Disaster recovery strategic planning: How achievable will it be?



Similar documents
Next generation enterprise communications

Simplify Your Data Protection Strategies: Best Practices for Online Backup & Recovery

This is an RFI and not a RFQ or ITN. Information gathered will lead to possible RFQ/ITN. This is a general RFI for all proposed solutions.

a Disaster Recovery Plan

HBR Consulting Data Center Service Offerings

Enterprise Governance and Planning

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Best Practices in Disaster Recovery Planning and Testing

Domain 1 The Process of Auditing Information Systems

Infrastructure as a Service (IaaS) Dancik International and Peak 10

Disaster Recovery 101. Sudarshan Ranganath & Matthew Phillips Ellucian

The Shift Cloud Computing Brings to Disaster Recovery

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

On Premise Vs Cloud: Selection Approach & Implementation Strategies

security in the cloud White Paper Series

How To Create A Large Enterprise Cloud Storage System From A Large Server (Cisco Mds 9000) Family 2 (Cio) 2 (Mds) 2) (Cisa) 2-Year-Old (Cica) 2.5

INFRASTRUCTURE AS A SERVICE BUYER S CHECKLIST

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

Fujitsu Managed Hosting Delivers your Cloud Infrastructure as a Service environment with confidence

OmniCube. SimpliVity OmniCube and Multi Federation ROBO Reference Architecture. White Paper. Authors: Bob Gropman

Cisco Disaster Recovery: Best Practices White Paper

Validating Enterprise Systems: A Practical Guide

Protecting Your Business

SOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for Disaster Recovery

Cisco and VMware Virtualization Planning and Design Service

Guardian365. Managed IT Support Services Suite

University of Michigan Disaster Recovery / Business Continuity Administrative Information Systems 4/6/2004 1

Recovery Site Evaluation: Finding Viable Alternatives

Leveraging the Cloud. September 22, Digital Government Institute Cloud-Enabled Government Conference Washington, DC

Disaster Recovery Hosting Provider Selection Criteria

Tim Krause. Tony Savoy. General Manager and VP Managed & Cloud BU. Cloud and Service Provider Account Executive

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke

Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager

BC / DR Implementation Tying Disaster Recovery Investment to Measurable Business Value

Hedge Funds & the Cloud: The Pros, Cons and Considerations

Migrating to the Cloud. Developing the right Cloud strategy and minimising migration risk with Logicalis Cloud Services

T: W:

Building a better branch office.

Effects of recent changes in asbestos. on companies Christopher Diamantoukos, FCAS, MAAA

Building your Server for High Availability and Disaster Recovery. Witt Mathot Danny Krouk

Cloud Computing for SCADA

Cloud Computing in a Regulated Environment

How To Back Up A Virtual Machine

Proposal for Business Continuity Plan and Management Review 6 August 2008

BME CLEARING s Business Continuity Policy

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

SAFETY FIRST. Emerging Trends in IT Disaster Recovery. By Cindy LaChapelle, Principal Consultant.

Attachment 4-E Service Tier Matrix

How to Design and Implement a Successful Disaster Recovery Plan

Disaster Recovery Policy

Security from a customer s perspective. Halogen s approach to security

An Evaluation Framework for Selecting an Enterprise Cloud Provider

VMware System, Application and Data Availability With CA ARCserve High Availability

Web Application Hosting Cloud Solution Architecture.

Why Should Companies Take a Closer Look at Business Continuity Planning?

Module 5 Introduction to Processes and Controls

MSP Service Matrix. Servers

External Supplier Control Requirements BCM

An ITIL Perspective for Storage Resource Management

Table of Contents...2 Introduction...3 Mission of IT...3 Primary Service Delivery Objectives...3 Availability of Systems Improve Processes...

The Art of High Availability

Vodafone Private Cloud

Best Practices in Developing an IT Disaster Recovery Plan. Vijaykumar Kulkarni AGM Product Management

Vodacom Managed Hosted Backups

Business Continuity Planning: Bridging the Gap Between IT and Business

Oracle Cloud Strategy. Sudip Datta Vice President of Product Management

IT Enterprise Services

Operational Continuity

H.I.P.A.A. Compliance Made Easy Products and Services

Business Resiliency Business Continuity Management - January 14, 2014

Managed Network Services: The TCO Payoff White Paper Sponsored by Time Warner Cable Business Class

Expert Reference Series of White Papers. Understanding NIST s Cloud Computing Reference Architecture: Part II

NSW Government Disaster Recovery Guidelines

NCTA Cloud Architecture

The PNC Financial Services Group, Inc. Business Continuity Program

Introduction to IT Infrastructure Components and Their Operation. Balázs Kuti

Solutions as a Service N.Konstantinidis Technical Director - MNG

Fujitsu Private Cloud Customer Service Description

The Business Case for Cloud IaaS

Services Providers. Ivan Soto

CLOUD ERP AND ACCOUNTING: SELECTION AND PLANNING GUIDE

TalentLink Disaster Recovery & Service Continuity

5054A: Designing a High Availability Messaging Solution Using Microsoft Exchange Server 2007

Transcription:

Disaster recovery strategic planning: How achievable will it be? Amr Ahmed Ernst & Young Advisory Services, Executive Director amr.ahmed@ey.com Christopher Rivera Ernst & Young Advisory Services, Manager christopher.rivera@ey.com

Risk-based Prioritization Strategy implementation Resiliency touch points BCM program alignment and implementation continuity driven resiliency objective Assess phase (Risk-based prioritization) process/apps identification impact analysis Dependency analysis Risk assessment (gap analysis) Continuity strategy development Current technical capabilities Mitigation phase (Progress against plan) Technical solution acquisition and implementation Incident response management continuity and disaster recovery plans Plans exercise and maintenance IT DR driven

