the big bang - forbesimages.forbes.com/forbesinsights/studypdfs/ibm_big_bang...expensive. for...
TRANSCRIPT
The Big Banghow The cloud is changing resilience in The expanding universe of digiTal daTa
in associaTion wiTh:
conTenTs
Introduction ...................................................................................................................................2
Is the cloud the silver lining for disaster recovery? ......................................................4
Designing for resilience: What is the right cloud strategy? ......................................6
Sidebar 1: Systems of engagement .......................................................................................8
What can cloud do for you when it comes to recovery, security and compliance? ......................................................................................................10
Sidebar 2: Do you know where your data is? ................................................................. 12
When is it time to consider consulting as a way to improve resiliency? ................................................................................................................... 14
Business continuity and security—a marriage made in heaven ........................... 18
Conclusion .................................................................................................................................... 19
Acknowledgments ................................................................................................................... 19
More on resiliency services from IBM .............................................................................20
Cover photo courtesy of NASA
2 | The Big BANg
inTroducTion The digital universe is set to expand to 6 trillion terabytes
of data this year. To try to put that number in perspective,
that’s 375 million times more data than Watson, the
IBM supercomputer, needed to trounce a couple of very
accomplished human contestants in Jeopardy only three
years ago.
ix trillion terabytes is also 50% more digitized information than was cre-ated, replicated or consumed last year. The average company may need only a fraction of those trillions of terabytes to run its business, but the explosive growth and the increased reliance on digital data to run nearly every system, every marketing initiative, every interaction with customers
and every act of regulatory compliance has truly complicated the task of ensuring business continuity. Managing all that data in a static database would be a simple matter of acquiring more storage space, but then consider how to manage:
• A mobile interface with customers
• A global supply chain that relies on the Internet
• A secure site for financial transactions
So much of the data needed to run a business is in constant movement. And so many parts of a business can come crashing to a halt when there is a disruption to this constant flow of information.
The customization features that many companies now use to tailor their custom-ers’ experience—based on location, past purchases and other analytics—rely on the availability of all that data to function. The Internet of Things will bring in another explosion of new data, with IDC predicting 30 billion autonomously connected end-points by 2020.
For business continuity specialists, the expanding digital universe is compress-ing the window during which the average enterprise can tolerate downtime. “Until a few years ago, a recovery time of 24 to 48 hours was typical,” says Allen Downs, vice president, consulting & sales, IBM Global Technology Services. “But now 70% of our clients need recovery in less than four hours—many of them, in less than one hour for critical applications.”
The digital
universe is set
to expand to
6 trillion terabytes of
data this year.
CopyrighT © 2014 Forbes InsIghts | 3
What’s more, with so many IT systems now deemed critical, any outage can carry staggering costs. According to a survey last year by Ponemon Institute, a substantial outage—one lasting more than an hour or two—costs a company more than $32,000 a minute on average. Anticipated losses for each substantial outage related to an IT fail-ure: $14 million, but the costs have run beyond $100 million in some cases. The lon-ger systems remain down, the greater the impact to a company’s reputation and to future revenue.
Unfortunately, with the explosion of data, recovery times are moving in the wrong direction. In a highly selective study, 85 disaster-recovery decision makers and influ-encers told Forrester Research and the Disaster Recovery Journal that the median actual recov-ery time last year was eight hours—five hours more than recovery times in 2010. Meanwhile, data loss edged up over that same period. The same survey found that a greater percentage of respondents lost more than six hours of data.
Moreover, the growing tangle of systems and appli-cations means that even a simple problem can set off a widespread outage—a software upgrade gone wrong, a fat finger or a power outage is all it takes. These issues have eroded the resilience of IT systems since comput-ers were invented, but now they can ripple through an enterprise and beyond in a flash. One in three compa-nies declared a disaster in the last five years; as of three years ago, only one in five had declared a disaster over the previous five years.
The problem is complex, but the solution doesn’t have to be. “The cloud has massive implications in terms of risk but also phenomenal opportunities in terms of flexibility and adoption,” says Dr. Paul Robertson, director, Business Resilience, PricewaterhouseCoopers. “We can change our model, our services and our ability to respond much more rapidly.”
