0 оценок0% нашли этот документ полезным (0 голосов)
17 просмотров7 страниц
The Roots of Business Continuity and Disaster Recovery can be found in contingency planning and Scenario Planning. Scenario Planning emerged as a method for military planning again following World War II. The basic method of Scenario Planning uses game theory to create situations that no one plans for. The ability to spring forth from adversity with determination and will was viewed as the reward of good planning.
The Roots of Business Continuity and Disaster Recovery can be found in contingency planning and Scenario Planning. Scenario Planning emerged as a method for military planning again following World War II. The basic method of Scenario Planning uses game theory to create situations that no one plans for. The ability to spring forth from adversity with determination and will was viewed as the reward of good planning.
The Roots of Business Continuity and Disaster Recovery can be found in contingency planning and Scenario Planning. Scenario Planning emerged as a method for military planning again following World War II. The basic method of Scenario Planning uses game theory to create situations that no one plans for. The ability to spring forth from adversity with determination and will was viewed as the reward of good planning.
THE ROOTS of our industry. Understanding the Roots of Business Continuity and Disaster Recovery. The world of Emergency Response, Business Continuity, Disaster Recovery and general end of the world as we know it products and services are full of facts, fctions, and fux; and the noise on this channel is louder than ever as vendors jockey for position and highlight surveys and analyst quotes to justify their position and gain market share. Business Continuity and Disaster Recovery have not always been about risk. In fact, the roots of Business Continuity and Disaster Recovery can be found in contingency planning and scenario planning. In early incarnations of war gaming, the ability to spring forth from adversity with determination and will was viewed as the reward of good planning. Early practitioners of creative foresight saw good planning as a rigorous means to an end protecting what they valued most along the way. Understanding the roots of Business Continuity and Disaster Recovery will help us to distinguish a key difference in where we are today as an industry and the difference we could make tomorrow in the world. To understand this position, we have to look back towards the future. Contingency as a Strategic Concept 6th Century BC Sun Tzus The Art of War is the frst known writing on the subject of strategic thinking, and to this day is considered to be one of the greatest infuencers on the topic among both military and business thinkers in the world. Sun Tzu introduced the concept of scenario based planning and contingency to military thinking over 2600 years ago. Several of these military strategies included simple concepts such as backups (weapons caches,) scenario planning (unforeseen events,) and competitive advantages based on planning for the unknown. He taught that strategy is about responding swiftly and appropriately to changing conditions, not that planning was working through a to-do list. Planning works in a controlled environment, however in a competitive environment, competing plans collide to create situations that no one plans for. Strategy is foreseeing what is possible, and being prepared. Scenario Planning as a Military Concept 1950-1970 The scenario planning concept emerged as a method for military planning again following World War II. The basic method of scenario planning uses game theory (the simulation of military scenarios that combines known facts with plausible variables based on social, technical, economical and political trends). The concept of scenario planning using applications such as systems and game theory was frst introduced by Herman Kahn during the Cold War Era. In the 1960s, Kahn founded the Hudson Institute and refned scenarios as a tool for business prognostication. He became one of Americas top futurists. 1950 Through 1970 6th Century B.C. Scenario Planning and Contingency as a Business Concept: 1970 - 1973 Scenario planning reached a new dimension in the early 1970s with the work of Pierre Wack, who was a planner in the London offces of Royal Dutch/Shell. Wack and his planning team realized that the Organization of Petroleum Exporting Countries (OPEC) could demand much higher prices and disrupt Shells business. The only uncertainty was when. Wack described the full ramifcations of possible oil price shocks and warned management that the oil industry might become a low growth industry. This was when scenario planning for businesses was born. It helped Shells managers imagine the decisions they would have to make as a result of an unlikely event occurring. In October 1973, after the Yom Kippur war in the Middle East, there was an oil price shock-wave felt around the world. Of the major oil companies, Shell was the only company prepared for the change. The companys management responded quickly and, in the following years, Shell moved from one of the weaker oil companies to becoming the second largest oil company in the world, and the most proftable.
To operate in an uncertain world, managers need the ability to question their assumptions about the way that world works, so that they can see things more clearly. The purpose of scenario planning is to help Executives change their view of reality, to match it more closely with reality as it is, and to propose other possible realities that might come to be. The end result is not always an accurate picture of tomorrow, but leads to better decisions about how to operate in the future. 1970 Through 1973 Based on Mr. Wacks insights into future market dynamics, corporations stood up and took notice. Later, the Shell scenario planning group envisioned a future in which Shell would not have access to the data which controlled oil prices and sales housed on their mainframe computers. Because Mr. Wack had been accurate in the past, Shell readily invested in the creation of Information Technology backups. The use of an offsite storage facility, previously used for Government documents only (the original Iron Mountain) by a commercial user, was the direct result of Mr. Wacks scenario planning. Thus was the industry of Business Continuity and Disaster Recovery born. Remarkably, these early practitioners saw these efforts at Business Continuity and Disaster Recovery as a true competitive advantage. Scenario planning is a discipline for rediscovering the original entrepreneurial power of creative foresight in contexts of accelerated change, greater complexity, and genuine uncertainty. Pierre Wack, Royal Dutch/Shell, 1984 Early Years: 1973-1980 In the mid-1970s, SunGard began as a subsidiary of the oil giant Sun Co., providing remote-access data processing for Suns Information Services (SIS). The pivotal moment came in the late-1970s when Suns business had become heavily dependent on computer systems and the company realized that they could lose up to $3 million by the third day if their computer system failed. SIS President, John Ryan, had his division develop a disaster recovery plan and business contingency plan for Sun Co., which included daily backups to tape that were stored at an off-site location that could be loaded onto an alternate mainframe should Suns mainframe computer fail.
