Disaster recovery strategic planning: How achievable will it be?

Similar documents
TSC Business Continuity & Disaster Recovery Session

Advanced Security Centers. Enabling threat and vulnerability services in a borderless world

Certified Information Systems Auditor (CISA)

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

Disaster Recovery Planning: Is Your Plan in Place? Presented by: Steve Shofner, CISA, CGEIT

Build a viable plan for disaster recovery and crisis management.

Why you should adopt the NIST Cybersecurity Framework

Accelerate Your Enterprise Private Cloud Initiative

EY Norwegian Cloud Maturity Survey 2018

Shaping the Cloud for the Healthcare Industry

SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

DR Planning. Presented by. Matt Stolk Associate Director Northwest Regional Data Center Florida State University

Session 5: Business Continuity, with Business Impact Analysis

Introduction to Business continuity Planning

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

Enterprise resilience and the role of Standards

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Continuity of Business

Bharath Chari Cyber Risk Sr. Manager, Deloitte & Touche LLP

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Business Continuity & Disaster Recovery

Transform Availability

IT Enterprise Services. Capita Private Cloud. Cloud potential unleashed

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Danish Cloud Maturity Survey 2018

REPORT 2015/149 INTERNAL AUDIT DIVISION

Business Continuity Management Standards A Side-by-Side Comparison

Getting Hybrid IT Right. A Softchoice Guide to Hybrid Cloud Adoption

Dell helps you simplify IT

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Sage Data Security Services Directory

ServiceNow knowledge 2016

How to Conduct a Business Impact Analysis and Risk Assessment

Protecting your data. EY s approach to data privacy and information security

Availability in the Modern Datacenter

EY s data privacy service offering

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014

Policy. Business Resilience MB2010.P.119

Achieving effective risk management and continuous compliance with Deloitte and SAP

Table of Contents. Sample

Building a BC/DR Control Library and Regulatory Response Program

Business Continuity Planning

Audit & Advisory Services. IT Disaster Recovery Audit 2015 Report Date January 28, 2015

MHA Consulting BCM Metrics Resiliency Through Measurement

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

How to Derive Value from Business Continuity Planning

Choosing the Right Cloud. ebook

EY Norwegian Cloud Maturity Survey Current and planned adoption of cloud services

Business continuity management and cyber resiliency

Certified Information Security Manager (CISM) Course Overview

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

CASE STUDY: USING THE HYBRID CLOUD TO INCREASE CORPORATE VALUE AND ADAPT TO COMPETITIVE WORLD TRENDS

ISACA Cincinnati Chapter March Meeting

Cisco Data Center Business Continuity Planning Service

IT Attestation in the Cloud Era

Business Continuity Risk Management IT Service Continuity

Business Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018

How unified backup and cloud enable your digital transformation success

Principles for BCM requirements for the Dutch financial sector and its providers.

Cisco Director Class SAN Planning and Design Service

Rejuvenating BCM - Infrastructure. Business Continuity Awareness Week March 2009

The Key to Disaster Recovery

Cisco Digital Network Architecture The Network Enables Digital Business. Rene Andersen Cisco DK

Business Continuity Management Program Overview

Why the Cloud is Changing the Face of DR

Symantec Business Continuity Solutions for Operational Risk Management

Practical Guide to Hybrid Cloud Computing. Cloud-Computing.

VMware Disaster Recovery

Risk Advisory Academy Training Brochure

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

SIMPLIFY IT. Transform IT with VCE and Vblock TM Infrastructure Platforms. Copyright 2011 VCE Company LLC, All rights reserved.

Healthcare IT Modernization and the Adoption of Hybrid Cloud

Business Technology Briefing: Fear of Flying, And How You Can Overcome It

10 Reasons Why Your DR Plan Won t Work

Global Statement of Business Continuity

Cloud Strategies for Addressing IT Challenges

Appendix 3 Disaster Recovery Plan

in Transition to the Cloud David A. Chapa, CTE EVault, a Seagate Company

Cloud Computing in the enterprise: Not if, but when and how?

Supporting the Cloud Transformation of Agencies across the Public Sector

In this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing,

EX0-101_ITIL V3. Number: Passing Score: 800 Time Limit: 120 min File Version: 1.0. Exin EX0-101

Sungard Availability Services Information Availability... Delivers

IBM Cloud IBM Cloud for VMware Solutions Zeb Ahmed Senior Offering Manager and BCDR Leader VMware on IBM Cloud VMworld 2017 Content: Not for publicati

Infocomm Professional Development Forum 2011

BUSINESS CONTINUITY MANAGEMENT

Cyber Diligence. EY Deals Forum Ian McCaw EY Transaction Advisory Services

Mind your Business We manage your IT

DISASTER RECOVERY PRIMER

Cloud Computing Overview. The Business and Technology Impact. October 2013

Sony Customer Journey

GDPR: A QUICK OVERVIEW

Business Continuity Planning Keeping Pace with New Technology

CASE STUDY GLOBAL CONSUMER GOODS MANUFACTURER ACHIEVES SIGNIFICANT SAVINGS AND FLEXIBILITY THE CUSTOMER THE CHALLENGE

Information Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure

Transcription:

April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Disaster recovery strategic planning: How achievable will it be? Prudence Marasigan Ernst & Young Advisory Services, Senior Manager prudence.marasigan@ey.com Amr Ahmed Ernst & Young Advisory Services, Executive Director amr.ahmed@ey.com Page 1 of 13

April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Resiliency touch points BCM program alignment and implementation continuity driven resiliency objective Assess phase (Risk based prioritization) Risk based Prioritization process/apps identification impact analysis Dependency analysis Risk assessment (gap analysis) Continuity strategy development Current technical capabilities Mitigation phase (Progress against plan) Technical solution acquisition and implementation Strategy implementation Incident response management continuity and disaster recovery plans Plans exercise and maintenance IT DR driven Page 2 of 13