Employing cloud backup can reduce recovery times. But the cloud itself doesn’t solve resiliency. “You can put your workload in the cloud, but you still need to decide what you will protect,” says Laurence Guihard-Joly, general manager, IBM Global Technology Services.
“From the very beginning of when you develop an application, you have to think about how you’re going to protect your app, your data and your users,” she adds. “When you migrate to a hybrid cloud or the public cloud, you have to have the same security and resiliency, and it has to be by design.”
According to a survey last
year by Ponemon Institute,
a substantial outage—one
lasting more than an hour
or two—costs a company
more than $32,000 a minute
on average.
Medical institutions, stock exchanges and other organi-
zations with critical time constraints are well practiced at
deploying instant recovery strategies with minimal data
loss. Their solutions tend to be highly customized and very
expensive. For everyone else, tape, with its longer deploy-
ment times, has been—and still is for many—the disaster
recovery plan of choice and financial necessity. Over the
last few years, however, the cloud has brought down the
cost of Disaster Recovery-as-a-Service, just as many orga-
nizations are realizing that they can no longer afford to
wait hours to recover.
4 | The Big BANg
is The cloud The silver lining for disasTer recovery?
“It’s not a value discussion about cloud, it’s a discussion of what
happens if your data is unavailable.”
— Daniel Witteveen Director, iBM Cloud Managed Backup and Data Virtualization
in the Forrester
study, only
15% of
respondents
said their
companies use
a cloud-based
recovery site.
CopyrighT © 2014 Forbes InsIghts | 5
et, while many companies have keenly embraced the idea of moving customer rela-tionship management, human resource applications and enterprise management systems to the cloud, a remarkably small per-
centage of them look to the cloud for disaster recovery. In the Forrester study, only 15% of respondents said
their companies use a cloud-based recovery site. Many still rely on tape, particularly for non-critical systems. Why? “There is an element of hesitation, handing off crown jewels to a supplier,” says Downs. “There is a perceived risk of a reduction in control.”
And there is no question that moving any workload to the cloud can introduce supply-chain risk. “Clients are starting to think about this before they just hand this off to anybody,” says Downs. “They want to make sure they are handing it off to a company that has as much of a focus on its reputation as they do.”
“When we speak to clients in IT, they don’t want anyone touching their sandbox,” says Daniel Witteveen, director, IBM Cloud Managed Backup and Data Virtualization. “But when we speak to business line executives, it’s the exact opposite.” They recognize that managing data is not their core business, he says. “Using that data is important, but managing the envi-ronment of that data is not. They want an entity that they can trust to be there.”
The cost of outsourcing business resiliency is another sticking point for many entities. Moving workloads to the cloud can bring tangible cost savings; ensuring resiliency adds to upfront costs. “There are a lot of benefits to cloud, and everyone knows that,” says Witteveen. “It’s not a value discussion about cloud, it’s a discussion of what happens if your data is unavailable.”
What is the risk of an outage versus the cost of miti-gating that possibility? “There is a bit of game theory in all business continuity spending,” says Witteveen. “It’s risk versus reward: how much are you willing to pay to reduce your risk, and what level of risk are you com-fortable with?” In some areas, such as compliance, the risk is mandated. But for a C-level executive responsi-ble for risk, figuring out the right financial balance is a growing challenge.
“If you’re shopping online, how quickly will you go to another site if everything isn’t working well?” asks Witteveen. Continuous operation is so much more important than it was 10 years ago.
Ensuring continuous operation will always cost something, and most businesses believe a do-it-your-self approach will save money. “If a client is going to insource continuity, they have to build an entire envi-ronment,” he says. “It has to be 100% there, and it has to be 100% available, and it has to be out of region in a separate IT facility. A lot of large companies do it, and they do it very well, but it’s very expensive. You have to have double everything. And it’s not just the capital cost of having double everything, it’s the maintenance cost.”
Resiliency teams also face the scrutiny of corpo-rate cost cutters when they insource. “They see all this extra capacity at this second site that looks like it’s not being utilized because it’s there for disaster recovery,” says Witteveen, “and they will start figuring out how to utilize it.” The second that happens, the backup sys-tem can be compromised. “This is not only expensive, it’s very risky,” he warns.
