SlideShare una empresa de Scribd logo

Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011

Citrix Online
Citrix Online

“Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011” Key Findings: • Improving business continuity and disaster recovery (BC/DR) capabilities is the No. 1 priority for SMBs and the second highest priority for enterprises for the next 12 months • IT plans to spend at least 5% more on BC/DR in the next 12 months (only 11% of enterprises and 8% of SMBs plan to decrease spending on BC/DR) • BC/DR represents between 6% and 7% of the IT budget

1 de 8
Descargar para leer sin conexión
For Security & Risk Professionals September 2, 2010 Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011 Six Percent Of IT Operating And Capital Budgets Goes To BC/DR by stephanie Balaouras with Chris McClean, Laura Koetzle, and Lindsey Coit ExECUT I v E S U M MA Ry According to Forrester’s recent survey of 2,803 IT decision-makers, improving their business continuity and disaster recovery (BC/DR) capabilities is the No. 1 priority for SMBs and the second highest priority for enterprises for the next 12 months. The scope of BC/DR programs is growing also; mature BC/DR programs address all sources of downtime — including mundane power outages and weather-related disruptions, not just rare, catastrophic disasters. Security and risk professionals should take advantage of this increased visibility as the economic recovery slowly thaws IT budgets to improve the BC/DR’s organizational and process maturity for the long term. awareness and increased regulation drive Bc/dr prioritization Historically, it has been difficult to build the business case for BC/DR spending because senior executives viewed it as an expensive insurance policy for risks for which no one had determined the probability or accurately assessed the impact. When security and risk professionals tried to highlight certain threats to the business, the common response from senior executives was, “I know there’s a risk of XYZ event, but it hasn’t happened yet.” Thankfully, this misperception of BC/DR spending is finally changing because: · We can better identify, measure, and quantify risk. Security and risk organizations have become much better at using formal methods for identifying risks, measuring their probability, and quantifying their impact. They’re also much better at incorporating business leaders into their formal risk measurement processes. A survey of 345 Disaster Recovery Journal subscribers found that 65% of business continuity management (BCM) teams work with the business to determine the impact of risks.1 And the benefit of this approach is clear: It’s much more likely that a CIO or other executive will approve budget for a BC/DR upgrade if you can explain that in the next five years there is a 20% probability that a severe winter storm will knock out power to the data center and cost $500,000 in lost revenue and employee productivity. · We have a better understanding of the economic impact of disasters and events. According to the Centre for Research on the Epidemiology of Disasters (CRED), between 2000 and 2008, the average number of disasters per year was 392, and the average annual economic damage was $102.6 billion worldwide. In 2009, there were 335 disasters and economic damages of $41.3 billion. The US suffered the worst economic impact in 2009 ($10.8 billion), followed by China ($5.2 billion) and France ($3.2 billion).2 The number of disasters doesn’t necessarily increase each year (it seems to be holding steady), but the attention that government agencies, nonprofit Headquarters Forrester Research, Inc., 400 Technology Square, Cambridge, MA 02139 USA Tel: +1 617.613.6000 • Fax: +1 617.613.5000 • www.forrester.com
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011 2 For Security & Risk Professionals organizations, media organizations, and other outlets pay to disasters does. Awful though they are, high-profile catastrophic events can have one positive outcome: They can inspire senior executives to action. · We must deal with a bevy of government and industry regulations related to BC/DR. Post- 9/11, there have been at least 22 worldwide government or industry regulations and standards to address BC/DR in some shape or form.3 On June 15, 2010, the US Department of Homeland Security (DHS) announced the adoption of the final standards for the Voluntary Private Sector Preparedness Accreditation and Certification Program. Title IX of the Implementing Recommendations of the 9/11 Commission Act of 2007 mandated the creation of the program.4 The final standards are the National Fire Protection Association 1600, British Standard 25999, and ASIS SPC.1-2009.5 Although the program is voluntary, Forrester believes that with the adoption of these three recognized industry standards, more US private-sector companies are likely to certify when certification becomes available. There are three types of organizations that are more likely to certify: 1) organizations that must prove preparedness to major customers or partners; 2) organizations that must frequently comply with audits of their BC/DR program; and 3) organizations that believe it provides a competitive advantage in the market.6 · We have to answer to our partners and customers about our preparedness. Since 2008, security and risk organizations have had to respond to an increasing number of BC/DR preparedness audit requests. According to the Forrester/Disaster Recovery Journal Crisis, Risk, And Business Continuity Management Survey, Q4 2008, almost 80% of respondents tell us that their firms have had to provide proof of BC readiness to at least one — but sometimes more — external parties in the past 12 months.7 · We have less and less tolerance for downtime and data