GKC Logo
Start a conversation
Back to Insights
digital resilienceobservability

Viable Resilience

Not every workload needs the same level of protection. Viable resilience means putting stronger controls where they matter most, without building a strategy your budget cannot sustain.

James Kennedy-Moffat

James Kennedy-Moffat

1 Apr 2026

LinkedIn

What does it really mean for an organisation to be resilient?

Resilient against the cold glare of a ransomware screen. Resilient against the moment you have to tell customers their data has been exposed. Resilient enough to know what is happening across applications, infrastructure, and services before uncertainty turns into disruption.

In our industry, we have become fluent in the language of digital resilience: role-based access, immutable backups, zero-trust postures, compliance matrices. But in the process, many organisations have started to treat resilience as if every workload, every data set, and every system must be protected at the same level.

That sounds rigorous. It is often financially unsustainable.

Where viable resilience begins

Not all data is equal. Not all systems deserve the same level of control. Not all workloads need the same seat at the table.

Yet many resilience strategies still treat them as though they do, as if a low-priority test log should receive the same treatment as a critical financial workflow or a sensitive health record. It is an attractive fiction, right up until the invoices arrive.

Viable resilience begins by accepting something many organisations are reluctant to say out loud: some things matter more than others.

Discernment: knowing what matters most

A workable resilience strategy starts with discernment.

It starts with the willingness to say:

  • this matters more than that
  • this system deserves deeper protection
  • this workload can tolerate a lighter approach
  • this data set belongs on the highest shelf, while another does not

That kind of prioritisation is not carelessness. It is maturity.

At GKC, we help clients do exactly that. It is a form of triage: methodical, respectful, and grounded in operational reality. It is not about telling people their data does not matter. It is about helping organisations understand that some data, systems, and business processes carry more risk and deserve more investment.

A pragmatic approach to digital resilience

Observability is a good example.

A platform like Splunk can deliver extraordinary value in the right parts of an environment. It is powerful, robust, and well suited to demanding operational and investigative use cases. But used indiscriminately as a catch-all destination for every log at full fidelity, it can become expensive very quickly.

That does not mean the answer is to avoid strong platforms. It means the answer is to use them deliberately.

In practice, a viable approach might look like this:

  • critical workloads feed into Splunk, where deep analytics and fast investigation matter most
  • less critical logs are directed to lower-cost platforms or open-source tooling that still provide meaningful visibility
  • federated search or linked access patterns are used so teams can still investigate across the estate when needed

The same principle applies to security. Not every system needs the same intensity of control. Advanced threat detection, continuous monitoring, and tighter privilege models should be concentrated where compromise would do the most damage. Lower-risk environments can still be protected well, but with a lighter-weight model.

This is not about cutting corners. It is about building layered, risk-based resilience that makes intelligent use of budget and attention.

It is not just technical. It is cultural.

This work is not only technical. It is cultural.

Leadership teams need to become comfortable with asymmetry. They need to be able to explain why stronger investment is being applied in one area and a more proportionate approach in another. They need language that makes sense to boards, regulators, finance leaders, and technical teams alike.

Otherwise, organisations end up with strategies that sound impressive in principle but collapse under cost, complexity, or internal resistance.

A resilience strategy that cannot be sustained is not resilient.

Building something that can actually hold

At GKC, we help clients shape a resilient posture that fits their real environment, their budgets, and their actual business risks.

That is what viable resilience means.

Still strong. Still serious. Still secure.

But also pragmatic enough to be built, operated, and maintained over time.

Continue the conversation

If this reflects the questions your team is working through, the next step does not have to be a sales process. It can start with a practical conversation about your environment.

Explore solutionsSee customer examplesTalk to an expert

Related reading

A few related pieces if you want to keep exploring the same questions.

digital resiliencecompliance

From Compliance to Confidence: The New Rules of Resilience

Digital resilience is shifting from a technical aspiration to a regulated business obligation. Here is what that change means, and why observability now matters at board level.

1 Apr 2026James Kennedy-Moffat
Read article
enterprise loggingsplunk

Why We Value Splunk for Enterprise Logging

Enterprise logging becomes most valuable when the answer is buried across a noisy, interconnected estate. Here is why Splunk remains such a strong platform for that reality.

1 Apr 2026James Kennedy-Moffat
Read article