Business Continuity and Resiliency Services Allen Downs Noviembre

Business Continuity and Resiliency Services Allen Downs Noviembre de 2011

Agenda § What is Resiliency? § Resiliency: The CIO perspective § Moving forward: Building a comprehensive business resilience strategy § Regional Event Learning's § IBM Approach to Client Resiliency 2

Business resilience refers to the ability of enterprises to adapt to a continuously changing business environment. Business resilience helps organizations maintain continuous operations and protect their market share in the face of disruptions such as natural or man-made disasters. It requires the engagement of everyone in the organization and often means a change in corporate culture to instill awareness of risk. Business resilience planning is distinguished from enterprise risk management (ERM) in that it is more likely to build capacity to seize opportunities created by unexpected events. 3

The world is riskier than it used to be Changing environment More complex regulations § Expanding risk exposures § Increased global and regional interdependencies § Supply chain disruption § Changing industry and regulatory standards § Geographic dispersal requirements § Varying regulations per country Impact of coping with the financial turmoil Heightened impact of business disruption § Loss of critical personnel § Loss of key knowledge § Reduction in attention to significance of risk § Reduction in testing recovery plans § Greater financial implications of downtime § Brand vulnerabilities § Data integrity requirements Disaster recovery and business continuity is one of the top IT spending priorities for many businesses. 4

The continuous flow of information is inseparable from the operational performance of the business The Facts § Information technology is often at the epicenter of how a firm interacts with its clients § Information technology is always a lever to produce highly efficient supply chains, operations and workflows § In combination, these two dynamics generate an explosive growth of managed data The Implications § Business resilience and information risk management are commonly on the agenda of the board of directors § Firms must assess: Are we compliant? Are we reliable? Can we be trusted? § Firms must decide how resilient they wish to be – contextualized in the availability, security and recoverability of their business operations § Firms must evaluate the extent to which competitive advantage or disadvantage is influenced by their chosen resilience standing 5

We see both risks and opportunities affecting firms business resilience needs Data driven Frequency of occurrences per year Viruses Frequent Worms 1, 000 100 Data corruption Disk failures Data growth System availability failures Long term preservation Application outages Audits Network problems New products 10 1 Regulatory compliance Governance Terrorism/civil unrest Regional power failures 1/1, 000 Building fires Mergers and acquisitions Pandemics 1/10, 000 Source: IBM Natural disasters Workplace inaccessibility 1/100, 000 Event driven Failure to meet industry standards Marketing campaigns 1/10 Infrequent Business driven US$1, 000 Low US$10, 000 US$100, 000 US$1, 000 US$10, 000 Consequences (single occurrence loss) in dollars per occurrence 6 US$100, 000 High

Agenda § What is Resiliency? § Resiliency: The CIO perspective § Moving forward: Building a comprehensive business resilience strategy § Regional Events Learnings § IBM Approach to Client Resiliency 7

Who cares about resiliency? 71 % of CIOs are concerned about risk management and compliance It takes 18 months for data generated to double in size Technology users expect 100% availability of their applications and their information 53% of organizations would experience significant revenue loss or other adverse business impact after 1 hour of downtime Source: Enterprise Strategy Group, April 2011 8

IT plays a critical role in developing resilience strategy IT plays a major part in building resilience Senior IT execs expected to play strong role in developing strategy Business resilience is joint responsibility of all C-level executives “My selling pitch to them (CEO and the board) is that a robust risk management capability is a competitive advantage. ” CIO collaborates with top IT strategists more frequently Risk contingency planning assigned to separate specialists IT function engaged in most decisions involving business risk Yousef Valine, Chief Risk Officer, First Horizon National Corporation CIO has overall responsibility for business resiliency strategy “IT is a big part of our risk management because nothing can be done without it these days. ” Business continuity seen as primarily IT issue Business resilience not seen as role of senior executives Kris Wiluan, CEO, KS Energy Services Limited Source: 2011 Q 7. Do you agree or disagree with the following statements regarding the roles of different players in your organization's risk management strategy? (Agree only. ) 9

