Cloud and Data Center Your Local IT Rooms Need You. DHL Express Europe



Similar documents
Offsite Disaster Recovery Plan

Bus incident management planning: Guidelines

Business Continuity Planning

How to measure your business resiliency

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Share the webinar Ask a question Votes (polling questions) Rate (before you leave) Attachments (you can download today s presentation)

Cisco Disaster Recovery: Best Practices White Paper

Managing business risk

Desktop Scenario Self Assessment Exercise Page 1

The FDA recently announced a significant

Key Components of a Risk-Based Security Plan

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

AdvancedHosting SM Solutions from SunGard Availability Services

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

IT Disaster Recovery Plan Template

Disaster Recovery Policy

Business resilience: The best defense is a good offense

Managing Cloud Computing Risk

Security Officer s Checklist in a Sourcing Deal

Metrics that Matter Security Risk Analytics

Information Security Team

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

DRAFT Disaster Recovery Policy Template

Technology Resilience and Failover policy

The Difference Between Disaster Recovery and Business Continuance

Varicent View. Core Principles of Sales Compensation: a 10-Step Approach By Laura Roach, CCP General Manager Varicent Software Incorporated

Delivering peace of mind in outsourcing

CIS 523/423 Disaster Recovery Business Continuity

DATA RECOVERY SOLUTIONS EXPERT DATA RECOVERY SOLUTIONS FOR ALL DATA LOSS SCENARIOS.

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them

Hong Kong Baptist University

Risk Based Internal Auditing & Enterprise Risk

Oracle Data Centre Rationalisation

AUSTRACLEAR REGULATIONS Guidance Note 10

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

Disaster Recovery Hosting Provider Selection Criteria

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke

The PMO as a Project Management Integrator, Innovator and Interventionist

An ITIL Perspective for Storage Resource Management

Protecting your Enterprise

BT Conferencing Business Continuity Management. Planning to stay in business

ASX SETTLEMENT OPERATING RULES Guidance Note 10

Supporting information technology risk management

Identifying & Managing IT Risks to Your Business

SECURITY RISK MANAGEMENT

What is the Cloud, and why should it matter?

Data Center Consolidation: Lessons From The Field. John Tsiofas, Kraft Kennedy David Carlson, Kraft Kennedy

Overview TECHIS Manage information security business resilience activities

Disaster Recovery. Stanley Lopez Premier Field Engineer Premier Field Engineering Southeast Asia Customer Services and Support

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

eet Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry Power and Utilities Fact Sheet

Ensure Absolute Protection with Our Backup and Data Recovery Services. ds-inc.com (609)

DISASTER RECOVERY PLANNING GUIDE

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

Backup and Redundancy

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

The reality of cloud. Go beyond the hype and make a better choice. t e sales@365itms.co.uk.

Business Continuity Planning Guide

Endeavour Dynamics Offering

Introduction. The Inherent Unpredictability of IP Networks # $# #

MM8000 safety and security with smart danger management. A scalable and flexible management station for any requirement. Answers for infrastructure.

ICT Business Continuity & Disaster Recovery for Local Authorities. White Paper

Building a better branch office.

Data center solutions from Siemens. For the factories of the 21 st century. siemens.com/datacenters

THE INTERNATIONAL JOURNAL OF BUSINESS & MANAGEMENT

Exposing the Cloud: It It s More than a Buzzword Tim Connors, Director, AT&T AT&T

Certified Information Security Manager (CISM)

Security from a customer s perspective. Halogen s approach to security

Service availability (in the clouds)

Coping with a major business disruption. Some practical advice

Architecting the Cloud

Security Risk Management Strategy in a Mobile and Consumerised World

Interactive-Network Disaster Recovery

Protecting Your Business

Test Data Management Best Practice

A VERITAS PERSPECTIVE: Maximize Agility, Minimize Risk In The Multi-Vendor Hybrid Cloud

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper

Developing a Risk Management Plan. New Partners Initiative Technical Assistance Project (NuPITA)

Private Cloud: Key considerations for an insurance agency

Project Risk Analysis toolkit

Setting smar ter sales per formance management goals

Transcription:

