Building the Resilient Virtual Organisation Gartner analyst Diane Tunick Morello discusses a blueprint for the resilient virtual organisation (RVO), an organisation that is at once characterised by widely dispersed people, systems and settings and designed deliberately to rebound after shock or misfortune.
By Diane Tunick Morello Analyst Gartner
A watershed date, 11 September 2001 spurred thousands of business, IT and corporate leaders to adopt holistic thinking and actions around securing and protecting their businesses, their people, their knowledge and their assets. Within Gartner, we consider Sept. 11 a catalyst, too. It spurred us to design a blueprint for the resilient virtual organisation (RVO), an organisation that is at once characterised by widely dispersed people, systems and settings and designed deliberately to rebound and adjust after shock or misfortune. More than 25 analysts across Gartner, contributing about 30 pieces of research, have explored and analysed the management, infrastructure and work principles behind the RVO.
That said, I must confess that when we first started working on the blueprint for the RVO, I feared that the project was tied too closely, too uncomfortably to Sept. 11. Even since then, we've seen complacency return as human nature kicks in and people distance themselves from the severe disruptions of that day. But make no mistake: If the attacks of Sept. 11 had not occurred, the need to design resilience into virtually distributed businesses might not have emerged so clearly. Traumatic events become catalysts for action.
The 21st-century enterprise is starting to take shape. The enterprise will be agile, it will be virtual, it will be resilient. Being agile, the enterprise will pursue business and market opportunities with grace, speed and nimbleness. Being virtual, it will have people working seamlessly across time zones, distances, organisations and business boundaries. Being resilient, it will rebound and adjust easily after misfortune, shock or massive change.
Is the notion of business resilience new? No. What is new is the concept of deliberately designing resilience into organisations — that is, of injecting resilience, security, safety and protection into dispersed and far-flung organisations so that they can bounce back from any kind of setback, whether a natural disaster, a hostile economic change, a competitive onslaught, cyber-espionage or a terrorist attack. Business resilience gained new urgency in September 2001, when a downward-spiralling world economy and the debilitating after-effects of Sept. 11's terrorist attacks severely set back global business, industries and consumer confidence. Chairmen and CEOs were shaken: Could disaster strike their businesses? Would they recover from a massive shock? How should they safeguard their systems, their assets, their people, their sites? How resilient are they? How resilient do they need to be?
Introducing the Resilient Virtual Organisation
Business resilience emerges through business, corporate and IT leaders deliberately working together across geographical, functional, business and decision-making boundaries to build an organisation that rebounds, adjusts quickly and resumes operations. Getting to that level of coordination, however, is a challenge, one that cannot be avoided. In this special report, Gartner tackles the issue of business resilience head-on by introducing a blueprint for what we call the resilient virtual organisation (RVO). The RVO — representing the intersection of resilience and virtual operations — is a business and organisational model that intentionally designs resilience into its business operations, security mechanisms, people selection, workplace development, communications networks, architecture, security measures, learning, collaboration, site selection, vendor evaluation and trading partner relationships. What's more, the RVO secures and protects virtually distributed operations, which typically lend agility to an organisation while simultaneously introducing new risks and points of vulnerability.
Simply put, the RVO is:
— Characterised by dispersed people, knowledge, systems and workspaces — Electronically integrated across employees, partners, buyers, suppliers, external sources and communities — Deliberately designed to adjust quickly to misfortune, shock or major change — Operating at full-speed, even in the face of adversity and caution
In developing the blueprint for the RVO, two conclusions emerged:
Business resilience requires risk analysis, investment and a supporting environment. Resilience can be sought in many areas and delivered in many forms. Enterprises must choose what they want to be resilient against — for instance, labour market fluctuations, loss of data in portable computers, destruction of buildings and systems, loss of executive leaders — and then aim their investment in resilience at those areas and practices that will yield the greatest value and protection. Determining where and how to invest in resilience involves several questions: How much would a given event cost in terms of business disruption, lost opportunities and loss of people or property? How likely is the event to occur? How much money will the business have to spend to protect itself against the event? Is the investment appropriate? Make no mistake, however. The risk management questions only provide guidelines for investment; they do not generate organisational resilience. Organisational resilience comes from preparation, culture, leadership, learning, trust and quality of people. Enterprises must choose why, where and when to invest time, money and energy into resilience, then back up those decisions with people, systems and settings that reinforce success.
Virtual business and virtual work require vigilant attention to resilience. Virtual modes of business, operations and work are taking hold far more quickly than senior executives might admit. Many enterprises become virtual without warning: People receive laptops, and suddenly they begin working from homes, hotels and conferences. Businesses expand into other states or countries, and suddenly hundreds of people are developing, discussing and completing their work through e-mail, telephones, Web sites, collaboration tools and videoconferencing. Businesses strike a deal with buyers and suppliers, and suddenly unauthorised people may peer into crucial data. In distributed business operations and virtual work arrangements — in which the traditional advantages of proximity, face-to-face interaction and clear identification are lacking — resilience becomes a critical requirement. Why? Because in virtual environments, so many potential sources of risk lie outside the control and sight of senior executives. Designing business resilience into virtual businesses and virtual work is not an optional exercise. It is a business imperative.
For more security reports from Gartner, visit gartner.com/security