Project Camelot Dr_ Pete Peterson - Part 1 – Bill Ryan transcript
DR_ Business Continuity Strategies
-
Upload
prasanta-roy -
Category
Documents
-
view
219 -
download
0
Transcript of DR_ Business Continuity Strategies
-
8/4/2019 DR_ Business Continuity Strategies
1/30
E NT ER PR IS E C IO D EC IS IO NS A PR IL 2 01 1 1
INSIDE
An Explosionof BC and DR
Hospital Curesits BC/DR Woes
Cloud DR and
BC Can SaveYour Business
Mobile DeviceDR: The NextFrontier
PiggybackDR onto
Virtualization
When You'reNot QuiteReady for DR
The WeakestLink
A PR IL 2 01 1 VO LU M E 7
BusinessContinuityand DisasterRecoveryStrategiesCIOs are finding thateffective BC and DR planshinge on an understand-ing of emerging tech-
nologies and confidencein their supply chains.
Enterprise
CIODecisionsGuiding technology decision makers in the enterprise
-
8/4/2019 DR_ Business Continuity Strategies
2/30
-
8/4/2019 DR_ Business Continuity Strategies
3/30
server rooms
that requireGPs NaviGatioN.
W g ha virualizaion can driv a br ROI. Highly crifid
by Microsof, VMwar, HP and ohrs, w can valua, dsign
and implmn h righ soluion for you.
Wll g y f CDW.c/lzn
soLveD.
2011 CDW LLC. CDW, CDWGand PeOPLe WHO Get It ar radmarks of CDW LLC.
http://ad.doubleclick.net/clk;236471861;60113042;u;pc=[TPAS_ID]http://ad.doubleclick.net/clk;236471861;60113042;u;pc=[TPAS_ID] -
8/4/2019 DR_ Business Continuity Strategies
4/30
E NT ER PR IS E C IO D EC IS IO NS A PR IL 2 01 1 4
HOME
EDITORSLETTER
UP FRONT
CLOUDDR ANDBC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHENYOURE
NOTQUITE READY
FORDR
THE WEAKEST LINK
1 N EW S, V IE WS A ND R EV IE WS FORSENIOR TECHNOLOGY MANAGERS
UpFrontNews, views and reviewsfor senior technology managersON THE JOB
an explosionof bc and drAUSTIN POWDER CO., an explosives
maker founded in 1833, blasted
through a virtualization project this
past year to find a new idea for its
business continuity and disasterrecovery planningmaking itsCleveland headquarters the hot site
for its three remote data centers.
Unlike the way they reacted to an
initiative to upgrade to T1 lines four
years earlier, Austin Powders com-
puter users didnt see the benefits of
virtualizationbut Chris Benco, net-
work administrator, sure did.We started playing with virtual-
ization because it was an emerging
technology, he said. In hindsight,
it saved us money and we gained
flexibility.
Adventurous virtualized architec-
tures like Austin Powders are in-
creasing in popularity, according to
experts.
The concept of virtualization
absolutely affects business continu-ity and disaster recovery planning,
producing a fundamental change
in the architecture of IT, said Dick
Csaplar, senior research analyst for
virtualization and storage at Aber-
deen Group Inc., a research firm inBoston. The ease with which virtualservers can be imaged and replicat-
ed to servers at remote locations
provides an additional level of secu-
rity, he wrote in a report about off-
site storage.
With disaster recovery (DR), the
mind-set has been to rebuild and
restore using shared storage in a vir-tualized environment. This way, the
IT staff can proactively fail over.
During hurricane season on the Car-
olina coast, for example, a workload
could be moved swiftly to a host
hundreds of miles away.
DR is a cost like insurance, said
UF
-
8/4/2019 DR_ Business Continuity Strategies
5/30
ENTERPRISE CIO DECISIONS APRIL 2011 5
1 NEWS, VIEWS AND REVIEWS FORSENIOR TECHNOLOGY MANAGERSUF
Greg Schulz, founder and senior
advisor to The Server and StorageIO
Group, an IT consultancy in Stillwa-
ter, Minn. Typically, you get nothing
back. With BC, you can actually useit to leverage that ability for load
balancing and better infrastructure
resource management.
Austin Powder chose Melville,
N.Y.-based FalconStor Software
Inc.s Network Storage Server (NSS)
as its primary storage area networksolution. The company runs two
FalconStor NSS appliances in itsHyper-V environment for better
local availability and to eliminate a
single point of failure, Benco said.
The shared storage helps a lot in a
virtualized environment, he added,making it easier to clone servers and
move workloads on the fly among
the hosts for maintenance or disas-
ter recovery.
The NSS virtual appliances enableremote data replication by taking
snapshots of the database and rep-licating only changes to lessen de-
mand for bandwidth. The danger
with using snapshots, according to
Aberdeens Csaplar, is that you may
lose some data between the time of
a crash and the last picture taken.You could develop a problem 10 min-
utes before the end of a two-hour
snapshot cycle, for example, andlose that one hour and 50 minutes.
Chi Corp., a FalconStor channel
partner headquartered in Cleveland,
helped integrate the NSS appliances
and Symantec Corp.s Backup Exec
to provide backup and disasterrecovery for all business-critical
applications, including Sybase Inc.
and Microsoft SQL Server databases
and email. Austin Powders businesscontinuity and disaster recovery
planning also includes a traditional
disaster recovery partnership with
SunGard Data Systems Inc. for anAS/400 server. LAURA SMITH
BY THE NUMBERS
THE PERCENTAGE OF the most significant network disruptions in
U.S. businesses that could be reduced or avoided by imple-
menting the measures in any comprehensive disaster recovery
and business continuity plan. Its also the percentage of busi-
nesses that said, prior to the disruption, that they had confi-
dence in their IT resources in the event of a disruption.
SOURCE: CDW LLC SURVEY OF 200 MANAGERS AT MEDIUM-SIZED AND LARGE BUSINESSES, SEPTEMBER 2010.
82
DR is a cost likeinsurance. Typically,you get nothingback.GREG SCHULZ
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST
LINK
-
8/4/2019 DR_ Business Continuity Strategies
6/30
ONE ON ONE
hospital cures
its bc/dr woesNAME: Jeff BellTITLE: Chief operating officerTIME IN THIS ROLE: Two years
COMPANY: Sisters of Mercy
Health System
HEADQUARTERS: St. Louis
EMPLOYEES: More than 36,000
SISTERS OF Mercy Health Systemin St. Louis is among the 3% of U.S.
health care organizations that havean integrated electronic health
record (EHR) system for real-time,
paperless access to patient informa-
tion. The 11 largest hospitals in
Mercys network of 28 hospitals
across Arkansas, Kansas, Missouri
and Oklahoma are already using the
EHR system, and the others arecoming on fast.