IT responsibility will increase for information, business resilience, compliance, and business strategy Infrastructure (applications, networks, data) 45% Information 42% 45% Business resilience and continuity 40% 41% Compliance (reporting, auditing, etc. ) 35% 37% “The most important asset of our company (besides the employees) is the data residing in all our systems. ” Financial services, Western Europe 34% 36% Security 28% 31% Business strategy Financial (revenue, credit, cash flow, etc. ) Brand (customer service, marketing, etc. ) 57% 16% 19% 6% 10% Today Sources: 2010 Risk Study Q 11 (In what general areas of risk across your company do you feel you will be most involved within three years? Select up to three. ) In 3 years 10

Risk concerns for IT leaders span a range of issues In 2010 and 2011, IBM surveyed 560 IT managers and CIOs about how IT continuity was evolving. In the past 12 months, what kinds of risk issues has your company dealt with? 78% IT security Hardware and system malfunction 63% 50% Power failure 40% Physical security Theft 28% Product quality issues Federal compliance issues 22% 17% Natural disaster E-discovery requests Supply chain breakdown Terrorism activity “IT is a big part of our risk management because nothing can be done without it these days. ” 25% Kris Wiluan, CEO, KS Energy Services Limited 13% 11% 6% Source: 2010 IBM Global IT Risk Study: The evolving role of IT managers and CIOs 11

More companies are embracing the need for a well-crafted business resilience plan - and a risk management function. Agree Disagree Neither Well-crafted and communicated plan Agree Disagree Neither No formal plan, but plan to develop one Neither No formal risk management function “What we’re trying to do here is preserve our culture and make money at the same time, and managing risk is what that’s all about. ” Lee Garvin, Director, Risk Management, Jet. Blue 12 Study comparison: Only 30% of respondents in this year’s study indicated they had no formal risk management function, compared to 42% in the 2010 study Source: Q 1. Do you agree or disagree with the following statements regarding your organization’s IT risk management? Study comparison: 2010 IBM Global IT Risk Study 12

Agenda § What is Resiliency? § Resiliency: The CIO perspective § Moving forward: Building a comprehensive business resilience strategy § Regional Events Learnings § IBM Approach to Client Resiliency 13

Identifying the roadblocks: Silos and budgets can impede the adoption of a holistic approach to business resilience Lack of understanding about emerging technologies — 8% Lack of understanding about best practices — 9% Lack of buy-in from employees — 4% Silos within the organization — 28% Study comparison: 2010 top challenges Lack of C-level vision and commitment — 14% Implementing necessary procedures Securing budget Obtaining full risk picture from depts Inability to predict ROI from improvements — 17% Budget limitations — 20% Source: Q 10. What is the biggest single barrier to implementing a holistic approach to business resilience planning? 14 14

Leverage the findings of the IBM Global Business Resilience and Risk Study in your organization Recommendations “An effective business resilience plan will provide a robust foundation on which to build a long-lived competitive position supported by end-to-end risk management. ” § An integrated approach to business resilience and risk management offers a significant business opportunity for organizations of all sizes § Appointing a single individual with overall business resilience and risk management responsibility is essential to integration success § Input should be sought from throughout the enterprise — including employees and partners § Focus should be on the business impact and business opportunity. Recovery is a subset of the resiliency plan § Cloud technologies have matured significantly and now have the potential to deliver significant business resilience benefits § The newly integrated business resilience and risk management strategy can be levered to seize unexpected opportunities and deliver measurable business value 2011 IBM Global Business Resilience and Risk Study report 15

Agenda § What is Resiliency? § Resiliency: The CIO perspective § Moving forward: Building a comprehensive business resilience strategy § Regional Events Learning's § IBM Approach to Client Resiliency 16

Headline events often mobilize our clients to pause and reflect on their current IT resilience standing. . . 17 17

Lessons Learned from Regional Events § Events create other events … domino effect § Japan: earthquake => tsunami => nuclear plant damage => power problems => supply chain problems …… § Human issues § Will people be available? How about their families? Financial assistance? § Communications issues § Communicating with, supporting and mobilizing employees, customers and suppliers, the press and the public at large § Community issues § Fulfilling responsibilities to host communities § Infrastructure issues § Anticipating how roads, travel and power supplies might be affected § Vulnerability of sites § Business issues § Keeping business processes running § Managing insurance claims § Disaster plan currency § Keeping plans up to date and well tested § Availability of data and hardware To learn more about lessons learned from regional disasters, listen to the following webinar: http: //www-935. ibm. com/services/us/bcrs/html/web-seminar_hurricane-lessons-learned. html? &me=W&re=webseminars 18

