Upload
managed-networks
View
1.333
Download
0
Tags:
Embed Size (px)
Citation preview
Last updated 12/04/2023 Slide 1©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
Business Continuity PlanningWhat it isWhy you need itHow to do it
Last updated 12/04/2023 Slide 2©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
Agenda• View from 30,000 feet
• Scary facts
• This is not a technology problem
• How to go about it
• Why backup isn’t enough
• Technologies and approaches
Last updated 12/04/2023 Slide 3©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
The view from 30,000 feet
Business Continuity Planning...is about keeping your business running...by anticipating and preventing problems...by having planned responses to the incidents you can’t avoid
...is not just about technology
...is an ongoing process, not a one-off exercise
...needn’t be onerous, or expensive
...is required by FSA regulation
...features on public sector PQQs
...is increasingly part of your customers’ due-diligence
Last updated 12/04/2023 Slide 4©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
Scary facts90% of business that lose data from a disaster are forced to shut within 2 years
80% of business without a well structured recovery plan are forced to shut within 12 months of a flood or fire
43% of companies experiencing disasters never recover
a company experiencing a computer outage lasting longer than 10 days will never recover its full financial capacity
less than 50% of all organisations in the UK have a business continuity plan
43% of companies who have a business continuity plan do not test itannually to ensure that it works
one out of 500 data centres experience a severe disaster every year
58% of UK organisations were disrupted by September 11th withone in eight severely affected
83% of [London] SMEs have no written contingency plan
(sources: LCC, Gartner, BIS)
Last updated 12/04/2023 Slide 5©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
This is not just an IT issueThis is a management problem – get board support first!
BCP is about protecting your business
Most businesses are about people: staff, customers, suppliers
IT is an enabling technology; for most businesses, no staff = no business, even if the
technology is working
You must consider the business as a whole,
and integrate IT continuity as part of a larger plan
Think about travel restrictions, pandemics, strike risks…
Think about physical accommodation, paper records, contact info…
Think about private knowledge and skills dependencies…
Last updated 12/04/2023 Slide 6©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
BCP lifecycle
Policy
Business impact analysis
Select preventio
n measures
Select recovery strategies
Plan and implemen
t
Test
Maintain
Last updated 12/04/2023 Slide 7©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
Policy• Get management support
• Define roles, responsibilities, scope and goals
• Understand the business context:• Regulation
• Market
• Scale
• Priorities
• Write a continuity policy• Integrate continuity into every
business decision, don’t retrofit
• Communicate the policy
Last updated 12/04/2023 Slide 8©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
Business impact analysisUnderstand what you are protecting
– Analyse business areas and prioritise them
– Work out the MTD – do this collaboratively
– Work through RTO and RPO with the business
Correlate people, activities and resources– Map your processes
– Understand interdependencies
Look for single points of failure
Desirable 3wd + 8wh
Material 8wh + 8wh
Important 4h + 4h
Critical 2h + 15m
Salesforce.com
internal and admin PSTN telephony
Sage accounting
DBManager
internet browsing
MS Office (general use)
file storage
Delphi
Visual Studio
SQL Server
remote access
intranet
Blackberry
Marketo
StoryManager
Subversion
VOIP (Skype)
Newswire feed
YouManage (HR)
IM (Skype)
Customer service telephony
MS Office (data processing)
OnTime
Newsdesk
the CMS
Knowledgebase (Google Sites)
TaskManager
Client FAQ tool
Compatibility testing
Shared whiteboard
Card payment system
Cloud filestore
Cloud financial mgmt
Automated testing
Monitoring tools
Interoffice comms
what’s your weakest link?
Last updated 12/04/2023 Slide 9©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
Business impact analysisAnalyse the risks and threats
Specific (IT, staff, supply chain...)What if Bob is run over?
What if the accounts system is unavailable?
What if our main supplier goes bust?
Organisational (fire, flood, burglary, loss of access...)What if the pipes burst in the office ceiling?
What if our computers are stolen?
What if they find asbestos in the building?
General (terrorism, pandemic, weather...)What if the transport network is shut down by a bomb or a threat of one?
What if half our staff are off sick?
What if the M62 is impassable for a week?
