mijee dirks, executive consultant, ibm global business continuity and resilience services
DESCRIPTION
Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services 24 March 2014. Keys to Resilience for Small and Medium Enterprises. BUP03031-USEN-03. Agenda. Risks to Resilience IBM Resilience Framework Resilience Lifecycle Conclusion. - PowerPoint PPT PresentationTRANSCRIPT
© 2014 IBM Corporation
Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services
24 March 2014
Keys to Resilience for Small and Medium Enterprises
BUP03031-USEN-03
© 2014 IBM Corporation
IBM Global Technology Services
2
Agenda
Risks to Resilience
IBM Resilience Framework
Resilience Lifecycle
Conclusion
© 2014 IBM Corporation
IBM Global Technology Services
3
Today’s businesses need to reduce expenses and manage risk while maintaining continual availability to data and services.
Innovation in the cloud
60 percentof chief information officers view cloud computing as critical to their plans5
Mobile in the enterprise
90 percentof organizations will support corporate applications on personal devices by 20146
Increased outage costs
38 percentIncreased to US$182 thousand per hour in two years from 2010-20122
Budgetary constraints
71 percentof the average IT budget is dedicated to ongoing operations4
Unplanned IT outages
70 percentof organizations surveyed list this as their primary concern7
Exploding data growth
40 zettabyteof digital content in 2020, a 500 percent increase from 20103
Aging infrastructure
71 percentof data centers are over 7 years old1
1The Essential CIO: Insights from the Global Chief Information Officer Study, May 2011, 2Aberdeen Group, “Datacenter Downtime: How Much Does it Really Cost?”, March 2012, 3IDC, “Digital Universe Study”, June 2011, 4Based on IBM Research, 5McKinsey, “How IT is managing new demands”, 2011, 6Gartner predicts that by 2014, “90% of organizations will support corporate applications on a personal devices.”, 7The Business Continuity Institute, Horizon Scan 2013 - Survey Report
© 2014 IBM Corporation
IBM Global Technology Services
4
External threats are increasing globally, with economic losses from all types of disasters escalating rapidly.
Source: Münchener Rückversicherungs-Gesellschaft, Geo Risks Research, NatCatSERVICE, January 2013Source: Münchener Rückversicherungs-Gesellschaft, Geo Risks Research, NatCatSERVICE, January 2013
Number of events: 905
Geophysical events (earthquake, tsunami, volcanic activity)
Meteorological events (storm)
Hydrological events (floods, mass movement)
Climatological events (extreme temperature, drought, wildfire)
2012 natural catastrophes2012 natural catastrophes
Hailstorms, severe stormsCanada, 12-14 August
Severe stormsUSA, 28-29 April
DroughtUSA, Summer
Severe storms, tornadoesUSA, 2-4 March
EarthquakeMexico, 20 March
FloodsColumbia, March- June
Severe stormsUSA, 28 June- 2 July
Hurricane SandyUSA, Caribbean 24-31 August
Hurricane IsaacUSA, Caribbean 24-31 August
FloodsNigeria, July- Oct
Winter storm AndreaEurope, 5-6 January
FloodsUnited Kingdom, 21-27 November
EarthquakesItaly, 20/29 May
Floods, hailstormsSouth Africa, 20-21 October
Floods, flash floodsAustralia, Jan - Feb
Floods, flash floodsAustralia, Feb - March
Earthquake Iran, 11 August
FloodsPakistan, 3 -27September
Flash floodsRussia, 6-8 July
Cold waveAfghanistan, Jan- March
Cold waveEastern Europe, Jan- Feb
Typhoon BophaPhilippines. 4-5 December
Typhoon HaikuiChina, 8-9 August
FloodsChina, 21-24 July
© 2014 IBM Corporation
IBM Global Technology Services
5
The increasingly connected world has magnified the impact on every aspect of life, including its disruptions.
Earthquake and tsunami
Game site attacked by hacker
Servers shut down by human error
Volcano
BT resin shortage
Personal information stolen
Nuclear plant explosion
Platform outage
Flight cancellation
Car parts shortage
Mobile circuit production issue
Decreasing tourism
Airlines discontinuation
WW impact to car production
Class action lawsuit
Downstream service provider disruption
The percentage of visitors to Japan dropped to 60 percent in April3
90 percent of the worldwide (WW) Bismaleimide-Triazine (BT) resin supply stopped1
World-wide car production was down by 20-30 percent for some major auto manufacturers during April and May2
The Iceland volcanic eruption cost airlines US$1.7 billion with more than 10 million people affected4
Personal information leaks have cost millions of dollars, led to class action law suits, and damaged corporate reputation
Hosting provider service outages affect Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) for other vendors
1Update: Analysts fear shortage of key resin, Dylan McGrath, 17 March 2011 2Japan's Earthquake and Tsunami Hit Parts Supplies, Motor Trend, June 2011 3Japan's tourism industry recovering after the tsunami, BBC Business News, 6 October 2011 4Volcano Crisis Cost Airlines $1.7 Billion in Revenue - IATA Urges Measures to Mitigate Impact, IATA Pressroom, 21 April 2010
© 2014 IBM Corporation
IBM Global Technology Services
6
IBM’s Resilience Framework depicts a comprehensive view of an Enterprise Resilience program.
