Managing Risk
Achieving Security and Resiliency with IBM Theodor Stanescu Dennis van Hees April, 28th 2010
Š 2010 IBM Corporation
Agenda
Why does business resilience matter? How to identify risks to your business How can IBM help? Why IBM?
2
© 2010 IBM Corporation
71%
Percent of CIOs that rank risk one of their top 3 business priorities
54% 500+
3
Growth in annual storage shipments to meet explosion of data
Percent increase seen last year in Web links that can harm your company
Š 2010 IBM Corporation
Resilience optimization is balancing the financial impact of risk and the solution cost. Resilience
Optimization (general)
… rapidly adapt and respond to risks, as well as opportunities, in order to maintain continuous business operations, be a more trusted partner, and enable growth.
“… an act, process, or methodology of making something (as a design, system, or decision) as fully perfect, functional, or effective as possible”
(IBM BCRS Organization)
(Merriam – Webster Online Dictionary)
Resilience optimization (RO) “An approach to helping a business find, attain and sustain an appropriate balance between the costs of providing resilience and the business value of that resilience” (IBM Business Continuity and Resiliency Organization)
4
© 2010 IBM Corporation
And … the world is riskier than it used to be.
Changing environment
More complex regulations
Expanding risk exposures
Changing industry and regulatory standards
Increased global and regional
Geographic dispersal requirements
Interdependencies
Varying regulations per country
Supply chain disruption
Heightened impact of business disruption
Impact of coping with the financial turmoil
Greater financial implications of downtime
Loss of critical personnel
Brand vulnerabilities
Loss of key knowledge
Data integrity requirements
Reduction in attention to significance of risk Reduction in testing recovery plans
Disaster recovery and business continuance can be one of the top IT spending priorities for many businesses.
5
© 2010 IBM Corporation
While reducing costs is essential in today's economic climate, it’s also essential to not unknowingly take on too much risk. Smart is: “The right risk at the right price” Understanding the potential loss associated with the level of risk being assumed Understanding the costs associated with the mitigation solutions employed to deal with the selected level of risk Selecting the mitigation solutions consistent with the level of potential loss Selecting the optimum architecture for the mitigation solutions Optimized resilience can help reduce costs to the business
6
Loss avoidance High risk capital allocation position Maintain credit rating Fine and penalty avoidance Maintain customer confidence Maintain social responsibility Cost avoidance
Resilience optimization Total costs associated with risk and mitigation
Potential risk cost elements
Types of mitigation solutions
Higher
IT resilience architecture IT service delivery topology
Optimum resilience risk balance Costs resulting from risk loss events
Lower
People and processes Work place strategy Costs of all mitigation solutions employed
Level of resilience
Data and information protection Regulatory compliance
Higher © 2010 IBM Corporation
Business resiliency can provide near-term cost efficiencies as well as strong, long-term returns on investment. The right business resiliency strategy can help you: Mitigate risk – Avoid the costs of downtime, brand damage and market share lost to competitors, and reduce the financial impact from business disruptions
Protect brand and revenue – Properly assessing the threats to your IT infrastructure, their potential business impact and your tolerance for risk can help you plan a realistic strategy
Protect capital – Analyzing cost tradeoffs can help you avoid unnecessary investment
Reduce costs – Resiliency solutions can help protect you from failed restores and lost data
Improve service – You can better align a resilient infrastructure to the needs of your business to maintain service level agreements based on your tolerance for risk
7
© 2010 IBM Corporation
Not all risks are created equal‌
Frequent
Frequency of occurrences per year
Data driven Viruses Worms
Data corruption Disk failures
Business driven
Long term preservation
Data growth System availability failures
Application outages
Audits Network problems New products Regulatory compliance
Governance
Event driven
Failure to meet industry standards
Terrorism/civil unrest
Marketing campaigns
Natural disasters
Infrequent
Workplace inaccessibility Regional power failures
Mergers and acquisitions
Building fires Pandemics
Low
Consequences (single occurrence loss) in dollars per occurrence
High
Source: IBM
8
Š 2010 IBM Corporation
Once risks are understood, an appropriate resilience strategy can be developed.
