Performing a BIA for AWS
What is a Business Impact Analysis?
A Business Impact Analysis (BIA) is a process to evaluate your critical assets and determine the effect of an interruption of services on each business unit and the organization as a whole. The results of a BIA will be used to inform your business continuity strategy. AWS says that the purpose of a BIA is, “A business impact analysis should quantify the business impact of a disruption to your workloads. It should identify the impact on internal and external customers of not being able to use your workloads and the effect that has on your business. The analysis should help to determine how quickly the workload needs to be made available and how much data loss can be tolerated…The probability of disruption and cost of recovery are key factors that help to inform the business value of providing disaster recovery for a workload.”
In an AWS environment, your assets aren’t always tangible. Your EC2 instances, DynamoDB, and S3 buckets are your assets, along with your people, processes, and even locations. The result of a BIA is a ranking of your most critical assets so that you can put more resources, budget, time, and energy to address business continuity strategies for those highly-impacted areas.
To learn more about resiliency in and of the cloud, visit the AWS documentation on recovery in the cloud.
When you are implementing a business continuity strategy for your AWS environment, one of the core principles in business continuity is to perform a Business Impact Analysis. This is the process of evaluating what your critical assets are. Assets are not always necessarily tangible – they can be your EC2 instances, your DynamoDB, your S3 buckets – but your assets are also broader than that. You have to think about your processes that you are using to monitor and maintain your AWS environment. This can include people, the processes that they follow to connect to your environment. Your locations are also assets. Where do your people do their work? Are they at the office? Are they at home? Can they work remotely from different locations? You have to consider those environments, then you consider the impact to those impacts. If one of those processes, locations, or systems in AWS became unavailable, then what would be the impact to your organization? Would it be a very critical program for it not to be available? Or would it be minimal impact to you? The other aspect of this that goes into a Business Impact Analysis (BIA) is how long can you go without having access to that S3 bucket, with that EC2 instance being down, without being able to connect to the AWS environment. How long can you go before you start feeling the effects of those capabilities not being available?
These are all things that you would document in your Business Impact Analysis and you would end up with a ranking of items. You would have things that are most critical – the things you could not do without, the things that would cost you money, the things that would hit your reputation, or cause other regulatory or compliance concerns – and you would rank those higher and, therefore, put more resources, budget, time, and energy to address business continuity strategies for those areas that are impacted. Look into the resources we have available for you for conducting a Business Impact Analysis because it is a very important process to go through in order to support your ultimate business continuity strategy.