To deliver a total resilience program, the resilience capability of each layer must be optimized.To deliver a total resilience program, the resilience capability of each layer must be optimized.
SecurityRecoveryContinuity Availability
IBM
Res
ilie
nc
e F
ram
ewo
rkIB
M R
esil
ien
ce
Fra
mew
ork
Facilities
Technology
Applications and data
Processes
Organization
Strategy and vision
© 2014 IBM Corporation
IBM Global Technology Services
7
True resilience requires a lifecycle methodology to achieve sustainable improvements.
Business imperatives:
IT risk management
Regulatory compliance
Corporate governance
Reputation
Operational risk
management
Inputs:
Business objectives,
goals, priorities,
policies and current
capabilities
Outputs:
Reduced risk, improved governance and facilitated compliance management
Man
age
Plan
Implem
ent
Asses
s
Deploy
Validate
Control
Monitor
Evaluate
Analyze
Define
Design
© 2014 IBM Corporation
IBM Global Technology Services
8
To build a business resilience program, you must first assess your potential risks, their impact and your ability to mitigate them.
Assess
Analyze current and potential risks, and establish a risk profile by location, line-of-business function and business process.
Determine impact of event: financial, opportunity and reputation.
Evaluate mitigation capabilities to develop customized risk framework
Identify areas for further analysis.
Assess maturity of mitigation capabilities, including basic, managed, predictive, adaptive and resilient capabilities. Diagnose risks to business
objectives and prescribe appropriate actions to improve business resilience.
© 2014 IBM Corporation
IBM Global Technology Services
9
Enterprise-wide risks need to be identified, prioritized and addressed as you design and develop your business resilience programs.
Plan
Set objectives for risk mitigation or enhancement to help:
– Define the scope for the risk strategy.– Select the risks that need to
be mitigated or enhanced
Define strategic business continuity, disaster recovery and crisis management plans to help sustain critical operations in the event of a disruption
Design for business resilience:– Business and financial justification – Governance and authority and policies – Systems management disciplines– Physical and logical security– Application and data– Program execution – Facilities
Improve your business resilience with cost-optimized, IT resilience architectures, plans, procedures and strategies.
© 2014 IBM Corporation
IBM Global Technology Services
10
Validate IT recovery plans, procedures, and processes meet business resilience requirements through appropriate testing.
Implement
Choose resilient partners for your resilience solutions, including data storage and Disaster Recovery
Deploy business resilience program:– Implement resilience architecture,
processes, and organization structure– Document resilience programs and train
key personnel
Validate business resilience plans and procedures
– Architect and execute tests of defined resilience plans to help confirm they meet specified objectives:
• Protection of critical information• Recoverability of business functions
– Execute tests or perform walkthrough drills to identify resilience plan weaknesses for improvement and preparedness
Identify resilience plan issues and gaps to be addressed before a disruptive event occurs.
© 2014 IBM Corporation
IBM Global Technology Services
11
A centralized governance program is critical for managing and maintaining a sustainable business resilience program.
Manage
Monitor current conditions to detect and respond to risks.
Control negative risk while enhancing positive risk.
Maintain compliance with regulatory requirements
Report on performance utilizing resilience dashboards to demonstrate readiness and results of business investment in resilience
Re-assess
Perform periodic assessments to validate that resilience plans still address business strategies and risks
Perform continuous improvementHelps ensure a state of readiness to respond to an outage event or a market opportunity.
© 2014 IBM Corporation
IBM Global Technology Services
12
Conclusion
Surviving in a competitive business environment requires continuous availability of IT systems and data, even in the event of a disaster.
Businesses can face revenue loss and erosion of customer trust if they fail to maintain continuity while rapidly adapting and responding to risks and opportunities.
You need to create, implement and manage a business resilience strategy that centers on identifying and mitigating prioritized risks across your enterprise.
It is critical to choose resilient partners as you implement your enterprise resilience strategy.
IBM’s recommended lifecycle methodology helps you achieve more sustainable improvements in business resilience, optimize cost and better manage risk and compliance.
© 2014 IBM Corporation
IBM Global Technology Services
13
Thank you for your time today.
For more information:
IBM Resiliency Consulting Services
IBM Business Continuity and Resiliency Services
Contact:
IBM Taiwan BCRS Solution Sales ManagerSamuel Tsai
[email protected] :886-2-87239666