IT-Centric Disaster Recovery & Business Continuity

1,967 views
1,815 views

Published on

This presentation was delivered to the Business Resumption Planners Association of Chicago meeting on 3/11/2010.

IT leaders who assume responsibility for their firm's DR/BC efforts need to understand how to build a cross-organization strategy that transcends IT organizational boundaries. In the presentation, we discuss the need for IT leaders to reach across the aisles to work with Line-of-Business leaders, and present a six-step framework on how to accomplish a cross-business IT-centric strategy.

1 Comment
0 Likes
Statistics
Notes
  • Great presentation. A lot of work went into your work.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total views
1,967
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
112
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

IT-Centric Disaster Recovery & Business Continuity

  1. 1. IT-Centric Business Continuity: Aligning IT with Business Needs Steve Susina March 11, 2010
  2. 2. IT / Business Balance - GAP IT Leadership LOB Leadership Knowledge of IT Systems Understanding The Business Laurus Technologies Confidential
  3. 3. Business Continuity: More than Simply an IT Initiative, Why? Executive Responsibility • Organizational leaders are being held increasingly legally responsible for the well being of their organizations Regulation & Compliance • The Board of Directors and enterprise executives, not just IT executives, are responsible for compliance (SOX, GLBA, Patriot Act, OSHA, EPA, HIPPA, etc.) Data Center is Only a Piece of the Puzzle • There are separate risks that need to be considered other than loss of the data center What Do We Do While IT is Not Operational? • Technology recovery does not address or prioritize the business requirements needed to sustain an organization’s continuing operational issues after or during a disaster Enterprises are realizing that each operational unit needs to take ownership and participate in the planning. 3 Laurus Technologies Confidential
  4. 4. Contingency Planning: Why Plan for an Incident? To STAY IN BUSINESS To ensure that your business continues to serve its stakeholders To ensure that your business meets its business objectives To ensure your enterprise is not critically impacted by an incident (or disaster) 4 Laurus Technologies Confidential
  5. 5. Business Continuity vs. Disaster Recovery Business Continuity Planning (BCP): Focus is on planning for recovery strategies that address continuity of the greater business under a variety of risk scenarios, inclusive of the loss of data center services Disaster Recovery Planning (DRP): Focus is on planning for the restoration of data center services (technology recovery) Disaster Recovery focuses on data center restoration. Business Continuity centers on maintaining business process. 5 Laurus Technologies Confidential
  6. 6. Why are IT Leaders Spearheading these Efforts? > Their role is often central to all business processes > They have more exposure to contingency planning than many other departments because of their natural thought processes toward data and systems recovery/ redundancy 6 Laurus Technologies Confidential
  7. 7. What Happens When Contingency Planning is Thrown to IT Leadership? > IT Leadership can determine a strategy in a vacuum and take a Disaster Recovery (DR) approach without much analysis of the business needs OR > IT Leadership can involve the business to determine a comprehensive Business Continuity (BC) plan and strategy There is a role for IT Leaders in BCP. We call this IT-Centric Business Continuity. 7 Laurus Technologies Confidential
  8. 8. IT-Centric Business Continuity: The Middle Ground Addresses restoration of Mission Critical IT Infrastructure, LINKED TO … The Continuation of Mission Critical Processes when a data center is lost 8 Laurus Technologies Confidential
  9. 9. The Planning Continuum 9 Laurus Technologies Confidential
  10. 10. Step 1: Business Objectives Start with Business Discussions > Each business is different; identify the stakeholders (internal business units, customers, shareholders, etc.) > Are there any overlying principles/regulations in the organization? > Meet with business departments; determine what their needs and objectives are > What are their mission critical functions? > RPO/RTO basis for successful solution IT Leader Role: Provide Systems Lists as a Basis for Discussion 10 Laurus Technologies Confidential
  11. 11. Step 2: Inventories & Process Mapping Involve all critical parts of the organization > Start with systems lists and equipment inventories as a basis of discussion > Determine/map key processes for critical business functions and determine their reliance upon data center services > Revenue generating processes, those that support revenue generation, or those that involve compliance initiatives typically receive priority > IT, Finance, other primary business units > Legal - regulatory and contractual obligations > Help Desk - use patterns, customer expectations > Each business unit/department uses data differently IT Leader Role: Facilitate business process discussions 11 Laurus Technologies Confidential
