Presentation is loading. Please wait.

Presentation is loading. Please wait.

Disaster Recovery Planning in Business Continuity Planning Faculty of Computer Science Institute of Systems Architecture, Chair of Computer Networks Dresden,

Similar presentations


Presentation on theme: "Disaster Recovery Planning in Business Continuity Planning Faculty of Computer Science Institute of Systems Architecture, Chair of Computer Networks Dresden,"— Presentation transcript:

1 Disaster Recovery Planning in Business Continuity Planning Faculty of Computer Science Institute of Systems Architecture, Chair of Computer Networks Dresden, 2/2/2010 Tenshi Hara

2 Agenda 1Necessity 2Planning 3Testing 4Use-case 5Conclusion 6Sources 2

3 1Necessity Resuming business operations has been important throughout history. -Romans used multiple messengers for redundant delivery -Knights of Templar coded redundant information into billing -Businessmen create carbon-copies of orders, bills, etc. -Recent reminder: 9/11-attacks 3 © Reuters

4 1Analysis of the 9/11-disaster 4 © Reuters Directly affected area Area containing the backup-sites -Several redundant backup-sites existed  All within WTC or close proximity (within downtown Manhattan)  WTC-buildings designed as mutual backup-site for each other  Nobody expected both buildings to collapse -Business-Operations (incl. brokerage) were down for weeks  Lead to worldwide financial collapse

5 1Results -US government issued the Emergency Preparedness and Business Continuity Standard -developed by the NFPA -endorsed by the NIST and DHS -also focusing on actions after terror-attacks -Other standards: BS , ISO/IEC 27001:2005 Source: SBA,

6 1Necessity -Strategic planning can help -One must know which risks exist -After investing into solutions, one shall maintain them!  A BCP is the result of a strategic Business Impact Analysis! 6 Marvin says:

7 2Business Impact Analysis Goals: -Assess risks -Evaluate the possible -Make suggestions for solutions Limits: -Can not give a 100% accurate evaluation of costs and benefits -Is only as good as sense of realism 7 Business Impact Analysis Business operations and transactions BCP/DRP Risks Costs derogate affect modify limit/modify evaluated by generates Testing evaluates determines

8 2Knowing the limits One can never be prepared for everything! Vogons could decide to build an interstellar highway… And Earth could be in the way! 8

9 2Economic Utility vs. Accounting Economic point of view: Total Benefit ∙ Probability = Economic Monetary Value Accounting point of view: Return on Investment = [(Benefits – Costs) / Costs] ∙ 100%  Putting BCP/DRP down to numbers puts the entire plan at risk of competing for financial resources with other departments! 9

10 6 6 no or almost no data-loss 3 3 electronic vaulting/bunkering 2 2 data-backup with hot-site 1 1 data-backup with no hot-site 2Share’s 7-Tier model no off-site data 4 4 point-in-time copies 5 5 transaction integrity 7 7 highly automated and integrated

11 2Share’s 7-Tier model -Higher tiers do not necessary include the lower -Often leads to misunderstandings  Serious solution-providers won’t suggest solutions of Tier 4 or below  Mostly, ready-to-use solutions with a sort of “turn on; works fine”-guarantee (classified by Tier 6 and 7) are the solutions of choice 11

12 3Testing -Businesses often do not actually have a working BCP/DRP-solution -Most testing is limited to one initial test -Periodic testing leads to additional expenses -Difficult for IT-experts to justify testing-expenses -“The severity rather than the frequency of loss is what can be used to justify the additional expenses associated with disaster recovery planning and testing. In a worst-case scenario, information critical to the business may be permanently lost.” (Harry L. Waldron, 2008) 12

13 3Testing Mostly forgotten: -Regular testing leads to a training-effect -Prepares all affected to face actual recovery challenges -Optimizes responses to be more efficient -Testing must be integrated, non-negligible part of maintaining -Benefit of testing hardly quantifiable, but costs still easier to calculate than the potential loss due improper recovery process 13

14 determines evaluates Recovery Process 3Testing 14 Disaster Counter- Measures Normal Operation Abnormal Operation defines recognizes analyzes defines & triggers disturbs heals counters and analyzes evaluates & learns from BCP/DRP Testing

15 4Solution-provider: Swiss Data Safe AG Facilities placed in hardened bunkers within mountains in the Swiss Alps Facilities physically detached Each facility has redundant outward-connections Self-sustaining, EMP-resistive infrastructure “we deliver what you need, but don’t ask how it works”-mentality. 15

16 16 © Hans Rudolf Schneider

17 4Further use-cases Plans are considered business-secrets Implementation-details are secret Fear of attacks against BCP/DRP BCP/DRP is a good source of money 17

18 5Conclusion Government regulations suggest existence of standing plans within “important” businesses Many businesses actually do not take the necessary steps in order to have a BCP/DRP Those taking steps often have ineffective plans Testing is imperative, but often neglected Current secrecy of solution-providers and solution- users combined with future demand for disaster- readiness shows necessity of academic research to prepare future system-administrators for tasks awaiting 18

19 6Sources Miller (Protiviti Inc.). From Expense to Asset. KnowledgeLeader British Standards Institute. BS , BS Standard International Organization for Standardization. ISO/IEC 27001:2005. Standard Marquis. The Paradox of the 9s Thinking the Unthinkable - Trading Firms Look for Backups Sites. Traders United States National Archives and Records Annual NARA-report. United States Small Business Administration. How to prepare for Disaster. SBA Small Business Resource Waldron. Windows Tips. Testing Windows disaster recovery plans


Download ppt "Disaster Recovery Planning in Business Continuity Planning Faculty of Computer Science Institute of Systems Architecture, Chair of Computer Networks Dresden,"

Similar presentations


Ads by Google