Accept
9
Mitigate
Transfer
Accept the risk
Mitigate the risk
Transfer the risk
An exposure is deemed acceptable to the business
Strategy required and implemented to reduce risks
When it is more cost-effective to transfer to another entity (such as insurance, leaseback or outsource)
Š 2010 IBM Corporation
We can help you realize significant financial impacts and improvements in recovery service-level performance. IBM Resiliency Consulting Services
Helps identify, quantify, and prioritize business and IT risks, then develop strategies and implement designs to address those risks
Advisory
Helps balance workloads and reduce application, data and system loss
10
IBM Managed Resiliency Services
IBM Infrastructure Recovery Services
Proactive
Reactive Responsive
Helps eliminate the impact of disruptive events with IT and work area recovery
Š 2010 IBM Corporation
IBM Business Continuity and Resiliency Services provide end-to-end, comprehensive solutions to help keep your business operating.
LEVEL OF ENGAGEMENT
IBM Managed Resiliency Services
IBM Infrastructure Recovery Services
EL V LE
OF
S RE
N IE IL
CY
IBM Resiliency Consulting Services
ADVISE
RECOVER
MANAGE
SERVICES CONTINUUM
11
Š 2010 IBM Corporation
We help globally deliver resilience solutions through resiliency centers and delivery and consulting experts around the globe. Our depth and breadth of resources include: A unique infrastructure and skill set designed for flexibility and responsiveness in a disaster situation, from simple to complex environments Support for over 12,000 clients with over 15,000 contracts A business model based on risk and syndication of resource at a machine level Options for dedicated or limited shared resource Successful support for over 750 client recoveries.
12
© 2010 IBM Corporation
IBM’s Global Delivery model includes the following elements to meet our clients’ requirements and mitigate risks: Flexible delivery alternatives in each location
Parallel and faster ramp-up, delivering savings more quickly
Multisite solution spanning multiple time zones, allowing “follow the sun” without a night shift:
Access to the world’s largest experienced services skill pool, with extensive industry and technology expertise, in 173 countries worldwide
– 24x7 support for mission-critical applications and enabling infrastructure – 24x7 testing for applications that need to quickly move into production – Work-day overlap between countries
Multisite solution in different economic zones, helping mitigate the effects of: – Wage inflation – Currency risk
Access to the world’s largest business consulting and research organization Multilanguage support with native speakers across the globe (English, French, Dutch, Portuguese, Spanish, Chinese, etc.)
– Political and economic uncertainty
13
© 2010 IBM Corporation
IBM’s global network of business process outsourcing and transformation delivery centers meets clients’ diverse, growing needs
Krakow Stockholm Rotterdam
Markham Toronto
Edmonton
Montreal Greenock Newcastle upon Tyne St. John
Dublin Dalian
Paris Bratislava Endicott Lisbon Lexington Durham Budapest Greenville Athens Atlanta Nashville
Calgary Lenexa Tulsa Dallas Houston
Tokyo Okinawa Shanghai Calcutta
Costa Rica Bogotá
Chandigarh Bangalore
Finance and administration
Manila
Pune
Delhi/Mumbai
Brisbane
Procurement Human resources Customer relationship management
Hortolandia Buenos Aires
Industry-specific In plan
14
© 2010 IBM Corporation
IBM delivers application services seamlessly through delivery centers leveraging IBM’s infrastructure, processes, tools and skilled resources
Eastern European sites Vilnius (Lithuania) Bucharest (Romania) Prague (Czech Republic) Szekesfehervar (Hungary)
Edmonton Calgary
China sites Dalian Shanghai Shenzhen
Barcelona
Vancouver Toronto
Madrid
Guadalajara Mexico City San Jose Caracas Lima
Hanoi
India sites Bangalore Pune Kolkata Chennai Hyderabad Delhi/Gurgaon
Brazil sites Hortolandia Sao Paulo Sao Salvadore Rio de Janeiro Nova Lima
Tokyo
Ho Chi Minh Metro Manila
Brisbane
Asuncion Johannesburg Strategic Regional
Montevideo Buenos Aires Martinez
Capetown
Sydney
Perth Adelaide Ballarat Melbourne
Canberra
Application Services Global Delivery Center (GDC)
15
Š 2010 IBM Corporation
IBM delivers high-quality infrastructure services to our clients from four hub countries - chosen because they optimize cost, skills, consistency of methodology and cross-functional delivery support
China sites Shanghai Dalian Shenzhen Brazil sites Hortolandia Sao Paulo Rio de Janeiro
