The Pitfalls of DIY Approaches to Disaster Recovery

Similar documents
The Risks Of Do It Yourself Disaster Recovery

How To Adopt Cloud Based Disaster Recovery

The State Of Business Continuity Preparedness

Virtualizing disaster recovery using cloud computing

How To Understand The State Of Business Continuity Preparedness

The case for cloud-based disaster recovery

Demystifying Disaster Recovery as a Service

How To Understand The Market For Disaster Recovery

How Organizations Are Improving Business Resiliency With Continuous IT Availability

A Guide to Disaster Recovery in the Cloud. Simple, Affordable Protection for Your Applications and Data

New Ways to Get the Biggest Return from Your Cloud IT

Best Practices in Disaster Recovery Planning and Testing

Business Resiliency Business Continuity Management - January 14, 2014

How to Design and Implement a Successful Disaster Recovery Plan

Top 7 Best Practices for IT Service Continuity

THE CXO S GUIDE TO MANAGING EXPANSION... WHILE CONTROLLING COSTS & COMPLIANCE CONSIDERATIONS

Top 10 Disaster Recovery Pitfalls

Why Endpoint Backup Is More Critical Than Ever

Business Continuity and Disaster Recovery Planning

Traditionally, large IT organizations have utilized their own

The Forrester Wave : Traditional Disaster Recovery Service Providers, Q1 2014

Solving the Second Site IT Dilemma. Understanding the Benefits of Cloud DR for NetApp Storage Environments. Introduction.

The Outsourced IT Hiring Guide

Are SMBs Taking Disaster Recovery Seriously Enough?

With 57% of small to medium-sized businesses (SMBs) having no formal disaster

Service Availability Metrics

2015 Public Cloud Disaster Recovery Survey

Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June

Develop an intelligent disaster recovery solution with cloud technologies

50x Zettabytes*

Building the business case for continuity and resiliency

Forrester Research and the Disaster Recovery

MaximumOnTM. Bringing High Availability to a New Level. Introducing the Comm100 Live Chat Patent Pending MaximumOn TM Technology

April Understanding the Benefits of Cloud Backup/Disaster Recovery Solutions

The PNC Financial Services Group, Inc. Business Continuity Program

Data Centers: Outsource or Own? Presented by: Rachel Dines, Forrester Research, Inc. Christopher Nicolini, Windstream Hosted Solutions

IBM index reveals key indicators of business continuity exposure and maturity

Audit of the Disaster Recovery Plan

Page 2. Most Of The Information Workforce Now Works Remotely

The PNC Financial Services Group, Inc. Business Continuity Program

Hedge Funds & the Cloud: The Pros, Cons and Considerations

Insights: Data Protection and the Cloud North America

Moving to the Cloud? DIY VS. MANAGED HOSTING

2014 DATA CENTER TRENDS

VoIP Deployment Options

Which Backup Option is Best?

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

AN EXECUTIVE S GUIDE TO BUDGETING FOR SECURITY INFORMATION & EVENT MANAGEMENT

Ohio Conference for Payroll Professionals Disaster Recovery

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

UC And Collaboration Adoption By Business Leads To Real Benefits

Your complete guide to Cloud Computing

Using the Cloud for Business Resilience

2014 HIMSS Analytics Cloud Survey

EXECUTIVE REPORT: 2014 CLOUD TECHNOLOGY & IT OUTSOURCING TRENDS

Why You Should Consider Cloud- Based Archiving. A whitepaper by The Radicati Group, Inc.

Kroll Ontrack VMware Forum. Survey and Report

How To Manage A Disaster Recovery Program

The Gotchas of Cloud-Based

Appendix 3 Disaster Recovery Plan

WHITEPAPER. 7 Reasons Why Businesses are Shifting to Cloud Backup

The Specialized Cloud for Accounting Professionals

Cybersecurity The role of Internal Audit

SAFETY FIRST. Emerging Trends in IT Disaster Recovery. By Cindy LaChapelle, Principal Consultant.

