Embed Size (px)
Citation preview
Business Continuity & Recovery Services
Business Resilience | November 17th, 2005 | R Gaddum © 2005 IBM Corporation
Achieving Business Resilience
Robin GaddumBC&RS UK,Ireland, South Africa Consulting Practice Leader
Business Continuity & Recovery Services
Business Resilience | Nov 2005 | R Gaddum © 2005 IBM Corporation
Introduction and Agenda
Drivers for Business Continuity Management
Types of risk and mitigation
The evolution of preparedness
Business Resilience explained
How IBM is supporting clients in achieving Business Resilience
Business Continuity & Recovery Services
Business Resilience | Nov 2005 | R Gaddum © 2005 IBM Corporation
We operate in an ever-changing world with ever-changing threats
TerrorismCyber AttacksBiological ThreatsEmployee Sabotage Industrial Espionage
RegulationDeregulation IncentivesLegal
Global MarketplacePartners/SuppliersDemand ElasticityM&A Activity
IT InfrastructureTechnology Adoption Innovation and Trends24x7 Expectations
Natural DisastersWorkplace IssuesNational Programs
EnvironmentalEnvironmentalEnvironmentalEnvironmental SocialSocialSocialSocial
PoliticalPoliticalPoliticalPolitical
EconomicEconomicEconomicEconomic
TechnologicalTechnologicalTechnologicalTechnological
Business Continuity & Recovery Services
Business Resilience | Nov 2005 | R Gaddum © 2005 IBM Corporation
In assessing risk, be sure to address more than high impact, low likelihood events as causes of outagesIn assessing risk, be sure to address more than high impact, low likelihood events as causes of outages
A/C FailureAcid LeakAsbestosBomb ThreatBomb BlastBrown OutBurst PipeCable CutChemical SpillCO FireCoffee MachineCondensationConstructionCoolant LeakCooling Tower LeakCorrupted DataDiesel GeneratorEarthquakeElectrical ShortEpidemic
EvacuationExplosionFireFloodFraudFrozen PipesHackerHail StormHalon DischargeHuman ErrorHumidityHurricaneHVAC FailureH/W ErrorIce StormInsectsLightningLogic BombLost Data
Low VoltageMicrowave FadeNetwork FailurePCB ContaminationPlane CrashPower Grid OutagePower OutagePower SpikePower SurgeProgrammer ErrorRaw SewageRelocation DelayRodentsRoof Cave InSabotageShotgun BlastShredded DataSick buildingSmoke DamageSnow Storm
Sprinkler DischargeStatic ElectricityStrike ActionS/W ErrorS/W RansomTerrorismTheftToilet OverflowTornadoTrain DerailmentTransformer FireUPS FailureVandalismVehicle CrashVirusWater (Various)Wind StormVolcano
Source: Contingency Planning Research, Inc.
Business Continuity & Recovery Services
Business Resilience | Nov 2005 | R Gaddum © 2005 IBM Corporation
It’s worth tackling higher likelihood, lower impact risks
Frequency ofOccurrences
Per Year
Consequences (Single Occurrence Loss) in Dollars per Occurrence
1,000
100
10
1
1/10
1/100
1/1,000
1/10,000
1/100,000
$1 $10 $100 $1,000 $10k $100k $1M $10M $100M
Virus
Worms
Disk Failure
Component Failure
Power Failurefreq
uent
infr
eque
nt
low high
Natural Disaster
Application Outage
Data Corruption
Network Problem
Building Fire
Terrorism/Civil Unrest
TRIVIAL
HIGH $IMPACT,
MUST ACT!
PRODUCTION ISSUES THAT ARE A BIG CONCERN!
Business Continuity & Recovery Services
Business Resilience | Nov 2005 | R Gaddum © 2005 IBM Corporation
Controls are applied in layers and it’s only when control failures align that disaster occurs
People
Process
TechnologyRisk is realised when an event
occurs and control failures in all layers
‘align’
Risks
As controls often lapse over time, many disasters
could be avoided with adequate
monitoring
Business Continuity & Recovery Services
Business Resilience | Nov 2005 | R Gaddum © 2005 IBM Corporation
The consequences of failure are high; are you ‘betting the farm’ without knowing it?
“40% of companies that go more than 24 hours without access to their data go out of business.”
Eagle Rock Alliance Ltd / Contingency Planning and Management survey
“93 percent of businesses that suffer more than 10 days of system downtime will file for bankruptcy within a year.”
National Archives & Records Administration, Washington
“Only 8% of companies test their IT continuity plans.”Department of Trade and Industry
Business Continuity & Recovery Services
Business Resilience | Nov 2005 | R Gaddum © 2005 IBM Corporation
Preparedness has evolved as infrastructures and business models have evolved
Centralized Computing
Distributed Computing
'60's - Early 80's
1. Mainframe model: centralized control, standardization, batch reporting
2. Focus: data center, internal stresses, very localized disruptions
3. IT: reactiveBusiness: none
4. Recovery Time in weeks
5. Mindset: insurance
Disaster Recovery
Mid - Late 80's
1. Midrange & client-server model: departmental computing, creativity, independence
2. Focus: satellite hubs, internal stresses, very localized disruptions
3. IT: reactive/noneBusiness:
reactive
4. Recovery Time in days
5. Mindset: insurance
Business Recovery
The '90's - 2000
1. Hybrid model: connectivity, data sharing cross-bu, re-standardization
2. Focus: enterprise I/S, internal/external stress, localized disruptions
3. IT: reactive Business: reactive
4. Recovery time in hours
5. Mindset: insurance
Business Continuity
Year 2001 - today
1. Virtualized model: extended supply chain, mobility, direct customer access
2. Focus: extended global I/S, internal/external stress, broad disruptions
3. IT: proactiveBusiness: proactive
4. Always up
5. Mindset: survival
Business Resiliency
Network Centric Computing
On-Demand Computing
Business Continuity & Recovery Services
Business Resilience | Nov 2005 | R Gaddum © 2005 IBM Corporation
What is Business Resilience?
