IBM Global Technology Services
Earthquake and Hurricane in the Northeast:Time to Rethink our Assumptions on Risk Richard Cocchiara, CTO, IBM Business Continuity & Resiliency Services
© 2012 IBM Corporation© 2012 IBM Corporation
IBM Business Continuityand Resiliency Services
Agenda for today’s session
2011 in review
The state of business resilience today
Taking a holistic approach
The future of business resilience and the role of cloud
Barriers to cloud adoption and considerations when
© 2012 IBM Corporation© 2012 IBM Corporation22
Barriers to cloud adoption and considerations when selecting a cloud services provider
Observations and recommendations
IBM Business Continuityand Resiliency Services
90% of WW BT resin supply stopped
The increasingly connected world has magnified the impact on every aspect of life, including its disruptions
The Iceland volcanic eruption cost airlines $1.7 billion with more than
10 million people affected
Visitors to Japan dropped 60% in April
BT Resin Shortage Mobile Circuit Production Issue
Decreasing Tourism
WW impact to Car Production
Car Parts Shortage
Nuclear Plant Explosion
Earthquake and Tsunami
Volcano
WW car production was down20-30% for some major auto
manufactures during April and May
© 2012 IBM Corporation© 2012 IBM Corporation3
Personal information leaks have cost millions of dollars, led to class action law suits, and damaged corporate reputation
10 million people affected
Hosting provider service outages affect PaaS and SaaS for other vendors
Airlines Discontinuation
Personal Information StolenClass Action Lawsuit
Downstream Service Provider DisruptionPlatform Outage
Flight Cancellation
Game site attacked by hacker
Servers shut down by human error
Hosting provider service outages affect PaaS and SaaS for other vendors
IBM Business Continuityand Resiliency Services
Globally and in the U.S., economic losses from all types of natural disasters are escalating rapidly; 2011 was a record year
Economic cost of natural disasters worldwide
Number of U.S. weather/climate disasters with economic impact greater than $1B
$115B
$190B
$280B
3 84.6 4
12
$14B*$33B** $8B
$52B
© 2012 IBM Corporation© 2012 IBM Corporation44
1980s(avg
per yr)
1990s(avg
per yr)
2010 2011 2005 2010 20112000s(avg
per yr)
3.8 4
1.2
$8B
*Hurricane Andrew $27B **Hurricane Katrina $125B; Hurricane Rita $16B; Hurricane Wilma $16; Hurricane Ike $27B
Sources: National Oceanic and Atmospheric Association (NOAA); Münchener Rückversicherungs-Gesellschaft, Geo Risks Research, NatCatSERVICE
IBM Business Continuityand Resiliency Services
U.S. implications: regional disasters had national scope and large metro areas like NYC were threatened like never before
In one three-day h i A il
Precipitation in the Ohio Valley stretch in April,
343 tornadoes struck from Alabama to Virginia
the Ohio Valley exceeded normal levels by 300%, causing flooding along the Mississippi River
Drought fueledHurricane Irene
d 3 l df ll
Photo: ISC NewsroomPhoto: Scott Olson/Getty Images
© 2012 IBM Corporation© 2012 IBM Corporation55
Drought fueled wildfires burned more than a million acres (400,000 hectares) in Texas alone
made 3 landfalls, with torrential rainfall and severe flooding; evacuation orders covered 2.3M people
Photo: agreenliving.orgPhoto: Reuters
IBM Business Continuityand Resiliency Services
2011 saw an unprecedented number of large-scale U.S. weather-related events that cost at least $1billion each
Flooding, summer
Drought, heat wave, spring/fall
g$2 billion
Tornadoes, July $1+ billion
Tornadoes, June$1+ billion
Tornadoes, April $2.2 billion
$10 billion $9.1 billion $10.2 billion
$7.3 billion
Blizzard, Jan/Feb $1.8 billion
Tornadoes, April
Hurricane, August
Tropical storm, Sept. $1+ billion
© 2012 IBM Corporation© 2012 IBM Corporation66
Wildfires, spring/fall$1 billion
Flooding, spring/summer $4 billion
Tornadoes, May
Tornadoes, April$3 billion
Tornadoes, April$2.1 billion
Source: National Oceanic and Atmospheric Association (NOAA)
IBM Business Continuityand Resiliency Services
Orange County, NY Director of Operations Richard Mayfield described Irene's effect in one word: "Devastating"
© 2012 IBM Corporation© 2012 IBM Corporation77
Main St.Washingtonville
Orange County, NY
IBM Business Continuityand Resiliency Services
Protecting your business against downtime and disruptions is crucial for competing in today’s marketplace
Would your company survive a major outage?
