Managing Risk Achieving Security and Resiliency with IBM Theodor Stanescu Dennis van Hees April, 28 th 2010
Agenda <ul><li>Why does business resilience matter? </li></ul><ul><li>How to identify risks to your business </li></ul><ul><li>How can IBM help? </li></ul><ul><li>Why IBM? </li></ul>
71% Percent of CIOs that rank risk one of their top 3 business priorities 54% Growth in annual storage shipments to meet explosion of data 500+ Percent increase seen last year in Web links that can harm your company
Resilience optimization is balancing the financial impact of risk and the solution cost. Resilience … rapidly adapt and respond to risks, as well as opportunities, in order to maintain continuous business operations, be a more trusted partner, and enable growth. (IBM BCRS Organization) Optimization (general) “… an act, process, or methodology of making something (as a design, system, or decision) as fully perfect, functional, or effective as possible” (Merriam – Webster Online Dictionary) Resilience optimization (RO) “ An approach to helping a business find, attain and sustain an appropriate balance between the costs of providing resilience and the business value of that resilience” (IBM Business Continuity and Resiliency Organization)
And … the world is riskier than it used to be. <ul><li>Changing environment </li></ul><ul><li>Expanding risk exposures </li></ul><ul><li>Increased global and regional </li></ul><ul><li>Interdependencies </li></ul><ul><li>Supply chain disruption </li></ul><ul><li>More complex regulations </li></ul><ul><li>Changing industry and regulatory standards </li></ul><ul><li>Geographic dispersal requirements </li></ul><ul><li>Varying regulations per country </li></ul><ul><li>Heightened impact of business disruption </li></ul><ul><li>Greater financial implications of downtime </li></ul><ul><li>Brand vulnerabilities </li></ul><ul><li>Data integrity requirements </li></ul><ul><li>Impact of coping with the financial turmoil </li></ul><ul><li>Loss of critical personnel </li></ul><ul><li>Loss of key knowledge </li></ul><ul><li>Reduction in attention to significance of risk </li></ul><ul><li>Reduction in testing recovery plans </li></ul>Disaster recovery and business continuance can be one of the top IT spending priorities for many businesses.
While reducing costs is essential in today's economic climate, it’s also essential to not unknowingly take on too much risk. <ul><li>Smart is: “The right risk at the right price” </li></ul><ul><li>Understanding the potential loss associated with the level of risk being assumed </li></ul><ul><li>Understanding the costs associated with the mitigation solutions employed to deal with the selected level of risk </li></ul><ul><li>Selecting the mitigation solutions consistent with the level of potential loss </li></ul><ul><li>Selecting the optimum architecture for the mitigation solutions </li></ul><ul><li>Optimized resilience can help reduce costs to the business </li></ul>Potential risk cost elements <ul><li>Loss avoidance </li></ul><ul><li>High risk capital allocation position </li></ul><ul><li>Maintain credit rating </li></ul><ul><li>Fine and penalty avoidance </li></ul><ul><li>Maintain customer confidence </li></ul><ul><li>Maintain social responsibility </li></ul><ul><li>Cost avoidance </li></ul>Types of mitigation solutions <ul><li>IT resilience architecture </li></ul><ul><li>IT service delivery topology </li></ul><ul><li>People and processes </li></ul><ul><li>Work place strategy </li></ul><ul><li>Data and information protection </li></ul><ul><li>Regulatory compliance </li></ul>Total costs associated with risk and mitigation Optimum resilience risk balance Resilience optimization Lower Level of resilience Costs resulting from risk loss events Costs of all mitigation solutions employed Higher Higher
Business resiliency can provide near-term cost efficiencies as well as strong, long-term returns on investment. <ul><li>The right business resiliency strategy can help you: </li></ul><ul><li>Mitigate risk </li></ul><ul><ul><li>Avoid the costs of downtime, brand damage and market share lost to competitors, and reduce the financial impact from business disruptions </li></ul></ul><ul><li>Protect brand and revenue </li></ul><ul><ul><li>Properly assessing the threats to your IT infrastructure, their potential business impact and your tolerance for risk can help you plan a realistic strategy </li></ul></ul><ul><li>Protect capital </li></ul><ul><ul><li>Analyzing cost tradeoffs can help you avoid unnecessary investment </li></ul></ul><ul><li>Reduce costs </li></ul><ul><ul><li>Resiliency solutions can help protect you from failed restores and lost data </li></ul></ul><ul><li>Improve service </li></ul><ul><ul><li>You can better align a resilient infrastructure to the needs of your business to maintain service level agreements based on your tolerance for risk </li></ul></ul>