One thing is certain: there is no one-cloud-fits-all strategy
to ensure resilience. Workloads that are low-level and unreg-
ulated, for example, can be handled most economically by a
public cloud application. For other applications, IBM’s strat-
egy is to create dedicated private clouds.
6 | The Big BANg
designing for resilience: whaT is The righT cloud sTraTegy?
There is no
one-cloud-fits-all
strategy
to ensure
resilience.
CopyrighT © 2014 Forbes InsIghts | 7
rivate clouds can operate under a consumption model: price per gigabyte. This has many advantages, as well as some dis-advantages. Budgeting is more
difficult if you can’t predict with some cer-tainty how many gigabytes you will need in a given time.
For data, Daniel Witteveen points out that there are three layers to consider when assessing cloud storage in terms of security and availability:
• Business data
• Analytical data
• Regulatory data
For system recovery, the question is: “How quickly do you need it?” The answer to that question has changed dramatically in a very short time. “Five years ago, we were still thinking about disaster recovery ver-sus resilience,” says Witteveen. “People were thinking about, ‘How do I have an environment up and running in, say, 24 hours if there is a disaster?’”
Accelerating recovery goals is one thing; meeting them is proving to be a challenge for many organiza-tions. In a 2013 Forrester study sponsored by IBM, 59% of firms with an in-house solution were only somewhat successful in meeting recovery objectives during testing.
Most companies view their systems in tiers of importance, with varying levels of tolerance for down-time. But the downtime that can be tolerated has shrunk considerably in the last five years (Fig. 1), and the tolerance for data loss in the event of a disaster has gone from 24 hours—a full day’s worth of data—to zero, says Witteveen.
Understanding where one tier begins and another ends is one way to inform a disaster recovery strat-egy. But with many systems now relying on other systems, those distinctions become harder to make.
“With the Salesforce system talking to the finance sys-tem, which is talking to the manufacturing system, for example—everything is so much more integrated,” says Witteveen. “It’s much more difficult for clients to articulate those tiers.”
He explains, “So, if you have tier one up in 15 min-utes, but it is requiring data from tier 2 and tier 3 to work properly because it’s so tightly integrated, that means your entire environment needs to be up in 15 minutes.”
Companies are really struggling with this chal-lenge. “This is a much larger environment than they’re used to dealing with,” Witteveen adds. “It’s three or four times larger.”
5 years ago: <4 hours 24-72 hours > 72 hours now: 0 <4 hours 24-72 hours
Figure 1 Time to recover
Needs to be up and running
quickly for the business to function
1
Is less important and can
wait longer
2
Who cares? We can
wait.
3
T i e r
Understanding where one
tier begins and another ends
is one way to inform a disaster
recovery strategy.
8 | The Big BANg
The data universe is about to expand at an even faster rate. For decades, data manage-ment was based on a somewhat static system of record—the records a company needs to keep about its customers, employees, suppliers, for compliance or for any other rea-son. Now, most enterprises are pouring creative energy and tech investment into systems of engagement—a dynamic, customized interface with customers, patients, marketers and the rest of the world. geoffrey Moore, author and partner at Mohr Davidow Ventures, describes this shift as moving from business process to personal communication.
sysTems of engagemenT
SIDebar 1
CopyrighT © 2014 Forbes InsIghts | 9
Whether it’s a retailer pushing an instant offer on a shop-per’s smartphone or a medical device that alerts a loved one in another city if the wearer is having a problem, companies and their products are moving to a new level of engagement made possible by the advent of mobile technology, as well as the analytics, data centers and cloud technologies that will underpin these systems. put simply, mobility allows for greater engagement; cloud is what makes it work. But the reality is far more complex. providing a continuous and attractive system of engage-ment means a lot of technology has to work seamlessly and instantly, says iBM’s guihard-Joly.
“Most consumers have shown they are okay with providing some personal data in exchange for a customized service,” she says. “ideally, a company has to make sure it can keep that data safe, and then it has to provide its customization within seconds. All of this is pretty new, and it’s growing fast.” The ability to rent the infrastructure in the cloud means even a small company can engineer a very appeal-ing system of engagement. “That is why we continue to invest heavily in cloud solutions and services like Soft-Layer® that come with security and resiliency features.”