To achieve this single record of
truth, Mercy consolidated seven
major data centers and a dozen
minor ones down to three, then built
a new $60 million data center in
Washington, Mo. The new data cen-
ters fully duplicated architecture
with backups for power, cooling andnetwork connectivityenables IT
to maintain and update systems
without bringing the whole building
down, according to Jeff Bell, Mercys
chief operating officer. The facilitycan operate up to 72 hours in the
case of an electrical power outage;
network bandwidth and processing
power can be added as needs arise.
During the 18-month project,
Mercys IT department consolidated
the three remaining older data cen-
ters into one in Sunset Hills, Mo.,which now serves as a backup sitefor Washington, in case of an epic
physical disaster. (The data center
in Washington is built to withstand
an F2 tornado.)
Was backup and business contin-
uity a main driver in your decisionto build a new data center?
The project was a huge enabler for
our BC/DR [business continuity/
disaster recovery] strategy. Efficien-
cy and a single data center with
high-availability attributes are need-
ed in the electronic medical records
ENTERPRISE CIO DECISIONS APRIL 2011 6
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
1 NEWS, VIEWS AND REVIEWS FORSENIOR TECHNOLOGY MANAGERSUF
JEFF BELL
-
8/4/2019 DR_ Business Continuity Strategies
7/30
world. When the record is electron-
ic, dependence on the computer
systems goes up many folds. The
chart is the legal record that all the
caregivers work off of. In the past,computer systems in the back-
ground did workflow management
like routing orders, but [this work-
flow didnt contain] the medical
record. Now that computers contain
the record, they have to be up all the
time. Thats why we built a new datacenter.
What new technology and
architecture did you deploy
in the new data center?
The main attributes are a lot of
redundancies. We have two genera-tors instead of one; two utility feeds
from the power generation plant;
all of the chillers, backup UPStwo
of everything. If you look at themechanical cross section, its a
mirror image. Anything we have to
maintain at [the older] Sunset Hillsfacilityrepair the chiller, for exam-
plewe take the building down. In
Washington, we just take down half
the building.
Are you using any public cloud
services or community clouds?
Private cloud?
We have considered the public
cloud, but its not our strategy. Our
strategy is to be the cloud. We have
virtualized 95% of Windows
servers, a tremendous accomplish-
ment. We have some servers with
as many as 70 different virtual
instances. But the whole attraction
to the cloud is you buy as you go.We have software to tell us how
much each of the [internal] cus-
tomers is using. Some servers are
idle, except for nightly batch work,
which leaves the rest of the resourceavailable for other apps. Its really
neat to watch. We meter it withsoftware and can charge back,
though were not doing that at this
point. As we potentially take on
external customers and chargeback,
then it will be a hybrid cloud.
How important were green
initiatives in designing the new
data center?
Sisters of Mercy has a strong con-
sideration toward stewardship of
the planet, but theres also a very
strong business reason [for going
ENTERPRISE CIO DECISIONS APRIL 2011 7
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
1 NEWS, VIEWS AND REVIEWS FORSENIOR TECHNOLOGY MANAGERSUF
Our strategy isto be the cloud.We have virtualized
95% of Windowsservers But thewhole attractionto the cloud isyou buy as you go.
-
8/4/2019 DR_ Business Continuity Strategies
8/30
green]. Using high-efficiency
chillers and the European power
distribution standard saved us a
great deal. Theres one fewer set
of transformers between the powercompany and the load. Every time
you run electricity through a trans-
former, you lose efficiency. You can
save 5%, which is a lot when youre
spending millions a year. For every
kilowatt on the floor, most organiza-
tions spend another kilowatt to coolthe building, for a ratio of 1:1. Our
ratio is :1. Weve raised the tem-perature of our chilled water loop
to avoid hot spots. In years past, it
was almost frigid in thereyou had
to put on a coat because hotter
areas of servers demanded morecooling.
In-row coolers are extremely
efficient at keeping everything the
same temperature. They dont cool
things down so much as neutralizehot air. We gained a lot of efficiency
there as well: pick up 5% here and
10% there, [for an] overall 50%
reduction in electricity. We used
UPSes from American Power Con-version Corp. by Schneider Electric,
and worked closely with them on
the fundamental design. The data
center was designed to be compli-
ant with Leadership in Energy and
Environmental Design, the standard
for green-building design. All of the
255 tons of steel used, for example,came from recycled sources.
LAURA SMITH
ENTERPRISE CIO DECISIONS APRIL 2011 8
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
1 NEWS, VIEWS AND REVIEWS FORSENIOR TECHNOLOGY MANAGERS
For every kilowatton the floor, mostorganizations spendanother kilowattto cool the building,for a ratio of 1:1.Our ratio is :1.
ON THE AGENDA
DR AND BC TOP OF MIND FOR IT LEADERS
ACCORDING TO A survey last year of 2,803 IT decision makers, improving their
business continuity and disaster recovery is the No. 1 priority for small and
medium-sized businesses and the No. 2 priority for enterprises during the
next 12 months. Six percent of IT operating and capital budgets goes toward
business continuity and disaster recovery, and only 11% of the enterprises
said their budget in these areas would decrease this year.
SOURCE: GLOBAL IT BUDGETS, PRIORITIES, AND EMERGING TECHNOLOGY TRACKING SURVEY Q2 2010, FORRESTER INC.
-
8/4/2019 DR_ Business Continuity Strategies
9/30
http://www.searchcompliance.com/ERM -
8/4/2019 DR_ Business Continuity Strategies
10/30
JUST WHEN IT seems things cant
get any worse, they get better.
An architect at a very large tech-nology provider recently told me
that the cloud was making it easierfor vendors to bypass the CIO. In
doing so, a salesperson can pitch
the vice president of marketing on
buying his cloud-based solutions
andmaybe the best part for the
vendornot have to involve IT in
the selection, implementation orsupport processes.
For this and other reasons, we
might think that the cloud makes
things worse. But from my perspec-
tive, the availability of cloud-based
solutions can also make things
much better.
For example, disaster recoveryand business continuity planning is
a lot easier now than it was just afew years ago. In the old days (you
know, a few years ago), if you want-
ed a cold, warm or hot site, you had
to build it yourself. And justifying
such an investment was always achallenge. I found it difficult, even
with a generous board of directors,
to convince people to spend money
on something we hoped we wouldnever have to use. But now, with
cloud-based solutions, we can lev-
erage the work of others as well asthe existing infrastructure to reduce
implementation time and costs.
