Upload
archibald-stanley
View
217
Download
2
Tags:
Embed Size (px)
Citation preview
IT Risk MitigationLewan Technology, Agility Recovery, FORTRUST & Woodruff
Sawyer
Presenters
The Panel:Scott Pelletier, Lewan Technology, CTORob McClary, SVP & GM, FORTRUSTDan McCarter, Manager, Agility RecoveryConor Overstake, Assistant VP, Woodruff-Sawyer
Moderator:Rick Cranston, Director of Business & Product DevelopmentMountain West Credit Union Association
IT Risk Considerations
NetworkSecurity
Data Protection
Geographic Protection
Employee Productivit
y
PhysicalSecurity
Compliance
Insurance Protection
Risk Mitigation Techniques
Risk Acceptance
Risk Avoidance
Risk Limitation
Risk Transference
WHAT ARE RTOs and RPOs?
RTO/RPO (these should be vetted with business leadership)
• Recovery Time Objective – maximum time to bring a system back online before severe business impact occurs
• Recovery Point Objective – the amount of data loss a business process/application can sustain before severe business impact occurs
• Ask business questions that yield technology answers
What’s Your Overall IT Risk Reduction Considerations Information / Infrastructure Security
Physical, Social and Technical
Who in your organization is responsible for security?
Do you have written security policies and procedures?
Do you follow them?
How often are they reviewed?
How do you train your employees on your security procedures?
When was the last time you had a security penetration or DR test?
Do you take security seriously?
Data Protection Strategies Real-time
Point-in-time
Long time
Geographic
Hazards NATURAL HAZARDS
• Meteorological
• Geological
• Biological
HUMAN-CAUSED HAZARDS
• Accidents
• Intentional Acts
TECHNOLOGICAL HAZARDS
• Information Technology
• Utility Outage
• Fire/Explosion
• Hazardous Materials
• Supply Chain Interruption
How many eggs in how many baskets
Office Assets:Office SpaceEmployeesEdge networkWirelessDesktop ComputersPhonesPrintersFiles (paper or electronic)Internet*WAN Circuits*Power*Cooling*
Data Center IT Assets:Space for computer roomServersStorageBackup SystemCore NetworkFirewallsPhone SystemInternet*WAN Circuits*Power*Cooling*
*Could be in one or both categories
Main Office
Branch Offices
How many eggs in how many baskets
Office Assets:Office SpaceEmployeesEdge networkWirelessDesktop ComputersPhonesPrintersFiles (paper or electronic)Internet*WAN Circuits*Power*Cooling*
Data Center IT Assets:Space for computer roomServersStorageBackup SystemCore NetworkFirewallsPhone SystemInternet*WAN Circuits*Power*Cooling*
*Could be in one or both categories
Main Office
Branch Offices
Move or Replicate IT Assets to a More Secure Environment
Office Assets:Office SpaceEmployeesEdge networkWirelessDesktop ComputersPhonesPrintersFiles (paper or electronic)Internet*WAN Circuits*Power*Cooling*
Main Office
Branch Offices
Data Center IT Assets:Space for computer roomServersStorageBackup SystemCore NetworkFirewallsPhone SystemInternet*WAN Circuits*Power*Cooling*
Enable Mobile Workforce Strategy
Office Assets:Office SpaceEmployeesEdge networkWirelessDesktop ComputersPhonesPrintersFiles (paper or electronic)Internet*WAN Circuits*Power*Cooling*
Main Office
Branch Offices
Data Center IT Assets:Space for computer roomServersStorageBackup SystemCore NetworkFirewallsPhone SystemInternet*WAN Circuits*Power*Cooling*
Obtain Mobile Office Space with Needed Assets
Main Office
Data Center IT Assets:Space for computer roomServersStorageBackup SystemCore NetworkFirewallsPhone SystemInternet*WAN Circuits*Power*Cooling*
Office Assets:Office SpaceEmployeesEdge networkWirelessDesktop ComputersPhonesPrintersFiles (paper or electronic)Internet*WAN Circuits*Power*Cooling*
Obtain Mobile Office Space with Needed Assets
Main Office
Data Center IT Assets:Space for computer roomServersStorageBackup SystemCore NetworkFirewallsPhone SystemInternet*WAN Circuits*Power*Cooling*
Office Assets:Office SpaceEmployeesEdge networkWirelessDesktop ComputersPhonesPrintersFiles (paper or electronic)Internet*WAN Circuits*Power*Cooling*
Protect Against Financial and Property Loss as well
Data loss, breach, disasters are expensive
Common Insurance Gaps
How Can We Help
Planning
• People, Process and Technology
• http://www.ready.gov/business
Backup & Recovery Solutions
Disaster Recovery Solutions
IaaS / Data Center Services
Managed Services
Mobility Solutions
Mobile Office Solutions
Insurance Protection Solutions
DR TOOLS vs. BCP Disaster Recovery Tools• Processes that allow a business to protect data and resume business critical
applications• Designed to protect from localized failures Business Continuity Planning (BCP)• Procedures that enable business processes to resume beyond the
technology• People, Process, Procedure and Communications
Backup Solutions Backup/Data Protection Solutions Key weaknesses of traditional backup solutions:• Usually have 24hr RPOs (hourly at best), RTOs in hours at best (if disk based)• Very limited DR orchestration/automation, especially for bulk operations• Normally require recovery to similar HW at DR site• No failback mechanism (when production systems are back online)
Managed and/or Outsourced Services to Mitigate Risk
Outsourcing some services can help to transfer risk and/or provide policy, standards and tools to help avoid or limit risk.
Managed Security Services
Internet / Private Line
Disaster Recovery
IT Infrastructure Applications
Infrastructure Monitoring / Management
Hosted Email / Collaboration
Managed Data Protection
Managed Print Services
Cloud Infrastructure
Servers
Storage
Core Network
Server Virtualization
CoLo
End-user Service Desk
Tier 3 Data Centers
Lewan Managed Services
Employee Productivity Protection
4 key Elements of Protecting Employee Productivity 1. Office Space: Mobile or Brick & Mortar
2. Power: Generators & Fuel3. Communications: Telephone and
Internet Connectivity, Employee Communication Plan
4. Computer Systems: Computers, servers, printers, fax
Agility Membership Benefits
Membership Features
• Immediate Protection
• Access to Member Services
• Online Planning Tool
• Monitoring of Risks & Threats:
• eAlerts
• Ongoing Education Programs:
• Weekly Tips
• Educational Webinars
• Testing
• Business Continuity Planner to help guide members step by step
• Comprehensive Business Continuity Plan Template
• Alert Notification Tool
• Document Management Storage Tool
Planning and Execution
Insurance Gaps
• What are the elements and what’s commonly missed
• Error and Omissions
• Privacy
• Network Security
• Media Infringement
Q&A / Panel Discussion