Business Resilience is about . . .
The ability to recover and adapt The ability to recover and adapt
Protecting the enterprise Protecting the enterprise
Increasing competitive advantage Increasing competitive advantage
Rapid exploitation of opportunities Rapid exploitation of opportunities
Enabling proactive/preemptive management Enabling proactive/preemptive management
Effective management of complexity Effective management of complexity
The ability to rapidly adapt and respond to risks, as well as opportunities, in order to maintain continuous business operations, be a more trusted partner, and enable growth.
Business Continuity & Recovery Services
Business Resilience | Nov 2005 | R Gaddum © 2005 IBM Corporation
Business Resilience can support a range of client objectives in addition to Business Continuity
Security, privacyand data protection
Regulatory compliance
Continuity of business operations
Knowledge, expertise and skills
Market readiness
Integrated risk management
Business Resilience
Business Continuity & Recovery Services
Business Resilience | Nov 2005 | R Gaddum © 2005 IBM Corporation
A Holistic Approach to Resilience is required
Integration
RecoveryHardening
Redundancy
Accessibility
Flexibility
Autonomic Ops
Defensive Posture
Offensive Posture
Res
ilie
nce
STRATEGY
PROCESS
PEOPLE
APPLICATIONS & DATA
TECHNOLOGY
FACILITIES
Business Continuity & Recovery Services
Business Resilience | Nov 2005 | R Gaddum © 2005 IBM Corporation
Supporting pillars of resilience
Recovery
Security
Continuity
Availability
Scalability
Business Continuity & Recovery Services
Business Resilience | Nov 2005 | R Gaddum © 2005 IBM Corporation
Changing Dynamics of Business Continuity & Resilience
2000 2005
Source: Gartner Group
Ship to Site
Load Balanced(2+ Sites)
Ship to Site
High Availability
Warm Site &Mobile Recovery
Warm Site &Mobile Recovery
High Availability
Business Continuity & Recovery Services
Business Resilience | Nov 2005 | R Gaddum © 2005 IBM Corporation
IBM’s Data Protection Roadmap offers a range of solutions to match your recovery requirements and budget
Days Hours Minutes Immediate
HIGH
LOWLOW HIGHRecovery Objective
Costs vs. Value of Data
Costs Value of
Data
-
.
.
.
.
.
.
.Managed Media Services
Tape Recovery
Replication Services
(now a broader range)
High Availability
Vaulting
+
Business Continuity & Recovery Services
Business Resilience | Nov 2005 | R Gaddum © 2005 IBM Corporation
Business Resilience helps foster customer satisfaction and maximise efficiency
What It Means to Be “Resilient”
Flexible capacity for seasonal demand or step change in your organisation
Consistent, reliable, global service 24 hours a day, 365 days a year
Trusting, confident customers and suppliers
Supply chain visibility and adaptability, resilient infrastructure (even in change)
Dealing successfully with the unexpected; confident stakeholders
The Business Benefits
Scalability
Availability
Security
Continuity
Recovery
Business Continuity & Recovery Services
Business Resilience | Nov 2005 | R Gaddum © 2005 IBM Corporation
Example Engagements
End-to-end service resilience and recoverability assessment for a mobile network provider
Data centre strategy, business case development and implementation support for several large financial institutions
Data centre environment health check and remedial works (power, cabling, cooling), for a major UK insurance company
Resilient infrastructure programme for a UK County Council encompassing networks, security, storage and business continuity
Critical infrastructure analysis for one of the UK’s largest retail banks
Crisis Management Simulation Exercise for the EMEA Board of one of the largest US banks
Outsourcing for a large Scandinavian financial institution
Business Continuity & Recovery Services
Business Resilience | Nov 2005 | R Gaddum © 2005 IBM Corporation
IBM can help you achieve Business Resilience
Traditional Business Continuity Management / DR support
Self Guard, e.g. in-house solution support
Business Resilience consulting
In-depth technical consulting, including data centre, server and storage consolidation
General business consulting, including business process and operational risk
Security, including managed services and ethical hacking
Site Enablement Services (data centre builds, UPS, standby generators)
Crisis Response Team support
g
Risk Analysis
Business Impact
AnalysisRecovery
Capabilities
RecoveryStrategy
EnterpriseSolutionStudy
Business Continuity
Plan
IT Recovery
Plan
Run
Business Continuity & Recovery Services
Business Resilience | Nov 2005 | R Gaddum © 2005 IBM Corporation
Poole
Warwick
Walton
Bristol(2)Milton Keynes
ManchesterLeeds
Cumbernauld
Dublin
Belfast
Cork
Lille
Paris (8)Angers
Nantes
Biarritz
Barcelona (2)Madrid
Lisbon
Geneva
Milan
Ärhus
Oslo Stockholm
MainzPrague
Brussels
Warsaw
Roma
MontpellierPorto
Helsinki
Budapest
Athens
Copenhagen
Luxembourg
Almere
Zurich
Bucharest
Sofia
Wien
ZagrebLjubljana
Moscow
Izmir
Monaco
Peta-Tiqwa
A Global Reach
London (8)
Business Continuity & Recovery Services
Business Resilience | November 17th, 2005 | R Gaddum © 2005 IBM Corporation
Questions Robin [email protected]+44 (0) 1252 558181
Or Tom Walsh, IBM [email protected]+353 1 8154281
