it-centric disaster recovery & business continuity
DESCRIPTION
This presentation was delivered to the Business Resumption Planners Association of Chicago meeting on 3/11/2010. IT leaders who assume responsibility for their firm's DR/BC efforts need to understand how to build a cross-organization strategy that transcends IT organizational boundaries. In the presentation, we discuss the need for IT leaders to reach across the aisles to work with Line-of-Business leaders, and present a six-step framework on how to accomplish a cross-business IT-centric strategy.TRANSCRIPT
IT-Centric Business Continuity: Aligning IT with Business Needs
Steve SusinaMarch 11, 2010
Laurus Technologies Confidential
IT / Business Balance - GAPIT / Business Balance - GAP
IT Leadership LOB Leadership
Knowledge of IT Systems Understanding The Business
Laurus Technologies Confidential
Business Continuity:More than Simply an IT Initiative, Why?Business Continuity:More than Simply an IT Initiative, Why?
Executive Responsibility• Organizational leaders are being held increasingly legally responsible
for the well being of their organizationsRegulation & Compliance• The Board of Directors and enterprise executives, not just IT
executives, are responsible for compliance (SOX, GLBA, Patriot Act, OSHA, EPA, HIPPA, etc.)
Data Center is Only a Piece of the Puzzle• There are separate risks that need to be considered other than loss of
the data centerWhat Do We Do While IT is Not Operational? • Technology recovery does not address or prioritize the business
requirements needed to sustain an organization’s continuing operational issues after or during a disaster
3
Enterprises are realizing that each operational unit needs to take ownership and participate in the planning.
Laurus Technologies Confidential
Contingency Planning:Why Plan for an Incident?Contingency Planning:Why Plan for an Incident?
To STAY IN BUSINESSTo ensure that your business continues to serve its stakeholders
To ensure that your business meets its business objectives
To ensure your enterprise is not critically impacted by an incident (or disaster)
4
Laurus Technologies Confidential
Business Continuity vs. Disaster RecoveryBusiness Continuity vs. Disaster Recovery
5
Disaster Recovery Planning (DRP):Focus is on planning for the restoration of data center services (technology recovery)
Business Continuity Planning (BCP):Focus is on planning for recovery strategies that address continuity of the greater business under a variety of risk scenarios, inclusive of the loss of data center services
Disaster Recovery focuses on data center restoration.Business Continuity centers on maintaining business process.
Laurus Technologies Confidential
Why are IT Leaders Spearheading these Efforts?Why are IT Leaders Spearheading these Efforts?
> Their role is often central to all business processes
> They have more exposure to contingency planning than many other departments because of their natural thought processes toward data and systems recovery/ redundancy
6
Laurus Technologies Confidential
What Happens When Contingency Planning is Thrown to IT Leadership?What Happens When Contingency Planning is Thrown to IT Leadership?
> IT Leadership can determine a strategy in a vacuum and take a Disaster Recovery (DR) approach without much analysis of the business needs
OR> IT Leadership can involve the business to
determine a comprehensive Business Continuity (BC) plan and strategy
7
There is a role for IT Leaders in BCP.We call this IT-Centric Business Continuity.
Laurus Technologies Confidential
IT-Centric Business Continuity:The Middle GroundIT-Centric Business Continuity:The Middle Ground
Addresses restoration of Mission Critical IT Infrastructure, LINKED TO …
The Continuation of Mission Critical Processes when a data center is lost
8
Laurus Technologies Confidential
The Planning ContinuumThe Planning Continuum
9
Laurus Technologies Confidential
Step 1: Business ObjectivesStep 1: Business Objectives
Start with Business Discussions> Each business is different; identify the stakeholders
(internal business units, customers, shareholders, etc.)
> Are there any overlying principles/regulations in the organization?
> Meet with business departments; determine what their needs and objectives are
> What are their mission critical functions?
> RPO/RTO basis for successful solution
10
IT Leader Role: Provide Systems Lists as a Basis for Discussion
Laurus Technologies Confidential
Step 2: Inventories & Process MappingStep 2: Inventories & Process Mapping
Involve all critical parts of the organization> Start with systems lists and equipment inventories as a basis of
discussion
> Determine/map key processes for critical business functions and determine their reliance upon data center services
> Revenue generating processes, those that support revenue generation, or those that involve compliance initiatives typically receive priority
> IT, Finance, other primary business units
> Legal - regulatory and contractual obligations
> Help Desk - use patterns, customer expectations
> Each business unit/department uses data differently
11
IT Leader Role: Facilitate business process discussions
Laurus Technologies Confidential12
What is the impact of critical risks?> Determine impact in terms of business interruption (number
of days) and in financial terms
> Some analyses are Qualitative (general estimate of loss) and others Quantitative (analytical measurement of loss)
> The key is getting to consensus around priority of systems, and realistic recovery requirements so that a contingency planning strategy can be developed in terms of RTO and RPO.