16
Argentina sites Martinez Catalinas Urquiza
India sites Bangalore Pune Delhi Gurgaon Hyderabad
Š 2010 IBM Corporation
Each region also supports a network of global and regional infrastructure delivery sites for the flexibility that clients expect North America sites United States Atlanta (2) Ashburn Boulder Chicago Columbus Dallas Lexington Los Angeles Miami
Newark Poughkeepsie Raleigh Rochester San Jose Secaucus Southbury Sterling St. Louis
Canada Calgary Toronto Montreal Copenhagen Brno Dublin
Europe sites Mechelen/Nossegem Montpelier Milan (2) Ehningen Frankfurt Kista/Solna Winterthur Portsmouth/The Nest Warwick
London Paris Madrid Lisbon
Sterling Forest Gaithersburg
Shenzhen India sites Bangalore Chennai Hyderabad
Turin Szekesfehervar
Mexico City
Caracas
Seoul Tokyo Shanghai Taipei Hong Kong
Dubai
BogotĂĄ
Japan sites Haga Sagmino Kawasaki Makuhari Nanko Mitaka Mihama
Singapore Service Delivery Center e-business Hosting Services (e-bHS) Business Continuity and Recovery Services (BCRS) EMEA Regional Global Delivery Center (GDC) Global Delivery Center
17
Santiago Hortolandia
Sydney
Sao Paulo Montevideo Buenos Aires
Johannesburg
Ballarat Melbourne Canberra Auckland Wellington
Š 2010 IBM Corporation
Business resilience from IBM: helping you reduce risk and optimize opportunities.
A golf association protects over 500 gigabytes of missioncritical data every day via cloud computing using our business continuity and resiliency services; this includes over four million membership records and more than 150,000 daily e-mails.
A leading UK-based metals trading exchange worked with IBM to design and deploy a fully dedicated, supplemental trading facility capable of 100 percent business continuity as a work area recovery site, saving the firm millions of dollars in trading losses and downtime costs in the event of a disaster.
18
Š 2010 IBM Corporation
Business resilience from IBM: helping you reduce risk and optimize opportunities. (continued)
A European healthcare company was able to cut recovery times down to 10-20 minutes and ensure near around-theclock availability by leveraging business continuity and resiliency services from IBM.
We helped the Austrian government determine the potential business impact of a three-day outage (which was assessed at $US332,813) and then implemented the right resiliency plan to help avoid an outage.
19
Š 2010 IBM Corporation
Why IBM: We leverage extensive, global experience.
Our unparalleled experience includes: More than 40 years of business continuity and disaster recovery experience. More than a decade of successful customer recoveries and crisis management experience. More than 10,000 disaster recovery clients. More than 3,400 information protection clients with over 42 petabytes of data under management.
20
© 2010 IBM Corporation
Why IBM: We provide broad solution capabilities.
We can address your unique needs through: Our global resiliency centers, which are designed for multivendor environments, and provide support for more than 200 hardware and software vendors, including HP, Sun Microsystems, Cisco and our own IBM products. Proven business process and technology expertise to help you design and implement the right solution for your business.
21
© 2010 IBM Corporation
Thank you for your time today.
For more information, visit: ibm.com/services/continuity
Contact: Dennis van HEES, Business Development Executive E-mail: dtvanhees@sk.ibm.com Theodor STANESCU, Strategy and Architecture Services Manager E-mail: Theodor.Stanescu@ro.ibm.com
22
© 2010 IBM Corporation
Trademarks and notes
IBM Corporation 2010 IBM, the IBM logo, ibm.com, System i and System p are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with the appropriate symbol (® or ™), these symbols indicate US registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml Adobe, the Adobe logo, PostScript, the PostScript logo, Cell Broadband Engine, Intel, the Intel logo, Intel Inside, the Intel Inside logo, Intel Centrino, the Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, IT Infrastructure Library, ITIL, Java and all Java-based trademarks, Linux, Microsoft, Windows, Windows NT, the Windows logo, and UNIX are trademarks or service marks of others as described under “Special attributions” at: http://www.ibm.com/legal/copytrade.shtml#section-special Other company, product and service names may be trademarks or service marks of others. References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates.
BUP03005-USEN-03
23
© 2010 IBM Corporation