To make this work, a business needs to get resiliency right, because that’s how it’s going to capture and use the data with which it is entrusted. “From our point of view, we see the systems of record living in a private cloud for most companies,” says guihard-Joly. “But systems of engage-ment will move to a hybrid cloud, or a semi-public cloud, depending on the business, and will more and more use mobile devices. For both, we need security by design and also resiliency by design.” With the internet of Things, even a small disruption could have a big impact on a user’s privacy or physical security—and the reputation of its provider. “When you want to grab all the new business opportunities generated by big data and analytics, cloud, mobility and social media, it is more important than ever to consider resiliency as a real competitive advantage and not as the old view of a necessary cost,” she adds.
“Most consumers have shown
they are okay with providing some
personal data in exchange for a
customized service.”
— Laurence Guihard-Joly general Manager, iBM global Technology Services
There is another question that IT and business continuity
professionals need to ask themselves, says Witteveen:
“If there is a major problem, how can I be responsible
for the recovery side and fixing the production side at
the same time?” If all hands are working on recovery, it
follows that it’s going to take longer to solve whatever
caused the problem in the first place. “If you look at an
internal recovery, if your team is focused on the resiliency
side, they’re not focused on fixing the production side,”
he says. “They can’t do both at the same time with the
same resources.”
10 | The Big BANg
whaT can cloud do for you when iT comes To recovery, securiTy and compliance?
The cloud can provide
not only iT
services and
infrastructure
but also security.
CopyrighT © 2014 Forbes InsIghts | 11
ut with the functionalities now available in the cloud, “you can declare and be recov-ered in minutes, so your IT team can focus on fixing the problem,” says Witteveen. Say it takes 30 minutes to fix. That immediate
backup to a recovery system would save a company a half an hour of productivity and sales.
The considerations are even more straightforward in a natural disaster, when the people an enter-prise needs to restore systems are also living through the disaster. “We saw that with Hurricane Irene and Superstorm Sandy,” says Witteveen. “People didn’t show up to work because they were too worried about their kids and their house.”
What’s more, for any enterprise that relied on a third party for tape backup—the companies that pick up tapes every day and store them in their vaults—those companies weren’t able to transport any data because roads were impassable and driving was restricted by law. “Customers weren’t able to get the data to their recovery centers,” says Witteveen. A well-planned cloud strategy could avoid those delays.
Security is another consideration. Some cloud resources are actually more secure than on-premises IT systems, especially for small to midsize companies, says Larry Ponemon, chairman and founder, Ponemon Institute. “SMEs don’t necessarily have the resources to
secure their data on premises. The cloud can provide not only IT services and infrastructure but also security.
“Five years ago, a small company would be out of business because of the cost of running security intel-ligence technology,” he says. “Now instead of buying security intelligence technology, you can rent it.” Same with encryption, he says. “You can rent the technology.”
“The cloud can be very secure,” Ponemon adds. “Certain vendors use security as a premium. It’s not just about the convenience of the cloud, it’s better secu-rity and encryption technology.”
Compliance issues are something that Allen Downs hears about often when he visits clients around the world. Many regulators are beginning to insist that certain data stays within national borders, particularly after some cloud providers moved data centers over-seas without informing their clients. “The proximity of where their data resides is a concern,” he notes. “We’ve addressed that by providing private, regionalized dedi-cated cloud infrastructure.”
Guihard-Joly points out that most governments and regulators are becoming more demanding, in particular for public sector, healthcare and financial institutions. “It used to be that two sites—one production and one backup—were enough. It’s now a regulation in many markets that you must run a third site in a different region so data is protected and can be recovered.”
“The cloud can be very secure. Certain vendors use security as a
premium. It’s not just about the convenience of the cloud, it’s better
security and encryption technology.”
— Larry Ponemon Chairman and Founder, ponemon institute
12 | The Big BANg
even as more data and more workloads move to the cloud, many iT and security practitioners express a stunning lack of confidence in their cloud providers. in a recent survey conducted by ponemon institute, less than a third thought they would be notified if there were a data breach that resulted in the theft of customer data, confidential business information or intellectual property (Fig. 2).
do you know where your daTa is?
