It will come as no surprise to readers that those the business continuity technology providers are determined to stay positive about the sector’s prospects throughout the downturn, but it has to be said: there do seem to be some genuine grounds for that optimism.
One trend that seems to have been unaffected by economic turmoil – or may even have been given a boost – is more clients using managed IT services for business continuity. “One thing that’s happened as a result of this downturn has been that some CEOs have come to think that the old idea of ‘we must control everything’ isn’t necessarily right,” says Dave Gilpin, chief strategy officer at SunGard Availability Services. “People are deciding they’re not going to build big datacentres of their own, but will hand the non-mission critical things over to be managed.” He says this trend is visible in Europe and the US, and also mentions a recent conversation with the CEO of a major Japanese bank on the subject. It may also be attributable in part to clients opting for the operational expenditure of a managed service rather than capital expenditure on new in-house IT resources.
“I’ve also been here for the last two recessions, and in both those recessions we extended revenues – I’m not going to say we extended profits, but we extended revenues,” Gilpin continues. “What happened was that people stopped spending money on big projects and instead concentrated on making sure they were robust.”
In practice this meant companies upgrading disaster recovery measures and testing of plans. This time round, Gilpin says he’s seen no drop in testing activity during the last two quarters of 2008.
“We probably won’t know the whole truth until the middle of the year,” he admits. “But the early view is we’re not seeing much tailing off. In France and the US there’s very buoyant activity. In the UK we signed some good deals in December and we’ve got a reasonable prospect list. I’d be a fool to say it will be a bumper year, but I’d also be a fool to say the opposite.”
Paul Burne, managing consultant at PA Consulting, is also cautiously optimistic. “I’m still seeing work going ahead, but there’s a lot more focus on the business case,” he notes. He believes spending is continuing where projects are generating near term cost savings, or where strategic projects are already underway, particularly if related to regulatory compliance.
He is seeing a slowing in investment for some ‘should do’, rather than ‘must do’ projects, unless they can be shown to offer cost benefits. “With projects where an organisation may be embarking on improving disaster recovery capability they may look again and say that in fact what they already have is sufficient, and they can’t justify that extra spend,” he observes. But he is also seeing spending on projects designed to get more value out of existing IT assets, like getting more use out of under-utilised storage solutions.
Roy Illsley, senior research analyst at the Butler Group, reports similar activity. “We’re seeing a rise in virtualisation spending, on things like server consolidation,” he says.
This is also helping to enable the use of more flexible and targeted approaches to business continuity. “Rather than a plan with a full redundant site and very little flexibility, with the virtualisation approach people recognise they can pick and mix, and say if this application isn’t up for a month it’s not going to stop them doing business, but that the website is critical, so they invest in safeguarding that instead,” Illsley explains. “There’s quite a bit of targeted work, for example, disaster recovery for BlackBerrys or email.”
Tony Byers, UK sales director at information protection specialist Iron Mountain, also reports changes in client behaviour that are having “Across the board, we are certainly seeing more prudence from customers,” he says. “For example, customers might be holding off on a scheduled destruction programme. However, we are seeing an increasing demand for provision of services that enhance both business continuity and compliance. When times are hard and overall costs of information management are under scrutiny, the outsourcing model becomes more attractive.”
But Mike Osborne, managing director at ICM Continuity Services, believes one important impact of the recession for service providers will be felt during contract negotiations. “There will be pressure on firms in our sector to prove they have the best approach and resources,” he says.
“Cost restraints on clients will require providers to provide flexible choices. [Clients] at the end of five year deals will be looking to update plans and include new solutions. It will be a challenge for the third party firm to accommodate these requirements while ensuring their own profitability.”
For Rod Ratsma, managing consultant at Marsh, there are some clear divisions between activities at different types of organisation. “Some of the big companies are fairly unaffected by the recession so far. I’ve been talking in the last couple of days to two large companies working in the petrochemical sector, and one of their heads of risk said to me that they’re completely unaffected globally by the recession. So they’re forging ahead with programmes.”
