Copyright 2013 EMC Corporation. All rights reserved.

Transcription

1 1

2 Why Trust Matters Escalating Demands, Threats, and Data $11,000 per outage min. $1M cost per outage Non-stop business demands CONTINUOUS Availability 85% of breaches take weeks to discover 92% were first discovered by a third-party More advanced threats ADVANCED Security 53% of companies lost data in % lost revenue as a result Growing data, expanding silos INTEGRATED Backup and Recovery Sources: Ponemon Institute, Verizon Data Breach Investigations 2

3 Continuous Availability Traditional HADR Continuous Availability Primary Site DR Clustering Active Standby Standby Site 1 Automatic Site 2 Replication Active-Active Data Array of HA/DR solutions to achieve always on infrastructure Lack of confidence in disaster recovery program One availability solution using off-the-shelf products Infrastructure aligned to business service levels 3

4 Advanced Security Disconnected Technologies and Policies Constantly Evolving Threats Intelligence-Driven Security Risks, Threats Risk Control and Policy Framework Business Policies, Organizational Structure, Security Operations Multiple identity and access systems Multiple encryption systems Targeted attacks, cyber criminals, hacktivists One size fits all policy Adaptive Controls adjusted dynamically based on risk and threat level Advanced Analytics provide context and visibility to detect threats Traditional Virtual, Converged Varied Data Stores Cloud Encryption Security Fire Wall PCI Compliance Business, Infrastructure Priorities 4

5 Integrated Backup and Recovery Traditional Backup & Recovery Silos Integrated, Self-Service Backup, Recovery & Archive Self Service Portal Backup, Recovery & Archive Services Catalog Policy Mgmt Archive Report Storage Mgmt App & Storage Integration Purpose-built backup and recovery silos Inefficient, manual, high cost, technical & admin. silos Centralized control, alerting, reporting, and policy management Recovery capabilities and technologies aligned with the business value of the data Backup as a service for business users 5

6 Building a Foundation of Trust Trust Services Capabilities C O N T I N U O U S AVAILABILITY Business Continuity Disaster Recovery Continuous Availability Advisory A DVANCED SECURITY Advanced Cyber Defense Information Security Program I N T E G R A TED BACKUP A N D R E C O V E R Y Backup and Recovery Services Governance, Risk, and Compliance (GRC) Services 6

7 CONTINUOUS Availability 7

8 Business Continuity Service Fragmented, Overlapping BC Solutions Business Continuity Framework Software Engineering Release Problem Incident Hardware Engineering Change Finance Configuration Incident Capacity Sales Release Change Problem Capacity Services Incident Software Engineering Maintenance Hardware Engineering Testing Finance Analysis All business supporting components considered in comprehensive protection plan Sales Implementation Solution Services Unexpected downtime Competing requirements from business units Complex infrastructure interdependencies Performance requirements met Effective management and minimization of downtime Priorities determined by business vs. technology needs 8

9 Business Continuity Service Comprehensive Strategy to Strengthen Your Business Continuity Posture Assessments Assess service levels; evaluate recovery alternatives Service Level Design Design service catalog, architecture, recovery plans Integration Test and implement technologies; develop failover/ recovery plans Management Manage resources; measure; plan continuous improvements 9

10 Financial Services Company Insurance, Investment and Financial Services Holding Company Solution Provided technical delivery management services including: Encase CyberSecurity Tool, Symantec GRC Compliance Tools, and CheckPoint Full-Disk Encryption Served as Senior Security Advisor to staff Develop a business continuity governance model and business recovery plans supported on an Archer Platform to define an auditable recovery posture for the company Challenge Company needed to prove it had processes in place to maintain business in the face of an event that would be disruptive to all or part of its business The processes had to be manageable, auditable and meet regulatory scrutiny Results Detailed program and communication governance documentation to manage an outage crisis across their multiple locations Business resource recovery plans implemented in Archer s BCM module 10

11 Disaster Recovery Service Break in Business Continuity Disaster Recovery Framework Software Engineering Hardware Engineering Finance Sales Services Software Engineering Hardware Engineering Finance Sales Services BC Plan Loss of data Inconsistent, manual processes Ineffective and/or inefficient disaster recovery plan book Inconsistent alignment with business continuity requirements Disaster recovery processes aligned with business continuity plan Fast, orderly recovery based on business requirements No data corruption 11

12 Disaster Recovery Service Build A Roadmap And Strategy With A Clear Understanding Of Business Impact Strategy Assess and develop prioritized business recovery objectives Data Management Design a plan to achieve recovery objectives Recovery Program Create and manage a process for both technology and business 12