SIDebar 2
CopyrighT © 2014 Forbes InsIghts | 13
The same paper finds that certain activities increase the cost of a breach when customer data is lost or stolen. Stor-ing sensitive or confidential customer information in the cloud can cause the most costly breaches, for example. Likewise, when a cloud service provider expands opera-tions too quickly and experiences financial difficulties, its clients may end up paying the price.
“When people sign up for cloud, they often don’t realize they are signing up for an integrated partnership,” says Wit-teveen, “and just like any other partnership, things can go south.” in fact, many cloud providers can make it difficult to remove data from their service, especially if they are in dire financial or legal straits. This is by design; the more a cus-tomer must rely on a provider’s cloud, the stickier its service.
There is also the question of accessibility when moving to the cloud. human error, power outages and hacking can take down any iT system, and cloud-based services are no different.
“Just because it’s in the cloud doesn’t mean your data is protected, and it doesn’t mean you are covered from a resiliency perspective,” says Witteveen. Service level agreements (SLAs) that promise, say, 99% availability might be a nice selling point, but they’re no substitute for having a plan in the event of a cloud outage. “Violating an SLA will carry a financial penalty for the cloud provider, but if they’re down for eight hours, that financial penalty
is nothing compared to what some of their customers are going to lose in terms of reputation and earnings,” he says.
Many companies are running production in the cloud without ever stopping to ask: “What are we doing to pro-tect ourselves?” says Witteveen. Some are learning the hard way that they need to adopt the same resiliency policies with the cloud as they do in traditional iT. “you need to have a recovery strategy if your cloud provider is down,” he adds.
Cloud users are becoming more savvy about what they are signing up for now, after a series of outages and data loss nightmares in recent years. Many thought data pro-tection was all part of the service, without realizing it usu-ally costs extra. Some did pay extra, but if the same cloud provider didn’t run its own redundant servers, that pro-tection wasn’t worth much.
how can companies better protect themselves? Wit-teveen has some advice: “you could make sure the data in your subset environment is replicated back to your primary data center. So you still have production in the cloud, but you use your own center for recovery. or,” he adds, “you can run recovery from one cloud service pro-vider to another. it could even be within the same service provider as long as you feel you have enough comfort that you have geographic protection, business protection and network protection.”
The cloud service providers used by my organization would notify us immediately if they had a data breach involving the loss or theft of our intellectual property or business confidential information.
The cloud service providers used by my organization would notify us immediately if they had a data breach involving the loss or theft of our customer data.
Figure 2 How companies rate the practices of cloud service providers
My organization’s cloud service providers are in full
compliance with privacy and data protection regulations
and laws.
My organization’s cloud service providers utilize enabling security
technologies to protect and secure sensitive and/or
confidential information.
Source: ponemon institute
CLouD ServICe ProvIDerS
28%agree
29%agree
36%agree
31%agree
14 | The Big BANg
Companies are being pitched a confusing variety of cloud
solutions for data backup and disaster recovery. Startups
are pitching faster and cheaper options. Data center and
co-location providers are moving up the value chain by
layering on disaster recovery services. Carriers, as well,
are jumping in, because not only does upselling disaster
recovery leverage business opportunities with existing
clients, but the more clients turn to the cloud, the more
bandwidth they consume. Virtual machine providers are
pushing clients to back up their virtual machines with more
virtual machines in the same cloud.
when is iT Time To consider consulTing as a way To improve resiliency?
“Our approach is not so much about the technology; it’s about
solving for the resiliency layer.”
— allen Downs Vice president, Consulting & Sales, iBM global Technology Services
Companies are
being pitched a
confusing variety of cloud
solutions for data
backup and
disaster recovery.
CopyrighT © 2014 Forbes InsIghts | 15
ny one of these clouds could be part of a well-designed resil-iency strategy. But without a plan and the talent to imple-ment that plan, much of
what’s being touted is little more than a bare-metal data dump.
“You see a lot of technical point solu-tions,” says Downs. But it’s hard to know which solution is best without taking a step back. “Disaster recovery is about more than just providing the facility and recov-ering the data,” he explains. “There is the whole aspect of ensuring that the processes are there to ensure the skills are available and that someone knows how to run production in these alternate worksites with these alternate workloads.