Julian Thrussell, business continuity standards manager at BSI, believes that while it may be harder today to convince the board of a company that it’s worth upgrading IT infrastructure to reduce risks, the fact those risks can be identified may help convince the board to spend more on IT solutions and continuity projects that will protect the business against the consequences of the existing infrastructure failing. “In some ways it’s just putting a patch on the problem, but if you’re mitigating risk then that’s decent business continuity practice,” he says.
When it comes to spending by sector, energy, IT outsourcing, the public sector, and, possibly surprisingly, retail and manufacturing all appear to be maintaining steady levels of investment in business continuity activity and related technology. Demand remains high in retail and manufacturing because of a powerful drive to secure the supply chain, according to Thrussell. “Continuity in the supply chain is the biggest driver we see for business continuity,” he says. “Large manufacturers, like Airbus, are spending a lot of time ironing out their supply chain, because they are so dependent on key suppliers.”
There’s also plenty of activity in the public sector. “We’ve not noticed any downturn in revenues,” says Phil Walden, sales and marketing manager at risk management technology specialist JC Applications Development (JCAD). But he knows there may be trouble ahead. “There are redundancies in some public sector organisations at the moment, and there are some funding problems for local councils going forward, but that won’t really take effect probably for another year or so,” he notes. “So we may find that between this April and April 2010 things might get a little bit tighter.”
SunGard’s Gilpin recognises that the crisis in the financial sector is bad news for companies like his, but again draws reassurance from previous experiences. “In the last recession we saw a lot of big financial companies stop spending money, so you heard of big hardware providers just not selling anything,” he says. “But we still saw lots of business continuity work being done. This time it may be that the banking sector decides to spend on getting a service from us and our competitors and not on their own old datacentres. That’s certainly happening in the US. In France my problem is that there’s more space needed than I’ve got. In the UK progress has been more modest, but we have a good prospect list.” However, he is also keen to point out that SunGard’s client list is no longer so dominated by financial companies as was once the case.
Regardless of the strategic direction financial companies are trying to take, some have had to cut or freeze spending because the future is so uncertain. Some will disappear through industry consolidation. But even this could have positive consequences for providers. “Some of those mergers will be forced, and the splitting or the joining has to happen fast, and those organisations have to meet their business requirements for continuity,” points out PA Consulting’s Paul Burne. “So there’s so much change coming out of this credit crunch that there’s work to be done.”
The economic downturn may also be helping to boost the prospects of technology providers specialising in enterprise risk management (ERM). “Budgets are tight, but there’s regulatory pressure, pressure for transparency from within, from the board, and from non-execs, for risk management to prove where the business risks are,” says Peter Robertshaw, vice-president, global marketing, Strategic Thought Group. “So this could be a fruitful time for the risk management message.
“The people we’re talking to are getting pressure from business partners to prove they’re managing risks correctly. Today, the ability to prove that is actually being used as a competitive differentiator.” Evidence of improved risk management is also now one of the important assessment criteria used by ratings agencies, and may also help improve insurance cover and terms.
All in all, while there are certainly challenges ahead, particularly in finance, and in relation to smaller companies, there are definitely some genuine reasons to be positive about the extent to which UK PLC is spending money on business continuity IT projects and services. Marsh’s Ratsma believes the key difference between previous recessions and this one is how views towards business continuity have changed. “Business continuity management is no longer a discretionary spend – at least not in lots of larger companies,” he says. “Companies regulated by the FSA, or affected by legislation like Sarbanes-Oxley, or by Turnbull have got to sort out their risks. In a downturn you’d usually see companies stop the training budget, then cuts the marketing budget, and so on down a list. I don’t think business continuity management is on that list any more. It’s part of the regulatory framework of larger organisations, and they’ve just got to get on with it.”