Mijee Dirks, Executive Consultant, IBM Global Business Continuity and Resilience Services
24 March 2014
Keys to Resilience for Small and Medium Enterprises
BUP03031-USEN-03
© 2014 IBM Corporation
IBM Global Technology Services
Agenda
 Risks to Resilience
 IBM Resilience Framework
 Resilience Lifecycle
 Conclusion
2
© 2014 IBM Corporation
IBM Global Technology Services
Today’s businesses need to reduce expenses and manage risk
while maintaining continual availability to data and services.
Mobile in the
enterprise
90 percent
of organizations
will support
corporate
applications on
personal devices
by 20146
Increased
outage costs
Budgetary
constraints
38 percent
71 percent
Increased to
US$182 thousand
per hour in two
years from
2010-20122
of the average IT
budget is dedicated to
ongoing operations4
70 percent
of organizations
surveyed list this as
their primary
concern7
Innovation in
the cloud
Exploding
data growth
60 percent
40 zettabyte
of chief information
officers view cloud
computing as critical
to their plans5
Unplanned
IT outages
Aging
infrastructure
71 percent
of digital content in
2020, a 500 percent
increase from 20103
of data centers are
over 7 years old1
Essential CIO: Insights from the Global Chief Information Officer Study, May 2011, 2Aberdeen Group, “Datacenter Downtime: How Much Does it Really Cost?”, March 2012, 3IDC,
“Digital Universe Study”, June 2011, 4Based on IBM Research, 5McKinsey, “How IT is managing new demands”, 2011, 6Gartner predicts that by 2014, “90% of organizations will support
corporate applications on a personal devices.”, 7The Business Continuity Institute, Horizon Scan 2013 - Survey Report
1The
3
© 2014 IBM Corporation
IBM Global Technology Services
External threats are increasing globally, with economic losses from
all types of disasters escalating rapidly.
Winter storm
Andrea
Europe,
5-6 January
2012 natural catastrophes
Severe storms
USA, 28-29 April
Severe storms
USA, 28 June- 2 July
Cold wave
Eastern Europe, Jan- Feb
Floods
United
Kingdom,
21-27
November
Hailstorms, severe
storms
Canada, 12-14 August
Hurricane Sandy
USA, Caribbean 2431 August
Drought
USA, Summer
Hurricane Isaac
USA, Caribbean 2431 August
Cold wave
Afghanistan, Jan- March
Flash floods
Russia, 6-8 July
Floods
China, 21-24 July
Earthquakes
Italy,
20/29 May
Typhoon Haikui
China, 8-9 August
Earthquake
Iran, 11 August
Severe storms,
tornadoes
USA, 2-4 March
Floods
Pakistan,
3 -27September
Floods
Nigeria,
July- Oct
Earthquake
Mexico, 20
March
Typhoon Bopha
Philippines. 4-5
December
Floods, flash floods
Australia, Jan - Feb
Floods, hailstorms
South Africa,
20-21 October
Floods
Columbia,
March- June
Floods, flash floods
Australia, Feb - March
Number of events: 905
Geophysical events
(earthquake, tsunami, volcanic
activity)
Meteorological events
(storm)
Hydrological events
(floods, mass
movement)
Climatological events
(extreme temperature,
drought, wildfire)
Source: Münchener Rückversicherungs-Gesellschaft, Geo Risks Research, NatCatSERVICE, January 2013
4
© 2014 IBM Corporation
IBM Global Technology Services
The increasingly connected world has magnified the impact on every
aspect of life, including its disruptions.
BT resin shortage
Mobile circuit
production issue
Earthquake
and tsunami
Car parts shortage
WW impact to
car production
 90 percent of the worldwide (WW)
Bismaleimide-Triazine (BT) resin supply
stopped1
 World-wide car production was down by 2030 percent for some major auto
manufacturers during April and May2
 The percentage of visitors to Japan dropped
to 60 percent in April3
Nuclear plant explosion
Decreasing tourism
Volcano
Flight cancellation
 The Iceland volcanic eruption cost airlines
US$1.7 billion with more than 10 million
people affected4
Airlines discontinuation
Game site
attacked by hacker
Servers shut down
by human error
1Update:
Personal information
stolen
Platform outage
Class action lawsuit
Downstream service
provider disruption
 Personal information leaks have cost
millions of dollars, led to class action law
suits, and damaged corporate reputation
 Hosting provider service outages affect
Platform-as-a-Service (PaaS) and Software-asa-Service (SaaS) for other vendors
Analysts fear shortage of key resin, Dylan McGrath, 17 March 2011 2Japan's Earthquake and Tsunami Hit Parts Supplies, Motor Trend, June 2011 3Japan's tourism industry
recovering after the tsunami, BBC Business News, 6 October 2011 4Volcano Crisis Cost Airlines $1.7 Billion in Revenue - IATA Urges Measures to Mitigate Impact, IATA Pressroom, 21
April 2010
5
© 2014 IBM Corporation
IBM Global Technology Services
IBM’s Resilience Framework depicts a comprehensive view of an
Enterprise Resilience program.