loss. Today, business process owners and managers won’t accept downtime and data loss that lose revenue, reduce employee productivity, or damage the company’s reputation. As a result, BC/DR teams across all industries and company sizes must provide recovery times measured not in hours and days but in minutes and hours. In addition, process owners no longer care about the source of downtime — it doesn’t matter if it’s a power outage, distributed denial of services (DDoS) attack, disk drive failure, hurricane, or pandemic — they want business processes and the IT systems they rely on up and running at all times. In response to these drivers, BC/DR is one of the top IT priorities for the next 12 months (see Figure 1). September 2, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011 3 For Security & Risk Professionals Figure 1 Top Technology Priorities Over The Next 12 Months “Which of the following initiatives are likely to be your IT organization’s top technology priorities over the next 12 months?” Consolidate IT infrastructure Significantly upgrade disaster recovery and business continuity capabilities Significantly upgrade our security environment Expand use of mobility technologies for employees and customers Implement or expand use of videoconferencing, video analysis, and other video technologies Redesign/redeploy IT architecture (e.g., implementing a services-oriented architecture) Pursue strategy of embracing cloud infrastructure services (virtual servers or software platforms at service providers) Implement or expand use of collaboration capabilities (video, unified communications) Pursue/implement cloud computing strategy SMB Enterprise Pursue strategy of embracing software-as-a-service offerings Support Web 2.0 technologies like blogs, wikis, Twitter, and social networking tools Pursue outsourcing or offshoring 0% 10% 20% 30% 40% 50% 60% 70% 80% Base: 1,228 SMB budget decision-makers and 1,575 enterprise budget decision-makers Source: Global IT Budgets, Priorities, And Emerging Technology Tracking Survey, Q2 2010 57818 Source: Forrester Research, Inc. September 2, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011 4 For Security & Risk Professionals it plans to spend at least 5% More on Bc/dr in the next 12 Months Not only is BC/DR a top priority but it is also earning a larger share of financial investment in both SMB and enterprise organizations: · Most organizations plan to maintain or increase spending on BC/DR. According to our survey, 32% of enterprises and 36% of SMBs plan to increase spending on BC/DR by at least 5%. Only 11% of enterprises and 8% of SMBs plan to decrease spending on BC/DR (see Figure 2-1). · BC/DR represents between 6% and 7% of the IT budget. As a percentage of overall operating and capital budgets, BC/DR spending still falls short of other IT functions such as security at an average of 6% among enterprises and 7% for SMBs (see Figure 2-2). However, considering the level of priority and increased investment, BC/DR can confidently consider itself among the critical elements of a comprehensive IT program. September 2, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011 5 For Security & Risk Professionals Figure 2 Business Continuity Spending 2-1 Spending increases on business continuity “How do you expect your spending on business continuity and disaster recovery to change in 2010?” Decrease more than 10% 2% 2% Decrease 5% to 10% 6% 9% About the same 54% 55% Increase 5% to 10% 30% 25% SMB 6% Enterprise Increase more than 10% 7% Don’t know 2% 2% Base: 1,228 SMB budget decision-makers and 1,575 enterprise budget decision-makers 2-2 IT budget breakdown “In 2010, how much of your IT operation and capital budget will go to the following IT functional activities?” SMB Enterprise IT management (CIO or equivalent and direct 9.5% 8.3% reports) Research and development of emerging technologies 5.3% 4.4% Business continuity and disaster recovery 7.0% 6.0% Security 8.2% 7.3% Application development, customization, and 13.7% 15.0% implementation Application maintenance 11.8% 13.9% Information management and storage 10.1% 9.9% Server and mainframe operations 12.6% 13.1% Desktop operations 11.0% 11.0% Network operations 10.9% 11.0% Base: 1,036 SMB budget decision-makers and 1,183 enterprise budget decision-makers Source: Global IT Budgets, Priorities, And Emerging Technology Tracking Survey, Q2 2010 Note: Mean numbers provided. Percentages may not add up to 100% due to rounding. 57818 Source: Forrester Research, Inc. September 2, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011 6 For Security & Risk Professionals R e C O M M e N D AT I O N S never let a crisis go to waste Ideally, we should make investment decisions based on rational, objective risk assessments, but unfortunately, all security and risk pros know that’s not always how it works. Headline-grabbing catastrophes, pandemics, and security breaches get the attention of senior executives. Impending regulation or the knowledge that they significantly lag behind their industry peers in spending or best practices also gets their attention. Use industry examples to gauge your BC/DR preparedness level, even running scenarios to see how your organization might have handled similar situations. As you start planning your 2011 budget, you should: · aim for Bc/dr to claim between 6% and 7% of your overall it budget. Aside from dedicated staff (usually continuity analysts and managers), software (such as BC planning and automated notification software), and any outsourced BC/DR services, it’s often very difficult to know exactly how much you spend on BC/DR. You can usually find BC/DR costs built into — and therefore, hidden among — budgets for data center facilities, servers, storage, networking, and telecommunications. you