13 Hunting, Fishing, Camping Company Disaster Recovery Program Challenge Develop a disaster recovery solution to protect data assets and secure their business Design a recovery solution across multiple platforms to support high availability and disaster recovery Solution Complete hardware asset inventory, infrastructure build documentation, Provided technical delivery management services including: Encase CyberSecurity Tool, Symantec GRC Compliance Tools, and infrastructure and application recovery CheckPoint Full-Disk Encryption Served as Senior Security Advisor to staff plans Results Client has detailed documentation to rebuild current production data center in the event of a catastrophic loss Complete set of application recovery plans and infrastructure recovery plans 13

14 Continuous Availability Advisory Service Multiple Availability Solutions Single Availability Approach Primary Site Traditional HADR DR Architectures Continuous Availability Recommendation Clustering Active Standby Standby Solutions Replication Roadmap Multiple disaster recovery solutions for 24X7 service Growing costs for availability administration and maintenance Untested failback plans 2-3 downtime scenarios per year Single availability solution Achieved through off-the shelf products Most downtime scenarios eliminated Business case and roadmap 14

15 Continuous Availability Advisory Service Accelerate the Journey to Continuous Availability Current State Readiness Architecture Economics Roadmap Assess current spend and capability Evaluate applications for active-active capability Develop architectures for applications and data Assess costs and benefits of a new availability approach Create an availability transformation plan 15

16 Global Health Care Organization Developed Roadmap to Improve Availability and Reduce Cost Challenge SAN configuration error took down production site Millions of dollars in penalties were paid to hosted clients Failover of top tier strands other applications Demonstrated how a Continuous Availability strategy can save $18M over 3 years Solution Provided architectural design that converged HA & DR architectures with VPLEX, RAC, OTV, and vsphere Metro Storage Cluster Enabled SAP to stay up regardless of failure scenario Results Developed Continuous Availability strategy to improve confidence Identified how server count can be reduced by 29% and costs decreased by approximately $18 million over 3 years Provided a roadmap to eliminate RPO and RTO, as well as idle assets, DR, and fail-over time 16

17 ADVANCED Security 17

18 Advanced Cyber Defense Services Continually Evolving Security Threats Umbrella of Services to Manage Threats Data Analytics Targeted attacks No Organizational Structure SIEM Cyber criminals Lack of Business Policies Controls, Policies, and Procedures THREAT SOC Poor Security Operations Hacktivists Info Security Program Lots of disorganized responses Ineffective application of controls Misdirected policy creation and enforcement Common, flexible platform to manage threats and responses High-speed analytics and advanced monitoring Controls that can be adjusted based on threat posture 18

19 Languages & Frameworks Services Analytics Advanced Cyber Defense Services Impacting the Attack Cyber Kill Chain Data Fabric Application Fabric Business Policies, Organizational Structure, Security Operations Ingest & Query: very high-capacity & in-memory Scale-out storage: HDFS/Object Automation: App Provisioning & Life-cycle Service Registry Cloud Abstraction (portability) Cloud Fabric Framework Create Risk Control and Policy Framework Threat Identification Develop analytics platform and predictive modeling SIEM Buildout Identify gaps; create procedures for handling incidents SOC Development Create security operations center for monitoring, assessing, and defending threats 19

20 Global Life Sciences Firm Evolves to protect the organization from targeted attacks Challenge Remediate targeted attack intrusion that bypassed traditional security countermeasures Solution Delivered Advanced Cyber Defense Services Scoped and remediated targeted attack Identified gaps and hardening recommendations for the IT Security Infrastructure Established baseline Security Operations capabilities and goforward roadmap Results Enhanced security posture with accelerated incident response times Increased board level sponsorship and awareness for overall IT Security Risk Management 20

21 Information Security Program OUT-OF-DATE SECURITY PROGRAMS, POLICIES, PROCESSES COMPREHENSIVE SECURITY MANAGEMENT PROGRAM CRM Instances ERP Instances Organizational Structure Database Instances User Environments Poor visibility of true risk profile Messaging Instances Disaggregated view of risks and incident response Fragmented and inefficient security operations Risk Control and Policy Framework Business Policies Enterprise-wide information security program Rationalized security risk and controls framework aligned to business and regulatory requirements Continuous improvement program Security Operations 21

22 Information Security Program Build, Manage, And Improve A Sound Information Security Program Program Assessment Determine program maturity Risk Assessment Identify security risks, controls, and protection gaps Program Development Implement security policies, standards, and metrics 22

23 Global Health Care Products Provider Assessment of Risk Exposure for Applications Moving to Cloud Financial analysis highlighted a reduction in total IT spend of approximately 21% compared with their current IT cost base Challenge Accelerate client s cloud strategy to reduce IT spending and standardize their environment Increase agility and responsiveness to their many operating companies and ultimately customers Solution Delivered Cloud Advisory Service Assessed suitability of private, public and hybrid cloud models for key application workloads from economic, trust and functionality perspectives Results Implementing the cloud vision, including a center of excellence for cloud with services catalog and optimized IT processes 23

