
The industry at that time was focused primarily on “disaster recovery” or recovery of IT environments. Business Continuity was coming into the industry, but these two things were often thought of as separate entities: Business Continuity was focused on business and people; while Disaster Recovery was focused on IT.
Over my 31 years in this industry, we are seeing the gap between BC and DR beginning to shrink. I believe that business executives are more aware and engaged with business continuity and disaster recovery planning, and I view disaster recovery as a subset of business continuity.
Within IBM, clients expected a lot from IBM Services because of our good track record of hardware and software maintenance. Over the years, the conversation has evolved at IBM from being a solely IT discussion to a business led discussion that prioritizes people, communication, infrastructure, business continuity plans, supply chains, and insurance. For people especially – your people make your company run and they operate your business. They’ve got to be the most important aspect of your business continuity strategy.
HUB: What are some observations (anonymous) of some surprising examples, both good and bad, as companies or organizations made choices to invest and prepare, or not?
Without naming names, I have seen a lot of good and bad practices from companies in this industry. Keeping on the topic of people, human issues are the most important in any type of disaster situation. Where do your employees go? How do you communicate to them internally and externally? How do you support them? Where will they be operating?
For example, during the major Northridge, California earthquake in 1994, many companies were too dependent on a small group of individuals to be available to recover their IT environment. This was done instead of developing a network of representatives available to support to make sure people weren’t going beyond their bandwidth of what they were physically and emotionally able to do to support their business and people during that time.
Outside of people, businesses often experience a disaster but don’t use that experience to prepare for the next one. There was a business that successfully recovered from a flood, and because they were in the 100-year flood zone, they did not expect to experience another one in the near future. However, because they did not renew their DR contract and they did not have a current disaster recovery plan, when they experienced a flood only a few years later, they were not able to recover and went out of business.
A positive example of a business preparing for a future disaster is a major insurance company that experienced two major outages during routine maintenance within a six-month period. Many people lost their jobs, but the CEO took responsibility and leadership to focus on resiliency for their company. The CEO supported the creation of a company-wide “business resiliency office” that required executive support from each business unit. It took four years, but the company is now an example of best practices for resiliency maturity.
HUB: Have you seen some solid shifts in the C suite about DR/BC/Resilience and based on your experience, what do you see coming up?
In the past, unless there were industry-specific regulations for disaster recovery, like there are in banking, we did not see a lot of C-suite support except from the CIO and the CFO to approve funding. Now that the relationship between the C-suite and IT is getting stronger, we are seeing COO’s, CRO’s, and CEO’s getting more involved. I believe the business continuity/disaster recovery industry is, or should be, led by a business discussion. Every business is dependent on IT, especially during crisis events, to ensure that critical business processes are continuously available, and meet their business objectives. Additionally, the role of the CIO overall is gaining strength and importance as companies use technology to enable and grow their businesses. In a crisis event, the spotlight will be on the CIO so they must be prepared!
HUB: Have there been any surprises? For example, has a certain view of philosophy been popular and the “Best Practice,” only to be discarded when it was discovered to be flawed?
I think the view that electronic vaulting, or data replication, would become the primary backup method over time applies here. It has taken well over 25 years to gain traction, but it is growing now, especially with cloud supporting the move into this environment.
Also, over the past five years, there has been a trend and expectation for shorter RPO and RTO. However, we have seen companies survive being down for days during a major crisis. The key here is to protect the data, don’t lose any data, which will allow organizations to continue to provide services in the event of a crisis and/or allow for quick recovery.
HUB: Have you seen some clearly solid principles or philosophies pay off well in the long run, which might help others as they look forward? Or the opposite…choices that DID NOT pay off as expected?
Teams in this industry need to act like a well-tuned, highly skilled orchestra. Organizations should run their resiliency/BC/DR programs like how the most world-class orchestras operate. Orchestras hire the most skilled musicians in the world, play exquisite music, are led by conductors with tremendous vision, well thought out scores (or plans), use the best instruments, and they practice continuously to get the result they want – beautiful music and high performance. Resiliency programs need to think the same way – get sponsorship and leadership from the C-suite that will help your team fulfill its vision, communicate constantly with your team, practice disaster scenarios to prepare for the next incident, and more.
HUB: Can you share some KEY TAKEAWAYS about your experience from over the years? From the serious, to light and fun!
Working at IBM has been a dream come true for me. I’ve had the honor and pleasure of working for a great company, and more important, alongside so many great people (IBMers and clients) creating wonderful memories! The last 31 years working in the resiliency/BC/DR industry has been the best job in the world for me. IBM has allowed me to have so many opportunities in my career and I was able to develop my expertise in this industry. I love working with people, I love helping others, and I love trying to make businesses and teams stronger. Also, being able to speak on behalf of IBM to other professionals in this industry through webinars and conferences has made me feel like part of a close community of like-minded individuals with similar goals. For me, this industry has allowed me to accomplish those goals every day, especially during crisis scenarios.
One of the most difficult moments for me personally and during my career in this industry was 9/11. Personally, I lost friends and we all experienced collective trauma that would shape us as people and the way we do business for the rest of our lives. But, seeing the hope grow from people coming together to help each other personally and to recover businesses and livelihoods was really fortifying during that difficult time.
HUB: What are some of the key changes in technology…beyond the obvious issues like speed, cost, amount of data? How did those changes specifically affect BCP?
I have always said, and will continue to say, that the most important asset in every company is their people. This is often not a priority and that has to change. People drive innovation, and creative thinking born from people working together in teams will continue to change the world and prepare us for any disaster that lies ahead.
One of the greatest challenges for our industry, I believe, will be cyber-attacks. This is the fastest growing risk and one that the recovery industry talks about a lot but could be doing more to actively prevent incidents. A lot of this disconnect comes from the segmentation between security and BC/DR teams at organizations. From what I have seen in my career, both teams focus on “risks” and by not working in silos and collaborating more, this will lead to lasting change.
HUB: Any additional thoughts you would like to share?
I could share a million other things, and I have been so fortunate to have the career that I’ve had in this industry. As a parting thought, I would say that, above all else, make resiliency/BC/DR part of your organization’s culture. Get the sponsorship you need from the top and communicate and educate everyone on the importance of BC/DR and the role they play – because everyone plays a part and working together to make your organization the best it can be must be your goal! As I said earlier, this is a people business. We help save people’s jobs and companies, and there is no better feeling in the world than helping others. That is what I have tried to do and that is what we all try to do as part of this industry.
Recommended2 recommendationsPublished in IT Availability & Security
Kathy and Tommy, thank you for highlighting my career in this edition.
Pat, it was a privilege to interview and spotlight your powerful career. We hope you’ll stay close to the resilience industry in the days ahead.