Transcription:

Business Continuity & Resiliency Services The Pitfalls of DIY Approaches to Disaster Recovery

Interactivity Tips 1. Ask A Question 2. Download a PDF copy of today s presentation 3. Social Networking Tools 2

Business Continuity & Resiliency Services Our presenters for today Man Bui Executive, IBM SmartCloud Resilience Services Rachel Dines Senior Analyst, Forrester Research 3

Business Continuity & Resiliency Services Agenda The link between IT and Reputation BC/DR budget trends Provisioning DR sites DR testing and exercises Skills and staffing for resilient IT Continuous improvement and maintenance Wrap up and recommendations 4

Business Continuity & Resiliency Services Are you overestimating your ability to balance and effectively manage risk? Perception More than two-thirds of companies include IT risk management in reputational risk management Companies are confident in their ability to manage IT risks they view as most damaging to reputation 3 out of 5 companies rate their overall ability to manage IT risk as strong or very strong Reality Only 17 percent rate their company s ability to manage IT risk as very strong Companies are overlooking fundamentals, which suggests that their confidence is not necessarily warranted Only 39 percent of the same companies require vendors, partners and supply chain to be properly vigilant Find out more by reading our latest study on the reputational risk and IT connection. Download the study at ibm.com/services/riskstudy 5

Business Continuity & Resiliency Services Reputation has a definable value much like brand value that can be diminished by IT risk-related events Economic value assigned to corporate brand or reputation* US$1M US$1.56B Average US$10B -21% The economic value of a company s reputation declines an average of 21% as a result of an IT breach of customer data* Underestimating the cost of reputational risk greatly exceeds the cost of protection. Finance manager, American financial services company * Reputation Impact of a Data Breach: U.S. Study of Executives & Managers, Sponsored by Experian Data Breach Resolution Ponemon Institute, November 2011. 6

Business Continuity & Resiliency Services The impact on reputation recovery is measured in months, not hours or days like recovery time objectives (RTO) 12+ months 6-12 months 0-6 months Data breach 13% 16% 59% New technology 13% 15% 58% Compliance failure 12% 19% 56% Insufficient DR measures 11% 20% 56% Poor IT skills / tech support 11% 18% 59% Inadequate continuity plans 10% 22% 54% Data loss 10% 14% 64% Mobility (BYOD) 10% 14% 68% System failure 8% 15% 68% Website outage 6% 12% 71% 2013 IBM Global Reputational Risk and IT Study, January 2012 (ibm.com/services/riskstudy) 7

Business Continuity & Resiliency Services In attempt to gain more control over IT risks, many organizations have brought disaster recovery in-house but are not sure they could respond to a real disaster of firms face a lack of focus on in-house DR relative to other IT projects of firms struggle against lack of funding to keep DR infrastructure up to date of do-it-yourselfers lack adequate in-house DR skills of do-it-yourselfers have trouble running enough DR tests and exercises 8 The Risks of Do It Yourself Disaster Recovery, a commissioned study conducted by Forrester Consulting on behalf of IBM, January 2013

What s prompting the sea change? Business pressures IT realities Business processes are more technology dependent IT must now support the anytime, anywhere mobile workforce Little tolerance for data loss or downtime Systems are more complex and heterogeneous Increasing expectations for system availability and performance New threat landscapes mean more potential causes of downtime 9

Implementing effective BC/DR remains a challenge Select the top three challenges of implementing and managing effective business continuity at your company Base: 184 IT decision makers at firms with 1000+ employees Source: Disaster Recovery Journal/Forrester Research Survey, 2011 10

Business Continuity & Resiliency Services Agenda The link between IT and Reputation BC/DR budget trends Provisioning DR sites DR testing and exercises Skills and staffing for resilient IT Continuous improvement and maintenance Wrap up and recommendations 11

