Datalink IT Resiliency Practice Operational Resilience DR’s Big Data Dilemma September 16, 2015 “The significant problems we face today cannot be solved at the same level of thinking we were at when we created them. ” - Albert Einstein Common Business Demands Common Business Demands Solutions We need a cloud strategy Determine if public or hybrid cloud is a possibility for the organization by using criteria from best practice Understand if my infrastructure costs are in-line with a hybrid or private cloud approach Develop Total Cost of Ownership Models for Private, Public and Hybrid Cloud to Determine Best-Fit Hosting options Where do I place a new workload? Develop a Decision Tool for New workload placement based on business requirements and other criteria provided by IT consumers Choosing a specific cloud architecture that suits the needs of the business Review various workload models and converged infrastructure options to determine optimal cloud architecture for the enterprise Proper handling and efficient resource utilization of new and existing workloads Determine which workloads are fit for Public or Private Cloud Difficulties in balancing workloads across various private or public cloud environments Develop a decision tool to determine which workloads are fit for migration to public cloud Protect the Company’s Data and keep all data secure Develop criteria to determine for mapping of Company workloads to strategic providers Develop a Service Provider Strategy for my Organization Determine which service providers meet the needs of the business and IT organizations requirements Agenda Reality check Why? - The role of Operational Resilience How? - Relationships & Governance What? - Things to do to set a solid foundation Why? The role of operational resilience Reality Check Key Challenges • Greater organizational complexity • Increasing dependence on technology • Growing number of products and channels • Increasing transaction volumes • Growing competition • More stringent regulatory landscape Performance Demands • Maintain operating and net margins • Maintain service levels • Minimize Business Disruption incidents • Minimize loss events • Maintain compliance with all regulations Operational Resilience Why do we manage it? Is it to comply with regulatory requirements? …to protect from failure? …to create value? How…? Relationships and Governance BCM Relationship Model • Executive Management • Business Strategy Direction • Security • Contractual Obligations (SLA’s) • ERM • Market Forces • Audit • Industry Trends BCM • Regulatory Landscape Partnership Functional Areas 10 What…? Things to do to set a solid foundation Regulatory Demands – SANS The SANS Institute was established in 1989 as a cooperative research and education organization. – ISO 27001 The ISO 27000 family of standards helps organizations keep information assets secure. – SAS 70 Statement on Auditing Standards (SAS) No. 70, Service Organizations, was a widely recognized auditing standard developed by the American Institute of Certified Public Accountants – FFIEC The Federal Financial Institutions Examination Council (FFIEC) was established on March 10, 1979, pursuant to title X of the Financial Institutions Regulatory and Interest Rate Control Act of 1978 (FIRA), Public Law 95-630. In 1989, title XI of the Financial Institutions Reform, Recovery and Enforcement Act of 1989 (FIRREA) established The Appraisal Subcommittee (ASC) within the Examination Council. Regulatory Demands continued – National Institute of Standards and Technology Founded in 1901 and now part of the U.S. Department of Commerce, NIST is one of the nation's oldest physical science laboratories. – FINRA FINRA is dedicated to investor protection and market integrity through effective and efficient regulation of the securities industry. – SOX Sarbanes–Oxley Act of 2002 also known as the "Public Company Accounting Reform and Investor Protection Act" (in the Senate) and "Corporate and Auditing Accountability and Responsibility Act" – HIPPA The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. – Consumer Privacy Bill of Rights Act of 2015 • Using this family of standards will help your organization manage information entrusted to your organization. Situation • Business requirements around data protection are not defined or are out dated • Backup architecture is out of date • Archival technology (tape) and methodology is not in use today • Customer backs up everything in their environment • Retention policy is non-existent or limited • Back up admins are overloaded managing the environment – Staff are reactive versus proactive – BURA reporting is time consuming with limited benefits • Back up costs are out of control Background and Objectives Customer’s IT organization need to validate their current Backup environment from a technical and operational perspective. Highlights would include: • Validate “Current” State with opportunities to improve backup governance and service standardization • Envision “Future” State based upon their business/backup/retention requirements and leverage industry “best practices” • Identify Gaps between “Current” and “Future” State • Back up, Recovery and Archive (BURA) • Establish a Roadmap/Timeline with ROI to Close Gaps BCM – Program Management Model 16 In summary… Putting it all together “Begin with the end in mind” - Do we know why? Business Alignment Governance Frameworks should be adapted to your organization’s needs, NOT the other way around Do we know how? KPI’s Regardless of the chosen framework, develop an integrated governance model - Do we know who? Start where you are and build from there - Do we have a defined road map? Foundation for Operational Resilience Measure and report - Have we defined KPI’s? Questions Paul Thomann Manager – IT Resiliency Practice Manager Paul.firstname.lastname@example.org 303.883.7034 Thank You!