This, combined with effective
planning and analysis, makes disas-
ENTERPRISE CIO DECISIONS APRIL 2011 10
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
1 CLOUD DR AND BCCAN SAVE YOUR BUSINESS
Cloud DR and BCcan
saveyour businessCloud-based solutions, combinedwith effective planning and risk analysis,
can take much of the pain out of disaster recoveryand business continuity planning. BY NIEL NICKOLAISEN
-
8/4/2019 DR_ Business Continuity Strategies
11/30
ter recovery (DR) and business con-
tinuity (BC) significantly easier. Let
me explain my approach.
DR and BC begin with a risk analy-
sis. The risks run the gamut fromnatural to man-made disasters.
Potential natural disasters vary by
location but include events such as
storms, earthquakes, fires and
floods. The man-made disasters
range from disgruntled employees
(typically any member of my staff)to accidents (somebody crashes
into the electrical utility transformerdown the street, knocking out elec-
trical service) to bone-headed-
ness (the system administrator
pushes the wrong button and shuts
off the data center cooling and thenwalks away, not realizing what he
just did).
Next, I like to define the likeli-
hood and impact of the disasters.
For instance, how likely is a forestfire at my data center? Since my
data center sits closer to a desertthan a forest, not very likely. How
likely is a power outage? Given the
potential for heavy winter storms
in my area, my plans typically antici-
pate power outages.
After assessing the risks, I then
define plans for mitigating the risks.How to deal with my power outage
risk? Backup power. How to deal
with bone-headedness? Error-proof
my data center and IT processes.
How to deal with potential natural
disasters? For me, that mitigation
now resides in the cloud.
My cloud-based DR and BC
plans include one more critical step:
systems stratification. One of my
favorite practices is to segregate
systems into A, B and C categories.Category A systems are those that,
if they are down for a few minutes ora few hours, put the business at risk.
Category B systems can be down for
a few hours or days until the busi-
ness is at risk. Category C systems
can be down for a long time before
anyone outside IT notices. This
stratification is the foundation forservice-level agreements, as well asfor DR and BC. I worry about cold,
warm or hot sites for A systems. I
invest in redundancy for A systems.
My risk assessment is focused on
risks to my A systems.
For example, if I am operating a
customer call center and the phonesystem goes down, I cant process
orders. So, the phone system is cat-egorized as an A system, but not the
entire phone system, just the
phones that support customer calls.
Just a few years ago, I would have to
worry about how to create an off-site backup call center. With the
availability of cloud phone services,
my life got a whole lot easier.
Well, its easier as long as Iremember which systemsnamely
those in Category Arequire this
level of attention. I
Niel Nickolaisen is CIO and vice president of
strategic planning at Headwaters Inc. in South
Jordan, Utah. Write to him atnnick@headwa-
ters.com [email protected].
ENTERPRISE CIO DECISIONS APRIL 2011 11
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
1 CLOUD DR AND BCCAN SAVE YOUR BUSINESS
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected] -
8/4/2019 DR_ Business Continuity Strategies
12/30
AFTER YEARS OF managing mobile
devices that are synced to central-ized servers and governed by com-
pany policy, many CIOs dont worrymuch about IT disaster recovery and
business continuity plans for mobile
devices.
Those days are overor will be
soon.
The proliferation and ever-
increasing diversity of workplacemobile devicescompany-issued
and employee-ownedwill push
CIOs to reconsider their disaster
recovery (DR) and business conti-
nuity (BC) plans, experts say.
Reducing the risks associated with
workplace mobility will also drive
technology purchases, from mobile
device management (MDM) toolsto desktop virtualization.
Executives are dragging docu-
ments through iTunes and onto their
iPads. They are editing them with
something like Quickoffice or Docu-ments To Go, or Apples Keynote
and Pages products. The documents
are being modified and shared, and
the data stores completely cache-forwarded out there into the field;
nobody is thinking about how to get
them back, said Bill French, a Den-ver-based IT consultant and soft-
ware developer. So, the cart is defi-
nitely in front of the horse on this
one for most organizations.
ENTERPRISE CIO DECISIONS APRIL 2011 12
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
2 MOBILE DEVICE DR: THE NEXT FRONTIER
MobileDeviceDR:Thenext frontier
Lulled by mobile devices synced back to centralizedservers, CIOs havent given much thought to IT disaster
recovery plans for mobile computing.That needs to change. BY LINDA TUCCI
-
8/4/2019 DR_ Business Continuity Strategies
13/30
Mobility in the workplace is a top
concern for CIOs, with good reason.
An average 44% of employees
carry a company-owned mobile
device, according to The NemertesResearch Group Inc.s latest Bench-
mark, an annual study of more than
200 organizations spanning 18 ver-
tical industries. That number is pro-
jected to rise to 70% by 2012.
Moreover, at 11% of the organiza-
tions studied, employees rely 100%on smart devices for communica-
tions and thats just the company-issued devices.
Add to this new reality the grow-
ing trend of allowing employees to
use their own smart devices, and
suddenly mobility is not only a Tier 1service for IT departments, but also
wildly out of IT departments control.
Now you have the risk of corpo-
rate data leaking out into the per-
sonal side of the device. And if youdo implement backup and recovery
for the smartphone, what do you dowhen it is a personal device? said
Ted Ritter, senior research analyst at
The Nemertes Research Group Inc.
in Mokena, Ill. The employee cer-
tainly doesnt want you to back up
their personal data to the corporate
server.Companies that have dealt effec-
tively with this conundrum work
with their lawyers to craft an
acceptable-use policy for employ-
ees to sign; thats a legal process
that can take as long as a year, Ritter
said. Such policies typically state
that if a company needs to wipe the
device clean or confiscate it for rea-
sons of e-discovery or an employee
action, it has the right to do so, even
with employee-owned devices, hesaid. But these policies dont fly in
Europe, where personal data privacylaws are stronger.
DR IN THE AGE OF MOBILITY
So far, however, mobile devices are
not really factoring into a CIOs DR
and BC strategy, experts say.We dont have any real data onmobile devices and disaster recov-
ery, because it is an area that no one
is paying attention to, Ritter said.
We are not seeing people thinking
it through to the step where they
recognize that these devices are
becoming walking computers.
A disaster recovery plan for
mobile devices is not on most CIOsradars, French said. I dont think too
much about mobile devices and DR,
because CIOs are not worrying
about it, he said.