Try to quantify risks where possibleAV x EF = SLE; SLE x ARO = ALE should exceed annual cost of BCP
Last updated 12/04/2023 Slide 10©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
Prevention measuresPrevention is better than cure
– It’s usually cheaper to avoid disaster than cope with it
Build in resilience where it’s cost-effective– IT – multiple servers, RAID, redundant connections
– staff – have an understudy programme, document procedures
– data – keep key operational information on paper as well
– facilities – enable home working, trade-off with neighbours
Look for synergies and business gains to justify cost– multiple servers improve performance
– understudying drives career growth and develops staff
– well-designed operational reports provide KPI measurement
– home working saves office costs and improves morale
Outsource risk– service providers will spend more than you can on resilience
– their contract will give you financial compensation in the event of failure
– they aren’t tied to your location
– you can have more than one, if it’s affordable and makes sense
Physical
TechnicalAdministrative
Last updated 12/04/2023 Slide 11©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
Sidenote: cost curveCost increases exponentially as RTO and RPO get shorter
BCP is a cost centre – expenditure must be cost-justified
∞/∞ 3d/1d 1d/1d 4wh/4h 2wh/15m 0/0
Cost £
Last updated 12/04/2023 Slide 12©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
Recovery strategies• Work out what you’ll do if prevention fails• Have different plans for different incidents• Break recovery down into discrete areas
Understand priorities within areas (e.g. RTO vs RPO)Stay focused on cost/benefit
• Separate interim, recovery and normal operations• Work outwards from the people,
not inwards from the systemsLook for workaroundsBe prepared to compromiseBe clear on responsibilities
Last updated 12/04/2023 Slide 13©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
Plan and implementStart with the basics
no money, no businessno logistics, no businessno staff, no business
Paper, paper, paperpaper is instant-on, needs no power, works without installation and configuration, costs pretty well nothing per Mb, can be edited with a pencil – don’t underestimate it
Don’t be daunted90% of BCP is common-sensekeep it simplestick to your identified priorities
Delegate responsibilityspreading responsibility for planning improves executionplanners and leaders aren’t always the same people
Communicate and traina plan no-one has seen before can’t be executed
Last updated 12/04/2023 Slide 14©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
TestChecklist test
What did we forget?
Structured walk-through test
Representative workshop
Simulation test
Let’s pretend
Parallel test
Now do it for real
Full-interruption test
If you dare…
easily achieved
assured
Check and test your assumptions“We changed the tape every day”“But only Bob knows the password”“Where can I get one of these...NOW?”
Surprise peopleAnticipated tests only test the plan, not the peopleChange the scenarioWhat if it’s you that’s unavailable?
Document everything you learnIf your results aren’t written back into the plan, they will be forgottenNext time you might not be there
If you can afford a full test, there is no substituteReal-world test = better dataPublicise your test – involve customers and suppliers
But don’t create a disaster in trying to avoid one
Last updated 12/04/2023 Slide 15©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
MaintainNow do it all again
Don’t take your plan for grantedYour business will changeBuild updating of the BCP into your change control processReview the whole thing once a yearReinforce the training
Last updated 12/04/2023 Slide 16©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
Backup is not enoughBCP depends on data backup, but data backup is not BCP.BCP is about preventing interruption; since not all interruption can be prevented, it also requires disaster recovery.DR also depends on data backup,but data backup is not DR either.
…why?
Last updated 12/04/2023 Slide 17©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
DR scenario: tapeFrida
y
• Fire at 5pm• How much data loss?
Saturday
• No Ultrium drives in PC World• Download software at home
Sunday
• No progress
Monday
• Order tape drive• Buy PC, install OS
Tuesday
• Install tape drive• Install software
Wednesday
• Restore completes• Restart applications
Thursday
• Business back on-line
6 days to recover2 days of data lost
Is the tape drive available?Will the tape restore?Will the applications work?
Can you survive the downtime and data loss?
Use removable disk?• Have you got the hardware?• Will the apps restart?
Use on-line backup?• How long will it take to download?• At 2Mb/s, 100Gb of data takes 142
hours to download• Will it be usable?
Last updated 12/04/2023 Slide 18©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
Where backup fits in
Operations
Item restore
Local Backup
Time travel / storage
management
Archiving
BCP
Prevention
Resilience Security
Recovery
Local backup Off-site Backup
Off-site Replication
Last updated 12/04/2023 Slide 19©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
Technologies
Operational backup• Local live device• Continuous or overnight• Snapshots / VSS
Archiving• HSM• Archive tools• Media management
Resilience• Clustering (physical, virtual)• Redundancy (physical,
logical)
Security• Physical and logical• Layered defence
Recovery• Local backup – single system• Off-site backup (media,
stream)• Replication / geo-clustering
Last updated 12/04/2023 Slide 20©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
Recovery approaches
Cold standby•Tested kit with appropriate drives
•Wasted resource/low operating cost
•What RTO can you achieve?
Warm standby•Remote data replication•Ready to go, but offline•How will users connect?•Test and reversion
Hot standby•Live replication, running loads
•Expensive•Close to zero RTO/RPO•Blended functioning to reduce resource waste
“Cloud”•Delegates the IT challenge
•BCP is people and processes first
•Audit the provider•How do you test their BCP?
Last updated 12/04/2023 Slide 21©2012 Managed Networks. The MN logo, circles device and DesktopLive logo are registered trademarks.
Managed Networks
0800 783 [email protected]
Call, email or visit our website for a free, no-obligation consultation.