Beyond Business Continuity And Disaster Recovery The Paradigm
Beyond Business Continuity And Disaster Recovery The Paradigm Shift Mardecia Bell Ann Harris
History/Timeline 1997 Initiated with the administrative environment Mainframe environment recovery test 1999 Y 2 K - Business Continuity concept Acquired central repository software (LDRPS) 2001 Scheduled annual Mainframe recovery test Included communications & academic environment 2002 Expanded to include Enterprise Business Continuity/Disaster Recovery Planning 2004 Successful DR test of ERP systems 2005 Co-processing of production services began in Data Center II 2005 DR Unit created – restructured to Organizational Resilience in 2006
Organizational Resilience Unit The OR Unit was established to close the gaps in the Capability Maturity Model by using: • Industry standards and best practices • Auditing processes for resiliency • Promoting policies, rules and regulations
Business Resiliency is an enterprise-wide state of readiness including people, processes, information, facilities, and third-parties as well as technology to cope effectively with potentially disruptive events. (Financial Services Technology Consortium)
Business Resiliency Cont. ’d It is an enterprise's capability to respond rapidly to unforeseen change, even chaotic disruption. It is the ability to bounce back — and, in fact, to bounce forward — with speed, grace, determination and precision. (Gartner Research “The Five Principles of Organizational Resilience”)
The Paradigm Shift Disaster Recovery – – Static in nature Slow and dogmatic Reactionary Stationary work dependencies Organizational Resilience – – Flexible Rapid response High state of readiness Mobile work environments
Layers of Organizational Resilience
The Layers of Organizational Resilience • Strategy and Vision – What are the concerns? – What is the future direction/roadmap? – What does this mean for me? – What are the expected service levels?
The Layers of Organizational Resilience • Organization – Who should I turn to for help? – [Someone] should know about this? – Documented roles, responsibilities, accountability
The Layers of Organizational Resilience • Processes – Who knows how/why it was done that way? – Where is that manual? ? ? – What if the change happened here? – Do we have identified alternatives?
The Layers of Organizational Resilience • Applications and Data – Is the data secure/stable? – Is the application accessible remotely? – Is the application/data changed becoming unusable? – What’s the tolerance level in the event of a disruption? – Backups…
The Layers of Organizational Resilience • Technology – Is there a better way? • • Cheaper Safer More secure Market advised – Have threats or potential impacts changed? – Redundancy/Failover
Illustration of Various DR Deployments q Fault-tolerant cluster (file and print services) A Production B Configuration A Configuration B Production A Production q Co-processing and load-balancing (ERP) A Production q Distributed deployment (hosted systems) A Development A Production q Data replication (mainframe) Server Data
Enterprise Resource Planning (ERP) Deployment q Financial System (Version 8. 4) q Human Resources (Version 8. 8) q Student Information System (v 8. 9 under development) Campus Users DC II Batch Server Data Storage Area Network Web Server Application Server DB Server Batch Server
Summary and Future Steps DC I Novell Directory Services / Novell Email/Calendar Anti-SPAM File/Print, User Home Citrix DC II Novell Directory Services / Novell File/Print, User Home Citrix Backup/vaulting Hosted systems Active Directory / Windows Data Active Directory / Windows Infrastructure Storage Area Network Infrastructure Database Server Web Server ERP Web Email/Calendar Anti-SPAM ERP Application Development Server ERP DB Server Mainframe Server ERP Batch Database Server Web Server ERP Web ERP Application Data Storage Area Network Development Server ERP DB Server Mainframe Server ERP Batch
The Layers of Organizational Resilience • Facilities – What if I can’t get to my PC? • Can you perform your critical tasks remotely? • Are your critical applications hosted or local to your PC? – What if I can’t get to my office? • Are critical files accessible remotely? – Manuals – Procedures
Capability Maturity Model
Business Impact Analysis and Risk Summary Workshop Session I • Network failure • Fire (in data centers and/or offices) – Inability to access data centers and/or offices • • Extreme weather conditions Human errors Theft or malicious activities Lack of staff resources Corrupt data Vaulting damage or errors Regional disasters Flooding of datacenters and/or offices • Main Distribution Frame (MDF) fire and/or flood • Lack of equipment • Third-party network failure (i. e. Road. Runner down) • Hardware Failure • Software Failure • Network breaks (fiber and cable damage) • Physical access of data centers (keys, card readers) • Access to data in an emergency (maintenance of ACL's) • Security documentation
OR Resilience Chart Threat Assessment Strategy and Vision Organization Processes Applications and Data Technology Facilities Lack of uniform vision Lack of staff resources Human Errors Software Failure Network Failure/ Breaks Fire Defined SLA Lack of Communication Lack of Documentation Corrupt Data Hardware Failure Extreme Weather Vaulting damage Errors Lack of equipment Physical Access & Security Authentication During incident 3 rd Party Failure Data/Tele. Com Regional disasters Customer Value Flooding Theft/ Malicious Activities Access
Organizational Resiliency • The next step in DR/Business Continuity • To incorporate readiness and contingency in daily operations • To be ready to address any type of disruption at all times
Contact Ann S. Harris Assistant Director NC State University RMIS Organizational Resilience 919 -515 -9228 ann_harris@ncsu. edu
- Slides: 21