Step 3:Business Risk & Impact AnalysisStep 3:Business Risk & Impact Analysis
IT Leader Role: Facilitate impact analysis
Laurus Technologies Confidential13
Step 4:Strategy DevelopmentStep 4:Strategy Development
Overall - Avoid Complexity> Strategy must meet the business criteria
> Business owners often uninterested in technology
> Transparency and clarity for intended audience; speak in terms of business (restoration of business processes to serve stakeholder needs)
> At the end of the day, …. this is really about a risk trade-off between the cost of implementing a mitigation/contingency strategy vs. the cost of business losses
> Money spent <= potential loss
> What is the right strategy in terms of RTO, RPO, ?
IT Leader Role: Use business requirements to develop a strategy for IT service restoration.
Laurus Technologies Confidential
Strategy Development:(Tends to be biggest Contributor to the Gap)Strategy Development:(Tends to be biggest Contributor to the Gap)
Know your data> Don’t replicate too much
> What is actually useful after restoration?
> Don’t miss critical data
> Including supporting data
> Business owns data
> Business owners know the data they need
> Business owners know when they need the data
> Business justifies cost.
14
Laurus Technologies Confidential
Strategy Development:Cost JustificationStrategy Development:Cost Justification
TCO < cost of downtime/data loss> Typical solution tens of thousands to millions of dollars
> As RPO & RTO approaches zero, costs grow exponentially
15
Figure 2: Disaster Recovery Strategy
Relationship of Time, Risk & Cost
Laurus Technologies Confidential
Step 5: Continuity / Recovery Plan DevelopmentStep 5: Continuity / Recovery Plan Development
The Plan is a living, dynamic process designed to guide the organization through its recovery and contingency efforts
This must address:> Strategy> People> Communications> Policies & Processes> Data> Systems, Equipment & Facilities
16
IT Leader Role: Sponsor the development of the plan; develop the details of the IT portion of the plan.
Laurus Technologies Confidential
Step 5: Continuity / Recovery Plan DevelopmentStep 5: Continuity / Recovery Plan Development
Communication is key> Disaster declaration> Communications with employees, press, customers, vendors,
etc.> Status updates, milestones, etc.
Standards & Procedural Documentation> Process owners are required for each business function
> Exercising BC Plan is high stress; increased likelihood of success if processes are documented & understood
> Develop standards for acceptable restoration
> What are the interim business procedures for operations awaitingthe restoration of their IT services?
17
Note that Business leaders need to develop their own procedures.
Laurus Technologies Confidential
Step 6: Testing, Audit and MaintenanceStep 6: Testing, Audit and Maintenance
Exercise the Strategy & Plan> Validation is key> If you haven’t tried it, it won’t work> If you can’t try it, it’s not a good solution
Account for Changes> Are the critical business processes, workflows or systems
changing?> Are the people changing?> Are the risks and impacts the same?> Is the strategy out of date?; (capacity for growth; data never
shrinks)> Is the plan reflective of these dynamics and is it maintained in an
area that itself is safe from a disaster?
18
Laurus Technologies Confidential
DisastersAverted!
Result of IT-Centric DR/BCResult of IT-Centric DR/BC
IT InfrastructureKeeping The
Business Running
Laurus Technologies Confidential20
The Laurus Advantage: Our Technical & Engineering TeamThe Laurus Advantage: Our Technical & Engineering Team
Technical Experts
SupportStaff
AccountTeams
Laurus Technologies invests to build and retain the best team of consultants and engineers in the industry.
Steady and Substantial Revenue Growth
Consultants & Engineers fill our ranks
20002001
20022003
20042005
20062007
20082009
Laurus Technologies Confidential
Laurus Technologies: Aligned to meet your needsLaurus Technologies: Aligned to meet your needs
12/17/2009Laurus Technologies - Proprietary & Confidential
Managed Services
- Assessment Services - Applications Services- Integration Services - Datacenter TCO - Archiving / Data Deduplication - Consolidation & Capacity Planning- Support Services - Virtualization (Server, Desktop & Storage)- System Architecture & Design - Business Continuity/Disaster Recovery- PMO Services - Performance Tuning
- ERP Optimization- Master Data Services- SAP & Oracle Consulting
IT Consulting
Systems Integration
- e-Mail Hosting - Data Center Outsourcing- Managed Backup - Managed Security Services - Managed Storage - Remote Infrastructure Management
Talent Solutions -(IT Recruiting, Staff Augm
entation, Contract for Hire)
Business Applications
Laurus Technologies Confidential
Questions and AnswersQuestions and Answers
Thank You!For further information contact:Steve [email protected] (1.877.528.7871)
22
Laurus Technologies Confidential23