Not all risks are created equal… Frequency of occurrences per year Frequent Infrequent Consequences (single occurrence loss) in dollars per occurrence Low High Viruses Worms Disk failures System availability failures Pandemics Natural disasters Application outages Data corruption Network problems Building fires Terrorism/civil unrest Data driven Event driven Business driven Regulatory compliance Workplace inaccessibility Failure to meet industry standards Regional power failures Governance Source: IBM Data growth Long term preservation Mergers and acquisitions New products Marketing campaigns Audits
Once risks are understood, an appropriate resilience strategy can be developed. Accept Accept the risk An exposure is deemed acceptable to the business Mitigate Mitigate the risk Strategy required and implemented to reduce risks Transfer Transfer the risk When it is more cost-effective to transfer to another entity (such as insurance, leaseback or outsource)
We can help you realize significant financial impacts and improvements in recovery service-level performance. Reactive Helps identify, quantify, and prioritize business and IT risks, then develop strategies and implement designs to address those risks Helps eliminate the impact of disruptive events with IT and work area recovery Helps balance workloads and reduce application, data and system loss Advisory Proactive Responsive IBM Resiliency Consulting Services IBM Managed Resiliency Services IBM Infrastructure Recovery Services
IBM Business Continuity and Resiliency Services provide end-to-end, comprehensive solutions to help keep your business operating. IBM Managed Resiliency Services IBM Infrastructure Recovery Services IBM Resiliency Consulting Services LEVEL OF ENGAGEMENT SERVICES CONTINUUM ADVISE RECOVER MANAGE LEVEL OF RESILIENCY
We help globally deliver resilience solutions through resiliency centers and delivery and consulting experts around the globe. <ul><li>A unique infrastructure and skill set designed for flexibility and responsiveness in a disaster situation, from simple to complex environments </li></ul><ul><li>Support for over 12,000 clients with over 15,000 contracts </li></ul>Our depth and breadth of resources include: <ul><li>A business model based on risk and syndication of resource at a machine level </li></ul><ul><li>Options for dedicated or limited shared resource </li></ul><ul><li>Successful support for over 750 client recoveries. </li></ul>
IBM’s Global Delivery model includes the following elements to meet our clients’ requirements and mitigate risks: <ul><li>Flexible delivery alternatives in each location </li></ul><ul><li>Multisite solution spanning multiple time zones, allowing “follow the sun” without a night shift: </li></ul><ul><ul><li>24x7 support for mission-critical applications and enabling infrastructure </li></ul></ul><ul><ul><li>24x7 testing for applications that need to quickly move into production </li></ul></ul><ul><ul><li>Work-day overlap between countries </li></ul></ul><ul><li>Multisite solution in different economic zones, helping mitigate the effects of: </li></ul><ul><ul><li>Wage inflation </li></ul></ul><ul><ul><li>Currency risk </li></ul></ul><ul><ul><li>Political and economic uncertainty </li></ul></ul><ul><li>Parallel and faster ramp-up, delivering savings more quickly </li></ul><ul><li>Access to the world’s largest experienced services skill pool, with extensive industry and technology expertise, in 173 countries worldwide </li></ul><ul><li>Access to the world’s largest business consulting and research organization </li></ul><ul><li>Multilanguage support with native speakers across the globe (English, French, Dutch, Portuguese, Spanish, Chinese, etc.) </li></ul>
IBM’s global network of business process outsourcing and transformation delivery centers meets clients’ diverse, growing needs Edmonton Calgary Tulsa Lenexa Dallas Houston Costa Rica Bogotá Buenos Aires Hortolandia Nashville Atlanta Greenville Durham Lexington Endicott St. John Montreal Markham Toronto Greenock Rotterdam Newcastle upon Tyne Dublin Paris Bratislava Lisbon Budapest Athens Stockholm Krakow Chandigarh Calcutta Pune De lhi/Mu mbai Bangalore Manila Brisbane Shanghai Okinawa Tokyo Dalian Finance and administration Procurement Human resources Customer r elationship m anagement Industry-specific In plan
IBM delivers application services seamlessly through delivery centers leveraging IBM’s infrastructure, processes, tools and skilled resources Edmonton Guadalajara Mexico City San Jose Caracas Lima Asuncion Montevideo Buenos Aires Martinez Capetown Johannesburg Toronto Madrid Barcelona Eastern European sites Vilnius (Lithuania) Bucharest (Romania) Prague (Czech Republic) Szekesfehervar (Hungary) India sites Bangalore Pune Kolkata Chennai Hyderabad Delhi/Gurgaon China sites Dalian Shanghai Shenzhen Perth Adelaide Ballarat Melbourne Brisbane Sydney Canberra Ho Chi Minh Metro Manila Tokyo Brazil sites Hortolandia Sao Paulo Sao Salvadore Rio de Janeiro Nova Lima Strategic Regional Application Services Global Delivery Center (GDC) Calgary Vancouver Hanoi