The same goes for players in the
fast-growing MDM market. Theintersection of DR and mobile hasnt
yet been a big topic I have heard
from enterprise customers, althoughI think it is right around the corner,
said Bob Tinker, president and CEO
of Mountain View, Calif.-based
MobileIron Inc.The mobile industry tends to
focus on the device rather than on
the management and security of the
ENTERPRISE CIO DECISIONS APRIL 2011 13
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
2 MOBILE DEVICE DR: THE NEXT FRONTIER
-
8/4/2019 DR_ Business Continuity Strategies
14/30
ENTERPRISE CIO DECISIONS APRIL 2011 14
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
2 MOBILE DEVICE DR: THE NEXT FRONTIER
applications on the smartphone,
Tinker said. The key thing for CIOs
is that its not about the deviceits
about the data.
TOP-DOWN MOBILE
MANAGEMENT A RELIC
The lack of awareness is under-
standable. When company-issued
laptops, BlackBerrys and yesterdays
cell phones represented the bulk of
mobile devices in use at companies,
CIOs could confidently say that DRand BC for their mobile arsenals was
no big dealprovided, of course,
that they had solid plans. Research
In Motion Ltd. offered decent DR
with its BlackBerry Enterprise Serv-
er. With other so-called ruggedized
devices (a Windows phone, for
instance), the data typically wassynced to some centralized server.
When a cell phone got lost or stolen,it didnt matter much, except for the
pain of re-keying in phone contacts.
Not so long ago, when the issue of
DR and mobile devices came up, the
conversation was assumed to be
about how organizations could take
advantage of employee cell phones
and the handful of executive not-so-
smartphones to instruct and informpersonnel in the event of a disaster.
The advent of the iPad and other
mobile devices that can not only
access data but also be used to gen-
erate and store data means that DR
plans now have to consider them as
endpoints.
Consider the caseload of Atlanta-
based MDM vendor AirWatch LLC,
which supports the spectrum ofmobile platforms, from the Apple
iOS to Symbian. In January alone,the company worked on three cases
involving business executives losing
personal iPads that held sensitive
corporate data and lacked the secu-
rity software to wipe it clean. OneiPad, left behind by a CEO in a back-
seat pocket on an airplane, contained
notes on a top-secret acquisition.
This is not a classic example ofdisaster recovery, where a catastro-
phe brings down a data center. But
let me tell you: This is a disaster thathas to be dealt with, said AirWatch
Chairman Alan Dabbiere.
MOBILITY DRIVING
DESKTOP VIRTUALIZATION
One of the ways companies aredealing with DR and BC for mobile
devices is by investing heavily in
desktop virtualization, NemertesResearchs Ritter said. You can still
get to the desktop and even edit a
Word doc on the device but, techni-
cally, all of that is going on in the
data center. The device is only a
remote client.Another approach is focusing onsecure containers, products offered
by such MDM vendors as AirWatch,
Good Technology Inc. and BoxTone
Inc. that address the security issues
posed by errant iPads.
This is not disaster recovery in
-
8/4/2019 DR_ Business Continuity Strategies
15/30
ENTERPRISE CIO DECISIONS APRIL 2011 15
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
2 MOBILE DEVICE DR: THE NEXT FRONTIER
the way we usually talk about it, but
security. Security is the biggest risk
factor in deciding which mobile
devices to allow onto the corporate
network, Ritter said.Rather than focusing on trying
to back up mobile devices, what
we have seen organizations do is
restrict the amount of data that can
be downloaded as much as possi-
ble, Ritter said. So, if the device
supports Microsofts ActiveSync,for example, the employee can
access email but will be blockedfrom SharePoint and other servers
holding corporate data, he said.
That is pretty much the approach
taken by Malvern, Pa.-based invest-
ment firm The Vanguard Group Inc.,said Abha Kumar, its principal for
IT. Employees are given the option
of using a company-issued Black-
Berry or the smartphone of their
choice.Nothing is stored on the personal
device, Kumar said. We provide apipe [using software from Good
Technology] into our email and cal-
endar at this point, so the device is
secure from that point of view, she
said. There might be something on
the cache that holds data, but as
soon as we find that a person haslost the device, we can zap the
application.
With their company-provided
BlackBerry, Vanguard crew mem-
bers (as they are called) can access
their work email, calendars and
some business applications, such as
Vanguards Siebel customer rela-
tionship management application
and the company intranet.
If a crew member submits an
expense report, I can approve it onmy BlackBerry, Kumar said.
Being a regulated business wheresecurity is paramount, client data is
off-limits to mobile devices. Van-
guard client service reps, who rou-
tinely deal with client information,
do not have BlackBerrys because
Vanguard does not want client infor-
mation to go outside its four walls.So, even as we talk about new tech-nologies and being more flexible and
being more mobile, the thing we
protect above all is client informa-
tion, Kumar said.
Brownlee Thomas, a principal
analyst at Cambridge, Mass.-based
Forrester Research Inc., agrees thatmost companies do not have a for-
mal mobility policy, never mind adisaster recovery plan for mobile
devices.
They have lots of policies be-
cause mobile, fortunately or unfor-
tunately, is not a centralized provi-sioning at most companies. It is
either provisioned at the division
level or through corporate procure-
ment, the same people buying anddispensing your staplers, Thomas
said.
The CIO doesnt necessarily havea lot of control. I
Linda Tucci is senior news writer for Search-
CIO.com. Write to her [email protected].
mailto:[email protected]:[email protected]:[email protected]:[email protected] -
8/4/2019 DR_ Business Continuity Strategies
16/30
RARELY DOES A disaster recovery
plan appear high on the list of priori-
ty IT budget items, and sometimes
it doesnt make it onto the list at all.More often, IT executives piggyback
disaster recovery (DR) planningonto a data center consolidation
project or, as Irving, Texas-based
Christus Health did, a desktop virtu-
alization project.
Server and desktop virtualization
projects are under way at Christus
Health to meet business goals thatrange from more flexible access to
data and less power consumption
to electronic health care regulations
and disaster recovery planning.
We were hit by hurricanes that
caused major outages in our organi-
zation. Now were building a client
computing model that allows aphysician at a hospital that went
down to pick up a satellite phone,
or whatever is at hand, and getimmediate access back to our infra-
structure, said Todd Bruni, director
of client computing services and
configuration management atChristus Health, a health care
company with 30,000 employees
and 40 hospitals and affiliated
facilities.
If a hospital loses power, employ-ees or physicians remain tethered
to the companys primary or backupDR facility because Brunis team has
been steadily virtualizing all client
devices using virtualization tech-
nologies from Citrix Systems Inc.