“Our approach is not so much about the technol-ogy; it’s about solving for the resiliency layer. How can we ensure a very fast recovery time?” he explains. “Then, we can talk about what technology will best achieve that outcome.” For most enterprises, system architectures are set up with the primary purpose of running efficiently. “Resilience was secondary, an afterthought, something you were required to have but hoped you wouldn’t need,” says Downs.
But in the always-on world, it’s got to be instant. “Now, as we redesign, we can think about how to build in resiliency at the facility layer, at the IT layer, even at the application layer,” he says. That’s why IBM always starts with a broad consultation to help clients understand their risk posture in day-to-day operations and help them to manage risk as they employ their own strategy, whether it’s a strategy of expansion through new markets, new routes to market or new products.
“Many of our clients are between a rock and a hard place,” Downs observes. “There has been a great shift to automation to drive costs down. They’ve had this great shift to optimize business processes, and that leads to increased efficiency, but with that has come a much higher concentration of risk on a smaller environ-ment,” he says, “and the loss of skills as more processes
are automated.” Many enterprises may not realize how much automation and the loss of skills has changed their resiliency posture, he cautions.
Then there is a creeping concentration of geo-graphic risk faced by many companies. “Our clients keep consolidating and integrating their operations,” says Guihard-Joly. “It means there are fewer locations doing more work. When you concentrate, you may have higher exposure on a single location, and you need to think about new ways of building resiliency for this location.”
IBM always starts with a broad
consultation to help clients
understand their risk posture in
day-to-day operations and help
them to manage risk as they
employ their own strategy.
16 | The Big BANg
There is very fast provisioning now, thanks to the cloud, she adds. “Decisions have to be made faster: What do I protect? What are my critical applications? Where do I do that vis-a-vis regulations?”
Some of these decisions are being made piecemeal, but resiliency should extend to the whole enterprise. A recent survey, led by Ponemon Institute, of 2,300 pro-fessionals across 37 countries found that only 17% of enterprises had a business continuity plan in place and actually implemented. “I cannot sleep well, knowing that only 17% of our clients have a real plan they can execute,” says Guihard-Joly.
One way to address the increasing integration of systems, the decline of skills to run them and the concentration of risks is to employ predictive failure analysis, explains Witteveen. This involves under-standing the risks associated with specific actions and having an environment in place ready for that failure.
Some of the longest outages happen for the sim-plest reasons—human error or a software upgrade, for example. “Things are so integrated now that you can’t possibly do enough testing,” says Witteveen. “You miss one line of code and you forget to test one subsystem and you can take down the whole environment.”
Understanding how something as routine as a software upgrade can affect risk and being ready to automate a resiliency program when that risk occurs could minimize the effect of an outage or even prevent one from rippling through an entire system. “It’s going to be about zero impact,” says Witteveen.
A recent survey, led by Ponemon Institute,
of 2,300 professionals across 37 countries found that only
17% of enterprises had a business continuity plan in place
and actually implemented.
CopyrighT © 2014 Forbes InsIghts | 17
No amount of planning can cover every contingency,
but business continuity professionals can help by asking
the right questions and assessing risks and implications,
says Larry Ponemon. “They can model what-if scenarios,
for example.”
Business conTinuiTy and securiTy— a marriage made in heaven
There is no question a data breach can be expensive—as much
as $359 for every compromised record.
— 2014 Ponemon Institute Survey
18 | The Big BANg
Take the case of a data breach. There is no question a breach can be expensive—as much as $359 for every compromised record, according to a 2014 Ponemon Institute survey. But organizations can
mitigate the damage by maintaining a strong secu-rity posture. The same survey found better-prepared companies saved an average of $14 per record breach. Having an incident response plan and business conti-nuity involvement saved even more (Figs. 3 and 4).
Incident response is also important. CISOs are very good at security, says Ponemon, but they aren’t necessarily good at communicating in the midst of a disaster. “So many times you see the CISO or someone from the IT department fumbling in public, trying to explain what went wrong while the disaster recovery team is watching from the sidelines,” says Ponemon.
Why should a security breach be treated any dif-ferently than a fire or a product recall or any other disaster, he asks. “The disaster recovery and commu-nications teams are already well trained to respond in these situations.”
