Earthquake and Hurricane in the Northeast: Time to Rethink ... · Earthquake and Hurricane in the...
Transcript of Earthquake and Hurricane in the Northeast: Time to Rethink ... · Earthquake and Hurricane in the...
© 2012 IBM Corporation
Earthquake and Hurricane in the Northeast:Time to Rethink our Assumptions on Risk Richard Cocchiara, CTO, IBM Business Continuity & Resiliency Services
IBM Global Technology Services
© 2012 IBM Corporation
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
2
© 2012 IBM Corporation
Agenda for today’s session
2011 in review
The state of business resilience today
Taking a holistic approach
The future of business resilience and the role of cloud
Barriers to cloud adoption and considerations when selecting a cloud services provider
Observations and recommendations
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
3
© 2012 IBM Corporation
Personal information leaks have cost millions of dollars, led to class action law suits, and damaged corporate reputation
The Iceland volcanic eruption cost airlines $1.7 billion with more than
10 million people affected
Visitors to Japan dropped 60% in April
Hosting provider service outages affect PaaS and SaaS for other vendors
90% of WW BT resin supply stopped
The increasingly connected world has magnified the impact on every aspect of life, including its disruptions
BT Resin Shortage Mobile Circuit Production Issue
Decreasing Tourism
Airlines Discontinuation
WW impact to Car Production
Personal Information Stolen Class Action Lawsuit
Downstream Service Provider Disruption
Car Parts Shortage
Nuclear Plant Explosion
Platform Outage
Flight Cancellation
Earthquake and Tsunami
Game site attacked by hacker
Servers shut down by human error
Volcano
WW car production was down20-30% for some major auto
manufactures during April and May
Hosting provider service outages affect PaaS and SaaS for other vendors
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
4
© 2012 IBM Corporation
Globally and in the U.S., economic losses from all types of natural disasters are escalating rapidly; 2011 was a record year
Economic cost of natural disasters worldwide
Number of U.S. weather/climate disasters with economic impact greater than $1B
1980s(avg
per yr)
1990s(avg
per yr)
2010 2011
$115B
2005
$190B
2010
$280B
20112000s(avg
per yr)
3.8 4.6 4
1.2
12
$8B
$14B*$33B** $8B
$52B
*Hurricane Andrew $27B **Hurricane Katrina $125B; Hurricane Rita $16B; Hurricane Wilma $16; Hurricane Ike $27B Sources: National Oceanic and Atmospheric Association (NOAA); Münchener Rückversicherungs-Gesellschaft, Geo Risks Research, NatCatSERVICE
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
5
© 2012 IBM Corporation
U.S. implications: regional disasters had national scope and large metro areas like NYC were threatened like never before
In one three-day stretch in April, 343 tornadoes struck from Alabama to Virginia
Precipitation in the Ohio Valley exceeded normal levels by 300%, causing flooding along the Mississippi River
Drought fueled wildfires burned more than a million acres (400,000 hectares) in Texas alone
Hurricane Irene made 3 landfalls, with torrential rainfall and severe flooding; evacuation orders covered 2.3M people
Photo: ISC NewsroomPhoto: Scott Olson/Getty Images
Photo: agreenliving.orgPhoto: Reuters
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
6
© 2012 IBM Corporation
2011 saw an unprecedented number of large-scale U.S. weather-related events that cost at least $1billion each
Drought, heat wave, spring/fall
Wildfires, spring/fall$1 billion
Flooding, summer$2 billion
Flooding, spring/summer $4 billion
Tornadoes, July $1+ billion
Tornadoes, June$1+ billion
Tornadoes, April $2.2 billion
$10 billion $9.1 billion $10.2 billion
$7.3 billion
Blizzard, Jan/Feb $1.8 billion
Tornadoes, May
Tornadoes, April
Tornadoes, April$3 billion
Tornadoes, April$2.1 billion
Hurricane, August
Tropical storm, Sept. $1+ billion
Source: National Oceanic and Atmospheric Association (NOAA)
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
7
© 2012 IBM Corporation
Orange County, NY Director of Operations Richard Mayfield described Irene's effect in one word: "Devastating"
Main St.Washingtonville
Orange County, NY
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
8
© 2012 IBM Corporation
Protecting your business against downtime and disruptions is crucial for competing in today’s marketplace
Would your company survive a major outage?
