1
BUILDING BUSINESS RESILIENCY Isolated Recovery Services NAZIR VELLANI (ERNST & YOUNG) & DAVID EDBORG (EMC GLOBAL SERVICES) 2
PRESENTERS Nazir Vellani (EY) Senior Manager Tel: +1 214 596 8985 Email: nazir.vellani@ey.com Nazir Vellani is a Senior Manager in Ernst & Young s Advisory Services practice and has over 22 years of technology and business consulting experience with a proven ability in business process re-engineering, Risk and Resiliency, Business Continuity, Disaster Recovery Strategy and Planning, IT Strategies and Transformation, Cost Optimization and Cloud Computing focusing on leveraging current and emerging technologies for the financial and hi-tech service industries. Nazir frequently interfaces with both USA and European regulators to understand and translate how to operationalize changes in compliance needs to the business environment David Edborg (EMC) Portfolio Manager for EMC s Business Resiliency Services Tel: +1 (708) 205-1808 Email: david.edborg@emc.com David originally joined EMC in 2005 after spending the previous eight years with DR Providers, EMC Resellers & Lessors. Over his career at EMC, David has served as a Global Practice Manager for EMC s Availability Technologies, as an Availability Services Solutions Principal, and as the Chief Architect for EMC s Continuous Availability Services Line. Earlier in his career, David worked in the packaged software industry and was Director of Development and Support for a computer security product. Out of college David worked as an IBM Assembler coder and wrote operating system mods for IBM s incarnation of mainframe VM software. 3
RIPPED FROM THE HEADLINES Healthcare Information Under Siege 4
CYBER CRIME GETS SOPHISTICATED ARE YOU STAYING AHEAD OF THE EVOLUTION? Traditional Threats Emerging Threats Cyber Theft Cyber Attack Cyber Extortion Cyber Destruction 5
CYBER THREAT LIFECYCLE We must understand the threat life cycle to build resiliency and response capabilities to navigate through events that range from traditional cyber breaches through extreme data loss, destruction, and hostage conditions Cyber Kill Chain Need to rework image to remove small text. Stick with Recon, Weaponize, etc Time Before During After Countermeasures Protection Detection and Reaction Survival Cyber Kill Chain - Model developed by Lockheed Martin for increasing visibility into a cyber attack 6
REGULATORY COMMUNITY EXPECTATIONS Insurance Breach Management Data Replication Multi-Tiered Environment Executive Management Establishes Appropriate Cyber And Data Breach Insurance Levels Life-cycle Approach: Advanced Response Capabilities Data Loss And Destruction Protection Technical Systems To Contain Breaches And Limit Business Impact Implement Multiple Technologies And Methods To Reduce The Probability Of Data Contamination Data Copies Are Stored To Enable Restore And Recovery Of Business And Environment Data 7
BOARD OF DIRECTORS CONCERNS Do we have a documented STRATEGY and PROVEN PLAN to keep our business operational due to ANY disruption event? What is our RISK of a HACKTIVIST ATTACK? Can our cyber security protections GUARANTEE our business is SAFE? What would be the impact to our CUSTOMERS, SHAREHOLDERS, EMPLOYEES if our information was lost? If our data was compromised and DESTROYED, could we RECOVER business operations, and HOW LONG would it take? 8
A NEW DEFENSE AGAINST CYBER ATTACKS BECAUSE YOU NEED TO THINK LIKE A HACKER A Protected Copy of Data Isolated Off-Net No Connections Cannot be directly accessed How Does It Work? Periodic Copies of Critical Data Systems are isolated Data is Periodically Validated ISOLATED RECOVERY YOUR LAST LINE OF DEFENSE AGAINST CYBER-ATTACKS Protecting Against Cyber Destruction Data Hostage 9
HOW ISOLATED RECOVERY WORKS CRITICAL DATA RESIDES OFF THE NETWORK AND IS ISOLATED Production Apps Risk-Based Replication Process Isolated Recovery Business Data Tech Config Data Dedicated Connection Corporate Network DR / BU Tertiary Data Copy Vaulting For Insurance Purposes In Extreme Data Loss Or Destruction Cases Includes Business & Technology Configuration Data XLRT Needs Determine Storage And/Or Backup Appliance Capabilities 10
INTEGRATED OPERATING MODEL Can we break this and make it build? A proprietary model incorporating industry leading references and designed to meet FFIEC/OCC and SIFMA regulatory expectations 11
OUR APPROACH TO ISOLATED RECOVERY 1 Planning and Design: Business Critical Applications Technology environment Configuration information Local or Remote Copy 2 Isolation - Replication: Network Isolation/Air Gap Dedicated Network Link Enable-replicate-disable link Automated and Scripted 3 Validation of Data: Trusted Copies and Versioning Validate Copy After Replication Customer Tools Used to Validate 4 Restore and Recovery: Standard Restore Processes Scripted and Automated 12
ISOLATED RECOVERY IS MORE THAN DR Systems are Isolated Data Center Is Disconnected From The Network And Restricted From Users Other Than Those With Proper Clearance Periodic Copies Over Air Gap Isolated Recovery Copies Are Periodic With A Larger Interval Between Copies DR Copies Are Constant And Continuous Integrity Checking & Alerting Workflows Stage Copied Data, Perform Periodic Integrity Checks, And Have Alert Mechanisms In The Event Of A Breach This last statement is very confusing Recovery & Remediation Separate Restore And Testing Policies & Procedures To Build And Prove Restore Capability Of The Essential Technology Configuration And Business Data Environments 13
