The 4-Dimensional digital operational risk landscape

Insights January 30, 2023

    There are many ways of looking at problems and solutions. Digital operational risk problems are no different. However, many vendors have fallen in love with their solutions. Sometimes they think of it as the be-all-end-all for all business problems. The business problems may have multiple angles, with some aspects more apparent than others. To illustrate, let’s look at a simple stability problem. A single leg won’t stand on its own. It will fall. Two legs may stand but still won’t have the stability needed. Three legs provide you with minimum stability.

Similarly, Veritas AltaTM brings the three essential angles or pillars to stabilize digital operations. Data Protection, Application Resiliency and Data Governance & Compliance. Let us now dig deeper into each of these aspects.


Data Protection

            Traditional competitors of Veritas claim to tackle data protection and compliance both. In this section, let’s look at the Data Protection part, and we will discuss data governance and compliance in the dedicated section. A post-pandemic ESG survey said that most organizations anticipate spending more to implement long-term technology strategies that will provide a more flexible and resilient IT infrastructure in the event of future major business disruptions. Veritas brings that flexibility from various aspects, one being deployment options. Only Veritas has a true cloud-native container-based deployment model, which is the backbone of Veritas’ Cloud Scale Technology. The flexibility to use block and object storage in multi-cloud environments without losing efficiencies of deduplication is second to no one. Veritas has brought “For the object, by the object” protection to help curtail the risk of out-of-control costs in the cloud.

            Orchestration is also crucial for response to catastrophes of all sizes and magnitudes. Hardly any competitor goes beyond VMWare-to-VMWare and On-premise to On-premise failover and matches the level of integration Veritas brings to orchestrated recovery across different tiers and applications with varying tolerance for downtime.


Application Resiliency

    Application resiliency risk is looked at only from the data lens by most of the traditional data protection vendors. The argument that if data is available, infrastructure can be re-spun is often used to justify a Veritas competitor's focus on data resiliency alone.

            To some extent, this argument holds if you are looking at just one application working with just one datastore. However, the services in customers' environments are far more complex than this. Applications need infrastructure such as storage, network and, of course, the compute. These applications interact and depend on each other beyond the API integrations. Check this SAP HANA on Azure white paper to understand and appreciate the SAP HANA high availability, which is much more than just SAP database protection.

Often, service endpoints have server names identified by a name resolution service. Failure of the network can cause a service to be unavailable. In such a scenario, ensuring data is available does not ensure application availability. Application intelligence is needed to identify such issues and take corrective actions quickly in an automated fashion. Veritas’ customer base includes critical service-providing vendors, including airline industries, who can tolerate only 40 minutes of downtime during an entire year. There is a subtle difference between such failures and those invoking disaster recovery orchestration. Typically, service failure mitigations could be classified into two categories. High Availability covers keeping applications up and running in an operational and usable state by detecting problems and then handling those while a system is running. Here, the data could be very much intact, but the infrastructure making the data available is partially broken.  Disaster Recovery covers bringing up systems to an operational and usable state by detecting total system failure beyond repair in place and then recovering it from the last available consistent state of data on an alternate set of infrastructure in different data centers or clouds. Veritas Alta Shared Storage lets you manage various kinds of storage and enables cost-effective shared storage in the cloud. Veritas Alta Application resiliency provides monitoring and failover capabilities for the networking, storage, and replication resources that are associated with an application in the cloud. This is how Veritas Alta application resiliency brings high availability and disaster recovery within or across cloud.

Simply put, if you have a flat (tire), you put a donut in its place. You don’t replace the entire car!!


Data Compliance and Governance

            Vendors, especially Veritas’ traditional data protection competitors, often miscalculate the angle or the leg of digital compliance and governance. Some think having 40-plus data patterns and custom pattern definitions with two search methods, like regex and dictionary are enough to talk about sensitive data or compliance. The fact is digital compliance risks have manifested into much more profound and unseen problems, according to the 2021 Report on FINRA’s Examination and Risk Monitoring Program. The report says that while new Digital Platforms with interactive and “Game-Like” features may improve customers’ access to firm systems and investment products, they may also increase customer risks if not designed with the appropriate compliance considerations in mind. Well, who knew those message reactions also come under such monitoring requirements? That’s a rhetorical question. Veritas was aware of this requirement and built the capability for capturing these “reactions.” Especially with such vast amounts of data (which isn’t backed up by the way, not all of it), machine learning and artificial intelligence are not a nice-to-have but a must-have. Veritas Alta employs AI/ML in supervision and review capabilities to help responsible legal or para-legal get to the most relevant content quickly. Here, you can glimpse some of these communication platforms Veritas Alta supports.


