1
1© Copyright 2014 EMC Corporation. All rights reserved.
Eating the Resiliency Elephant
March 30, 2014
Patrick Potter, GRC Strategist RSA Archer
2© Copyright 2014 EMC Corporation. All rights reserved.
Today’s SpeakerPatrick is currently a GRC Strategist for the RSA Archer organization, where he helps drive the direction of the Business Continuity and Audit Management solutions. Prior to RSA, Patrick spent over 20 years leading business continuity, internal audit, strategic planning, process improvement and related activities at Fortune 500 companies in both industry and consulting roles.
Patrick has developed a broad perspective working with analysts, partners and customers spanning such industries as financial services, higher education, manufacturing, high-tech, healthcare, and media and hospitality. He has been a speaker for the Institute of Internal Auditors, DRJ, RSA Archer Summit, Financial Executives Networking Group, Association of Continuity Planners and ISACA. Patrick has also contributed various thought leadership articles for Continuity Insights, SC Magazine, Internal Auditor Magazine and Disaster Recovery Journal.
2
3© Copyright 2014 EMC Corporation. All rights reserved.
Session Abstract
In a typical organization, there are many separate processes, groups, functions and approaches that have something to do with “organizational resiliency”.
These include IT disaster recovery, business recovery, incident management and crisis management, not to mention related risk and compliance functions.
However, too many of the functions that tackle these issues are separate and uncoordinated, if not downright antagonistic. Today's session will talk about the challenges and how to bring these disparate areas together.
4© Copyright 2014 EMC Corporation. All rights reserved.
BCM and the Elephant
The “Blind Men and the Elephant”, poem by John Godfrey Saxe (1816–1887) talks about the differing perspectives of six blind men touching an elephant.
“It’s a wall, a spear, a snake, a tree, a fan and a rope”
What does this have to do with BCM?The elephant is “Resiliency” and he’s causing organizations to think about much more than just recovery planning.
However, we’re all thinking about resiliency in different ways and taking different approaches. We must work together.
3
5© Copyright 2014 EMC Corporation. All rights reserved.
Today’s WorldThe CEO & BCM manager ride the elevator…
Soooo….that’s all good stuff, but how does the business
look with all of these disasters happening
these days?
IT did some data center testing last week. Business
Continuity updated its call trees and we reduced the number of incidents at the
factories.
6© Copyright 2014 EMC Corporation. All rights reserved.
We believe organizations today face inevitable disruptions but are not prepared to deal with the wide variety of events on the horizon.
The Impending Disaster?
How Prepared is the Organization?
• Growing number of man-made and natural disasters
• Regulations with BCM requirements are multiplying
• 24/7 service delivery requirements• Domino effect from globalization and highly
complex supply chains• More complex and frequent disruptive events lead
to a need for better crisis management• Security breaches• IT disruptions• Operational incidents
4
7© Copyright 2014 EMC Corporation. All rights reserved.
The magnitude and impact of today’s disruptions are driving businesses to realize that business recovery is not enough, and resiliency is a non-
negotiable component for existence and success.
We must focus on priority business elements, holistic approaches and collaboration to transition from recovery to resiliency as a competitive advantage.
Recovery vs. Resiliency
Resilience = the ability to cope with stress and adversity and bounce back to a previous state of normal functioning, or simply not showing
negative effects - Resilience is a process, and not a trait
8© Copyright 2014 EMC Corporation. All rights reserved.
Where is Business Resiliency today?
Most companies have business continuity and disaster recovery programs today but are they positioned to keep up with the
changes?
Effort
Cost
Damage
Complexity
5
9© Copyright 2014 EMC Corporation. All rights reserved.
Most Organizations Are Here
The first step is to understand the organization’s strengths, readiness and capabilities.
10© Copyright 2014 EMC Corporation. All rights reserved.
Collaborative and Prepared
We Need to Change our Approach…
to be prepared now for the inevitable and develop a strategy for resiliency.
Crisis Management
IT
Business Continuity
Business Operations
Independent and Reactive
6
11© Copyright 2014 EMC Corporation. All rights reserved.
Resiliency Enabled
The CEO & BCM manager ride the elevator…
So how well does the business look with all of these
disasters happening these
days?
We did an end to end review of restoring customer account
processing, found a few issues but resolved them.