BC/DR is a top technology priority for the next 12 months Base: 1201 IT decisions makers at North American and European enterprises and SMBs 12 Source: Forrester's Technology Forrsights For Hardware, Q3 2012

but BC/DR budgets remain a small portion of overall IT spend In 2012, approximately what percentage of your budget will go to business continuity and disaster recovery? Enterprises spend an average of 6.2% of IT budgets on BC/DR Base: 946 Enterprise Budget decision makers in North America and the UK 13 Source: Forrsights Budgets And Priorities Tracker Survey, Q2 2012

Allocating BC/DR spend wisely: conduct a risk-cost analysis Annualized risk cost equation: Frequency Likely duration Cost of downtime Annualized risk cost Use the annualized risk cost to guide investment in mitigation of the risk (i.e., potential remote access procedures) 14 Risk Frequency Likely duration Cost of downtime per hour Winter storm with more than 2 feet of snow 3 times per year 8 hours $12,000 Annualized risk cost $288,000

Business Continuity & Resiliency Services Agenda The link between IT and Reputation BC/DR budget trends Provisioning DR sites DR testing and exercises Skills and staffing for resilient IT Continuous improvement and maintenance Wrap up and recommendations 15

Many firms today take a hybrid approach to sourcing disaster recovery capabilities Where does your firm provision its backup data center(s)? 57% of survey respondents stated that they source DR capabilities with an equal mix of both in-house and outsourced solutions* Base: 542 NA and European Enterprise Hardware decision makers 16 Source: Forrsights Hardware Survey, Q3 2012

TCO and testing capabilities are top considerations for outsourcing DR What would make you consider outsourcing part, or all, of your DR? Base: 75 Enterprise Hardware decision makers in the US, UK, and India Source: a commissioned study conducted by Forrester Consulting on behalf of IBM, December, 2012 17

Seeking more control and faster recovery, firms brought DR in-house If you brought all or part of your DR in-house in the past five years, what was the primary reason?" Base: 75 Enterprise Hardware decision makers in the US, UK, and India Source: a commissioned study conducted by Forrester Consulting on behalf of IBM, December, 2012 18

Business Continuity & Resiliency Services Agenda The link between IT and Reputation BC/DR budget trends Provisioning DR sites DR testing and exercises Skills and staffing for resilient IT Continuous improvement and maintenance Wrap up and recommendations 19

Plan tests and exercises: it s not a oneoff event 20

Test types and frequencies 21 Test type Description Frequency Walk-through exercise Reviewing the layout and contents of a plan. As necessary to familiarize response teams and individuals with a documented plan or changes to a plan. Tabletop exercise Using a scenario, discussing the response and recovery activities of a documented plan. At least four times per year. Often done as the precursor to a full exercise. Component test Physically exercising a component of a documented plan, usually either systems on a single platform or systems supporting a single business process. As necessary as major changes are made to the IT operating environment or infrastructure. Depending on criticality, some components may be exercised more frequently than others. Full exercise/ simulation Using a scenario, carrying out the response and recovery activities of a documented plan for the entire organization. At least once per year; twice is ideal.

Majority of firms who run DR in-house feel tests are not entirely successful "If you have run a DR test or exercise in the past 12 months, how successful was it?" 67% of companies did not meet all recovery objectives Base: 75 Enterprise Hardware decision makers in the US, UK, and India Source: a commissioned study conducted by Forrester Consulting on behalf of IBM, December, 2012 22

Business Continuity & Resiliency Services Agenda The link between IT and Reputation BC/DR budget trends Provisioning DR sites DR testing and exercises Skills and staffing for resilient IT Continuous improvement and maintenance Wrap up and recommendations 23

Enterprises dedicate resources to business continuity management How many full-time equivalents (FTEs) support business continuity management corporate-wide? Base: 184 IT decision makers at firms with 1000+ employees Source: Disaster Recovery Journal/Forrester Research Survey, 2011 24 24

Embed resiliency into everyone s job function in IT 25 Service management Integrate availability into service level management process Reconfirm service-level expectations during normal business operations and during disasters or crisis modes. Sourcing and vendor management Include resiliency requirements in all RFPs and contracts. Assess the resiliency capabilities of the entire sourcing life cycle, especially software and cloud providers. Application development Develop secure, highly available applications Include resiliency testing as part of the acceptance testing process Enterprise architecture Hire availability or resiliency architects lead the resiliency efforts in EA Define standard architectures for resilient infrastructure, assess continuity capabilities during gating