Increasingly high volumes of data, applications
Geographically-dispersed facilities
Evolving industry and government regulations
Expectations and demands from stakeholders
Support continuous data and operational availability
Improve your competitive position and reputation
Improve operational efficiency
Reduce risk
Why you are increasingly vulnerable: Why a robust resilience solution:
© 2012 IBM Corporation© 2012 IBM Corporation88
stakeholders
IBM Business Continuityand Resiliency Services
Business resilience refers to the ability of enterprises to adapt to a continuously changing business environment
Business resilience helps organizationsBusiness resilience helps organizations maintain continuous operations and protect their market share in the face of disruptions such as natural or man-made disasters.
It requires the engagement of everyone in the organization and often means a change in corporate culture to instill awareness of risk.
© 2012 IBM Corporation© 2012 IBM Corporation99
Business resilience planning is distinguished from enterprise risk management (ERM) in that it is more likely to build capacity to seize opportunities created by unexpected events.
placeholder
IBM Business Continuityand Resiliency Services
The 2011 IBM risk study showed that companies value the need for risk management planning and execution
Well-crafted and communicated plan
Disagree NeitherAgree
53% 29% 18%communicated plan
No formal plan, but plan to develop one
Disagree NeitherAgree
No formal risk management function
Disagree NeitherAgree
53% 29% 18%
30% 53% 17%
30% 59% 11%
2011 2010
© 2012 IBM Corporation© 2012 IBM Corporation1010
Risk management on the rise:In the 2010 study, 42% said they had no formal risk management function.
2011 2010
Source: 2011 IBM Global Business Resilience and Risk StudyStudy comparison: 2010 IBM Global IT Risk Study
IBM Business Continuityand Resiliency Services
From traditional challenges … … to better outcomes
Effective risk managed requires a holistic approach to better manage risk, security and compliance across the enterprise
S it b h d b iEver-increasing security and resiliency threats
Security breaches and business disruptions are mitigated automatically
Unexpected downtime that throttles business performance
Continuous business operations are maintained with a responsive and highly available infrastructure
Inability to meet regulatory and industry requirements associated
ith it d ili
Regulatory and industry requirements are addressed with confidence
© 2012 IBM Corporation© 2012 IBM Corporation1111
Foundational capabilities
Integrated risk management | End-to-end security | Business continuity and resiliency
with security and resiliency
IBM Business Continuityand Resiliency Services
Risk management
Start with a plan that takes a structured approach to assessing business and IT risks
Align and integrate IT risk into the business’ enterprise risk management framework
Identify key threats and compliance mandates
Implement and enforce a risk management process
ggovernance methodology
© 2012 IBM Corporation© 2012 IBM Corporation1212
g pand common controls framework
Execute incident management processes when crises occurs
IBM Business Continuityand Resiliency Services
IBM offers a comprehensive approach to achieving resilience that extends across the enterprise
Resilience FrameworkBusiness
drivenData
drivenEvent driven
Links IT service delivery to business objectives with an expected level of service
Provides a holistic view of IT service delivery and links the impact of the risk to business value
Provides a model for defining and integrating IT service delivery
l t t hi t t i
Strategy and vision
Organization
Process
Applications and data
Technology
© 2012 IBM Corporation© 2012 IBM Corporation1313
elements to achieve target service levels and risk tolerances
The ability to deliver total resilience is no greater than the minimum resilience capability at any one of the layers — “the weakest link in the chain”
Facilities
IBM Business Continuityand Resiliency Services
The need to protect applications and data is the overriding concern for most organizations
What constitutes an organization’s business resilience strategy?
Data and application security
Data protection
Infrastructure security
Security governance and risk management
85%
79%
77%
75%
© 2012 IBM Corporation© 2012 IBM Corporation1414
Identity and access management
Compliance management
74%
69%
Source: 2011 IBM Global Business Resilience and Risk Study
IBM Business Continuityand Resiliency Services
RPO=near zero, RTO <1min, AutomaticServer/Workload/Network/Data SYSPLEX
Continuous Availability
Of course, not all applications and data require the same levels of recovery — or the same level of investment
ighe
r
RPO > 15 min. RTO= 4+ hours, Manual PiT or SW Data Replication.
