IT is facing greater demand than ever for highly reliable disaster recovery plans at a time when budgets are tight. Now, companies are beginning to leverage their own internal data centers to provide a recovery capability (e.g., hot site). But does it make sense for your organization? Find out from business continuity expert, Damian Walch, Vice President of Consulting at T-Systems. Benefit from his focused insights on: • Why it may make sense to keep your disaster recovery facility in-house, and the benefits you can uncover. • What you, the decision maker, must consider when investigating internal recovery. • How you can perform a cost-benefit assessment on the internal recovery option. Mr. Walch also reveals the pitfalls you may encounter in moving to an internal recovery solution - and most importantly of course, how to avoid them. Damian shows you specific examples of problems that he has seen in the IT trenches, and addresses the technologies that can be used to facilitate the best recovery solution in your data center.
Regarding regulations, more and more industries have requirements for compliance. We’re all familiar with viruses, hackers and their ability to disrupt your on-line applications and your relationships with your suppliers and customers. Let’s talk about demand elasticity – If you experience one of these stressors, you now need to look beyond just information and IT. It’s essential to plan for internal and external communications – with employees, suppliers and customers. The impacts of these stressors can be enormous. Let’s turn to the next slide.
The Enterprise Business Continuity framework provides the disciplines necessary to integrate Business and IT capability in a structured manner, leveraging critical management processes to deliver results across the business. Governance provides the definition, clarity, and authoritative function for managing business continuity across the enterprise. Enterprise Risk management utilizes consistent process and procedures for identifying / mitigating / controlling / and monitoring all forms of corporate risk. Value Assurance provides the processes for measuring results – and the impact – of the EBCP across the enterprise. Company Culture is used as the guide for ensuring that the vision and goals of the corporation are incorporated into the EBCP strategy. Business Integration establishes the consistent process for identifying and managing the critical business processes that require protection, and delivers consistent results across the enterprise to centralize focus for continuous operations. Technology decisions require the integration business requirements and enterprise risk profile consideration to effective protect the corporate IT infrastructure. Program Execution provides the consistency that is required across the enterprise to ensure that the goals and objectives of the program are being realized. Standardizing plans, consolidating methods, and leveraging intellectual capital reuse greatly impacts the delivery of continuity and recovery across the business.
T he evolution of business needs and service capabilities has extended the requirement of continuity and recovery to a proactive plan for business availability and protection at the industry level, whereby the risk of an interruption has a systemic effect both inside and outside the enterprise. Top arrow depicts the evolution of data processing – from traditional glass house to virtual network computing. Business drivers will continue to extend business processes and their associated technology requirements for always available, network-centric access for products and services to clients and stakeholders. Key line items to focus on Technology base – from host to virtual computing Shortening of recovery time from days to seconds – or less! Extension of risk based profiles – from physical to informational Reactive response for fixing to proactive planning for prevention DR / IT planning to Continuity based, Business Process Management Bottom arrow – Effective approach to managing business continuity with disaster recovery capability – evolved from disaster recovery planning to business process management Question – Has your BC/ DR program followed the progression of your data processing growth? NOTE POTENTIAL FOR OUT OF SYNC CONDITION.
I will go more in depth during the facility tour about the chosen toolsets and their efficient operation. But I wanted to point out one of the keys to providing our Managed Services to our customers – it is called Micromuse. Micromuse provides the necessary integration between seemingly disparate pieces. It integrates software that monitors and manages IT infrastructure as well as Network infrastructure. It allows us to automatically set alarms and alert individuals, even through pager, to respond to an event that may be or is important to our customer environment.
How New Data Center Technologies Impact Recoverability Presented by: Damian Walch, CISA, CISSP, CBCP
Environmental Social Political Economic Technological
The Problem is Viewed “Narrowly” Business & IT Processes Technology Organization Facilities & Security Strategy Applications & Data
Business not linked to IT Strategy
Roles poorly defined… no ownership
Outdated, overly complicated processes
Processes didn’t cross LOBs
“ Shared Services” forgotten
Lack of standardization
No true redundancy
Supply Chain not covered
B/U components not maintained
Little geographic spread
Enterprise Business Continuity Framework Corporate Culture Position the corporate mission and values within the continuity and recovery program to ensure that the EBCP can adapt to business change Technology Solutions Identify and implement technology solutions to support business integration and availability to protect against interruptions and/or outages Governance Provide clarity, definition, and guidance for the EBCP at the Enterprise level to ensure that the initiatives are carried out Enterprise Risk Management Identify, mitigate, and control threats to the business in order to protect the enterprise in a consistent manner Business Integration Integrate all lines of business into the EBCP to provide end-to-end availability and protection of business process across the organization Quantify, track, and communicate the continuity and recovery value to the organization and ensure the EBCP investment is managed Value Assurance Manage the execution of the EBCP to ensure that the program is executing as designed and is providing a consistent approach throughout the enterprise Program Execution
Evolution of Service Delivery Time Productivity/Value Individual Data Centers e-Utility Consolidated Delivery Centers
Economies of Scale
H/W & S/W Standards
Resource on demand
Expand ASP Model
Evolution of Business Resilience Centralized Computing Distributed Computing
Characteristics of a Resilience physical security -- possibly biometrics in place E-mail recovery or replication solution is in place SPAM engine storage mirroring established for the highest priority (tier 1) applications automated process for restoring OS footprint on recovery platforms 24x7 monitoring of IDS logs SLA management (SLAM) tool implemented change management process that considers disaster recovery (each checkpoint) knowledge of risks and regulations that are required of functions patch management team disaster recovery process integrated with problem management and help desk processes application design process that is integrated with the business continuity process clear incident response and crisis management procedures tested firewalls, virus protection and intrusion detection is implemented and kept up-to-date all applications are properly assigned a "recovery tier" monitor the backups of all applications and platforms across the enterprise knowledge of which business processes supported by which applications SECURITY AVAILABILITY IT RECOVERY BUSINESS CONTINUITY