WHERE TO BEGIN? Review your current environment Map your current technology standards and capabilities Map your current security and data protection posture Identify what data is valuable and would be valuable to protect against extreme destruction Develop a strategy, technical, and deployment roadmap Identify governance and process requirements Scope project costs and business case Validate your approach against industry peers and best practices 14
BENEFITS OF ISOLATED RECOVERY Ensures that critical business data are vaulted outside the enterprise environment Protects against hacktivism and data destruction/hostage conditions Responds and meets the regulatory concerns on responding to sophisticated cyber crime events Supports valuation of data to determine potential insurance coverage and liabilities against loss 15
EMC AND EY WORKING TOGETHER Deep Understanding Of Customers Business And Technology Environment Successful Track Record Of Delivering Value Across Consulting And Technology Proven Methodologies, Solutions And Tools-based Approach To Decrease Risk And Accelerate Time To Value Comprehensive Capabilities In Delivering Future State Of IT 16
17
EMC AND EY WORKING TOGETHER Value Proposition Deep understanding of Customers business and technology environment Successful track record of delivering value across consulting and technology Proven methodologies, solutions and tools-based approach to decrease risk and accelerate time to value Comprehensive capabilities in delivering future state of IT Technology and market leadership Long-standing relationship with intimate knowledge of Customers technology environment Thorough understanding of the technical, financial and business impact of moving towards new technology models Cross domain implementation expertise CIO level relationships Experience translating regulatory mandates and requirements to actionable solutions Strong understanding and experience with FMU s. Strong practical understanding of Customer requirements and proven track record Broad resiliency capabilities: Cybersecurity, IT Ops, technology infrastructure, Risk and Resiliency Board and CEO level relationships Benefits Accelerate timeline by bringing available solution offerings and reference architectures customized to Customers needs Sustainable solution for Customer incorporating industry leading tools and best practices Build for future by leveraging EMC and EY s shared vision for future state of IT Connecting the dots with other in-flight and upcoming initiatives to deliver an integrated solution Confidence that implementation will be done right the first time 19
Complicat e EMC & EY ISOLATED RECOVERY JOINT ADVISORY OFFERING EY Advisory Services Joint EMC/EY GTM EMC Advisory Services Business Priorities Threat Intelligence Prioritized Risks Security Monitoring Data & Context Vulnerability Identification Incident Remediation Response Reactive & Pr oactive Actions Countermeasure Planning Complicate & Detect Risk Appetite Common Data Protection & Risk Management Shared Story Best Of Portfolio (Assess, Advise, Implement) Services aligned to Managing Risk Governance Model Regulatory Compliance Operating Model Standards Data Replication Technologies Application, data, & Technical Landscape map Technical Architecture, Solutioning Costs, Operating Cost Gap Analysis Peer Analysis Roadmap & Migration Implementation Plan Map Current environment assessment Current technology standards and solutions mapping [app & infra dependency mapping] Current security & data protection posture scorecard Governance policies & procedures Isolated Recovery Metrics Valuable data to protect against extreme destruction Technology Hardening Audit & Remediation Target operating model Strategy, technical solution, & deployment roadmap Projected costs and business case Gap Analysis Peer Review Deploy & Validate Technology Solution Operational Procedures and & Compliance Proof Reporting Map Services aligned to enabling Data Protection Isolated Recovery Metrics Applications & Services to Protect Application and Infrastructure Dependencies Mapping Compliance Policies & Requirements Mapping Hardening Audit and Remediation Architecture, Design, Costs, Business Case Program Managed Implementation IR Recovery Run Books Validation Test Design Proctored Test & Compliance Ready Test Reports Technology Knowledge Transfer EMC Technology Solutions 20
ISOLATED RECOVERY ADDRESSES CONCERNS Critical environment data that resides off the network and isolated from Cyber Attack Promotes enterprise resiliency and should be considered vaulting for insurance purposes in extreme data loss or destruction cases Includes both business and technology configuration data to enable rapid provisioning of the environment if required extreme loss recovery time line (XLRT) needs determine Storage and/or Backup Appliance capabilities Air Gapped from the network to prevent server access Updated through replication process based on acceptable risk exposure limits of uptime connectivity and data loss parameters Remediated against threats while off line and capable of retaining iterative copies to current n versions (based on environment needs) 21