24 INTEGRATED Backup and Recovery 24

25 Backup and Recovery Services IT DEPENDENT SELF-SERVICE SCAN & COPY STORE RECOVER DO MORE WITH DATA Backup Team Application Silos Dedicated Infrastructure Helpdesk Recovery Backup Consoles Lines of Business Centralized Backup Leveraged Infrastructure Self-Service Recovery Native Application Consoles 25

26 Backup and Recovery Services Services For The Entire Technology Deployment Lifecycle Plan Deploy Optimize Manage Educate Guidance and recommendations to help build your infrastructure Design and implement your infrastructure Optimize the performance and reliability of your infrastructure Manage infrastructure operations, fill resource gaps Training and certification programs to develop knowledge and skills 26

27 Transport Infrastructure & Power Generation Company Backup Infrastructure Assessment Findings and recommendations (organizations, process, environment, architecture), to-be architecture, detailed assessment report, summary presentation, next steps Challenge IT budget not keeping pace with data growth Backup operational model not aligned with business needs Unstable backup environment Informal communications between functional areas Staffing and skills not aligned with infrastructure needs Solution End to end assessment of backup environment and supporting infrastructure Review of operations, processes, procedures, organization and competencies Review of business applications, business data and service level objectives Results 22% improvement in backup performance Reduced 300+ backup devices to 12 Eliminated VTL tape mount issues 30% yearly data growth matched to infra design Reduced backup times, manpower and storage 27

28 Governance, Risk, and Compliance (GRC) 28

29 GRC Services Limited Governance Active Governance DESKTOP LAPTOP Finance Operations Legal Corporate-wide communications and reporting Compliance across stakeholders, supply chain MOBILE Distributed data Discrete risk control technologies Single Platform Compliance Management Threat Management IT Config. Management Business Continuity Management Governance model incorporated into technology Limited cross-functional communication on policies and processes Discrete tools aligned to functional risk needs Interconnected risks are difficult to control Technology not integrated with policies and processes Traditional Virtual, Converged SDDC /Cloud Big Data Environments Polices and data managed via governance process Technology-enabled controls and reporting Corporate-wide governance & compliance across the supply chain 29

30 GRC Services Unify the Risk and Compliance Effort Identify Identify risks and prioritize control requirements cross functionally Measure Build GRC program strategy and initiatives to achieve future state Monitor Implement processes across functions, technologies and procedures 30

31 Pharmacy Innovation Company Governance, Risk, and Compliance Strategy Development Challenge Fragmented risk and compliance activity across functions Need to mature risk management processes and adopt a holistic approach throughout the organization Strengthened enterprise risk management capabilities while securing stakeholder buy-in for change Solution GRC program strategy supported by analysis of existing GRC processes GRC strategic plan that lays out a roadmap for GRC program implementation Results Key stakeholders have visibility into the organization s GRC issues and steps for addressing them Organization now has a roadmap for collaboration and communication between functions for implementing a sound GRC strategy 31

32 Enabling Customer Success Throughout The IT Solutions Lifecycle EMC Global Services High-Level Overview STRATEGIZE Provide Strategic Guidance & Advice DESIGN Plan & Architect Solutions Consulting Services Industry expertise blended with key information management capabilities Technology Expertise Cloud & Virtual Data Center Infrastructure Big Data Information Management & Analytics Application Architecture Design & Development Application Infrastructure Security & Risk Management DEPLOY Implement & Integrate Technology Technology Services Assessment, design, implementation, integration, data migration Risk mitigation, knowledge transfer Health check/performance Infrastructure Management Services Managed Services Residency Services Out-Tasking Services Education Services Training and certification for storage, cloud and Big Data technologies OPERATE Optimize & Manage the IT Environment EDUCATE Train the IT Workforce Customer Services E M C P A R T N E R E C O S Y S T E M SUPPORT Maintain & Support Ongoing Operations Online support and proactive services Secure remote support Onsite and remote technical support Support options and personalized services Solution support 32

33 TRUST /CONTINOUS AVAILABILITY - Global Services Portfolio STRATEGIZE Provide Strategic Guidance & Advice DESIGN Plan & Architect Solutions Installation for Archer SmartStart (On-Prem/SaaS) Hardware Sizing & Performance Health Check for Archer egrc Audit for RSA Security Analytics USD Implementation for RSA Security Analytics UDS30 Business Continuity and Disaster Recovery Strategy & Implementation Technology Refresh DEPLOY Implement & Integrate Technology OPERATE Optimize & Manage the IT Environment Managed Services Residency Services Out-Tasking Services EDUCATE Train the IT Workforce Training and certification for Trust E M C G l o b a l S e r v i c e s O v e r v i e w SUPPORT Maintain & Support Ongoing Operations Secure remote support Onsite and remote technical support Support options and personalized services Solution support Administration & Management for Archer egrc Return Home 33