Agenda § What is Resiliency? § Resiliency: The CIO perspective § Moving forward: Building a comprehensive business resilience strategy § Regional Events Learnings IBM Approach to Client Resiliency 19

The evolution of business resilience leads to new models and integration of emerging technologies § It’s a question of when new technology will come into the organization, not if § IT: proactive § Business: proactive § Recovery Time: seconds/always up Business Resiliency § IT: reactive Business: reactive § Recovery Time: minutes/hours § IT: reactive Business: none § Recovery Time: days/weeks Disaster Recovery Business Continuity Distributed Computing Cloud Computing § Hybrid model Centralized Computing § Mainframe model 20 § Virtualized model

A resilient framework helps identify risks, and allows the development of an enterprise resiliency roadmap Risk mitigation strategies Business driven Organization Processes Applications and Data Technology Business resilience Strategy Facilities 21 Data driven Event driven

IBM delivers unsurpassed geographic scope along with expertise of local, regional, and global needs/regulations § Over 160 data centers globally § 100 percent recovery for IBM clients who have declared a disaster (over 800) § More than 1, 875 professionals dedicated to business continuity and resiliency § More than 9, 000 disaster recovery clients § More than 10, 000 client rehearsals per year § More than 50 years experience helping clients with their backup and disaster recovery needs § Over 800 client declarations supported since 1989 § Scalable, end-to-end, cloud-based data backup and recovery solutions § Five million square feet of floor space for disaster recovery, with 40, 000 seats 22

A range of cloud-based solutions are available to meet the varied needs of mission- and business-critical applications Archive and Discovery Compliance Performance System and Data Mirroring System and Data Failover System and Data Backup and Restore Availability Retention 23

A range of cloud-based solutions are available to meet the varied needs of all critical applications Smart. Cloud Archive Managedand Archive Discovery Compliance Performance Smart. Cloud System and Application Data Resilience Mirroring Smart. Cloud Virtual System Server and Resiliency Data Failover Smart. Cloud System Managedand Backup Data Backup Smart. Cloud System and Managed Data Backup and Restore Availability Retention 24

IBM Smart. Cloud Managed Backup – comprehensive company-wide protection Client Data Center Acquisition Model Service Business Model Pay for use Access Model Internet Client PCs and Desktops Client Branch Offices 25 Technical Model Scalable, elastic, shareable

Recovery of virtualized or physical servers with continuous replication and imported media approach Physical and virtualized servers IBM Intranet NAS AIX® Windows® Web Portal Windows Linux® Linux No Replication Internet Authenticate Client environment Failover Failback Replication Dashboard Reports IBM BCRS 1 Recovery Center BCRS LAN SAN 2 Cloud Recovery Management System Recovery Servers Replication Servers BCRS SAN 1 BCRS – Business Continuity and Resiliency Services; 2 SAN – Storage area network 26

Customer Success Story: A large U. S. –based insurance company Smart. Cloud Managed Backup and Infrastructure Recovery Services Client Objectives • Client was experiencing pervasive failed backups, including “tape Solution Approach • Selected IBM BCRS for cloud-based data backup. The client recognized the value of the fully managed, security rich, cloud-based service which includes the requisite hardware, software, monitoring and management elements required to implement a reliable and repeatable data backup strategy outages” in the daily data backup routines implemented across four distributed sites and across an array of different IT platforms. Data was not adequately protected creating corporate exposure. • In addition, the client selected IBM BCRS Infrastructure Recovery Services to fully leverage the data backup and the hot-site disaster recovery infrastructure at IBM’s disaster recovery center. Client Benefits • Achieved predictable monthly costs without requiring any upfront capital expenditure. Simplified how client data and images reside at the disaster recovery center and can be seamlessly moved from “data vault” to recovery servers in the event of an outage emergency. 27

Business continuity and resiliency is about… § § § Protecting your enterprise Mitigating business and support issues Increasing your competitive advantage Protecting brand reputation Enabling seamless, continuous business transactions § Exploiting market opportunities 28

Más información § Escribanos a smart@ar. ibm. com 29