Transcript Lex Connect - Texas Lawyer | LawCatalog

Maximizing Uptime and
Your Firm's Bottom Line:
Understanding risk and budget when
evaluating business continuity & disaster
recovery protocols
Michael Kemps
Chief Executive Officer and Legal Technology Consultant
Interactive Agenda
What is Disaster Recovery
Causes and Harm of Downtime
RPO and RTO
Hot Site vs. Outsourced vs. RaaS (Recovery as a Service)
Budget Consideration
E-Mail Continuity - Mimecast
Questions & Discussion
What is Disaster Recovery?
• The process, policies and procedures of
restoring operations critical to the resumption
of business
• Regaining access to data, communications and
workspace
• Resuming business processes after a natural or
human-induced disaster
The Causes of Data Center Downtime
Hardware
Error / Theft
5%
Virus / Malware
Attack 7%
Natural Disaster 4%
Human Error 23%
On-Site Disaster 10%
Power Outages 11%
Unexpected Patches /
Updates 22%
Server Room
Environment Issues
17%
Source: Symantec, 2011
Harm of Downtime
•
•
•
•
•
•
•
•
•
Reputation / client service
Fine / legal penalties
Lost revenue
Lost productivity
Security
Decreased employee productivity
IT resource stress
Brand damage
Non-compliance with regulatory requirements
Business Impact: Risks
Data Driven
Virus
Data Corruption
Disk Failure
1,000
Worms
System Availability Failure
Frequency Per Year
Data Growth
100
10
Business Driven
Application Outage
Governance
New Products
Long Term Data Preservation
Network Problem
Event Driven
Failure to Meet Industry Standards
1
Every
10
Years
Compliance
Marketing Campaigns
Political Events
Natural Disaster
Workplace Inaccessibility
Audits
Regional Power Failures
Mergers and Acquisitions
Building Fire
Every
10,000
Years
Pandemic
Consequences or Cost of Loss
Source: IBM, 2010
Risk Tolerance Prioritization
High
Risk Scoring
• IMPACT if risk occurs
• LIKELIHOOD of occurrence
Highest
Priority
Impact
Medium
Priority
Low High
Lowest
Priority
Medium
Priority
Low
Likelihood
RPO and RTO
• RPO: “recovery point objective” The point in
time to which data must be restored to
successfully resume processing. Often
thought of as time between last backup and
when outage occurred.
• RTO: “recovery time objective” The time
within which business functions or
applications must be restored, including
time before disaster is declared and time to
perform tasks.
Solutions
• Hot Site (Do-it-yourself)
• Outsourced Solution Provider
• Recovery as a Service (RaaS)
Hot Site (Do-it-yourself)
• Firm builds a replica server room in a rented
colocation datacenter or second office
• Includes leased lines for communication, power, and
cooling. All hardware and software is purchased and
maintained by the firm.
• Benefits
• Performance is only limited by what the firm is willing
to pay
• RTO is potentially the highest of all solutions
• RPO is potentially the highest of all solutions
Hot Site (Do-it-yourself)
• Disadvantages
• Cost
• Potentially more than doubles the cost of the
production environment
• Ongoing maintenance
• Complexity
• The firm is responsible for the patching and
maintenance of two disparate datacenters
• Hardware/Software Drift
• Monitoring
• The firm is responsible for all monitoring of the
replication and readiness for recovery
Outsourced Solution Provider
• Similar technology and architecture to do it
yourself
• Firm contracts with a third party to build a
replica server room in a rented colocation
datacenter or cloud provider
• All hardware and software is purchased by the firm,
but maintained by the third party vendor.
• Benefits
• Outsourced expertise that is not available with inhouse resources.
Outsourced Solution Provider
• Disadvantages
• Cost
• Similar cost structure to the Hot Site option, with
the added cost of the third party
• Ongoing cost from the third party
• Knowledge is not retained in-house
• Provider’s capacity potentially limited during
the disaster
RaaS (Recovery as a Service)
• RaaS
• Local disk backup with replication of firm
data to the vendor’s data center; the vendor
can host the firm’s servers as required
• Benefits
•
•
•
•
•
Eliminate complexity of DR
DR infrastructure is managed by the vendor
Economies of scale and lower cost
High RPO / RTO
SSAE 16, or ISO/IEC 2001, and ISO 9001
Certified Data Centers
RaaS (Recovery as a Service)
• Performance
• Adequate performance but limited by
vendors infrastructure
• Control
• Firm data stored on third party equipment
• Mitigated by contractual obligations
• Monthly cost based on number of servers
and size of data replicated to the facility
• Grows over time
• Not necessarily predictable
Model Downtime Costs
Calculate the labor cost of
an outage:
Calculate revenue loss
during an outage:
•
•
•
•
•
•
•
•
•
Labor Cost = P x I x R x H
P = number of people affected
I = percentage impact
R = average employee cost per
hour
• H = number of hours of outage
Lost Revenue = ( GR / TH ) x I x H
GR = gross yearly revenue
TH = total yearly business hours
I = percentage impact
H = number of hours of outage
Budgeting Methodology: Step 1
• Determine
• Risk tolerance objectives
• Service level and approach
• Functionality
• Level of expertise and automation required
• Determine technology, implementation and
support costs
• Project costs for life span of selected approach ( Year
1, 2, 3 )
Budgeting Methodology: Step 2
• Which approach is right for you?
• Do It Yourself
• Outsourced Solution Provider
• Recovery as a Service ( RaaS )
• Apply budgeting methodology template and
determine the most appropriate approach
• Templates provided upon request
E-Mail Continuity - Mimecast
• Enables continuous communication with
clients
• Always on e-mail recovery
• Archive functionality
• Smaller/faster local mailboxes, while
maintaining full searchability
• Feature Rich E-Mail Platform
• E-Discovery
• Encryption
• Closed Circuit Messaging
• Anti-Virus/Anti-Spam
Microsoft
Exchange
2010
Microsoft
Outlook
Microsoft
Exchange
2010
Microsoft
Outlook
Disaster Recovery Planning
• Technology alone is not enough
•
•
•
•
•
•
•
Establish a plan
Risk analysis
Establish priorities
Develop recovery strategies
Document your plan
Test your plan
Implement your plan
Thank you!
Contact information for questions or guidance:
Michael Kemps
[email protected]
(800) 541-0450