The first phase of the project was
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
3 PIGGYBACK DR O NTO VIRTUALIZATION
PiggybackDRontoVirtualization
Virtualization is not a cure-all for disaster recovery,but it does simplify DR planning and procedures
and can save money, to boot. BY CHRISTINA TORODE
ENTERPRISE CIO DECISIONS APRIL 2011 16
-
8/4/2019 DR_ Business Continuity Strategies
17/30
the introduction of Citrix-based
server-based computing to host
applications in the data center. The
second phase was moving about
10% of the application portfolio(which covered approximately 50%
of employees data needs) off desk-
tops and into the data centerusing
thin clients as the front end and Ter-
minal Services on the back end. The
stage under way now is the build-
out of a virtual desktop infrastruc-ture (VDI) for more complicated
clinical scenarios, such as access tomedical records and back-end finan-
cial systems.
These are solutions that were not
well built or intended for a server-
based computing model or TerminalServices, so we needed VDI, Bruni
said.
Virtualization by no means re-
places a full-fledged disaster recov-
ery planChristus Healths data isreplicated in hot, hot scenarios
between its primary and secondarydisaster recovery facilitiesbut
virtualization simplifies real-time
replication and data portability.
Virtualization is making it possi-
ble for our client services to be
portable in case of a disaster, Bruni
said. All you need is an agent onany client device, and some type of
Internet access.
A core business app running on a
virtual server infrastructure allows
for portability and replication that
we wouldnt have had with dedicat-
ed physical systems, Bruni said.
COSTS AND BENEFITS OF VDI
A VDI is costly, however, as Chelo
Picardal, chief technology officer for
the city of Bellevue, Wash., found
when she started investigatingdesktop virtualization for 1,500
employees in 13 departments.
Server virtualization was an easy
sell because youre replacing the
cost of buying physical servers any-
way, she said. With virtual desk-
tops, you still have to buy PCs forpeople, but now you also have to
buy the virtualization software andinvest in an infrastructure that will
hold all the data that used to be on
the desktops. Where is that funding
going to come from?
Picardal does not see desktopvirtualization as benefiting the citys
DR strategy but views it instead
as an efficiency play for the IT
department. You can give remote
workers access to their data, but weare looking at it more as an efficien-
cy gain in terms of maintenance.Ask her about the DR benefits of
server virtualization, on the other
hand, and Picardal has a checklist
readily available:
I Workloads are easily portable
from the primary to the secondaryDR site, and users experience no
downtime.
I Virtualization eliminates the need
to buy double the hardware toreplicate physical servers between
the two facilities. This reduces
ENTERPRISE CIO DECISIONS APRIL 2011 17
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
3 PIGGYBACK DR O NTO VIRTUALIZATION
-
8/4/2019 DR_ Business Continuity Strategies
18/30
costs as well as drift and hardware
compatibility problems among the
primary and secondary facilities.
That, in turn, reduces downtime.
I Applications that need to behighly available remain that way
when a failover to an alternate
site occurs.
When you think about high avail-
ability, the VM [virtual machine]
becomes the point that fails over,
said Chris Wolf, an analyst at Stam-ford, Conn.-based research firm
Gartner Inc. Thats a really big deal
because, traditionally, enterprise IT
could cluster only a small percent-
age of apps for high availability
because that type of architecture
had to be written into the apps.Whereas, with virtualization, any
application can be made highly
available and resilient to hardwarefailure.
Above all, however, Picardal can
guarantee her performance service-
level agreements (SLAs). For a long
time, there were a lot of things we
couldnt promise that the customer
really wanted. The best we could dois get them back up maybe in a half-
hour in a disaster scenario. Now,with server virtualization, unless the
entire [data center] facility goes
down, the customers dont even
notice it.
With the citys VMware Inc. serv-
er virtualization technology tied to
its storage area network, which has
deduplication, you can get really
close to or exceed what the cus-
tomer needs, Picardal said. Let thecustomer drive your DR needs, and
youll find that virtualization reallyallows you to meet those needs fair-
ly easily.
The citys public-facing applica-
tions, which have a high-availability
SLA, can be backed up and returnedto service with minimal downtime
as a result of virtualization. That
was the case when one of the citys
websites was defaced, Picardal said.
DR TESTING MADE EASY
Testing a DR plan is perhaps one of
the most painful tasks an enterprise
IT department faces. The process is
so complicated and demoralizing
that some workers have been re-
duced to just reading the DR plans
documentation and checking a boxstating they are prepared for a dis-aster, Wolf said.
Ive seen companies just quit
testing disaster recovery because it
was bad for morale. They would run
into so many problems trying to
recover data, application and hard-
ware in the DR facility because the
hardware wasnt an exact match;and it would often take the IT staff
days to get through the DR exer-
cise, Wolf said.
Virtual machines, however,
remove the necessity that hard-
warefrom devices to the firmwareon thembe an exact match
ENTERPRISE CIO DECISIONS APRIL 2011 18
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
3 PIGGYBACK DR O NTO VIRTUALIZATION
-
8/4/2019 DR_ Business Continuity Strategies
19/30
between the production and DR
facilities. Its so easy to validate
that an application is going to come
on-line in a VM, and test that regu-
larly, Wolf said. Thats generallynot an option with physical hard-
ware.
Because DR testing is simple to
do in a virtual environment, many
enterprises arent testing just Tier 1
applications but are now moving
down the line of business applica-tions to test their ability to bounce
back from a disaster, Wolf said.Because VM environments are
easy to isolate, you can do recovery
testing to your hearts content with-
out having any impact on the pro-
duction environment, said NelsonRuest, principal at consultancy Res-
olutions Enterprises Ltd. in Victoria,
British Columbia. Recovery testing
is as simple as changing a [network
interface card] that is assigned to aVM.
THE NOT-SO-SIMPLE PART
With server or client virtualization,
overall systems maintenance and
recovery are simplified. Workloads,
whether theyre on a server or client,
are isolated from the underlyinghardware and can be moved from
one system to another, from one
facility to another. In addition, most
virtualization technology has DR
capabilities built in to automate and
prioritize the system recoveryprocess.
This could free up IT from per-
forming a few steps in DR, but many
of the procedures needed to back upand maintain systems remain.
With server virtualization, we
gain high availability at a lower cost,but we still have to patch, monitor
and troubleshootthat doesnt go
away, Picardal said.
In addition, if you do choose to
deploy virtual desktops, dont think
it will be as easy as your server vir-tualization project. With server vir-tualization, you worry about CPU
cycles, memory, disk, network con-
nectivitythe same things you did
before, Christus Healths Bruni said.
In the client [virtualization] space,
you have to worry about screen
shots, latency on circuits and
whether that causes Flash video not
to perform appropriately. There area lot of things that [now] run on a
desktop that never used to run in a
data center.
The tradeoff? Peace of mind,
Bruni said. The core benefit [of
virtualization] back to the businessis knowing that they have multiple
ways of accessing data, services or
applications [because] the coreinfrastructure is designed to ensure
that core services remain avail-
able. I
Christina Torode is news director for SearchCIO.
com. Write to her [email protected].