1973 Through 1980 Boom Years: 1990-2000 During the decade from 1990-2000, the industry was comprised of 31 companies, which represented the majority of the hot site providers, who collectively generated subscription fees in excess of $620 million annually. The industry had seen substantial consolidation since 1989 and ultimately created a situation in which 2 companies dominated the market: IBM and SunGard. These companies controlled over 80% of the market in both revenue and subscriber base in the hot site arena. Financially oriented frms tend to utilize hot sites more frequently due to the critical nature of their operations. In fact, over 65% of all hot site recoveries involved these types of frms. Over the past thirty years, the majority of recoveries have occurred at Comdisco, IBM and SunGard. These three vendors alone have supported over 67% of all disaster recoveries at hot sites. In the early 1990s, Business Continuity was positioned mainly in terms of Disaster Recovery. In the event of a major disaster, technology assets (e.g., systems, networks, applications and data) were to be recovered at an alternate location. The typical recovery time objective (RTO) i.e., the desired time to recover applications or acceptable transaction loss was 24 hours. Most of the enterprises that implemented disaster recovery plans did so because they were in highly regulated industries (e.g., banking and other fnancial service sectors). In most enterprises, however, business continuity and disaster recovery planners spent their time trying to raise awareness of the need to protect enterprise assets (often unsuccessfully) In 1978 SIS was approached by a group of Philadelphia businesses searching for a similar disaster recovery solution, which lead to SunGard Recovery Services becoming a Commercial Hot-Site Provider. By the end of 1979 there were over 100 providers of computer backup services located across the U.S.
Growth Years: 1980-1990 Over the next ten years, the industry grew to generate $240 million in annual subscription fees. Vendors marketed their services as hot sites which were designed to provide stand-by computer resources, in the event that one or more subscribers required an alternative computer center to process critical applications. This requirement was usually prompted by an actual or perceived event that could render a subscribers computer systems inoperable. The activation of the hot site services was initiated through the formal declaration of a disaster. The defnition of disaster varied by client and; subsequently, hot site providers allowed broad interpretation. For example, clients have activated their hot site subscriptions to provide backup during a planned relocation of their data center. 1980 Through 1990 1990 Through 2000 The Internet Changes Everything The Internet and e-business achieved critical mass in 1999 and caused fundamental changes in the way enterprises thought about Business Continuity and Disaster Recovery. Enterprises began re- engineering their business processes yet again, this time aligning them with those of customers, suppliers and business partners. As a result, RTOs and RPOs were being reduced still further, in some cases reaching zero. (A zero RTO means zero downtime, or 24x7 continuous systems availability.) Furthermore, scenario plans broadened to take on new e-business-specifc risks, including downtime caused by: 1. Operational risk (e.g., the three-day Microsoft Web site outage in January 2001) 2. Security risk (e.g., the denial-of-service attacks against Web sites and networks) 3. Lack of capacity (e.g., the spikes in business volumes caused by Victorias Secrets Internet fashion show) 4. Application failure (e.g., the full-day London Stock Exchange outage in April 2000) 5. Partner/outsourcer unavailability (e.g., the Internet Service Provider network failure or failed links between an enterprises Web site and its partners sites) 6. Loss of physical structures (e.g., the facilities lost to wildfres at the Los Alamos National Laboratory) In the new e-business world, enterprises became deeply concerned about any risk of downtime. Today, any downtime results in negative media coverage, which can severely impact the enterprises image and reputation as well as its continuing viability. September 11th Attacks The events of September 11, 2001, had a major impact on the requirement for sound planning. Many of the organizations with offces in the World Trade Center (WTC) had Business Continuity and Disaster Recovery plans in place as a result of the bomb attack on this facility in 1993. There were a number of stories on the news that weekend (September 15th and 16th, 2001) about organizations that were located in the WTC that were operational at their contingency locations. By September 14th, Comdisco had felded 73 disaster declarations from 36 companies, primarily fnancial services frms in the New York area. Comdisco clients fling disaster declarations included 20 security frms, 12 banks, two insurance companies, and the New York Board of Trade. and fghting organizational apathy toward recovery planning. By the mid-1990s, business continuity initiatives had expanded to include the recovery of critical work processes. For example, many enterprises recognized that recovering their call center technology was pointless if they lacked personnel to staff the call center itself, or a workplace in which to locate it. Business Continuity Planning and disaster recovery scenarios remained largely unchanged; however, as did RTOs and RPOs. The trend toward an expansion of Business Continuity Planning initiatives gathered momentum in the late 1990s. This trend was driven in part by preparations for a potential year 2000 crises. One result of the year 2000 re-mediation effort was a massive enterprise investment in re-engineering business processes (e.g., implementing integrated enterprise resource planning systems). As they prepared their