Stack Attack: A Brief Guide to the IT Stack for BC Professionals

Business continuity professionals need a minimal grasp of IT concepts in order to do their jobs, but many BC pros are in a fog when it comes to IT terminology. In today’s post we’re going to talk about one IT concept that comes up frequently in the context of BC and IT disaster recovery, the IT stack. 

 

 

An Important Thing to Know 

Some people who work in business continuity management (BCM) have an expert-level knowledge of IT concepts and infrastructure.  

A larger number of BC pros seem to have only a fuzzy idea about these subjects even though they probably talk about them every day. 

One term that comes up often in business continuity is that of the IT stack. The IT stack includes the IT infrastructure (that is, the network, servers, and storage devices) as well as several additional elements. From the point of view of BCM professionals, the IT stack is the more relevant concept. 

Every BC professional needs at least a basic understanding of what is in the IT stack in order to do their job effectively.  

BC pros need this knowledge in the sense that they should have some familiarity with every department they are responsible for protecting, whether it’s sales, finance, manufacturing—or IT. 

However, their need to know about IT is even greater since the organization’s IT functions underlie the operation of every other department. 

Being knowledgeable about the IT stack enables the BC professional to understand the potential business impacts of technology outages and devise any workarounds that might be necessary.  

To help dispel some of the fog surrounding the concept, here is a brief primer of the IT stack, specially tailored to the needs of the BC professional. 

Summary of the IT Stack

The IT environment consists of layers of technology that are usually conceived as being arranged one on top of the other.  This is called the IT stack. 

The foundation of everything is the network, the web of wired and wireless information pathways that connect the various parts of the infrastructure, allowing them to move data back and forth to do work for the user or run processes for the organization. This is a mini stack of network devices and software. 

Next is the physical devices that make a computing environment work. These are the tangible devices such as network hardware, storage hardware, and server machines.  

Next comes the operating system, the OS. The OS controls the physical devices. The most common ones are Linux, Windows, and Mac OS. 

On top of that we have the databases, or DBs. The database is a mass of information in different categories, such as store names, addresses, costs, and purchases. 

Next come the applications or apps, which are the computer programs that incorporate business logic. Apps process data to perform tasks.  

Then comes the user interface or UI. This is what’s on the browser, the part you see on the screen. This is the part that looks pretty and allows the user to input commands and manipulate the application.   

There is one other element worth mentioning, though it exists to the side of those listed above. It’s data protection capability. Without data protection, everything else is meaningless. Two types of data protection are backups (making a copy of the data as it exists at a certain point in time and storing it offsite, to limit data loss) and replication (copying data between like infrastructure components for quicker recovery and less data loss).  

Incidentally, there’s one very large IT stack that is used by everyone but which is known to us by another name. That stack is the cloud, which is made up of all the components noted above. 

The terms defined above are routinely used in talking about all aspects of business continuity and IT disaster recovery (IT/DR). By having a clear understanding of them, the BC professional will be able to participate in these discussions with greater confidence.  

More Knowledge Equals More Effectiveness 

BC professionals do not need to have a detailed understanding of the IT stack; however, a clear grasp of the concept is necessary for the BC pro to effectively carry out the duties of the role.  

The IT stack is made up, going from the bottom up, of the hardware, the operating system, databases, apps, the UI, and the network, with data protection comprising an additional element off to one side. By gaining a clear grasp of these components, the BC pro will be able to carry out the IT-related aspects of the role with greater confidence and effectiveness. 

Further Reading

For more information on the IT stack and other hot topics in BC and IT disaster recovery, check out these recent posts from MHA Consulting and BCMMETRICS: 

About
Richard Long
Richard Long is one of MHA’s practice team leaders for Technology and Disaster Recovery related engagements. He has been responsible for the successful execution of MHA business continuity and disaster recovery engagements in industries such as Energy & Utilities, Government Services, Healthcare, Insurance, Risk Management, Travel & Entertainment, Consumer Products, and Education. Prior to joining MHA, Richard held Senior IT Director positions at PetSmart (NASDAQ: PETM) and Avnet, Inc. (NYSE: AVT) and has been a senior leader across all disciplines of IT. He has successfully led international and domestic disaster recovery, technology assessment, crisis management and risk mitigation engagements.
sample threat and risk assessment