How New Data Center Technologies Impact Recoverability

1
How New Data Center Technologies Impact
Recoverability
Presented by Damian Walch, CISA, CISSP, CBCP
2
Stressors that Test Your Vulnerability

• Terrorism
• Cyber Attacks
• Biological Threats
• Employee Sabotage
• Industrial Espionage

• Natural Disasters
• Workplace Issues
• National Programs

• IT Infrastructure
• Technology Adoption
• Innovation and Trends
• 24x7 Expectations
• Denial of Service Attack
• Virus

• Regulation
• Deregulation
• Incentives
• Legal

• Global Marketplace
• Partners/Suppliers
• Demand Elasticity

3
The Problem is Viewed Narrowly

• 9/11 Lessons
• Business not linked to IT Strategy
• Roles poorly defined no ownership
• Outdated, overly complicated processes
• Processes didnt cross LOBs
• Shared Services forgotten
• Lack of standardization
• No true redundancy
• Supply Chain not covered
• B/U components not maintained
• Little geographic spread

Strategy
Organization
Business ITProcesses
Applications Data
Technology
Facilities Security
4
Enterprise Business Continuity Framework
Enterprise Risk Management
Value Assurance
Quantify, track, and communicate the continuity
and recovery value to the organization and
ensure the EBCP investment is managed
Identify, mitigate, and control threats to the
business in order to protect the enterprise in a
consistent manner
Corporate Culture
Governance
Program Execution
Provide clarity, definition, and guidance for the
EBCP at the Enterprise level to ensure that the
initiatives are carried out
Position the corporate mission and values within
the continuity and recovery program to ensure
that the EBCP can adapt to business change
Manage the execution of the EBCP to ensure that
the program is executing as designed and is
providing a consistent approach throughout the
enterprise
Technology Solutions
Business Integration
Identify and implement technology solutions to
support business integration and availability to
protect against interruptions and/or outages
Integrate all lines of business into the EBCP to
provide end-to-end availability and protection of
business process across the organization
5
Evolution of Service Delivery
Grid

• Virtual Consolidation
• Further Economies
• Dynamic Allocation
• Collaboration/Alliances

e-Utility
Consolidated Delivery Centers

• Commoditization
• Resource on demand
• Standardize Measures/billing
• Expand ASP Model

Productivity/Value
Individual Data Centers

• Consolidation
• Economies of Scale
• Common Processes
• H/W S/W Standards

Time
6
Evolution of Business Resilience
Centralized Computing
Distributed Computing
Network Centric Computing
On-Demand Computing

• '60's - Early 80's
• Mainframe model centralized control,
  standardization, batch reporting
• Focus data center, internal stresses, very
  localized disruptions
• IT reactiveBusiness none
• Recovery Time in weeks
• Mindset insurance

• Mid - Late 80's
• Midrange client-server model departmental
  computing, creativity, independence
• Focus satellite hubs, internal stresses, very
  localized disruptions
• IT reactive/none Business reactive
• Recovery Time in days
• Mindset insurance

• The '90's - 2000
• Hybrid model connectivity, data sharing
  cross-bu, re-standardization
• Focus enterprise I/S, internal/external stress,
  localized disruptions
• IT reactive Business reactive
• Recovery time in hours
• Mindset insurance

• Year 2001 - today
• Virtualized model extended supply chain,
  mobility, direct customer access
• Focus extended global I/S, internal/external
  stress, broad disruptions
• IT proactiveBusiness proactive
• Always up
• Mindset survival

Disaster Recovery
Business Recovery
Business Continuity
Business Resiliency
7
Service Level Agreement Management
Automated Call Dispatch
Apropros Trouble Ticketing Systems
Remedy ARS
exceptions
event
event
mgmt apps, actions root cause
reports
root cause

• Element Monitoring
• Event Detection
• Event Correlation
• Service Level Management

8
Emergency Messaging Services

• EMRS performs multichannel device notification
• Notification messages, directions, and critical
  information sent to cell phones (SMS), pagers,
  RIM, alternate email addresses, etc.
• Employees access e-mail from any web browser
• Home, temporary offices, Kinkos
• Transparent failover to rest of world
• Use original e-mail addresses
• 128-bit SSL encrypted
• Users can be authenticated with SecureID or
  passwords

9
onDemand or Utility Computing
Business Process
Equipment
Applications
IT Infrastructure
Services
CRM
Manual
Switches
Probes
ERP
E-mail
SFA
Process Automation Tools
Routers
Mediation
3rd Party Partner
IT Mediation
SingleView Mediation
Reporting
Invoicing
Consolidation Engine
Transaction Management
Existing Solution
ERP (e.g. SAP, PeopleSoft)
Corporate Finance
3rd Party Solutions
10
Grid Computing
11
Characteristics of a Resilience
12
8 Pragmatic Approaches to Resilience

• Make executives aware of program (and risks)
• Understand the most critical business processes
• Create commitments (i.e. policies for
  corporations)
• Implement call trees and exercises
• Explain objectives for the year and measure
  results
• Ensure backup and offsite storage - audit
• Backup workstations and laptops
• Conduct desktop exercises for operations staff

13
Closing Comments

• Resilience should be our goal and will
  ultimately be achieved by most organizations, but
  its not here today
• Resilience is the integration of DR, BC, physical
  security, information security and operational
  availabilityaligned with business processes
• Poor results in the BC industry are our fault for
  not simplifying messages, measuring results and
  providing a clear roadmap
• Great strides can be achieved by focusing on 8 to
  10 reasonable principles for increasing recovery
  and resilience
• By integrating the disciplines and processes for
  DR, BC, physical security and information
  security you can reduce overall effort, increase
  results and in many cases address regulatory
  requirements