The business must also embrace and embed resiliency The business The CISO holds BC, BT resiliency, and security together Chief Information Security Officer Business continuity director The business continuity director provides oversight of BT resiliency 26 Business owners play a role in documenting, updating, and testing availability and BT resiliency strategies. Head of infrastructure and operations The VP of I&O is accountable for and leads BT resiliency efforts Resiliency managers Resiliency managers document, maintain, and test BT resiliency strategy.

Business Continuity & Resiliency Services Agenda The link between IT and Reputation BC/DR budget trends Provisioning DR sites DR testing and exercises Skills and staffing for resilient IT Continuous improvement and maintenance Wrap up and recommendations 27

Most companies have declared a disaster or has a major service disruption Have you declared a disaster or experienced a major service interruption in the past 12 months? If so, how prepared were you to respond? Base: 75 Enterprise Hardware decision makers in the US, UK, and India Source: a commissioned study conducted by Forrester Consulting on behalf of IBM, December, 2012 28

Lack of focus, funding, testing, and skills stymy firms who run DR in-house What are the top challenges that you are facing with your inhouse disaster recovery infrastructure and processes? Base: 71 Enterprise Hardware decision makers in the US, UK, and India Source: a commissioned study conducted by Forrester Consulting on behalf of IBM, December, 2012 29

Business technology resiliency lifecycle Business Impact Analysis Plan Testing & Maintenanc e Program Management Strategy & Plan Development 30 Risk Assessment

Business Continuity & Resiliency Services Agenda The link between IT and Reputation BC/DR budget trends Provisioning DR sites DR testing and exercises Skills and staffing for resilient IT Continuous improvement and maintenance Wrap up and recommendations 31

Understand the costs and impacts of running DR in-house: ask tough questions Do we have the expertise in-house needed to run More than one-third of respondents in our and maintain an effective survey indicated this was a challenge for them DR program? Can we ensure the Almost 40% of respondents feel that this is a ongoing funding to make top challenge they are tackling when running the program successful? their DR program 32 Can we dedicate proper resources to the program? Peer companies indicate that they have over 31 FTEs dedicated to their BC/DR programs Can we ensure a consistent testing and exercise regimen? Not running enough DR tests and exercises is a top challenge for 48% of companies Will we be able to keep focus for continuous improvement on the program? Lack of focus is the top challenge for organizations running DR in-house

Business Continuity & Resiliency Services Do-it-yourself or outsource It s not an all or nothing choice of survey respondents source DR capabilities with an equal mix of in-house and outsourced resources The Risks of Do It Yourself Disaster Recovery, a commissioned study conducted by Forrester Consulting on behalf of IBM, January 2013 33

Business Continuity & Resiliency Services While TCO was cited as the top reason for considering a managed services approach to disaster recovery, there were other considerations identified #2 A portal for real-time testing or failover Help with transition to service provider #4 Flexible contract terms A mix of traditional and cloud-based DR 34 #3 #5 The Risks of Do It Yourself Disaster Recovery, a commissioned study conducted by Forrester Consulting on behalf of IBM, January 2013

Business Continuity & Resiliency Services It s time to re-evaluate your DR strategies. Find out more. Read the Forrester Consulting study The Risks of Do It Yourself Disaster Recovery1 ibm.co/bewarediy The Risks of Do It Yourself Disaster Recovery, a commissioned study conducted by Forrester Consulting on behalf of IBM, January 2013

Business Continuity & Resiliency Services for your interest 36 Man Bui Rachel Dines +1 678.522.8663 +1 617.613.6081 mbui@us.ibm.com rdines@forrester.com www.ibm.com/services/continuity www.forrester.com

Attendee Services Download a copy of today s slides Provide your feedback! Please complete our survey. A recorded version of this seminar will be available at www.eseminarslive.com View a calendar of our Upcoming Events 37

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information