ENTERPRISE CIO DECISIONS APRIL 2011 19
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
3 PIGGYBACK DR O NTO VIRTUALIZATION
mailto:[email protected]:[email protected]:[email protected] -
8/4/2019 DR_ Business Continuity Strategies
20/30
THE CLOUD WOULD seem to be a nat-
ural next step for disaster recovery
solutions, but many large enterpris-es are not turning to it yet for full-
fledged DRdespite its manyenticements.
For one, many enterprises already
have multiple data centers in place
that can be used as primary data
centers and backup DR facilities.
Security, performance and control of
cloud-based DR also raise concerns.Its all about quality, not about
low-cost services anymore, said
Lalitendu Panda, global CIO of D&M
Holdings Inc., based in Japan. Inter-
ruption of service is an issue. We
have had a couple of situations. Its
not like having your own [infrastruc-
ture] that you can modify. You haveno control over what else is running
on the cloud that could degrade per-formance.
Still, the ease of use of cloud stor-
age is proving to be a draw for some
enterprises.
When this cloud concept cameup, we were prepared, said Dan
Zinn, CIO of the 15th Judicial Circuit
of the Florida State Attorneys Office.
Zinns IT department had beendeduplicating data to minimize the
amount that needed to be backed
up, as well as encrypting data ontapes for a weekly rotation. With the
cloud solution provided by Comm-
Vault Systems Inc. and Iron Moun-
tain Inc., scheduling a backup and
ENTERPRISE CIO DECISIONS APRIL 2011 20
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
4 WHEN YOU'RE NOTQUITE READY FOR DR
When yourenot quite
readyforDR
Enterprises ponderthe possibilities forDR in the cloud.BY LAURA SMITH
-
8/4/2019 DR_ Business Continuity Strategies
21/30
clicking a button freed up the sys-
tem administrators time, and gave
me a solution so I didnt have to
worry about [the tapes], Zinn said.
The heaviest users of cloud stor-age for IT disaster recovery are
small and midmarket businesses
with annual revenues between $50
million and $1 billion, according to
Dick Csaplar, senior research ana-
lyst for virtualization and storage at
research firm Aberdeen Group Inc.
in Boston. Enterprises with morethan $1 billion in annual revenue
typically have data centers in multi-
ple geographic sites and have less of
a need to use the cloud for DR, he
said.
In October, Aberdeen studied 100
organizations with formal DR plans
to learn whether they used cloud
storage and, if so, what benefits
were realized in DR performance.
The study found that organizations
that had moved at least part of theirstorage to the cloud recovered four
times faster than those with no for-mal cloud storage program. In addi-
tion, users of cloud storage met
their recovery time objectives
(RTOs) more often than those who
kept data in-house.
The study also found that:
I Companies using cloud storage
had, on average, 2.5 downtimeevents in the past 12 months, which
were resolved in about two hours.
With average RTOs of 12 hours, the
longest downtime event took 5.3
hours to recover from the outage.
I Businesses with no cloud storage
strategy reported an average of 3.5downtime events a year and took
an average of eight hours to recov-er from the outage. With average
RTOs of 13 hours, the longest
downtime event among this group
of companies was 13.7 hours.
Respondents to the Aberdeen
survey said a DR strategy was theirNo. 1 driver for using cloud services,with those deemed best in class
in terms of their DR cloud strategies
taking the following measures:
I 55% deployed a secure connec-tion to the cloud.
ENTERPRISE CIO DECISIONS APRIL 2011 21
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
4 WHEN YOU'RE NOTQUITE READY FOR DR
[With the cloudsolution], sched-uling a backup
and clicking abutton freed upthe admins timeand gave me asolution so I didnthave to worryabout [the tapes].DAN ZINN,
CIO, 15th Judicial Circuit of
the Florida State Attorneys Office
-
8/4/2019 DR_ Business Continuity Strategies
22/30
I 40% utilize server failover to the
cloud.
I 22% do continuous data replica-
tion to the cloud.
I 10% use multiple cloud providers.
TIERED STORAGE
AND IT GOVERNANCE
Cloud storage does not work well
for data warehousing in a situation
in which one database is accessedby several different applications,according to Andrew Reichman, a
senior analyst at Forrester Research
Inc. in Cambridge, Mass.
Cloud DR also presents gover-
nance issues. The problem is never
with CommVault or Iron Mountain.
Its always, Where is my data?
said Zinn, noting that its tough to
keep track of the amount of data ris-ing by the hour.
At the Sisters of Mercy Health
System in St. Louis, storage
demands for clinical studies are
astounding. Fifteen years ago, the
first milestone was a terabyte of
storage, total. Now were doing that
each week, said Jeff Bell, chief
operating officer at Mercy, a net-work of 28 hospitals across four
states.
Analysts at Gartner Inc. project an800% increase in the output of data
during the next five years. Eighty
percent of that will be unstructured
data, which generally goes
untouched after 90 days, according
to Ray Paquet, managing vice presi-
dent at the Stamford, Conn.-based
firm.
Storage is growing greatly, saidBell, who implemented a tiered stor-
age strategy on an internal cloud:
Older data gets placed on older
disks, while data that repeats gets
compressed.
Dedupe is big, so we dont haveto back up everything, Bell said.
The idea is to store as few times as
possible, put it on the correct tier ofstorage and make sure its available.
Done right, cloud storage promis-
es to free up IT staff members fromcomplex and onerous storage man-
agement tasks, but CIOs shouldpush for service-level agreements
that are as good asif not better
thanones they could offer inter-
nally, Reichman said. I
Laura Smith is features writer for SearchCIO.com.
Write to her [email protected].
ENTERPRISE CIO DECISIONS APRIL 2011 22
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
4 WHEN YOU'RE NOTQUITE READY FOR DR
Fifteen years ago,the first milestonewas a terabyteof storage, total.
Now were doingthat each week.JEFF BELL, COO,
Sisters of Mercy Health System
mailto:[email protected]:[email protected]:[email protected] -
8/4/2019 DR_ Business Continuity Strategies
23/30
IN A LEAN but hypercompetitive
business environment, organiza-
tions are relying more on relation-ships with business partners to suc-
cessfully execute their corestrategies. While these relationships
can dramatically improve an organi-
zations capacity and business
structure, they can also decrease
control over critical activities.
In Europe, and the U.K. in particu-
lar, supply chain risk managementhas become a hot issue. During the
past decade, various sourcing
strategies have focused on ways to
reduce costs through offshoring,
outsourcing noncore processes,
consolidating suppliers and optimiz-
ing logistics. But gaining such
advantages also brings certain dis-advantages, according to Lyndon
Bird, international technical directorof the U.K.-based Business Continu-
ity Institute.