Continuity
Availability
Recovery
Security
IBM Resilience Framework
Strategy and vision
Organization
Processes
Applications and data
Technology
Facilities
To deliver a total resilience program, the resilience capability of each layer must be optimized.
6
© 2014 IBM Corporation
IBM Global Technology Services
True resilience requires a lifecycle methodology to achieve
sustainable improvements.
Inputs:
Business
objectives,
goals,
priorities,
policies and
current
capabilities
Business
imperatives:
 IT risk
management
Evaluate
Deploy
Control
Outputs:
 Reputation
Operational risk
management
7
Design
Analyze
 Regulatory
compliance
 Corporate
governance
Define
Reduced risk,
improved
governance
and
facilitated
compliance
management
Monitor
Validate
© 2014 IBM Corporation
IBM Global Technology Services
To build a business resilience program, you must first assess your
potential risks, their impact and your ability to mitigate them.
Assess
 Analyze current and potential risks, and
establish a risk profile by location, line-ofbusiness function and business process.
 Determine impact of event: financial,
opportunity and reputation.
 Evaluate mitigation capabilities to develop
customized risk framework
 Identify areas for further analysis.
 Assess maturity of mitigation capabilities,
including basic, managed, predictive,
adaptive and resilient capabilities.
8
Diagnose risks to business
objectives and prescribe
appropriate actions to improve
business resilience.
© 2014 IBM Corporation
IBM Global Technology Services
Enterprise-wide risks need to be identified, prioritized and addressed
as you design and develop your business resilience programs.
Plan
 Set objectives for risk mitigation or
enhancement to help:
– Define the scope for the risk strategy.
– Select the risks that need to
be mitigated or enhanced
 Define strategic business continuity, disaster
recovery and crisis management plans to help
sustain critical operations in the event of a
disruption
 Design for business resilience:
– Business and financial justification
– Governance and authority and policies
– Systems management disciplines
– Physical and logical security
– Application and data
– Program execution
– Facilities
9
Improve your business resilience
with cost-optimized, IT resilience
architectures, plans, procedures
and strategies.
© 2014 IBM Corporation
IBM Global Technology Services
Validate IT recovery plans, procedures, and processes meet
business resilience requirements through appropriate testing.
Implement
 Choose resilient partners for your resilience
solutions, including data storage and Disaster
Recovery
 Deploy business resilience program:
– Implement resilience architecture,
processes, and organization structure
– Document resilience programs and train
key personnel
 Validate business resilience plans and
procedures
– Architect and execute tests of defined
resilience plans to help confirm they meet
specified objectives:
• Protection of critical information
• Recoverability of business functions
– Execute tests or perform walkthrough drills
to identify resilience plan weaknesses for
improvement and preparedness
10
Identify resilience plan issues and
gaps to be addressed before a
disruptive event occurs.
© 2014 IBM Corporation
IBM Global Technology Services
A centralized governance program is critical for managing and
maintaining a sustainable business resilience program.
Manage
 Monitor current conditions to detect
and respond to risks.
 Control negative risk while enhancing
positive risk.
 Maintain compliance with regulatory requirements
 Report on performance utilizing resilience dashboards
to demonstrate readiness and results of business
investment in resilience
Re-assess
 Perform periodic assessments to validate that
resilience plans still address business strategies and
risks
 Perform continuous improvement
11
Helps ensure a state of readiness to
respond to an outage event or a
market opportunity.
© 2014 IBM Corporation
IBM Global Technology Services
Conclusion
 Surviving in a competitive business environment requires continuous availability of IT
systems and data, even in the event of a disaster.
 Businesses can face revenue loss and erosion of customer trust if they fail to maintain
continuity while rapidly adapting and responding to risks and opportunities.
 You need to create, implement and manage a business resilience strategy that centers on
identifying and mitigating prioritized risks across your enterprise.
 It is critical to choose resilient partners as you implement your enterprise resilience strategy.
 IBM’s recommended lifecycle methodology helps you achieve more sustainable
improvements in business resilience, optimize cost and better manage risk and compliance.
12
© 2014 IBM Corporation
IBM Global Technology Services
Thank you for your time today.
For more information:
 IBM Resiliency Consulting Services
 IBM Business Continuity and Resiliency Services
Contact:
 IBM Taiwan BCRS Solution Sales Manager
Samuel Tsai
cytsai@tw.ibm.com
Tel :886-2-87239666
13
© 2014 IBM Corporation