disaster recovery strategic planning - amazon web … · disaster recovery strategic planning: ......

April 16‐18, 2012 • Talking Stick Resort • Scottsdale, Arizona

Disaster recovery strategic planning: How achievable will it be?

Prudence Marasigan Ernst & YoungAdvisory Services, Senior [email protected]

Amr AhmedErnst & YoungAdvisory Services, Executive [email protected]

of 13


Risk assessment Risk assessment (gap analysis)(gap analysis)

Continuity Continuity strategy strategy

developmentdevelopment

Strategy

Strategy

implem

entatio

n im

plem

entatio

n

Plans exercise Plans exercise and and

maintenancemaintenance

Business impact Business impact analysisanalysis

Dependency Dependency analysisanalysisRi

skRisk‐‐ based

based

Prioritization

Prioritization

Business Business process/apps process/apps identificationidentification

Resiliency touch points BCM program alignment and implementation

AssessAssessphasephase

(Risk(Riskbased based prioritization)prioritization)

Mitigation Mitigation phasephase(Progress (Progress

against plan)against plan)

Business resiliency objective

Business resiliency Business resiliency objective objective

Current technical capabilities

Current technical Current technical capabilities capabilities

Business continuity Business continuity drivendriven

IT DR drivenIT DR driven

Business continuity Business continuity and disaster and disaster recovery plansrecovery plans

Incident Incident response response

managementmanagement

Technical solution Technical solution acquisition and acquisition and implementationimplementation

of 13


What is to be recovered: People, business processes, application critical paths and technical services

How will it be recovered: Technology and technical solution options

Where will it be recovered: Technologies facilities (e.g., data center, data rooms), workplace and/or service provider(s)

When will it be planned: Execute short‐term and long‐term roadmap

How much it will cost:High‐level budget requirements

Disaster recovery strategy approachThe outcomes of the strategy may have more than one solution to fulfill an organization’s recovery and continuity in the face of a business disruption.

1

2

3

4

5

of 13


Sourcing alternatives

Technology constraintsTechnology constraints

Business strategy and impact

Business strategy and impact

Disaster recovery strategy

•High ‐level investment•Roadmap and timeline

Disaster recovery strategy

•High ‐level investment•Roadmap and timeline

Current strategy gaps Current strategy gaps

Total cost of ownershipTotal cost of ownership

Infrastructure strategy


Guiding principlesGuiding principles

People constraintsPeople

constraints

Technical dependencyTechnical

dependency • In‐source• Co‐location• Outsourcing

• Managed hosting• Cloud services

Enterprise riskEnterprise risk

Business constraintsBusiness

constraints

Disaster recovery strategy requisites

of 13


Business strategy and

impact

Business strategy and

impact



Technical dependencyTechnical

dependency

Enterprise riskEnterprise risk

Disaster recovery strategy requisites

Understand the business direction, criticality and prioritization, and the impact that would arise if a threat became an incident and caused a business disruption.

Identified all dependencies relevant to the critical business processes/applications, including the underlying infrastructure technology, operational resources and suppliers, and outsource partners

Align disaster recovery strategy options with current infrastructure technology strategy (i.e., use the organization’s existing cloud strategy as a disaster recovery options)

Determine the criteria for acceptable level of risk and statutory, regulatory and contractual duties

of 13


Disaster recovery strategy requisites Total cost of ownershipTotal cost of ownership

Guiding principlesGuiding principles

Business constraintsBusiness

constraintsTechnology constraintsTechnology constraints

People constraintsPeople

constraints

Issues and obstacles that will affect the future strategy development and disaster recovery (DR) architecture. For Example:the business’s or the country’s political establishment and/or regulation requires that the application and/or data be served from a specific location (e.g., state/providence, country, region) and/or by a specific sourcing service type (e.g., in‐house, co‐location, managed service)

• Guiding principles that provide a clear link to business and technical priorities and define leading practices for technologyarchitecture and implementation

• Current environment cost transparency

of 13


Disaster recovery sourcing options

Data center layerData center layer

Networking layerNetworking layer

Device layerDevice layer

Operating system layerOperating system layer

Application Infrastructure layer (tools layer)Application Infrastructure layer (tools layer)