The tradeoff is that organizations
everywhere are introducing signifi-
cant but often unseen vulnerabilitiesand dependencies into their busi-
ness. As such, the need to protect
the supply chain through the use of
business continuity and risk man-agement techniques has experi-
enced rapid growth in the U.K. in
particular, Bird said.While understanding this web of
risk is complex, an organization that
takes the time to map and analyze
its supply chain can gain more con-
ENTERPRISE CIO DECISIONS APRIL 2011 23
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
5 THE WEAKEST LINK
Theweakest
linkEuropean and U.K. executives are targeting threats thatcould weaken the supply chain. Business continuity andrisk management practices can help. BY PAUL F. KIRVAN
-
8/4/2019 DR_ Business Continuity Strategies
24/30
trol and insights. It also puts the
organization in a position to antici-
pate and ward off possible threats.
For instance, if all sites within a seg-
ment rely on a single business part-ner to provide one of the key raw
materials, then that partner poses
a high risk.
By creating a detailed supply
chain map, organizations can better
recognize such vulnerabilities and
put controls and mitigation strate-gies in place, helping firms to work
around possible supplier outages.Understanding supply chains in
more precise detail can help organi-
zations stay up and running even
when the outage lies outside the
firms reach.A normal supply chain map might
look like the one in Figure 1. Suppli-
ers of raw or semifinished materials
deliver them to a business that
processes them into finished prod-
ucts in preparation for delivery by
distributors to consumers.
Under normal circumstances, if
all members of the supply chain per-form as expected, finished products
will be delivered to consumers in a
time frame acceptable to them.
Supply chains for medium and
large firms can be very complex and
interconnected. Dependencies on
multiple suppliers, coupled withjust-in-time production strategies
and other manufacturing processes,mean that the businesses really
depend on uninterrupted supply
chain operation for success and
profitability. This can place a lot of
strain on supply chains. Given thesignificance of supply chains in
most business models, what hap-
pens if something interrupts or
damages them?
ENTERPRISE CIO DECISIONS APRIL 2011 24
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
5 THE WEAKEST LINK
Figure 1: Normal Supply Chain
Customer
Distributor 1
Distributor 2
Customer
Customer
Supplier 3
Supplier 2
Supplier 4
Supplier 5
Supplier 6
Supplier 1
Business
-
8/4/2019 DR_ Business Continuity Strategies
25/30
Customer
Distributor 1
Distributor 2
Customer
Customer
Supplier 3
Supplier 2
Supplier 4
Supplier 5
Supplier 6
Supplier 1
Business
SUPPLY CHAIN RISKS
Supply chain risk appeared in the
headlines of U.K.-based news
sources during the 2010 eruption of
the Icelandic Eyjafjallajkull volcano.According to David Honour, editor
of Continuity Central in West York-
shire, England, the event caused
serious travel disruptions and had a
major impact on many companies
supply chains. Car manufacturers,
for example, were some of the hard-est hit. Both Nissan and BMW had
to reduce production because ofshortages of critical parts, he said.
Reinforcing Birds point, Susan
Young, a risk management profes-
sional in London, noted that the
greater global reach of companiesand markets during the past few
years has resulted in widening the
geographical spread and complexity
of supply chains and their increased
interdependencies have increased
the potential for disruptions.Figure 2 depicts a situation
whereby a supplier is taken out of
the supply chain. Depending on thenature of the supplier and its role
in the supply chain, the impact to
overall business operations may be
known immediately, or it may take
hours or even days to see a real
impact on productivity and profits.
INTRODUCING BCINTO THE SUPPLY CHAIN
If risks to the supply chain are a
consideration, business continuitymanagement techniques can be
introduced as part of the risk identi-
fication, mitigation and recovery
processes. Peter Barnes, managing
director of London-based 2C Con-
sulting Ltd., advises, First and fore-
ENTERPRISE CIO DECISIONS APRIL 2011 25
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
5 THE WEAKEST LINK
Figure 2: Disrupted Supply Chain
-
8/4/2019 DR_ Business Continuity Strategies
26/30
Customer
Distributor 1
Distributor 2
Customer
Customer
Supplier 3
Supplier 2
Supplier 4
Supplier 5
Supplier 6
Business
most, recognize that the loss of a
step in your supply chain could
potentially damage your ability to
achieve critical goals.
He reminds us of a very importantmessage: Protecting your supply
chain is your responsibility, not
something you can hand over to a
supply chain partner.
Barnes also notes that reliance
on service-level agreements and
contract wording is not enough.Supply chain continuity requires
genuine partnership and coopera-tion in identifying the risks and
ensuring that all components of the
chain are satisfactorily addressed,
he said.Figure 3 depicts how a disrupted
supply chain can be reconfigured to
restore some level of functionality.
As Supplier 1 is no longer in the
chain, Suppliers 3 and 4 now pro-
vide products and services directly
to the business. To make this recon-
figuration work successfully, the
business needs to carefully analyze
its supply chain for risks and thenidentify opportunities to maintain
continuity of the chain.
BCIs Bird contends that business
continuity actively helps organiza-
tions identify and understand the
risks associated with supply chains.
This allows decisions to be madewith full knowledge of the conse-
quences and actions needed to miti-gate disruptions.
IGNORING BC LEAVES RISK
Assuming your organization
depends on its supply chain, what
are the risks of ignoring business
continuity as part of how you pro-
tect the supply chain? According to
ENTERPRISE CIO DECISIONS APRIL 2011 26
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
5 THE WEAKEST LINK
Figure 3: Recovered Supply Chain
-
8/4/2019 DR_ Business Continuity Strategies
27/30
What Is a Supply Chain?SUPPLY CHAIN MANAGEMENT encompasses the planning and management of all
activities involved in sourcing and procurement, conversion and logistics
management. Importantly, it also includes coordination and collaboration with
channel partners, which can be suppliers, intermediaries, third-party service
providers and customers. In essence, supply chain management integrates sup-
ply and demand management within and across companies. I
SOURCE: THE COUNCIL OF SUPPLY CHAIN MANAGEMENT PROFESSIONALS
Young, inconvenience at best, busi-
ness failure at worst.
An overreliance on a few suppli-
ers can be potentially disastrous,
she said. Be sure to review yoursuppliers business continuity
arrangements as part of any initial
due diligence and/or periodic
review.
Research conducted by the Busi-
ness Continuity Institute in 2009
and 2010 showed that media-reported supply chain disruptions
are just the tip of the iceberg. Morethan 70% of organizations surveyed
by the BCI experienced some form
of disruption, which led to lost pro-
ductivity, increased working costs
and customer dissatisfaction, BCIsBird said.