Disaster recovery strategy approach The outcomes of the strategy may have more than one solution to fulfill an organization s recovery and continuity in the face of a business disruption. 1 2 3 4 5 What is to be recovered: People, business processes, application critical paths and technical services How will it be recovered: Technology and technical solution options Where will it be recovered: Technologies facilities (e.g., data center, data rooms), workplace and/or service provider(s) When will it be planned: Execute short-term and long-term roadmap How much it will cost: High-level budget requirements

Disaster recovery strategy requisites Guiding principles Total cost of ownership strategy and impact Infrastructure strategy Technical dependency Enterprise risk In-source Co-location Outsourcing Current strategy gaps Sourcing alternatives Managed hosting Cloud services Disaster recovery strategy High -level investment Roadmap and timeline constraints People constraints Technology constraints

Disaster recovery strategy requisites strategy and impact Understand the business direction, criticality and prioritization, and the impact that would arise if a threat became an incident and caused a business disruption. Infrastructure strategy Align disaster recovery strategy options with current infrastructure technology strategy (i.e., use the organization s existing cloud strategy as a disaster recovery options) Technical dependency Identified all dependencies relevant to the critical business processes/applications, including the underlying infrastructure technology, operational resources and suppliers, and outsource partners Enterprise risk Determine the criteria for acceptable level of risk and statutory, regulatory and contractual duties

Disaster recovery strategy requisites Guiding principles Total cost of ownership Guiding principles that provide a clear link to business and technical priorities and define leading practices for technology architecture and implementation Current environment cost transparency Issues and obstacles that will affect the future strategy development and disaster recovery (DR) architecture. For Example: the business s or the country s political establishment and/or regulation requires that the application and/or data be served from a specific location (e.g., state/providence, country, region) and/or by a specific sourcing service type (e.g., in-house, co-location, managed service) constraints People constraints Technology constraints

Disaster recovery sourcing options Understand your alternative service delivery models: Layers/levels of hosting In-house Co-location Managed hosting IaaS/ PaaS SaaS Apps Complete outsourcing process layer Application layer Application Infrastructure layer (tools layer) Operating system layer Device layer Networking layer Data center layer Client responsibility Service provider responsibility

Tolerance to service loss Disaster recovery levels Understand your disaster recovery solutions related to business impact results Recovery time objective (RTO) solutions example Level 1 <= 4 hours Clustering and geodiverse Level 2 Level 3 >4 10 hours >10 hours 3 days Like-or-like and virtual servers Re-purpose dev/testing and vendor drop-ship Level 4 Time 0 of the outage >3 days 2 weeks Time BIA categories Vendor drop-ship Low (hours) High (hours) Vital service 0 24 Essential service >24 72 Important service >72 120 Supportive service >120 720

Tolerance to data loss Disaster recovery levels Understand your disaster recovery solutions related to business impact results Recovery point objective (RPO) solutions example Level 1 <= 1 hour SYNC/ASYNC replication and VTL backup Level 2 >1 hour 12 hours ASYNC replication and VTL backup Level 3 >12 hours 24 hours VTL backup Level 4 >24 hours 72 hours VTL or tape backups Last data backup and/or replication Time BIA categories Low (hours) High (hours) Vital service 0 24 Essential service >24 72 Important service >72 120 Supportive service >120 720

Facility Others Labor Hardware Data network Disaster recovery total cost of ownership (TCO) Measure your current IT DR spending so you can effectively improve, manage and control your future DR strategy costs. Build and maintain an accurate inventory of hardware, software and appropriate licenses. Develop a TCO model that includes a combination of the following OPEX and CAPEX (recurring and non-recurring) spending: o Labor; plan, build, test and run o Facilities, including in-source or external data centers, data rooms and workspace o Hardware, data network and other items are for hosting hardware and applications Example of cost items included in the model Plan Build Test (app development testing) Run (DR operation) X86 (Wintel, Linux) Unix (e.g., Solaris) Storage Space (technology and workspace) Power WAN connectivity LAN switches Security (e.g. firewall, IPS) Other Devices (e.g. router, LB) Software (e.g., OS, DB) Racks/cabinets Structured wiring and patch cords

Disaster recovery total cost of ownership (TCO) Comparative cost summary (in thousands) example:

Disaster recovery strategy roadmap 1. Current facilities to accommodate DR requirements (e.g., space, power, Tier III) and/or address different sourcing options. 2. Infrastructure foundation services recovery capabilities such as networks, AD, DNS, authentication, etc. 3. Service applications and collaboration tools such as email, unified communications, etc. 4. application recovery based on criticality, priority, interdependencies, etc. Develop the strategy implementation roadmap based on your current maturity to address: application Messaging Network application Incident response plan Active directory application application DNS application Infrastructure foundation services Facility (e.g., power, space, hosting service) application Dependencies and sequence of applications recovery Unified comm. Service applications and collaboration tools application Team Desktop Mobile spaces tools services 3 Core platform services (Systems/OS, storage) 4 2 1

Thank You!

Ernst & Young Assurance Tax Transactions Advisory About Ernst & Young Ernst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 152,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential. Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit www.ey.com. 2012 EYGM Limited.. All Rights Reserved. This publication contains information in summary form and is therefore intended for general guidance only. It is not intended to be a substitute for detailed research or the exercise of professional judgment. Neither EYGM Limited nor any other member of the global Ernst & Young organization can accept any responsibility for loss occasioned to any person acting or refraining from action as a result of any material in this publication. On any specific matter, reference should be made to the appropriate advisor. The opinions of third parties set out in this publication are not necessarily the opinions of the global Ernst & Young organization or its member firms. Moreover, they should be viewed in the context of the time they were expressed.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information