disaster recovery and business
DESCRIPTION
Disaster Recovery and Business,TRANSCRIPT
Business Continuity and
Disaster Recovery Management in E-Banking
Md. Mahbubur Rahman AlamAssistant Professor, BIBM.
E-mail: [email protected]: 01556323244
Web: www.bibm-bd.org
What is a Disaster?
Any unplanned event that requires immediate redeployment of limited resources
Any unplanned event that requires immediate redeployment of limited resources
Natural Forces Fire Environmental
Hazards Flood / Water
Damage Extreme
Weather
Technical Failure Power Outage Equipment Failure Network Failure Software Failure
Human Interference Criminal Act Human Error Loss of Users Explosions
Sample Disasters
Introduction
Disasters – Natural, Man-made
• Fire, flood, hurricane, tornado, earthquake, volcanoes
• Plane crashes, vandalism, terrorism, riots, sabotage, loss of personnel, etc.
• Anything that diminishes or destroys normal data processing capabilities
Historical Evidence on Impact of High Duration IT Outage
• The WTC bombing of 1993• 450 companies• 147 non-recoverable• Majority out of business by 1994
• The WTC disaster of 2001• 800 companies• 250 disaster declarations• ~150 out of business by 2002
• Natural Disasters• 2004: four hurricanes in Florida• 2005: Katrina, Rita, Wilma
Those who plan tend to fare better than those who don’t
The September 11th Effect
• Terrorist attacks cause more than $50 billion in infrastructure damage
• Dramatically raised awareness
• Physical and cyber security
• Business leaders closely examining internal security, continuity, and recovery plans
• 90% of CEOs have reviewed DR plans*
• Many discover inadequate investments
*Source: AP or Reuters
Source: Gartner Group
In Reality, Most Downtime is Caused by Human Error
Causes of Data Loss
Source: Wall Street Journal
64%
19%
3%8%
4%
0%
10%
20%
30%
40%
50%
60%
70%
Human Error InternalSabotage
ExternalSabotage
Disk Failure Disaster
“40% of all SMBs will go out of business, if they cannot get their data in the first 24 hours after a crisis.”
-- Gartner
Lost Data is Today’s News!!Lost Data is Today’s News!!
Bank of America looses a million Bank of America looses a million customer recordscustomer records• TapesTapes stolen in transit to offsite data centerstolen in transit to offsite data center
Ameritrade Loses 200,000 Client FilesAmeritrade Loses 200,000 Client Files• Tapes lost in transit to offsite data centerTapes lost in transit to offsite data center
What is Disaster Recovery?What is Disaster Recovery?
Disaster recovery describes how an organization is to deal with potential disasters. A disaster recovery plan (DRP) consists of the precautions taken so that the effects of a disaster will be minimized, and the organization will be able to either maintain or quickly resume mission-critical functions.
What is a Disaster Recovery Plan?
A management document for how and when to utilize resources needed to maintain selected functions
when disrupted by agreed upon incidents
A management document for how and when to utilize resources needed to maintain selected functions
when disrupted by agreed upon incidents
Business Continuity Plan Contingency Plans Continuity Plans Emergency Response Plans Business Recovery Plans Recovery Plans
Other names commonly used:
Introduction
Regional Area Local Area Within 3 Blocks To The Building Within 3 Floors On The Floor Within The Room
What is the magnitude of an incident?
Depending upon the magnitude of an incident, possible alternative sites include:
Introduction
Within The Room Within the Building Within the Region Outside the Region
Avoidance Strategy Redundant
configuration to avoid incidents
Site harden facilities to resist incidents
Redundant utilities and hardware
Automated operation recovery plan
Mitigation Strategy Early warning
detection Contractual
agreements with vendors
Mirrored data and documents
Detailed migration recovery plan
Recovery Strategy High level recovery
plan Off-site data storage Very responsive
vendor relationships Very knowledgeable
employees
Types of Strategy Options Hot site Cold site Worm Site
Introduction
Types of Strategies
Computer Hardware Alternatives
• Hot Sites• Ready to Operate Within Several Hours• Not for long term extended use• Network Component
• Warm Sites• Partially Configured with network
connections• Without Main Computer
• Cold Sites• Site with only basic environment
Planning
The primary objective for the Planning Phase is to gain management consensus on the focus areas and scope of a Disaster Recovery Plan that will address major business risks
Implementation
Scoping & Risk
Assessment
Planning
Recovery Strategy
Development
Disaster Recovery
PlanApproval
Training&
Testing
ImplementationThe primary objective for the Implementation Phase is to develop, test, and rollout a Disaster Recovery plan. The implementation phase could be longer or shorter, depending upon scope, approach, and staffing defined during the Scoping and Risk Assessment phase
Disaster Recovery Approach
What is Business Continuity?
Business continuity describes the processes and procedures an organization puts in place to ensure that essential functions can continue during and after a disaster. Business continuance planning seeks to prevent interruption of mission-critical services, and to reestablish full functioning as swiftly and smoothly as possible.
BCP objective
• Create, document, test, and update a plan that will:
• Allow timely recovery of critical business operations
• Minimize loss
• Meet legal and regulatory requirements
Reduce Frequency of Failures & attacks
Mitigate Severity of Failures & attacks
Increase Predictability of Failures & attacks
Optimize Recovery Time from Failures and attacks
Good Practices
A Better Approach: Remote Backup and Restore
Offsite Data BackupOffsite Data Backup
• Secure, bandwidth efficient, network-based data protection service
• Automatic daily backups for servers/PCs using existing network to a remote location
Customer server(s)
Customer Firewall
I/O
I/O
I/O
I/O
I/O
I/O
P R O C S S OE R
hp Proliant DL380-G3
I/O
I/O
I/O
I/O
I/O
I/O
P R O C S S OE R
hp Proliant DL380-G3
I/O
I/O
I/O
I/O
I/O
I/O
P R O C S S OE R
hp Proliant DL380-G3
ViaRemote Platform
WAN
Disaster Recovery Center
CrisisTime Zero
Emergency
Response
Restore
Backups
Mobilize
ResourcesRestore
Applications
Roll Forward
& ReSync
Capture actual ETTR
StatusRestored
RPO Recovery point objectivesRTO Recovery time objectivesETTR Elapsed time to recover
Manage
Recovery process
Compliance?
• Self/Own
• Central Bank
• ISO 17799
• BS 7799
• BS 15000