IBM delivers high-quality infrastructure services to our clients from four hub countries - chosen because they optimize cost, skills, consistency of methodology and cross-functional delivery support Argentina sites Martinez Catalinas Urquiza Brazil sites Hortolandia Sao Paulo Rio de Janeiro India sites Bangalore Pune Delhi Gurgaon Hyderabad China sites Shanghai Dalian Shenzhen
Each region also supports a network of global and regional infrastructure delivery sites for the flexibility that clients expect North America sites Atlanta (2) Ashburn Boulder Chicago Columbus Dallas Lexington Los Angeles Miami Canada Calgary Toronto Montreal Sterling Forest Gaithersburg Mexico City Bogotá Santiago Caracas Hortolandia Sao Paulo Montevideo Buenos Aires Brno Dublin London Paris Madrid Lisbon Turin Szekesfehervar Copenhagen Johannesburg Dubai Hong Kong Taipei Shanghai Tokyo Seoul Singapore Ballarat Melbourne Canberra Auckland Wellington Sydney Europe sites Mechelen/Nossegem Montpelier Milan (2) Ehningen Frankfurt Kista/Solna Winterthur Portsmouth/The Nest Warwick India sites Bangalore Chennai Hyderabad Japan sites Haga Sagmino Kawasaki Makuhari Nanko Mitaka Mihama Shenzhen Service Delivery Center e-business Hosting Services (e-bHS) Business Continuity and Recovery Services (BCRS) EMEA Regional Global Delivery Center (GDC) Global Delivery Center Newark Poughkeepsie Raleigh Rochester San Jose Secaucus Southbury Sterling St. Louis United States
Business resilience from IBM: helping you reduce risk and optimize opportunities. A golf association protects over 500 gigabytes of mission-critical data every day via cloud computing using our business continuity and resiliency services; this includes over four million membership records and more than 150,000 daily e-mails. A leading UK-based metals trading exchange worked with IBM to design and deploy a fully dedicated, supplemental trading facility capable of 100 percent business continuity as a work area recovery site, saving the firm millions of dollars in trading losses and downtime costs in the event of a disaster.
Business resilience from IBM: helping you reduce risk and optimize opportunities. (continued) A European healthcare company was able to cut recovery times down to 10-20 minutes and ensure near around-the-clock availability by leveraging business continuity and resiliency services from IBM. We helped the Austrian government determine the potential business impact of a three-day outage (which was assessed at $US332,813) and then implemented the right resiliency plan to help avoid an outage.
Why IBM: We leverage extensive, global experience. <ul><li>Our unparalleled experience includes: </li></ul><ul><li>More than 40 years of business continuity and disaster recovery experience. </li></ul><ul><li>More than a decade of successful customer recoveries and crisis management experience. </li></ul><ul><li>More than 10,000 disaster recovery clients. </li></ul><ul><li>More than 3,400 information protection clients with over 42 petabytes of data under management. </li></ul>
Why IBM: We provide broad solution capabilities. <ul><li>We can address your unique needs through: </li></ul><ul><li>Our global resiliency centers, which are designed for multivendor environments, and provide support for more than 200 hardware and software vendors, including HP, Sun Microsystems, Cisco and our own IBM products. </li></ul><ul><li>Proven business process and technology expertise to help you design and implement the right solution for your business. </li></ul>
Thank you for your time today. <ul><li>For more information, visit: </li></ul><ul><li>ibm.com /services/continuity </li></ul>Contact: <ul><li>Dennis van HEES, Business Development Executive </li></ul><ul><li>E-mail: [email_address] </li></ul><ul><li>Theodor STANESCU, Strategy and Architecture Services Manager </li></ul><ul><li>E-mail: [email_address] </li></ul>
Trademarks and notes <ul><li>IBM Corporation 2010 </li></ul><ul><li>IBM, the IBM logo, ibm.com, System i and System p are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with the appropriate symbol (® or ™), these symbols indicate US registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “ Copyright and trademark information ” at www.ibm.com/legal/copytrade.shtml </li></ul><ul><li>Adobe, the Adobe logo, PostScript, the PostScript logo, Cell Broadband Engine, Intel, the Intel logo, Intel Inside, the Intel Inside logo, Intel Centrino, the Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, IT Infrastructure Library, ITIL, Java and all Java-based trademarks, Linux, Microsoft, Windows, Windows NT, the Windows logo, and UNIX are trademarks or service marks of others as described under “Special attributions” at: http://www.ibm.com/legal/copytrade.shtml#section-special </li></ul><ul><li>Other company, product and service names may be trademarks or service marks of others. </li></ul><ul><li>References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates. </li></ul>BUP03005-USEN-03