maximizing uptime and your firm's bottom line: understanding risk and budget when evaluating...
TRANSCRIPT
Maximizing Uptime and Your Firm's
Bottom Line: Understanding risk and budget
when evaluating business continuity & disaster recovery
protocols
Michael KempsChief Executive Officer and Legal Technology Consultant
Interactive AgendaWhat is Disaster Recovery
Causes and Harm of Downtime
RPO and RTO
Hot Site vs. Outsourced vs. RaaS (Recovery as a Service)
Budget Consideration
E-Mail Continuity - Mimecast
Questions & Discussion
What is Disaster Recovery?• The process, policies and procedures of
restoring operations critical to the resumption of business
• Regaining access to data, communications and workspace
• Resuming business processes after a natural or human-induced disaster
The Causes of Data Center Downtime
Human Error 23%
Unexpected Patches / Updates 22%
Server Room Envi-ronment Issues 17%
Power Outages 11%
On-Site Disaster 10%
Virus / Malware At-tack 7%
Hardware Error / Theft 5%
Natural Disaster 4%
Source: Symantec, 2011
Harm of Downtime
• Reputation / client service• Fine / legal penalties• Lost revenue• Lost productivity• Security• Decreased employee productivity• IT resource stress• Brand damage• Non-compliance with regulatory requirements
Business Impact: Risks
Source: IBM, 2010
Freq
uenc
y Pe
r Yea
r
Consequences or Cost of Loss
Virus
Disk Failure
Data Corruption
Data Growth
Worms
Data Driven
Business Driven
Event Driven
System Availability Failure
Application Outage
GovernanceNew Products
ComplianceMarketing Campaigns
Workplace InaccessibilityAudits
Political EventsNatural Disaster
Mergers and AcquisitionsBuilding Fire
Pandemic
Failure to Meet Industry Standards
Regional Power Failures
Long Term Data Preservation
Network Problem
1,000
100
10
1
Every10
Years
Every10,000 Years
Risk Tolerance Prioritization
Risk Scoring • IMPACT if risk occurs• LIKELIHOOD of occurrence
Low High Im
pact
LikelihoodLow
High
Highest Priority
Lowest Priority
Medium Priority
Medium Priority
RPO and RTO• RPO: “recovery point objective” The point in
time to which data must be restored to successfully resume processing. Often thought of as time between last backup and when outage occurred.
• RTO: “recovery time objective” The time within which business functions or applications must be restored, including time before disaster is declared and time to perform tasks.
Solutions• Hot Site (Do-it-yourself)
• Outsourced Solution Provider
• Recovery as a Service (RaaS)
Hot Site (Do-it-yourself)• Firm builds a replica server room in a rented
colocation datacenter or second office• Includes leased lines for communication, power, and
cooling. All hardware and software is purchased and maintained by the firm.
• Benefits• Performance is only limited by what the firm is willing
to pay• RTO is potentially the highest of all solutions• RPO is potentially the highest of all solutions
Hot Site (Do-it-yourself)• Disadvantages
• Cost• Potentially more than doubles the cost of the
production environment• Ongoing maintenance
• Complexity• The firm is responsible for the patching and
maintenance of two disparate datacenters• Hardware/Software Drift
• Monitoring• The firm is responsible for all monitoring of the
replication and readiness for recovery
Outsourced Solution Provider• Similar technology and architecture to do it
yourself• Firm contracts with a third party to build a
replica server room in a rented colocation datacenter or cloud provider• All hardware and software is purchased by the firm,
but maintained by the third party vendor.
• Benefits• Outsourced expertise that is not available with in-
house resources.
Outsourced Solution Provider• Disadvantages
• Cost• Similar cost structure to the Hot Site option, with
the added cost of the third party • Ongoing cost from the third party
• Knowledge is not retained in-house• Provider’s capacity potentially limited during
the disaster
RaaS (Recovery as a Service)• RaaS
• Local disk backup with replication of firm data to the vendor’s data center; the vendor can host the firm’s servers as required
• Benefits• Eliminate complexity of DR• DR infrastructure is managed by the vendor• Economies of scale and lower cost• High RPO / RTO • SSAE 16, or ISO/IEC 2001, and ISO 9001
Certified Data Centers
RaaS (Recovery as a Service)• Performance
• Adequate performance but limited by vendors infrastructure
• Control• Firm data stored on third party equipment
• Mitigated by contractual obligations
• Monthly cost based on number of servers and size of data replicated to the facility• Grows over time• Not necessarily predictable
Model Downtime CostsCalculate the labor cost of an outage:• Labor Cost = P x I x R x H• P = number of people affected• I = percentage impact• R = average employee cost per
hour• H = number of hours of outage
Calculate revenue loss during an outage:• Lost Revenue = ( GR / TH ) x I x H• GR = gross yearly revenue• TH = total yearly business hours• I = percentage impact• H = number of hours of outage
Budgeting Methodology: Step 1• Determine
• Risk tolerance objectives• Service level and approach• Functionality• Level of expertise and automation required• Determine technology, implementation and
support costs• Project costs for life span of selected approach ( Year
1, 2, 3 )
Budgeting Methodology: Step 2
• Which approach is right for you?• Do It Yourself• Outsourced Solution Provider• Recovery as a Service ( RaaS )
• Apply budgeting methodology template and determine the most appropriate approach
• Templates provided upon request
E-Mail Continuity - Mimecast• Enables continuous communication with
clients• Always on e-mail recovery
• Archive functionality• Smaller/faster local mailboxes, while
maintaining full searchability• Feature Rich E-Mail Platform
• E-Discovery• Encryption• Closed Circuit Messaging• Anti-Virus/Anti-Spam
Microsoft Outlook
Microsoft Exchange
2010
Microsoft Outlook
Microsoft Exchange
2010
Disaster Recovery Planning• Technology alone is not enough
• Establish a plan• Risk analysis• Establish priorities • Develop recovery strategies• Document your plan• Test your plan• Implement your plan