Finally, remember that any claims of compliance are of no use in proving compliance or during legal proceedings if those are not defensible. Review audits and full-fidelity reviews are just a few of the extensive capabilities that distinguish Veritas Alta from traditional data protection competitors claiming compliance support in the same platform or product as data protection. Without such features, organizations are prone to compliance risk. Ask these competitors how many country-specific regulations they support and how many languages they can detect. Have they ventured into sentiment and intent analysis yet, or are they just scratching the surface? Digital compliance and governance is a space where a new player or vendor will need a lot of time and investment to come close to becoming a viable option for Veritas Alta. It is probably why one of the traditional competitors of Veritas gave up on the new service they were trying to build for this space and partnered with a relatively established player who claims to bring modern data visibility and control for the multi-cloud. At the same time, Veritas Alta is already making waves by adding features like guard rules to help make the digital compliance and governance autonomous. Guard rules can help avoiding non-compliance instead of first unknowingly committing non-compliance and then catching it via data observability and remediating it.


Underlying supply chain, the hidden dimension

            By now, you are wondering. The blog title talked about four-dimensional digital operational risk. Where is the fourth dimension? The three-leg stability picture does not reveal the surface on which the legs are resting. That’s the fourth dimension. It would not have been a factor if the surface had been constant forever. But in the digital dataverse, the underlying surface keeps changing. The supply chain has become one of the businesses' most talked-about risks. Digital operations are equally vulnerable to it. The elements the world thinks as “Too big or too stable to fail” have failed. We have seen cloud outages. Geo-political situations have closed country-wide footprints of food chains. Non-compliance to standards has caused a prominent baby formula supplier to shut down, creating a country-wide shortage. A simple software glitch has caused an outage to one-third of Canada, impacting emergency services. Keeping this in mind, hosting solutions only in one cloud isn’t safe.

            Many vendors have created cloud offerings besides born-as-cloud hyperscalers such as AWS or Azure. Customers who have significantly leveraged these vendors may want to continue the cloud journey with them for goodwill and financial benefits. But these infrastructure or hardware vendor clouds are missing critical use cases, applications, or must-have capabilities. Clouds born from database applications don’t have the upper stack of business applications. Vendors coming from storage or hardware have a similar issue along with not having the infrastructure and software which will work seamlessly across clouds. A report from Capgemini Research Institute says countries like Spain and UK believe their local cloud providers don’t match the innovation capabilities of the hyperscalers. Due to such reasons, large enterprise customer cloud footprint becomes fragmented and creates problems with their share of “shared responsibility.” In such situations, only Veritas Alta is positioned to offer that stressed exit, which is not just another term but is a requirement under one of the developing sets of regulations starting in the finance sector. For instance, the European Commission proposal for digital operational resilience defines ICT (Information and Communications Technology) concentration risk as “an exposure to individual or multiple related critical ICT third-party service providers creating a degree of dependency on such providers so that the unavailability, failure or other type of shortfall of the latter may potentially endanger the ability of a financial entity, and ultimately of the Union’s financial system as a whole, to deliver critical functions, or to suffer other type of adverse effects, including large losses.”



Being technology agnostic has been and still is in the Veritas DNA. Veritas Alta is cloud agnostic (ex. AWS, Azure or others), storage agnostic (DAS, NAS, Fiber, Cloud) and compute infrastructure agnostic (Physical, virtual, Hyper-Converged, container, cloud, multi-Operating-Systems). Hence, Veritas Alta can help meet these upcoming regulations. This “Alta view” from up top keeps digital operational risks in check instead of letting you wander beyond the point of no return.

            As a good practice, keep up to date with the upcoming regulations worldwide. Map those to your business by internal analysis while taking help from industry experts. Review the decisions you are taking today directionally to ensure there is always room for addressing supply chain risks with a small and quick change in direction instead of leaving what you are building and starting from scratch. Remember, starting from scratch may take forever. Expand this approach beyond the data to include technology, applications that process the data and the providers of underlying infrastructure running these applications. Think not two but three times before falling for the short-term discounts and advantages and tying your hands in the long run. Keep watching this space for more content and announcements related to this topic.

Anand Athavale
Senior Manager, Product Marketing
VOX Profile