IT-Centric Disaster Recovery & Business Continuity

IT-Centric Business Continuity: Aligning IT with Business Needs

Steve SusinaMarch 11, 2010

Laurus Technologies Confidential

IT / Business Balance - GAPIT / Business Balance - GAP

IT Leadership LOB Leadership

Knowledge of IT Systems Understanding The Business


Business Continuity:More than Simply an IT Initiative, Why?Business Continuity:More than Simply an IT Initiative, Why?

Executive Responsibility• Organizational leaders are being held increasingly legally responsible

for the well being of their organizationsRegulation & Compliance• The Board of Directors and enterprise executives, not just IT

executives, are responsible for compliance (SOX, GLBA, Patriot Act, OSHA, EPA, HIPPA, etc.)

Data Center is Only a Piece of the Puzzle• There are separate risks that need to be considered other than loss of

the data centerWhat Do We Do While IT is Not Operational? • Technology recovery does not address or prioritize the business

requirements needed to sustain an organization’s continuing operational issues after or during a disaster

3

Enterprises are realizing that each operational unit needs to take ownership and participate in the planning.


Contingency Planning:Why Plan for an Incident?Contingency Planning:Why Plan for an Incident?

To STAY IN BUSINESSTo ensure that your business continues to serve its stakeholders

To ensure that your business meets its business objectives

To ensure your enterprise is not critically impacted by an incident (or disaster)

4


Business Continuity vs. Disaster RecoveryBusiness Continuity vs. Disaster Recovery

5

Disaster Recovery Planning (DRP):Focus is on planning for the restoration of data center services (technology recovery)

Business Continuity Planning (BCP):Focus is on planning for recovery strategies that address continuity of the greater business under a variety of risk scenarios, inclusive of the loss of data center services

Disaster Recovery focuses on data center restoration.Business Continuity centers on maintaining business process.


Why are IT Leaders Spearheading these Efforts?Why are IT Leaders Spearheading these Efforts?

> Their role is often central to all business processes

> They have more exposure to contingency planning than many other departments because of their natural thought processes toward data and systems recovery/ redundancy

6


What Happens When Contingency Planning is Thrown to IT Leadership?What Happens When Contingency Planning is Thrown to IT Leadership?

> IT Leadership can determine a strategy in a vacuum and take a Disaster Recovery (DR) approach without much analysis of the business needs

OR> IT Leadership can involve the business to

determine a comprehensive Business Continuity (BC) plan and strategy

7

There is a role for IT Leaders in BCP.We call this IT-Centric Business Continuity.


IT-Centric Business Continuity:The Middle GroundIT-Centric Business Continuity:The Middle Ground

Addresses restoration of Mission Critical IT Infrastructure, LINKED TO …

The Continuation of Mission Critical Processes when a data center is lost

8


The Planning ContinuumThe Planning Continuum

9


Step 1: Business ObjectivesStep 1: Business Objectives

Start with Business Discussions> Each business is different; identify the stakeholders

(internal business units, customers, shareholders, etc.)

> Are there any overlying principles/regulations in the organization?

> Meet with business departments; determine what their needs and objectives are

> What are their mission critical functions?

> RPO/RTO basis for successful solution

10

IT Leader Role: Provide Systems Lists as a Basis for Discussion


Step 2: Inventories & Process MappingStep 2: Inventories & Process Mapping

Involve all critical parts of the organization> Start with systems lists and equipment inventories as a basis of

discussion

> Determine/map key processes for critical business functions and determine their reliance upon data center services

> Revenue generating processes, those that support revenue generation, or those that involve compliance initiatives typically receive priority

> IT, Finance, other primary business units

> Legal - regulatory and contractual obligations

> Help Desk - use patterns, customer expectations

> Each business unit/department uses data differently

11

IT Leader Role: Facilitate business process discussions

Laurus Technologies Confidential12

What is the impact of critical risks?> Determine impact in terms of business interruption (number

of days) and in financial terms

> Some analyses are Qualitative (general estimate of loss) and others Quantitative (analytical measurement of loss)

> The key is getting to consensus around priority of systems, and realistic recovery requirements so that a contingency planning strategy can be developed in terms of RTO and RPO.