Beyond (or below) Cloud and Data Center Your Local IT Rooms Need You Martin Frevert Too DHL Express Europe

Agenda The Challenge The Approach Five Tasks Summary and Q&A

Agenda The Challenge The Approach Five Tasks Summary and Q&A

The Challenge (1/2) For more than 2.6 million customers One Promise More than 220 countries and territories served ~100,000 employees worldwide de 3 global hubs: Cincinnati, Hong Kong, Leipzig Additional ~4,000 facilities worldwide ~260 dedicated di d aircraft ~29,500 vehicles Connecting ~500 airports around the world Time Definite International Delivery IT needs to ensure smooth operation of the 24/7 business

The Challenge (2/2) Central global data centers but ~4,000 facilities with IT equipment critical for site operations From network equipment only to servers and specialized IT equipment for call centers or cross belt sorters One Global Customer Promise Local IT rooms protected properly following a global standard

Agenda The Challenge The Approach Five Tasks 1. Clarify, what you mean by IT Room Protection 2. Business Alignment I: Develop something that will be accepted 3. Business Alignment II: Develop something that can be used 4. Define a meaningful standard 5. Be smart about closing any gaps Summary and Q& A

IT Room Protection Overall Objective Achieve a common, reduced level of risk of an IT room outage which would lead to a business disruption or significantly impact a country business In Scope Out of Scope What Reduction of most common risk Existing and new rooms Business continuity IT operational procedures Protection against other elemental dangers Where Every IT room in every location Enterprise data centers (follow Key: IT room is relevant for DHL higher, data center focused Express standards)

Limitations Risk of IT Room Outage Most common threats, e.g. Power Cooling Fire Intrusion Other threats * Without IT Room Protection Risk Reduction through IT Room Protection Most common threats Other threats With IT Room Protection None of the risk can be completely eliminated Residual risk to be addressed by Continuity Management * e.g. earth quakes

Recommendation 1 Manage expectations

Agenda The Challenge The Approach Five Tasks 1. Clarify, what you mean by IT Room Protection 2. Business Alignment I: Develop something that will be accepted 3. Business Alignment II: Develop something that can be used 4. Define a meaningful standard 5. Be smart about closing any gaps Summary and Q& A

Business Alignment I Customer Criticality determined from top to bottom Costs for IT Room Protection have to be justified ~4,000 sites = ~4,000 individual cases Need for rationalization Business alignment through classes IT room with different protection levels

Different Classes of IT Rooms Cost Protection IT Room Class Attribute A B C N Baseline: requirements by local authorities, health & safety regulations etc. Driver for protection need: criticality of IT room for the business Not a driver: size of room or number of servers Standby back-up diesel generator Dedicated Cooling System To be defined per attribute for each class Mandatory Strongly recommended Recommended Not needed

Recommendation 2 Introduce different classes of IT rooms for business alignment

Agenda The Challenge The Approach Five Tasks 1. Clarify, what you mean by IT Room Protection 2. Business Alignment I: Develop something that will be accepted 3. Business Alignment II: Develop something that can be used 4. Define a meaningful standard 5. Be smart about closing any gaps Summary and Q& A

Business Alignment II How to determine the different IT room classes and how to classify IT rooms? Simple, pragmatic approach Classification depending on criticality for the business but Business does not appreciate sophisticated, incomprehensible elaborations If you want to apply it globally, only a simple approach will succeed What it means What-if scenario: what, if the IT room is down? Limited scope of business impact analysis Proxy for business impact Complemented by key business impact scenarios Matrix for classification based on multipliers

Business Impact Analysis What, if IT room is down? Impact Economic loss from damaged or destroyed property Regulatory or contractual impact Reputation Economic loss from loss of function How to consider Impossible to standardize Impossible to standardize Impossible to standardize Using a proxy Do not try to determine exact business loss Use revenue that is supported by the IT room in "business-as-usual" (BAU) circumstances as proxy Known within IT function Very powerful and convincing: break down to revenue per day Not equal to revenue loss, but proxy only. Not sufficient to cover complexity of the business.