Application layerApplication layer

Business process layerBusiness process layer

In‐house Co‐locationManaged hosting

IaaS/PaaS

SaaS Apps

Complete outsourcing

Client responsibility

Service provider responsibility

Layers/levels of hosting

Understand your alternative service delivery models:

of 13


>10 hours–3 days

>4–10 hours

<= 4 hours

>3 days–2 weeks

Level 2

Level 1

Level 3

Level 4

Time 0 of the outage

Time

Tolerance to service loss

Clusteringand geo‐diverse

Like‐or‐like and virtual servers

Re‐purpose dev/testing and vendor drop‐ship

Recovery time objective (RTO) solutions example

BIA categories Low (hours)

High (hours)

Vital service 0 24

Essential service >24 72

Important service >72 120

Supportive service >120 720

Disaster recovery levels

Vendor drop‐ship

Understand your disaster recovery solutions related to business impact results

of 13


>12 hours–24 hours

>1 hour–12 hours

<= 1 hour

>24 hours–72 hours

Level 2

Level 1

Level 3

Level 4

Last data backup and/or replication

Time

Tolerance to data loss

SYNC/ASYNC replication and VTL backup

VTL backup

VTL or tape

backups

BIA categories Low (hours)

High (hours)

Vital service 0 24

Essential service >24 72

Important service >72 120

Supportive service >120 720

Recovery point objective (RPO) solutions example

Disaster recovery levels

ASYNC replication and VTL backup

Understand your disaster recovery solutions related to business impact results

of 13


• Measure your current IT DR spending so you can effectively improve, manage and control your future DR strategy costs.

• Build and maintain an accurate inventory of hardware, software and appropriate licenses.

• Develop a TCO model that includes a combination of the following OPEX and CAPEX (recurring and non‐recurring) spending:

o Labor; plan, build, test and run

o Facilities, including in‐source or external data centers, data rooms and workspace

o Hardware, data network and other items are for hosting hardware and applications

Labo

rHardw

are

Facility

Data ne

twork

Others

Disaster recovery total cost of ownership (TCO)

of 13


Disaster recovery total cost of ownership (TCO)Comparative cost summary (in thousands) example:

of 13


Facility(e.g., power, space, hosting service)

Facility(e.g., power, space, hosting service)

Infrastructure foundation services

NetworkNetwork Active directoryActive

directory DNSDNS Core platform services (Systems/OS, storage)Core platform services (Systems/OS, storage)

Business applicationBusiness

application


application


application


application


application


application


application

Dependencies and sequence of applications recovery

Incident response plan

1

2

4

Disaster recovery strategy roadmap

1. Current facilities to accommodate DR requirements (e.g., space, power, Tier III) and/or address different sourcing options.

2. Infrastructure foundation services recovery capabilities such as networks, AD, DNS, authentication, etc.

3. Service applications and collaboration tools such as email, unified communications, etc.

4. Business application recovery based on criticality, priority, interdependencies, etc.

Develop the strategy implementation roadmap based on your current maturity to address:

Service applications and collaboration tools

MessagingMessaging Unified comm.Unified comm.

Team spacesTeam spaces 3

Desktop tools

Desktop tools

Mobile servicesMobile services

of 13


Thank You!

of 13

Ernst & YoungAssurance | Tax | Transactions | Advisory

About Ernst & YoungErnst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 152,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential.

Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit www.ey.com.

© 2012 EYGM Limited.. All Rights Reserved.

This publication contains information in summary form and is therefore intended for general guidance only. It is not intended to be a substitute for detailed research or the exercise of professional judgment. Neither EYGM Limited nor any other member of the global Ernst & Young organization can accept any responsibility for loss occasioned to any person acting or refraining from action as a result of any material in this publication. On any specific matter, reference should be made to the appropriate advisor. The opinions of third parties set out in this publication are not necessarily the opinions of the global Ernst & Young organization or its member firms. Moreover, they should be viewed in the context of the time they were expressed.

disaster recovery strategic planning - amazon web … · disaster recovery strategic planning: ......

Documents