Step 3:Business Risk & Impact AnalysisStep 3:Business Risk & Impact Analysis

IT Leader Role: Facilitate impact analysis


Step 4:Strategy DevelopmentStep 4:Strategy Development

Overall - Avoid Complexity> Strategy must meet the business criteria

> Business owners often uninterested in technology

> Transparency and clarity for intended audience; speak in terms of business (restoration of business processes to serve stakeholder needs)

> At the end of the day, …. this is really about a risk trade-off between the cost of implementing a mitigation/contingency strategy vs. the cost of business losses

> Money spent <= potential loss

> What is the right strategy in terms of RTO, RPO, ?

IT Leader Role: Use business requirements to develop a strategy for IT service restoration.


Strategy Development:(Tends to be biggest Contributor to the Gap)Strategy Development:(Tends to be biggest Contributor to the Gap)

Know your data> Don’t replicate too much

> What is actually useful after restoration?

> Don’t miss critical data

> Including supporting data

> Business owns data

> Business owners know the data they need

> Business owners know when they need the data

> Business justifies cost.

14


Strategy Development:Cost JustificationStrategy Development:Cost Justification

TCO < cost of downtime/data loss> Typical solution tens of thousands to millions of dollars

> As RPO & RTO approaches zero, costs grow exponentially

15

Figure 2: Disaster Recovery Strategy

Relationship of Time, Risk & Cost


Step 5: Continuity / Recovery Plan DevelopmentStep 5: Continuity / Recovery Plan Development

The Plan is a living, dynamic process designed to guide the organization through its recovery and contingency efforts

This must address:> Strategy> People> Communications> Policies & Processes> Data> Systems, Equipment & Facilities

16

IT Leader Role: Sponsor the development of the plan; develop the details of the IT portion of the plan.


Step 5: Continuity / Recovery Plan DevelopmentStep 5: Continuity / Recovery Plan Development

Communication is key> Disaster declaration> Communications with employees, press, customers, vendors,

etc.> Status updates, milestones, etc.

Standards & Procedural Documentation> Process owners are required for each business function

> Exercising BC Plan is high stress; increased likelihood of success if processes are documented & understood

> Develop standards for acceptable restoration

> What are the interim business procedures for operations awaitingthe restoration of their IT services?

17

Note that Business leaders need to develop their own procedures.


Step 6: Testing, Audit and MaintenanceStep 6: Testing, Audit and Maintenance

Exercise the Strategy & Plan> Validation is key> If you haven’t tried it, it won’t work> If you can’t try it, it’s not a good solution

Account for Changes> Are the critical business processes, workflows or systems

changing?> Are the people changing?> Are the risks and impacts the same?> Is the strategy out of date?; (capacity for growth; data never

shrinks)> Is the plan reflective of these dynamics and is it maintained in an

area that itself is safe from a disaster?

18


DisastersAverted!

Result of IT-Centric DR/BCResult of IT-Centric DR/BC

IT InfrastructureKeeping The

Business Running


The Laurus Advantage: Our Technical & Engineering TeamThe Laurus Advantage: Our Technical & Engineering Team

Technical Experts

SupportStaff

AccountTeams

Laurus Technologies invests to build and retain the best team of consultants and engineers in the industry.

Steady and Substantial Revenue Growth

Consultants & Engineers fill our ranks

20002001

20022003

20042005

20062007

20082009


Laurus Technologies: Aligned to meet your needsLaurus Technologies: Aligned to meet your needs

12/17/2009Laurus Technologies - Proprietary & Confidential

Managed Services

- Assessment Services - Applications Services- Integration Services - Datacenter TCO - Archiving / Data Deduplication - Consolidation & Capacity Planning- Support Services - Virtualization (Server, Desktop & Storage)- System Architecture & Design - Business Continuity/Disaster Recovery- PMO Services - Performance Tuning

- ERP Optimization- Master Data Services- SAP & Oracle Consulting

IT Consulting

Systems Integration

- e-Mail Hosting - Data Center Outsourcing- Managed Backup - Managed Security Services - Managed Storage - Remote Infrastructure Management

Talent Solutions -(IT Recruiting, Staff Augm

entation, Contract for Hire)

Business Applications


Questions and AnswersQuestions and Answers

Thank You!For further information contact:Steve [email protected] (1.877.528.7871)

22

IT-Centric Disaster Recovery & Business Continuity

Technology

Transcript of IT-Centric Disaster Recovery & Business Continuity