Factors that lower the cost of a data breach*
Figure 4
*Cost savings are per record.
Source: 2014 Cost of Data Breach Study: global Analysis ponemon institute, sponsored by iBM
Strong security posture
Incident response plan
Business continuity involvement
CISO appointed
$12.77
$14.14
$8.98
$6.59
The cost per record of a data breach can be staggering
Healthcare
Education
Pharmaceutical
Consumer
Energy
Financial
Hospitality
Retail
$359
$294
$227
$127
$155
$141
$122
$105
Source: 2014 Cost of Data Breach Study: global Analysis ponemon institute, sponsored by iBM
Figure 3
CopyrighT © 2014 Forbes InsIghts | 19
acknowledgmenTsiBM and Forbes insights would like to thank the following executives and experts for sharing their time and expertise:
Allen Downs, Vice president, Consulting & Sales, iBM global Technology Services
Laurence guihard-Joly, general Manager, iBM global Technology Services
Larry Ponemon, Chairman and Founder, ponemon institute
Dr. Paul robertson, Director, Business resilience, pricewaterhouseCoopers
Daniel Witteveen, Director, iBM Cloud Managed Backup and Data Virtualization
conclusion
“The cloud is neutral,” says Ponemon. “It’s not better or worse; it’s not less secure or more secure; it’s what you do in the cloud that matters.” That’s where business continuity management is so inte-gral to making sure the cloud resources that a company uses are, in fact, safe and secure, and ultimately helping the organization
achieve its mission. Putting a workload in the cloud doesn’t solve the resiliency ques-tion. Every enterprise must still decide what to protect and how to protect it.
The bottom line: resiliency can be a competitive advantage, not merely a techni-cal solution with a cost. The cloud enables a broader set of companies to consider a broader set of applications to grow their businesses in the expanding data universe.
20 | The Big BANg
more on resiliency services from iBm
ore than ever, business resilience is becoming a competitive advantage, allowing you to seize new markets and opportunities, and to keep your clients and employees happy and safe. However, accomplishing all the tasks involved in a holistic resiliency program can be a challenging pro-cess, requiring significant capital investment and specialized IT skills and
expertise. Many organizations find they can implement these solutions more confi-dently and more cost-effectively by contracting with a trusted third-party partner.
IBM can help you better address today’s complex threat landscape. As a com-pany, we specialize in resiliency innovation. IBM has more than 50 years’ experience in business continuity and resilience, and currently serves more than 9,000 resiliency and continuity clients. In the last decade, we have spent more than US$133 billion on research and development. More than US$30 billion has been invested in data technol-ogies alone. We offer a full cloud portfolio, and we couple cloud resilience with more than 150 physical resiliency centers worldwide. We employ more than 2,000 resiliency professionals to assess, design, develop, implement and manage resiliency programs.
Our broad services portfolio utilizes the latest technologies to help you improve resiliency by providing virtually always-available data, applications and server envi-ronments. Our solutions allow you to service your customers during unexpected circumstances, protect your brand, improve your ability to respond to market oppor-tunities and challenges, and engender confidence and loyalty in your partners and members of your supply chain. Perhaps most important, our solutions can help you speed recovery from an unplanned outage.
Like the threat landscape itself, the marketplace for resiliency partners is evolving. We know you have a choice.
Consider choosing IBM.
www.ibm.com/services/continuity
aBouT forBes insighTsForbes Insights is the strategic research and thought leadership practice of Forbes Media, publisher of Forbes magazine and Forbes.com, whose combined media properties reach nearly 50 million business decision makers worldwide on a monthly basis. Taking advantage of a proprietary database of senior-level executives in the Forbes community, Forbes Insights conducts research on a host of topics of interest to C-level executives, senior marketing professionals, small business owners and those who aspire to positions of leadership, as well as providing deep insights into issues and trends surrounding wealth creation and wealth management.
bruce rogers chief insighTs officer
brenna Sniderman senior direcTor
Kasia Moreno ediTorial direcTor
brian McLeod commercial direcTor
Matthew Muszala manager
Lawrence bowden manager, emea
Deborah orr reporT AUThor
Kari Pagnano designer
60 Fifth Avenue, New York, NY 10011 | 212.366.8890 | www.forbes.com/forbesinsights