To that, 2C Consultings Barnes
added, failing to address this issue
is like a senior manager switching
off all accountability every time heor she steps outside the office.
While business continuity initiativesat the office may be adequate, igno-
rance of the supply chain could
threaten your organizations goals,
reputation and livelihood, he said.
RESEARCH ON
SUPPLY CHAIN RISKS
The issue of supply chain andbusiness continuity management
has been researched extensively
in Europe. In fall 2009, the BCI
published a research report that
found:
I
Approximately 75% of the 201companies surveyed experienced
disruptions in their supply chainsduring the previous 12 months.
The chief causes of disruption
were economic recession, H1N1
pandemic flu (swine flu) and
IT/telecom disruptions.
I The impact of the disruption was
primarily a loss of productivity,although loss of revenue, cus-
tomer complaints and delayedproduct availability were high on
the list.
ENTERPRISE CIO DECISIONS APRIL 2011 27
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
5 THE WEAKEST LINK
-
8/4/2019 DR_ Business Continuity Strategies
28/30
Nearly 74% of businesses are tak-
ing a hands-on approach to supply
chain risk management, according
to Aon Inc.s 2009 Risk in 21st Cen-
tury Supply Chains survey. Keyfindings of the survey included:
I More than half of the firms sur-
veyed launched regular communi-
cation and audit policies with sup-
pliers.
I Compared with Aons previous
supply chain survey, companiesactively managing risks around
contracts to ensure they are cov-ered from the negotiation phase
through defining quality controls
grew by 15%.
I There was a 20% increase in the
number of companies investigat-
ing their suppliers suppliers to
assess the overall strength of thesupply chain.
I Although insurance is still a key
risk management strategy, 20%fewer companies are using it as
the only form of mitigating risks.
I Only one in 10 firms placed an
emphasis on evaluating ethicalissues they are being exposed to
by their suppliers.
I Some 55% admit to having no in-
dicators in place to monitor supply
chain risk management perform-
ance.
In another report released by
Marsh & McLennan Cos. in 2010,
13% of respondents had experi-
enced supply chain disruptions in
the past two years. The report sur-veyed 220 risk and business conti-nuity managers across Europe, the
Middle East and Africa.
STRATEGIES FOR MITIGATING
RISK IN THE SUPPLY CHAIN
Assuming you wish to protect your
supply chain from unplanned dis-ruptions, consider the following
strategies:
Proactive Risk Management.
Begin your efforts by mapping the
entire supply chain and its depend-
encies. You should also determine
threats, risks and vulnerabilities, as
well as identify single and multiple
points of failure.Next, implement strategies to
remove or reduce these issues.
Remember that this is a continual
process and can be supported by
specialized software, from a handful
of developers including Oracle Corp.
and Microsoft Corp., but also small-er ones such as Epicor Software
Corp. and Infor Global Solutions Inc.
Business Continuity Management.
Leveraging BC management tech-
niques within the supply chain
ensures that important suppliers
arent at risk from long-term down-time caused by disruptive incidents.
ENTERPRISE CIO DECISIONS APRIL 2011 28
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
5 THE WEAKEST LINK
-
8/4/2019 DR_ Business Continuity Strategies
29/30
One way of doing this is to require
critical suppliers to develop busi-
ness continuity plans and make
them available for auditing. For
example, a business impact analy-sis, a key component of a BC man-
agement program, can be modified
to analyze supply chains and their
relationships to the organization.
Insurance. It is often thought
incorrectlythat supply chain riskscan be mitigated with business
interruption insurance. Inclusion offorce majeure clauses in such insur-
ance policies may address supply
chain disruptions. But to avoid cov-
erage issues with business interrup-
tion insurance, some organizations
buy specialized supply chain insur-ance policies from insurers including
Zurich Financial Services AG and
Aon.
Simply recognizing threats to the
supply chain is not enough. There
must be proactive efforts to define
how supply chain integrity can beprotected and how to mitigate the
identified risks. The good news is
that business continuity is beginning
to play an increasingly strategic role
in the protection of supply chainintegrity. I
Paul F. Kirvan, FBCI, CBCP, CISSP, has more
than 20 years experience in business continuity
management as a consultant, author and educa-
tor. He is also secretary of the Business Continu-
ity Institute USA Chapter. Write to him at
ENTERPRISE CIO DECISIONS APRIL 2011 29
HOME
EDITORS LETTER
UP FRONT
CLOUD DR AND BC
CAN SAVE YOUR
BUSINESS
MOBILE DEVICE DR:
THE NEXT
FRONTIER
PIGGYBACK DRONTO
VIRTUALIZATION
WHEN YOURE
NOT QUITE READY
FOR DR
THE WEAKEST LINK
5 THE WEAKEST LINK
Enterprise CIO Decisions Ezine is produced
by TechTarget CIO/IT Strategy Media,
2011 TechTarget.
Jacqueline Biscobing
Managing Editor
Rachel LebeauxAssistant Managing Editor
Scot Petersen
Editorial Director
Linda Koury
Director of Online Design
Christina Torode
News Director
Linda Tucci
Senior News Writer
Laura Smith
Features Writer
Ed Scannell
Executive Editor
Ben ColeAssociate Editor
FOR SALES INQUIRI ES, PLEASE CONTACT:
Theron Shreve
Senior Product Manager
(617) 431-9360
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected] -
8/4/2019 DR_ Business Continuity Strategies
30/30
RESOURCES FROM OUR SPONSORS
See ad page 3
Disaster Recovery: Plan for the Worst, Expect the Best
Guidelines for Successful Business Continuity Planning
How to sell business continuity to management in tough times
About CDW:
CDW's business model focuses on small- and medium-sized businesses with 97 percent
of sales derived from commercial accounts. CDW has built strong relationships within the
technology sector and we are a leading direct source for Cisco, HP, IBM, Intel, Microsoft,
Sony, Toshiba, and other top name brands. Our success is due to our exceptional coworkers,
who are the most important element of CDW's business strategy. To foster our coworkers'
success, CDW has designed a rewarding and challenging work place, recognized as one of
the best companies to work for in America.
http://www.bitpipe.com/detail/RES/1252088488_76.htmlhttp://www.bitpipe.com/detail/RES/1292870134_91.htmlhttp://www.bitpipe.com/detail/RES/1252446193_738.htmlhttp://www.bitpipe.com/detail/RES/1252088488_76.htmlhttp://www.bitpipe.com/detail/RES/1292870134_91.htmlhttp://www.bitpipe.com/detail/RES/1252446193_738.htmlhttp://www.cdw.com/