230 likes | 311 Views
Maximizing Uptime and Your Firm's Bottom Line: Understanding risk and budget when evaluating business continuity & disaster recovery protocols Michael Kemps Chief Executive Officer and Legal Technology Consultant. Interactive Agenda. What is Disaster Recovery Causes and Harm of Downtime
E N D
Maximizing Uptime and Your Firm's Bottom Line: Understanding risk and budget when evaluating business continuity & disaster recovery protocols Michael Kemps Chief Executive Officer and Legal Technology Consultant
InteractiveAgenda What is Disaster Recovery Causes and Harm of Downtime RPO and RTO Hot Site vs. Outsourced vs. RaaS(Recovery as a Service) Budget Consideration E-Mail Continuity - Mimecast Questions & Discussion
What is Disaster Recovery? • The process, policies and procedures of restoring operations critical to the resumption of business • Regaining access to data, communications and workspace • Resuming business processes after a natural or human-induced disaster
The Causes of Data Center Downtime Source: Symantec, 2011
Harm of Downtime Reputation / client service Fine / legal penalties Lost revenue Lost productivity Security Decreased employee productivity IT resource stress Brand damage Non-compliance with regulatory requirements
Business Impact: Risks Data Driven Virus Data Corruption Disk Failure Business Driven 1,000 Worms System Availability Failure Data Growth Application Outage Governance 100 Long Term Data Preservation Event Driven New Products Network Problem 10 Failure to Meet Industry Standards Frequency Per Year 1 Compliance Political Events Marketing Campaigns Natural Disaster Every 10 Years Workplace Inaccessibility Audits Regional Power Failures Mergers and Acquisitions Building Fire Every 10,000 Years Pandemic Consequences or Cost of Loss Source: IBM, 2010
Risk Tolerance Prioritization High Medium Priority Highest Priority Impact Low High Lowest Priority Medium Priority Low Likelihood Risk Scoring • IMPACT if risk occurs • LIKELIHOOD of occurrence
RPO and RTO • RPO: “recovery point objective” The point in time to which data must be restored to successfully resume processing. Often thought of as time between last backup and when outage occurred. • RTO: “recovery time objective” The time within which business functions or applications must be restored, including time before disaster is declared and time to perform tasks.
Solutions • Hot Site (Do-it-yourself) • Outsourced Solution Provider • Recovery as a Service (RaaS)
Hot Site (Do-it-yourself) • Firm builds a replica server room in a rented colocation datacenter or second office • Includes leased lines for communication, power, and cooling. All hardware and software is purchased and maintained by the firm. • Benefits • Performance is only limited by what the firm is willing to pay • RTO is potentially the highest of all solutions • RPO is potentially the highest of all solutions
Hot Site (Do-it-yourself) • Disadvantages • Cost • Potentially more than doubles the cost of the production environment • Ongoing maintenance • Complexity • The firm is responsible for the patching and maintenance of two disparate datacenters • Hardware/Software Drift • Monitoring • The firm is responsible for all monitoring of the replication and readiness for recovery
Outsourced Solution Provider • Similar technology and architecture to do it yourself • Firm contracts with a third party to build a replica server room in a rented colocation datacenter or cloud provider • All hardware and software is purchased by the firm, but maintained by the third party vendor. • Benefits • Outsourced expertise that is not available with in-house resources.
Outsourced Solution Provider • Disadvantages • Cost • Similar cost structure to the Hot Site option, with the added cost of the third party • Ongoing cost from the third party • Knowledge is not retained in-house • Provider’s capacity potentially limited during the disaster
RaaS (Recovery as a Service) • RaaS • Local disk backup with replication of firm data to the vendor’s data center; the vendor can host the firm’s servers as required • Benefits • Eliminate complexity of DR • DR infrastructure is managed by the vendor • Economies of scale and lower cost • High RPO / RTO • SSAE 16, or ISO/IEC 2001, and ISO 9001 Certified Data Centers
RaaS (Recovery as a Service) • Performance • Adequate performance but limited by vendors infrastructure • Control • Firm data stored on third party equipment • Mitigated by contractual obligations • Monthly cost based on number of servers and size of data replicated to the facility • Grows over time • Not necessarily predictable
Model Downtime Costs • Calculate the labor cost of an outage: • Labor Cost = P x I x R x H • P = number of people affected • I = percentage impact • R = average employee cost per hour • H = number of hours of outage • Calculate revenue loss during an outage: • Lost Revenue = ( GR / TH ) x I x H • GR = gross yearly revenue • TH = total yearly business hours • I = percentage impact • H = number of hours of outage
Budgeting Methodology: Step 1 • Determine • Risk tolerance objectives • Service level and approach • Functionality • Level of expertise and automation required • Determine technology, implementation and support costs • Project costs for life span of selected approach ( Year 1, 2, 3 )
Budgeting Methodology: Step 2 • Which approach is right for you? • Do It Yourself • Outsourced Solution Provider • Recovery as a Service ( RaaS ) • Apply budgeting methodology template and determine the most appropriate approach • Templates provided upon request
E-Mail Continuity - Mimecast • Enables continuous communication with clients • Always on e-mail recovery • Archive functionality • Smaller/faster local mailboxes, while maintaining full searchability • Feature Rich E-Mail Platform • E-Discovery • Encryption • Closed Circuit Messaging • Anti-Virus/Anti-Spam
Microsoft Exchange 2010 Microsoft Outlook
Microsoft Exchange 2010 Microsoft Outlook
Disaster Recovery Planning • Technology alone is not enough • Establish a plan • Risk analysis • Establish priorities • Develop recovery strategies • Document your plan • Test your plan • Implement your plan
Thank you! Contact information for questions or guidance: Michael Kemps mkemps@innovativecomp.com (800) 541-0450