beyond business continuity and disaster recovery the paradigm shift mardecia bell ann harris
TRANSCRIPT
History/Timeline1997 Initiated with the administrative environment
Mainframe environment recovery test
1999 Y2K - Business Continuity concept Acquired central repository software (LDRPS)
2001 Scheduled annual Mainframe recovery testIncluded communications & academic environment
2002 Expanded to include Enterprise Business Continuity/Disaster Recovery Planning
2004 Successful DR test of ERP systems
2005 Co-processing of production services began in Data Center II
2005 DR Unit created – restructured to Organizational Resilience in 2006
Organizational Resilience Unit
The OR Unit was established to close the gaps in the Capability Maturity Model by using:
• Industry standards and best practices
• Auditing processes for resiliency
• Promoting policies, rules and regulations
Business Resiliency
Resiliency is an enterprise-wide state of readiness including people, processes,
information, facilities, and third-parties as well as technology to cope effectively with
potentially disruptive events.
(Financial Services Technology Consortium)
Business Resiliency Cont.’d
It is an enterprise's capability to respond rapidly to unforeseen change, even chaotic disruption. It is the ability to
bounce back — and, in fact, to
bounce forward — with speed, grace, determination and precision.
(Gartner Research “The Five Principles of Organizational Resilience”)
The Paradigm Shift
Disaster Recovery– Static in nature– Slow and dogmatic– Reactionary– Stationary work
dependencies
Organizational Resilience– Flexible– Rapid response– High state of readiness– Mobile work environments
The Layers of Organizational Resilience
• Strategy and Vision– What are the concerns?– What is the future direction/roadmap?– What does this mean for me?– What are the expected service levels?
The Layers of Organizational Resilience
• Organization– Who should I turn to for help?– [Someone] should know about this?– Documented roles, responsibilities,
accountability
The Layers of Organizational Resilience
• Processes– Who knows how/why it was done that way?– Where is that manual???– What if the change happened here?– Do we have identified alternatives?
The Layers of Organizational Resilience
• Applications and Data– Is the data secure/stable?– Is the application accessible remotely?– Is the application/data changed becoming
unusable?– What’s the tolerance level in the event of a
disruption?– Backups…
The Layers of Organizational Resilience
• Technology– Is there a better way?
• Cheaper• Safer• More secure• Market advised
– Have threats or potential impacts changed?– Redundancy/Failover
Illustration of Various DR Deployments
Fault-tolerant cluster (file and print services)
A ProductionB Configuration
B ProductionA Configuration
B Production
A Production
Distributed deployment (hosted systems)
A Production A Development A Production
Co-processing and load-balancing (ERP)
A ProductionA Production A Production
Data replication (mainframe)
Server Data Server Data Server Data
Enterprise Resource Planning (ERP) Deployment
DC II
Financial System (Version 8.4) Human Resources (Version 8.8) Student Information System (v8.9 under development)
DC I
Web Server
DB Server
Application Server
Batch Server
CampusUsers
Web Server
Application Server
Batch Server
Web Server
Application Server
Web Server
Application Server
Batch Server
DB Server
Batch Server
Data
Storage Area
Network
Summary and Future Steps
DC II
Hosted systems
Infrastructure
DataData
Storage Area
Network
Active Directory/ Windows
Novell DirectoryServices / Novell
Citrix
ERP Web
ERP Batch
ERP Application
Data
Backup/vaulting
ERP DB Server
DC I
Hosted systems
Infrastructure
DataDataData
Storage Area
Network
Backup/vaulting
Active Directory/ Windows
Novell DirectoryServices / Novell
Citrix
ERP Web
ERP Batch
ERP DB Server
ERP Application
Development Server
Mainframe Server
Email/Calendar Anti-SPAM
File/Print, User Home
Web Server
Database Server Development
ServerMainframe ServerWeb
Server
Database Server
DataData
Storage Area
Network
Data
Email/Calendar Anti-SPAM
File/Print, User Home
The Layers of Organizational Resilience
• Facilities– What if I can’t get to my PC?
• Can you perform your critical tasks remotely?• Are your critical applications hosted or local to your
PC?
– What if I can’t get to my office?• Are critical files accessible remotely?
– Manuals– Procedures
Business Impact Analysis and Risk
Summary Workshop Session I
• Network failure• Fire (in data centers and/or
offices)– Inability to access data
centers and/or offices• Extreme weather conditions• Human errors• Theft or malicious activities• Lack of staff resources• Corrupt data• Vaulting damage or errors• Regional disasters• Flooding of datacenters and/or
offices
• Main Distribution Frame (MDF) fire and/or flood
• Lack of equipment• Third-party network failure (i.e.
RoadRunner down)• Hardware Failure• Software Failure• Network breaks (fiber and
cable damage)• Physical access of data
centers (keys, card readers)• Access to data in an
emergency (maintenance of ACL's)
• Security documentation
OR Resilience Chart Threat Assessment
Strategy and Vision Organization Processes Applications
and Data
Technology Facilities
Lack of uniform vision Lack of staff
resources
Human Errors Software
Failure
Network Failure/
Breaks
Fire
Defined SLA Lack of
Communication
Lack of
Documentation
Corrupt Data Hardware
Failure
Extreme
Weather
Customer Value Vaulting damage
Errors
Lack of
equipment
Physical
Access &
Security
Authentication
During incident
3rd Party Failure
Data/TeleCom
Regional
disasters
Flooding
Theft/
Malicious Activities
Access
Organizational Resiliency
• The next step in DR/Business Continuity
• To incorporate readiness and contingency in daily operations
• To be ready to address any type of disruption at all times
Contact Ann S. Harris
Assistant DirectorNC State UniversityRMIS Organizational
Resilience919-515-9228