Impact Scenarios - Example 1 2 3 4 Business, but Business, but No business Business, but shipments low Customer possible at thigher h cost delayed Service quality Customer Visibility Business Impact Very high High Medium None Disruptive Very high High Medium No business possible without the IT room on one or more sites Business still possible without t the IT room Service commitment/ product promise cannot be kept Business still possible without t the IT room Customer Service not able to meet KPIs due to outage of IT room Business still possible without t the IT room Business can only be run at extra costs

Classification Thresholds Classification Matrix Define Thresholds Step 1: Baseline Step 2: Multipliers IT 1 2 3 4 Room Class IT Room Class A B C N What are the revenue thresholds for each combination? 1 x 1.0 Threshold [Revenue] A > 100 B >40 C > 10 N N/A 2 3 4 x 1.5 x 2.0 x 3.0 >40 x 2.0 >80 Use scenario 1 Use multipliers to increase (business disruption) thresholds to reflect lower as baseline due to business impact maximum business more revenue needed to impact justify a certain class

IT Room Classification Step Principle Example 1 Select room Analyze ay eevery eyit room individually Tampa, Florida 2 3 Determine "businessas-usual" (BAU) Use BAU revenue as proxy revenue Determine business impact scenarios Most critical business impact scenarios x EUR p.a. or y EUR per business day Scenario 2: Business possible, but shipments delayed 4 Look up class in matrix 2 BAU revenue Business Impact Scenario Manage classification 1 2 3 4 matrix ti > 100 A 3 IT Room Class > 40 4 B > 10 C D N

Recommendation 3 + 4 3. Define a simple approach for IT room classification 4. Use a tailored, but simple approach to 4. Use a tailored, but simple approach to determine IT room classes for your business

Agenda The Challenge The Approach Five Tasks 1. Clarify, what you mean by IT Room Protection 2. Business Alignment I: Develop something that will be accepted 3. Business Alignment II: Develop something that can be used 4. Define a meaningful standard 5. Be smart about closing any gaps Summary and Q& A

Protection Level per Class Precise specifications Enabling assessment IT Room Class Attribute A B C N Attribute 1 Mandatory Mandatory Strongly Recomme nded Attribute 2 Mandatory Strongly Recomme nded Recomme nded Recomme nded Not needed Expensive attributes managed by class Increasing requirement for higher classes Redundancy levels managed by class Increasing requirement for higher classes Not only equipment, but also responsibilities and procedures

Content of the Standard General Physical Fire HVAC Power Network Security Protection Supply Governance Risk Assessment Other Equipment Policies & Procedures Service & Maintenance Equipment Policies & Procedures Service & Maintenance Equipment Policies & Procedures Service & Maintenance Equipment Policies & Procedures Service & Maintenance General LAN WAN

Recommendation 5 Define the standard precisely and with meaningful differences between the classes

Agenda The Challenge The Approach Five Tasks 1. Clarify, what you mean by IT Room Protection 2. Business Alignment I: Develop something that will be accepted 3. Business Alignment II: Develop something that can be used 4. Define a meaningful standard 5. Be smart about closing any gaps Summary and Q& A

Gap Closure As-Is (no DHL example!) Standard Gap Gap Closure Obvious solution: lift to meet the standard. But: Smartest solution needs to be determined individually!

Generic Gap Closure Improve IT room protection Move to highly protected data center Make IT capabilities recoverable Design resilient IT capabilities i high high high high Impact I I I IT capability overall For an individual component of the IT capability low low high Likelihood Achievable short- /mid-term, but good investment in long-term? low low high L Achievable short- /mid-term Best for critical services, but restrictions to be considered low low high L Reducing impact through quick recovery Achievable midterm, but requiring significant investment low low high L Outage of 1 component doesn't impact the IT capability as a whole making it less likely to fail

Recommendation 6 Think out of the box improving the protection of an individual IT room might not be the smartest solution

Agenda The Challenge The Approach Five Tasks Summary and Q& A

Recommendations Summary 1. Manage expectations 2. Introduce different classes of IT rooms for business alignment 3. Define a simple approach for IT room classification 4. Use a tailored, but simple approach to determine IT room classes for your business 5. Define the standard precisely and with meaningful differences between the classes 6. Think out of the box improving the protection of an individual IT room might not be the smartest solution

Q & A Your questions, please!