MPs on the Treasury select committee have been doing everyone in IT a favour lately. Thanks to pressure from their investigations, we’ve had near-unprecedented access to the real stories of what caused the Visa and TSB outages that affected millions of people recently.
Visa provided a detailed, 11-page description of the technical problems that caused its card payment network to fail, while publication of an initial IBM report into TSB highlighted the glaring lack of preparedness at the bank when its IT migration went wrong. Sadly TSB’s response so far has been to play down the findings and say the report is out of date, rather than follow Visa’s lead and offer a full response.
It is absolutely right that companies whose IT is relied upon by millions of people should face in-depth scrutiny when that IT goes wrong. Such openness and detailed analysis benefits everyone working in IT – it helps to share lessons about the increasingly complex systems that run business and government. The more information is shared, the better everyone becomes at avoiding future problems.
The cyber security sector already understands this, with information sharing networks in place for organisations hit by attacks or data breaches, helping others to avoid a similar fate – not that everybody necessarily always takes heed.
As we’ve seen with the public scrutiny of Facebook, as technology increasingly becomes a utility in our lives, outdated attitudes towards secrecy and saving face harm not only customers but the companies themselves.
Look at shipping company Maersk, which was among the worst hit by the NotPetya cyber attack last year, which the firm revealed cost as much as $300m to deal with. As the firm was coping with the consequences of the malware, it put out a regular stream of updates, keeping customers and stakeholders informed about what was happening. Maersk was rightly applauded for its approach, which helped to mitigate criticism for having to shut down many of its IT systems.
Public scrutiny should be part of every business continuity and disaster recovery plan, helping to rebuild confidence when IT fails. IT leaders should take the initiative and prepare their firms for greater openness and work with their peers to share such valuable learning points – anyone who has been through a major outage will understand why they don’t want to have such an experience again.
Nobody likes to admit to failure, but in a digital world where “fail fast” has become a mantra, and where acknowledging failure is often seen as an essential part of being successful, detailed scrutiny when technology goes wrong is very much for the greater good.