We also kicked off a resiliency impact
assessment to identify possible points of failure in “Project Barracuda” –which I know is one of your key objectives.
12© Copyright 2014 EMC Corporation. All rights reserved.
Business Resiliency Management
Crisis Management
IT
is not a singular answer but rather a solution leveraging people, process and technologies as a force multiplier where 1+1 =3.
Enables organizations to
• Establish business context for resiliency
• Prepare for and recover from IT system outages
• Identify and prepare business resumption strategies
• Catalog and resolve incidents• Manage crisis events and
communications
reducing the risk of IT and business disruptions, harmful operational events and significant business crises.
Business Operations
Business Continuity
7
13© Copyright 2014 EMC Corporation. All rights reserved.
Plan Your Journey
Resiliency Enabled
ResiliencyAdvantaged
Build foundation• Begin to leverage data
stores• Common asset repositories
Ensure you are ready now• IT Disaster Recovery• Business Continuity• Crisis Management• Operational Incidents
Reduceduplicative efforts
Gainresources & resiliency risk visibility
Resiliency Silos
14© Copyright 2014 EMC Corporation. All rights reserved.
Objectives
Think Across the Organization
Products & ServicesAssets
Rules & Regulations
Policies & Procedures
Supply Chain
People / Org Structure Incidents & Events
Controls
Risks
Business Processes
8
15© Copyright 2014 EMC Corporation. All rights reserved.
Continue Your JourneyImprove Analytics/Metrics• Real-time reporting and
measurement for root cause analysis
Ingrain Business Context• Fuse business value into resiliency
processes
Maintaincooperation
Prioritizeeffectively
Manageefficiently
Break down barriers• Leverage data, processes
and resources
Resiliency Enabled
ResiliencyAdvantagedResiliency Silos
16© Copyright 2014 EMC Corporation. All rights reserved.
Break Down Silos
• Catalog business hierarchy establishing organizational structure for resiliency reporting
• Catalog business assets including business processes, products, services, facilities and contacts
• Catalog IT assets including applications and devices
• Manage relationships between assets
• Measure and track business criticality of assets
Establish Business
Context for Resiliency
• Document and test IT DR plans
• Coordinate IT DR with BC planning
• Manage Risks and Impacts to Organizational Resiliency
• Document and test BCM plans
• Manage issues and remediation efforts resulting from testing and disruptions
Prepare for IT and
Business Disruptions
• Catalog incidents and events
• Define standard response procedures
• Manage investigations• Manage ethics violations• Manage issues and
remediation efforts resulting from operational events
Catalog and Resolve
Operational Incidents
Manage crisis events Initiate emergency
communications Coordinate activated Business
Continuity and Disaster Recovery plans
Manage Crisis Events
9
17© Copyright 2014 EMC Corporation. All rights reserved.
Analytics/
Visibility + Analytics = Priority
Better understand key levers like risk and controls to disrupt the noise,and bring clarity to the signal to amplify your decisions.
Signal Clarity and Amplification
Noise
Action
Priority + Action = Results
MetricsResults + Metrics = Progress
Visibility
18© Copyright 2014 EMC Corporation. All rights reserved.
Continue Your JourneyConnect to the Business• Business context ingrained
in all resiliency efforts
Make Risk-Driven Decisions• Ability to identify, respond and
manage resiliency risks ahead of the curve
Manageknown & emerging resiliency threats
Exploitnew business opportunities
Resiliency Enabled
ResiliencyAdvantagedResiliency Silos
10
19© Copyright 2014 EMC Corporation. All rights reserved.
Leverage New Trends & Innovations
Global RiskTransformation
CyberThreats
GlobalEconomy
Virtual borders, more interconnected and
exposed
Infrastructure Transformation
Mobile Cloud
Less control over access device and back-end
infrastructure
BusinessTransformation
More hyper-extended, more digital, more
regulated
ExtendedWorkforce
NewRegulations
BigData
20© Copyright 2014 EMC Corporation. All rights reserved.
Resiliency, a Competitive Advantage
The CEO & Business Resiliency manager ride the elevator…
I have a great idea on how to improve
operational processes that keep getting interrupted by bad
weather allowing us to save money in our
supply chain. Let’s talk about it over lunch.
I love it!! So how well does the business look with all of these
disasters happening these
days?