Increasingly high volumes of data, applications Geographically-dispersed facilitiesEvolving industry and government regulationsExpectations and demands from stakeholders
Support continuous data and operational availability
Improve your competitive position and reputation
Improve operational efficiency
Reduce risk
Why you are increasingly vulnerable: Why a robust resilience solution:
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
9
© 2012 IBM Corporation
Business resilience refers to the ability of enterprises to adapt to a continuously changing business environment
Business resilience helps organizations maintain continuous operations and protect their market share in the face of disruptions such as natural or man-made disasters.
It requires the engagement of everyone in the organization and often means a change in corporate culture to instill awareness of risk.
Business resilience planning is distinguished from enterprise risk management (ERM) in that it is more likely to build capacity to seize opportunities created by unexpected events.
placeholder
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
10
© 2012 IBM Corporation
The 2011 IBM risk study showed that companies value the need for risk management planning and execution
Well-crafted and communicated plan
Disagree NeitherAgree
No formal plan, but plan to develop one
Disagree NeitherAgree
No formal risk management function
Disagree NeitherAgree
Risk management on the rise:In the 2010 study, 42% said they had no formal risk management function.
53% 29% 18%
30% 53% 17%
30% 59% 11%
2011 2010
Source: 2011 IBM Global Business Resilience and Risk StudyStudy comparison: 2010 IBM Global IT Risk Study
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
11
© 2012 IBM Corporation
From traditional challenges … … to better outcomes
Foundational capabilitiesIntegrated risk management | End-to-end security | Business continuity and resiliency
Effective risk managed requires a holistic approach to better manage risk, security and compliance across the enterprise
Ever-increasing security and resiliency threats
Security breaches and business disruptions are mitigated automatically
Unexpected downtime that throttles business performance
Continuous business operations are maintained with a responsive and highly available infrastructure
Inability to meet regulatory and industry requirements associated with security and resiliency
Regulatory and industry requirements are addressed with confidence
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
12
© 2012 IBM Corporation
Align and integrate IT risk into the business’ enterprise risk management framework
Identify key threats and compliance mandates
Implement and enforce a risk management processand common controls framework
Execute incident management processes when crises occurs
Risk management governance methodology
Start with a plan that takes a structured approach to assessing business and IT risks
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
13
© 2012 IBM Corporation
Organizations need a comprehensive approach to achieving resilience that extends across the enterprise
Resilience FrameworkLinks IT service delivery to business objectives with an expected level of service
Provides a holistic view of IT service delivery and links the impact of the risk to business value
Provides a model for defining and integrating IT service deliveryelements to achieve target service levels and risk tolerances
The ability to deliver total resilience is no greater than the minimum resilience capability at any one of the layers — “the weakest link in the chain”
Business driven
Data driven
Event driven
Strategy and vision
Organization
Process
Applications and data
Technology
Facilities
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
14
© 2012 IBM Corporation
The need to protect applications and data is the overriding concern for most organizations
What constitutes an organization’s business resilience strategy?
Data and application security
Data protection
Infrastructure security
Security governance and risk management
Identity and access management
Compliance management
85%
79%
77%
75%
74%
69%
Source: 2011 IBM Global Business Resilience and Risk Study
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
15
© 2012 IBM Corporation
Recovery Point Objectives (RPO) & Recovery Time Objective (RTO)Minutes Hours
Point-in-Time Backup to Tape / Disk
RPO > 15 min. RTO= 4+ hours, Manual PiT or SW Data Replication.