Disaster recovery strategy approach April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona The outcomes of the strategy may have more than one solution to fulfill an organization s recovery and continuity in the face of a business disruption. 1 2 3 4 5 What is to be recovered: People, business processes, application critical paths and technical services How will it be recovered: Technology and technical solution options Where will it be recovered: Technologies facilities (e.g., data center, data rooms), workplace and/or service provider(s) When will it be planned: Execute short term and long term roadmap How much it will cost: High level budget requirements Page 3 of 13

Disaster recovery strategy requisites April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Guiding principles Total cost of ownership strategy and impact Infrastructure strategy Technical dependency Enterprise risk In source Co location Outsourcing Current strategy gaps Sourcing alternatives Managed hosting Cloud services Disaster recovery strategy High level investment Roadmap and timeline constraints People constraints Technology constraints Page 4 of 13

Disaster recovery strategy requisites April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona strategy and impact Understand the business direction, criticality and prioritization, and the impact that would arise if a threat became an incident and caused a business disruption. Infrastructure strategy Align disaster recovery strategy options with current infrastructure technology strategy (i.e., use the organization s existing cloud strategy as a disaster recovery options) Technical dependency Identified all dependencies relevant to the critical business processes/applications, including the underlying infrastructure technology, operational resources and suppliers, and outsource partners Enterprise risk Determine the criteria for acceptable level of risk and statutory, regulatory and contractual duties Page 5 of 13

April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Disaster recovery strategy requisites Guiding principles Total cost of ownership Guiding principles that provide a clear link to business and technical priorities and define leading practices for technology architecture and implementation Current environment cost transparency Issues and obstacles that will affect the future strategy development and disaster recovery (DR) architecture. For Example: the business s or the country s political establishment and/or regulation requires that the application and/or data be served from a specific location (e.g., state/providence, country, region) and/or by a specific sourcing service type (e.g., in house, co location, managed service) constraints People constraints Technology constraints Page 6 of 13

April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Disaster recovery sourcing options Understand your alternative service delivery models: Layers/levels of hosting In house Co location Managed hosting IaaS/ PaaS SaaS Apps Complete outsourcing process layer Application layer Application Infrastructure layer (tools layer) Operating system layer Device layer Networking layer Data center layer Client responsibility Service provider responsibility Page 7 of 13

Disaster recovery levels April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Understand your disaster recovery solutions related to business impact results Recovery time objective (RTO) solutions example Tolerance to service loss Level 1 Level 2 Level 3 Level 4 <= 4 hours >4 10 hours >10 hours 3 days >3 days 2 weeks Clustering and geodiverse Like or like and virtual servers Re purpose dev/testing and vendor drop ship Vendor drop ship Time 0 of the outage Time BIA categories Low (hours) High (hours) Vital service 0 24 Essential service >24 72 Important service >72 120 Supportive service >120 720 Page 8 of 13

Disaster recovery levels April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Understand your disaster recovery solutions related to business impact results Recovery point objective (RPO) solutions example Tolerance to data loss Level 1 Level 2 Level 3 Level 4 <= 1 hour >1 hour 12 hours >12 hours 24 hours >24 hours 72 hours SYNC/ASYNC replication and VTL backup ASYNC replication and VTL backup VTL backup VTL or tape backups Last data backup and/or replication Time BIA categories Low (hours) High (hours) Vital service 0 24 Essential service >24 72 Important service >72 120 Supportive service >120 720 Page 9 of 13

April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Disaster recovery total cost of ownership (TCO) Measure your current IT DR spending so you can effectively improve, manage and control your future DR strategy costs. Build and maintain an accurate inventory of hardware, software and appropriate licenses. Develop a TCO model that includes a combination of the following OPEX and CAPEX (recurring and non recurring) spending: o Labor; plan, build, test and run o Facilities, including in source or external data centers, data rooms and workspace o Hardware, data network and other items are for hosting hardware and applications Others Data network Facility Hardware Labor Page 10 of 13

April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Disaster recovery total cost of ownership (TCO) Comparative cost summary (in thousands) example: Page 11 of 13

Disaster recovery strategy roadmap 1. Current facilities to accommodate DR requirements (e.g., space, power, Tier III) and/or address different sourcing options. 2. Infrastructure foundation services recovery capabilities such as networks, AD, DNS, authentication, etc. 3. Service applications and collaboration tools such as email, unified communications, etc. 4. application recovery based on criticality, priority, interdependencies, etc. application Network application Active directory application April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Develop the strategy implementation roadmap based on your current maturity to address: Incident response plan Messaging application DNS application application Dependencies and sequence of applications recovery Unified comm. Service applications and collaboration tools Infrastructure foundation services application Team Desktop Mobile spaces tools services 3 Core platform services (Systems/OS, storage) 4 2 Facility (e.g., power, space, hosting service) 1 Page 12 of 13

April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Thank You! Page 13 of 13

Ernst & Young Assurance Tax Transactions Advisory About Ernst & Young Ernst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 152,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential. Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit www.ey.com. 2012 EYGM Limited.. All Rights Reserved. This publication contains information in summary form and is therefore intended for general guidance only. It is not intended to be a substitute for detailed research or the exercise of professional judgment. Neither EYGM Limited nor any other member of the global Ernst & Young organization can accept any responsibility for loss occasioned to any person acting or refraining from action as a result of any material in this publication. On any specific matter, reference should be made to the appropriate advisor. The opinions of third parties set out in this publication are not necessarily the opinions of the global Ernst & Young organization or its member firms. Moreover, they should be viewed in the context of the time they were expressed. Page 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback