Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services

13
© 2014 IBM Corporation Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services 24 March 2014 Keys to Resilience for Small and Medium Enterprises BUP03031-USEN-03

description

Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services 24 March 2014. Keys to Resilience for Small and Medium Enterprises. BUP03031-USEN-03. Agenda. Risks to Resilience IBM Resilience Framework Resilience Lifecycle Conclusion. - PowerPoint PPT Presentation

Transcript of Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services

Page 1: Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services

© 2014 IBM Corporation

Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services

24 March 2014

Keys to Resilience for Small and Medium Enterprises

BUP03031-USEN-03

Page 2: Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services

© 2014 IBM Corporation

IBM Global Technology Services

2

Agenda

Risks to Resilience

IBM Resilience Framework

Resilience Lifecycle

Conclusion

Page 3: Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services

© 2014 IBM Corporation

IBM Global Technology Services

3

Today’s businesses need to reduce expenses and manage risk while maintaining continual availability to data and services.

Innovation in the cloud

60 percentof chief information officers view cloud computing as critical to their plans5

Mobile in the enterprise

90 percentof organizations will support corporate applications on personal devices by 20146

Increased outage costs

38 percentIncreased to US$182 thousand per hour in two years from 2010-20122

Budgetary constraints

71 percentof the average IT budget is dedicated to ongoing operations4

Unplanned IT outages

70 percentof organizations surveyed list this as their primary concern7

Exploding data growth

40 zettabyteof digital content in 2020, a 500 percent increase from 20103

Aging infrastructure

71 percentof data centers are over 7 years old1

1The Essential CIO: Insights from the Global Chief Information Officer Study, May 2011, 2Aberdeen Group, “Datacenter Downtime: How Much Does it Really Cost?”, March 2012, 3IDC, “Digital Universe Study”, June 2011, 4Based on IBM Research, 5McKinsey, “How IT is managing new demands”, 2011, 6Gartner predicts that by 2014, “90% of organizations will support corporate applications on a personal devices.”, 7The Business Continuity Institute, Horizon Scan 2013 - Survey Report

Page 4: Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services

© 2014 IBM Corporation

IBM Global Technology Services

4

External threats are increasing globally, with economic losses from all types of disasters escalating rapidly.

Source: Münchener Rückversicherungs-Gesellschaft, Geo Risks Research, NatCatSERVICE, January 2013Source: Münchener Rückversicherungs-Gesellschaft, Geo Risks Research, NatCatSERVICE, January 2013

Number of events: 905

Geophysical events (earthquake, tsunami, volcanic activity)

Meteorological events (storm)

Hydrological events (floods, mass movement)

Climatological events (extreme temperature, drought, wildfire)

2012 natural catastrophes2012 natural catastrophes

Hailstorms, severe stormsCanada, 12-14 August

Severe stormsUSA, 28-29 April

DroughtUSA, Summer

Severe storms, tornadoesUSA, 2-4 March

EarthquakeMexico, 20 March

FloodsColumbia, March- June

Severe stormsUSA, 28 June- 2 July

Hurricane SandyUSA, Caribbean 24-31 August

Hurricane IsaacUSA, Caribbean 24-31 August

FloodsNigeria, July- Oct

Winter storm AndreaEurope, 5-6 January

FloodsUnited Kingdom, 21-27 November

EarthquakesItaly, 20/29 May

Floods, hailstormsSouth Africa, 20-21 October

Floods, flash floodsAustralia, Jan - Feb

Floods, flash floodsAustralia, Feb - March

Earthquake Iran, 11 August

FloodsPakistan, 3 -27September

Flash floodsRussia, 6-8 July

Cold waveAfghanistan, Jan- March

Cold waveEastern Europe, Jan- Feb

Typhoon BophaPhilippines. 4-5 December

Typhoon HaikuiChina, 8-9 August

FloodsChina, 21-24 July

Page 5: Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services

© 2014 IBM Corporation

IBM Global Technology Services

5

The increasingly connected world has magnified the impact on every aspect of life, including its disruptions.

Earthquake and tsunami

Game site attacked by hacker

Servers shut down by human error

Volcano

BT resin shortage

Personal information stolen

Nuclear plant explosion

Platform outage

Flight cancellation

Car parts shortage

Mobile circuit production issue

Decreasing tourism

Airlines discontinuation

WW impact to car production

Class action lawsuit

Downstream service provider disruption

The percentage of visitors to Japan dropped to 60 percent in April3

90 percent of the worldwide (WW) Bismaleimide-Triazine (BT) resin supply stopped1

World-wide car production was down by 20-30 percent for some major auto manufacturers during April and May2

The Iceland volcanic eruption cost airlines US$1.7 billion with more than 10 million people affected4

Personal information leaks have cost millions of dollars, led to class action law suits, and damaged corporate reputation

Hosting provider service outages affect Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) for other vendors

1Update: Analysts fear shortage of key resin, Dylan McGrath, 17 March 2011 2Japan's Earthquake and Tsunami Hit Parts Supplies, Motor Trend, June 2011 3Japan's tourism industry recovering after the tsunami, BBC Business News, 6 October 2011 4Volcano Crisis Cost Airlines $1.7 Billion in Revenue - IATA Urges Measures to Mitigate Impact, IATA Pressroom, 21 April 2010

Page 6: Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services

© 2014 IBM Corporation

IBM Global Technology Services

6

IBM’s Resilience Framework depicts a comprehensive view of an Enterprise Resilience program.

To deliver a total resilience program, the resilience capability of each layer must be optimized.To deliver a total resilience program, the resilience capability of each layer must be optimized.

SecurityRecoveryContinuity Availability

IBM

Res

ilie

nc

e F

ram

ewo

rkIB

M R

esil

ien

ce

Fra

mew

ork

Facilities

Technology

Applications and data

Processes

Organization

Strategy and vision

Page 7: Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services

© 2014 IBM Corporation

IBM Global Technology Services

7

True resilience requires a lifecycle methodology to achieve sustainable improvements.

Business imperatives:

IT risk management

Regulatory compliance

Corporate governance

Reputation

Operational risk

management

Inputs:

Business objectives,

goals, priorities,

policies and current

capabilities

Outputs:

Reduced risk, improved governance and facilitated compliance management

Man

age

Plan

Implem

ent

Asses

s

Deploy

Validate

Control

Monitor

Evaluate

Analyze

Define

Design

Page 8: Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services

© 2014 IBM Corporation

IBM Global Technology Services

8

To build a business resilience program, you must first assess your potential risks, their impact and your ability to mitigate them.

Assess

Analyze current and potential risks, and establish a risk profile by location, line-of-business function and business process.

Determine impact of event: financial, opportunity and reputation.

Evaluate mitigation capabilities to develop customized risk framework

Identify areas for further analysis.

Assess maturity of mitigation capabilities, including basic, managed, predictive, adaptive and resilient capabilities. Diagnose risks to business

objectives and prescribe appropriate actions to improve business resilience.

Page 9: Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services

© 2014 IBM Corporation

IBM Global Technology Services

9

Enterprise-wide risks need to be identified, prioritized and addressed as you design and develop your business resilience programs.

Plan

Set objectives for risk mitigation or enhancement to help:

– Define the scope for the risk strategy.– Select the risks that need to

be mitigated or enhanced

Define strategic business continuity, disaster recovery and crisis management plans to help sustain critical operations in the event of a disruption

Design for business resilience:– Business and financial justification – Governance and authority and policies – Systems management disciplines– Physical and logical security– Application and data– Program execution – Facilities

Improve your business resilience with cost-optimized, IT resilience architectures, plans, procedures and strategies.

Page 10: Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services

© 2014 IBM Corporation

IBM Global Technology Services

10

Validate IT recovery plans, procedures, and processes meet business resilience requirements through appropriate testing.

Implement

Choose resilient partners for your resilience solutions, including data storage and Disaster Recovery

Deploy business resilience program:– Implement resilience architecture,

processes, and organization structure– Document resilience programs and train

key personnel

Validate business resilience plans and procedures

– Architect and execute tests of defined resilience plans to help confirm they meet specified objectives:

• Protection of critical information• Recoverability of business functions

– Execute tests or perform walkthrough drills to identify resilience plan weaknesses for improvement and preparedness

Identify resilience plan issues and gaps to be addressed before a disruptive event occurs.

Page 11: Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services

© 2014 IBM Corporation

IBM Global Technology Services

11

A centralized governance program is critical for managing and maintaining a sustainable business resilience program.

Manage

Monitor current conditions to detect and respond to risks.

Control negative risk while enhancing positive risk.

Maintain compliance with regulatory requirements

Report on performance utilizing resilience dashboards to demonstrate readiness and results of business investment in resilience

Re-assess

Perform periodic assessments to validate that resilience plans still address business strategies and risks

Perform continuous improvementHelps ensure a state of readiness to respond to an outage event or a market opportunity.

Page 12: Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services

© 2014 IBM Corporation

IBM Global Technology Services

12

Conclusion

Surviving in a competitive business environment requires continuous availability of IT systems and data, even in the event of a disaster.

Businesses can face revenue loss and erosion of customer trust if they fail to maintain continuity while rapidly adapting and responding to risks and opportunities.

You need to create, implement and manage a business resilience strategy that centers on identifying and mitigating prioritized risks across your enterprise.

It is critical to choose resilient partners as you implement your enterprise resilience strategy.

IBM’s recommended lifecycle methodology helps you achieve more sustainable improvements in business resilience, optimize cost and better manage risk and compliance.

Page 13: Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services

© 2014 IBM Corporation

IBM Global Technology Services

13

Thank you for your time today.

For more information:

IBM Resiliency Consulting Services

IBM Business Continuity and Resiliency Services

Contact:

IBM Taiwan BCRS Solution Sales ManagerSamuel Tsai

[email protected] :886-2-87239666