RPO=Near zero, RTO <1Hr. to 4 hours, AutomaticServer/Workload/Network/Data Automatic Site Switch
RPO=Near Zero, RTO <1Hr. to 4 hours, ManualDisk or Tape Data Mirroring
Multi-Site Failover / Fallback
RPO=near zero, RTO <1min, AutomaticServer/Workload/Network/Data SYSPLEX
Continuous Availability
RPO=4+ hours, RTO=8 to 24 hours, ManualData Base Log Replication & Host Log Apply at Remote
RPO<24 hours, RTO=8-24 hours Electronic Tape Vaulting
Active Secondary Site
Days
Of course, not all applications and data require the same levels of recovery — or the same level of investment
Hig
her
Cos
tLo
wer
RTO=>24 hours, RPO=24 hours Hot Site & Tape
RTO=Days, RPO>24 hoursTape, HW ATOD
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
16
© 2012 IBM Corporation
Cloud computing-based resiliency offers an attractive alternative to traditional disaster recovery in terms of cost and performance
Syndicatedhardware
Dedicatedhardware
Cloudcomputing
Disasterrecovery
Shared recovery model
Businesscontinuity
Traditional recovery model
Businessresiliency
Virtualized model
IT: proactiveBusiness: proactive
Recovery time:seconds or always up
IT: proactive Business: reactive
Recovery time: minutes or hours
IT: reactiveBusiness: none
Recovery time:days or weeks
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
17
© 2012 IBM Corporation
A range of cloud resiliency solutions are available to meet the varied needs of mission- and business-critical applications
System and Data Restore
(imported media)
System and Data Mirroring
System and Data Failover
Availability
App
licat
ion
Perf
orm
ance
Data archiving and
retrieval
RetentionD
ata
Com
plia
nce
Data backup and
recovery
Application continuity / recovery
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
18
© 2012 IBM Corporation
In the 2010 IBM Global IT Risk Study, cloud for business resilience and risk management was viewed as risky
Study comparison: 2010 perceptions of cloud
Extremely risky/risky
Somewhat risky
Moderately/not at all risky
A full 77% of 2010 study
respondents viewed cloud as somewhat to extremely risky
42%
35%
42%
Source: 2010 IBM Global IT Risk Study
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
19
© 2012 IBM Corporation
In our 2011 study, we’re seeing that organizations are still cautious, but that they see the value of moving to cloud
Offers promise once technical and security issues have been addressed — 28%
Benefits outweigh the risks — 21%
Data security risks are too great — 21%
Key strategicaspect of risk management — 18%
Traditional methods are best — 6%
IT execs will never give up control of data assets — 5%
Study comparison: 2011 perceptions of cloud
Source: 2011 IBM Global Business Resilience and Risk Study
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
20
© 2012 IBM Corporation
Here are some of the potential barriers to the adoption of cloud-based disaster recovery
Concerns about security, compliance, and control issues in the cloud
Questions about whether applications will seamlessly run in a cloud environment
Perception that there isn't a trusted vendor in the market offering the service
Concerns over bandwidth requirements
Lack of buy-in from either IT or business leadership or decision-makers
To learn more, see the results of a recent study conducted by Forrester Research: Cloud-Based Disaster Recovery Barriers And Drivers
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
21
© 2012 IBM Corporation
21
By selecting a trusted cloud-based disaster recovery service provider, you can move beyond the barriers to cloud adoption
Web portal access with fail-over and fail-back capability facilitates improved control by DR professionals
Built-in support for disaster recovery testing builds confidence and refines DR plans
Tiered service levels optimizes application recovery times
Support for mixed and virtualized server environments improves control
Global reach and local presence enables bandwidth savings
Support for migration from and co-existence with traditional disaster recovery methods eases transition
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
22
© 2012 IBM Corporation
Observations and recommendations
Cloud computing is a disruptive change to the way IT services are delivered, backed up and restored
Without a strategy, Cloud computing can seen as a threat to the IT team
With a strategy, Cloud computing is a huge opportunity for the CIO and IT team
IBM Business Continuityand Resiliency Services
April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona
23
© 2012 IBM Corporation
Thank You!
ibm.com/services/continuity