year 2000 contingency plans, many enterprises began to understand that if their critical systems and applications failed, their business processes would fail along with them (e.g., orders could not be taken and products could not be manufactured or shipped). The inevitable result would be a severe negative impact on the proftability and possible survival of the enterprise. With this new understanding of their vulnerabilities, enterprises invested heavily in Business Continuity and Disaster Recovery between 1997 and 2000. RTOs for mission-critical business processes were reduced to less than 24 hours and sometimes much less; RPOs were often set as up to the point of disaster (i.e., no loss of work or transactions). Moreover, the growing interdependencies among internal processing systems and external service providers began to increase the complexity of recovery solutions. Nonetheless, scenario planning remained largely unchanged. 1990 Through 2000 1990 Through 2001 By September 14th, SunGard had felded 70 disaster alerts and 22 companies took the more severe step of fling disaster declarations. SunGard clients included 16 fnancial services frms, two providers of business services, and one each in law, health care, transportation, and telecommunications. Comdisco indicated their largest number of declared disasters (32) was logged two years prior to the September 11th attacks, when Hurricane Floyd hit the East Coast. The damage a disaster causes to an enterprise may not necessarily be physical, as the troubling increase in systems-and operations-disrupting cyber attacks shows. These activities are certain to increase in response to any reprisals, including military action. On 911, many enterprises lost key executives; therefore, key management decision-making had been disrupted at precisely the time it was needed most. Some enterprises had lost their entire IT organizations or disaster recovery teams, compromising the enterprises ability to recover according to previously determined procedures. Moreover, unlike the 1993 bombing, this disaster completely destroyed physical facilities, records, systems and other enterprise assets. The secondary effects (e.g., loss of communications, delays in mail and courier services, limitations in airline travel) had also been unprecedented. Today, comprehensive, domino effect disasters are more commonly understood than had been in the frst twenty years of Business Continuity and Disaster Recovery planning. In a way, the terrorist attacks of September 11th completed the 20-year evolution in contingency planning, but they also changed everything. The dramatically heightened recognition of the importance of Business Continuity and Disaster Recovery means increased budgets for dedicated, non-shared recovery solutions for business applications and systems of all types. Planners will have the opportunity to integrate business continuity and disaster recovery into the project life cycles of business processes and applications. Old and new risks can be addressed where they should be in the business requirements phase of a project, not as an afterthought when production has been completed. Most important, there will be newfound business continuity planners. After 911, enterprise decision makers understand why business continuity is important: The very survival of the enterprise depends on it. Point Solutions and Data Abstraction: 2006-2007 Surprisingly, the period immediately following 911, did not accelerate business continuity, disaster recovery, or proactive planning as expected. Business Continuity and Disaster Recovery planners continued to struggle upstream against corporate apathy, lack of executive support, and perhaps, even shock. Realizing an opportunity existed in ad-hoc point solutions and hardware sales, many organizations moved into the BC/DR space offering easy fxes for a fearful world. Storage Area Networks, Virtualized Hardware Abstraction, and Business Continuity and Disaster Recovery planning software products abounded, and through 2007 these products continued to act as disruptive one-time solutions to long range corporate Business Continuity and Disaster Recovery challenges. Promised return on investments (ROI) and the major failure at 365 Mains primary colocation facility highlighted the lack of comprehensive Business Continuity and Disaster Recovery capabilities at even the most hardened facilities, and customers realized, simultaneously with the Business Continuity and Disaster Recovery market, that more had to be done. Sept. 11, 2001 2006 Through 2007 P.25 Read Cloud Computing The Turning Point: Back to the FutureThe Trend Toward Optimized Business Continuity and Disaster Recovery Today, customers are turning back to the roots of Business Continuity and Disaster Recovery and looking to use scenario planning, business intelligence and strong Business Continuity and Disaster Recovery as value multipliers. In a simple way, Business Continuity and Disaster Recovery is becoming more important to customers than ever as they look to gain an edge in the competitive landscape. Many customers realize that advanced technologies that assist the IT organization in delivering rapidly scalable resources (Virtualization, SANs, etc.) require advanced process methodologies to ensure that the alignment between the business and IT is stronger than ever. Today Tomorrow Tomorrow: The Future of Business Continuity and Disaster Recovery: Tomorrow, as gen X and Y move into managing and decision making roles in the private and public secors, Business Continuity and Disaster Recovery will be more holistic, more visual, and more socially consious than ever. P.92 Read Losing Your Cool Re:Think... the industry. Understand where the industry has been and where the industry is now in order to make informed decisions to improve our approach. Contact Kevin Burton kevin@thinkbam.com 480.239.9724 Angela McGee angela@thinkbam.com 480.239.5647