RPO=Near zero, RTO <1Hr. to 4 hours, AutomaticServer/Workload/Network/Data Automatic Site Switch
RPO=Near Zero, RTO <1Hr. to 4 hours, ManualDisk or Tape Data Mirroring
Multi-Site Failover / Fallback
RPO=4+ hours, RTO=8 to 24 hours, ManualData Base Log Replication & Host Log Apply at Remote
RPO<24 hours RTO=8 24 hours
Active Secondary Site
HC
ost
© 2012 IBM Corporation© 2012 IBM Corporation1515
Recovery Point Objectives (RPO) & Recovery Time Objective (RTO)
Minutes Hours
Point-in-Time Backup to Tape / Disk
RPO<24 hours, RTO=8-24 hours Electronic Tape Vaulting
Site
Days
Low
er
RTO=>24 hours, RPO=24 hours Hot Site & Tape
RTO=Days, RPO>24 hoursTape, HW ATOD
IBM Business Continuityand Resiliency Services
Cloud computing-based resiliency offers an attractive alternative to traditional disaster recovery in terms of cost and performance
IT: proactiveBusiness: proactive
CloudcomputingBusiness
continuity
Businessresiliency
Virtualized model
Recovery time:seconds or always up
IT: proactive Business: reactive
Recovery time: minutes or hours
IT: reactiveBusiness: none
Recovery time:
© 2012 IBM Corporation© 2012 IBM Corporation1616
Syndicatedhardware
DedicatedhardwareDisaster
recovery
Shared recovery model
Traditional recovery model
days or weeks
IBM Business Continuityand Resiliency Services
A range of cloud resiliency solutions are available to meet the varied needs of mission- and business-critical applications
IBM SmartCloud
System and Data Mirroring
System and Data Failovero
n P
erfo
rman
ce
IBM SmartCloud
Archive
Co
mp
lian
ce
IBM
SmartCloud Virtualized Server
Recovery
© 2012 IBM Corporation© 2012 IBM Corporation1717
System and Data Restore
(imported media)
Availability
Ap
plic
ati
o
Retention
Dat
a C
SmartCloud Managed Backup
IBM Business Continuityand Resiliency Services
In the 2010 IBM Global IT Risk Study, cloud for business resilience and risk management was viewed as risky
Study comparison: 2010 perceptions of cloud
Extremely risky/risky
Somewhat risky
A full 77% of 2010 study
respondents viewed cloud as somewhat to extremely risky
42%
35%
© 2012 IBM Corporation© 2012 IBM Corporation1818
Moderately/not at all risky
42%
Source: 2010 IBM Global IT Risk Study
IBM Business Continuityand Resiliency Services
In our 2011 study, we’re seeing that organizations are still cautious, but that they see the value of moving to cloud
Offers promise once technical and security issues have been addressed — 28%
Study comparison: 2011 perceptions of cloud
addressed — 28%
Benefits outweigh the risks — 21%
Traditional methods are best — 6%
IT execs will never give up control of data assets — 5%
© 2012 IBM Corporation© 2012 IBM Corporation1919
Data security risks are too great — 21%
Key strategicaspect of risk management — 18%
Source: 2011 IBM Global Business Resilience and Risk Study
IBM Business Continuityand Resiliency Services
Here are some of the potential barriers to the adoption of cloud-based disaster recovery
Concerns about security, compliance, and control issues in the cloud
Questions about whether applications will seamlessly run in a cloud environment
Perception that there isn't a trusted vendor in the market offering the service
Concerns over bandwidth requirements
© 2012 IBM Corporation© 2012 IBM Corporation2020
Lack of buy-in from either IT or business leadership or decision-makers
To learn more, visit the IBM booth to see the results of a recent study conducted by Forrester Research: Cloud-Based Disaster Recovery Barriers And Drivers
IBM Business Continuityand Resiliency Services
By selecting a trusted cloud-based disaster recovery service provider, you can move beyond the barriers to cloud adoption
Web portal access with fail-over and fail-back capability facilitates improved control by DR professionalsp y p
Built-in support for disaster recovery testing builds confidences and refines DR plans
Tiered service levels optimizes application recovery times
Support for mixed and virtualized server environments improves control
© 2012 IBM Corporation© 2012 IBM Corporation2121
Global reach and local presence enables bandwidth savings
Support for migration from and co-existence with traditional disaster recovery methods eases transition
IBM Business Continuityand Resiliency Services
Observations and recommendations
Cloud computing is a disruptive change to the C oud co put g s a d s upt e c a ge to t eway IT services are delivered, backed up and restored
Without a strategy, Cloud computing can seen as a threat to the IT team
© 2012 IBM Corporation© 2012 IBM Corporation2222
With a strategy, Cloud computing is a huge opportunity for the CIO and IT team
IBM Business Continuityand Resiliency Services
© 2012 IBM Corporation© 2012 IBM Corporation2323
Thank You!