  12. 12. Step 3: Business Risk & Impact Analysis What is the impact of critical risks? > Determine impact in terms of business interruption (number of days) and in financial terms > Some analyses are Qualitative (general estimate of loss) and others Quantitative (analytical measurement of loss) > The key is getting to consensus around priority of systems, and realistic recovery requirements so that a contingency planning strategy can be developed in terms of RTO and RPO. IT Leader Role: Facilitate impact analysis 12 Laurus Technologies Confidential
  13. 13. Step 4: Strategy Development Overall - Avoid Complexity > Strategy must meet the business criteria > Business owners often uninterested in technology > Transparency and clarity for intended audience; speak in terms of business (restoration of business processes to serve stakeholder needs) > At the end of the day, …. this is really about a risk trade-off between the cost of implementing a mitigation/contingency strategy vs. the cost of business losses > Money spent <= potential loss > What is the right strategy in terms of RTO, RPO, ? IT Leader Role: Use business requirements to develop a strategy for IT service restoration. 13 Laurus Technologies Confidential
  14. 14. Strategy Development: (Tends to be biggest Contributor to the Gap) Know your data > Don’t replicate too much > What is actually useful after restoration? > Don’t miss critical data > Including supporting data > Business owns data > Business owners know the data they need > Business owners know when they need the data > Business justifies cost. 14 Laurus Technologies Confidential
  15. 15. Strategy Development: Cost Justification TCO < cost of downtime/data loss > Typical solution tens of thousands to millions of dollars > As RPO & RTO approaches zero, costs grow exponentially Figure 2: Disaster Recovery Strategy Relationship of Time, Risk & Cost 15 Laurus Technologies Confidential
  16. 16. Step 5: Continuity / Recovery Plan Development The Plan is a living, dynamic process designed to guide the organization through its recovery and contingency efforts This must address: > Strategy > People > Communications > Policies & Processes > Data > Systems, Equipment & Facilities IT Leader Role: Sponsor the development of the plan; develop the details of the IT portion of the plan. 16 Laurus Technologies Confidential
  17. 17. Step 5: Continuity / Recovery Plan Development Communication is key > Disaster declaration > Communications with employees, press, customers, vendors, etc. > Status updates, milestones, etc. Standards & Procedural Documentation > Process owners are required for each business function > Exercising BC Plan is high stress; increased likelihood of success if processes are documented & understood > Develop standards for acceptable restoration > What are the interim business procedures for operations awaiting the restoration of their IT services? Note that Business leaders need to develop their own procedures. 17 Laurus Technologies Confidential
  18. 18. Step 6: Testing, Audit and Maintenance Exercise the Strategy & Plan > Validation is key > If you haven’t tried it, it won’t work > If you can’t try it, it’s not a good solution Account for Changes > Are the critical business processes, workflows or systems changing? > Are the people changing? > Are the risks and impacts the same? > Is the strategy out of date?; (capacity for growth; data never shrinks) > Is the plan reflective of these dynamics and is it maintained in an area that itself is safe from a disaster? 18 Laurus Technologies Confidential
  19. 19. Result of IT-Centric DR/BC Disasters Keeping The IT Infrastructure Averted! Business Running Laurus Technologies Confidential
  20. 20. The Laurus Advantage: Our Technical & Engineering Team Consultants & Engineers Steady and Substantial fill our ranks Revenue Growth Technical Experts Support Staff 20 2 2 2 2 2 2 2 2 2 00 001 002 003 004 005 006 007 008 009 Account Teams Laurus Technologies invests to build and retain the best team of consultants and engineers in the industry. 20 Laurus Technologies Confidential
  21. 21. Laurus Technologies: Ta len Aligned to meet your needs IT tS olu Consulting t ion s- Business ( IT Applications Re - ERP Optimization cru - Master Data Services itin - SAP & Oracle Consulting g, Sta f fA Managed Services ug me - e-Mail Hosting - Data Center Outsourcing nta - Managed Backup - Managed Security Services t ion - Managed Storage - Remote Infrastructure Management ,C on tra Systems Integration ct - Assessment Services - Applications Services fo rH - Integration Services - Datacenter TCO ire - Archiving / Data Deduplication - Consolidation & Capacity Planning ) - Support Services - Virtualization (Server, Desktop & Storage) - System Architecture & Design - Business Continuity/Disaster Recovery - PMO Services - Performance Tuning Laurus Technologies Confidential Laurus Technologies - Proprietary & Confidential 12/17/2009
  22. 22. Questions and Answers Thank You! For further information contact: Steve Susina ssusina@laurustech.com 1.877.LAURUS.1 (1.877.528.7871) 22 Laurus Technologies Confidential
  23. 23. 23 Laurus Technologies Confidential

×