may spend more or less depending on your recovery objectives. For example, if you are in a financial services firm and your executives demand zero downtime and zero data loss, you could spend more. If you are a manufacturing firm and your executives are comfortable with a 48-hour recovery with a few hours of data loss, you could spend a little less. · if you are a us organization, select one of the three dHs standards as your Bc framework. Given that the DHS has adopted three standards to support the voluntary certification program, you should select one of these standards as the framework for your own BC management program. While your organization might not have any plans to voluntarily certify today, that could change in the future. In case you do change your mind, it’s best to have already adopted one of the three standards. Adoption doesn’t mean that you have to go through any certification process. It just means that you use the standard as a model or a framework for your BC management program. suppleMental Material Methodology Forrester’s Global IT Budgets, Priorities, And Emerging Technology Tracking Survey, Q2 2010, was fielded to 2,803 IT executives and technology decision-makers located in Australia/New Zealand, Brazil, Canada, China/Hong Kong, France, Germany, India, Japan, Mexico, Russia, the UK, and the US from SMB and enterprise companies with 100 or more employees. This survey is part of Forrester’s suite of Business Data Services studies. Forrester fielded the survey from March 2010 to May 2010. LinkedIn Research Network fielded this survey online on behalf of Forrester. Survey respondent incentives included gift certificates and research summaries. We have provided exact sample sizes in this report on a question-by-question basis. September 2, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011 7 For Security & Risk Professionals Forrester’s Business Data Services fields eight business-to-business technology studies in 19 countries each calendar year. For quality control, we carefully screen respondents according to job title and function. Business Data Services ensures that the final survey population contains only those with significant involvement in the planning, funding, and purchasing of IT products and services. Additionally, quotas are set for company size (number of employees) and industry as a means of controlling the data distribution and establishing alignment with IT spend calculated by Forrester analysts. In addition to sampling error, one should bear in mind that the practical difficulties in conducting surveys can introduce error or bias into the findings of opinion polls. Other possible sources of error in polls are probably more serious than theoretical calculations of sampling error. These other potential sources of error include question wording, question ordering, and nonresponse. As with all survey research, it is impossible to quantify the errors that may result from these factors without an experimental control group, so we strongly caution against using the words “margin of error” in reporting any survey data. These statements conform to the principles of disclosure of the National Council on Public Polls. We have illustrated only a portion of survey results in this document. For access to the full data results, please contact bds@forrester.com. endnotes 1 Business continuity is an essential element of enterprise risk management (ERM), although organizationally, the two disciplines are not often connected directly. In a survey of 345 Disaster Recovery Journal subscribers, Forrester found that only 15.5% of business continuity teams reported directly to the risk management function, even though nearly 40% of respondents noted that the two functions work closely together. Upon further analysis, business continuity teams frequently use risk management techniques to prioritize their efforts, and they work closely with the business to understand risk impacts. See the April 30, 2010, “Strengthening The Relationship Between Risk Management And Business Continuity” report. 2 Source: Femke Vos, Jose Rodriguez, et al., Annual Disaster Statistical Review 2009, CRED, 2010 (http://cred. be/sites/default/files/ADSR_2009.pdf). 3 Some examples include Sarbanes-Oxley Act of 2002, HIPAA Final Security Rule, FFIEC BCP Handbook, NASD Rule 3510, NERC Security Guidelines, FERC Security Standards, NAIC Standard on BCP, NIST Contingency Planning Guide, FRB-OCC-SEC Guidelines for Strengthening the Resilience of US Financial System, NYSE Rule 446, Australia Standards BCM Handbook, and the UK Civil Contingencies Act. 4 Source: Federal Emergency Management Agency (FEMA) Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep) Resource Center (http://www.fema.gov/privatesector/ preparedness/#1). September 2, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011 8 For Security & Risk Professionals 5 National Fire Protection Association (NFPA) publishes NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs (http://www.nfpa.org/aboutthecodes/AboutTheCodes. asp?DocNum=1600). The British Standards Institution (BSI) publishes BS 25999 Business Continuity (http://www.bsigroup.com/en/Assessment-and-certification-services/management-systems/Standards- and-Schemes/BS-25999). ASIS International publishes ANSI/ASIS SPC.1-2009 Security, Preparedness, and Continuity Management Systems — Requirements with Guidance for Use Standard (http://www.asisonline. org/guidelines/or.xml). 6 Vodafone UK already had a solid approach to business continuity preparedness and ongoing management, but the company wanted to assess itself relative to industry best practices as well as determine a way it could more quickly comply with requests from customers and regulatory authorities for proof of preparedness. Vodafone UK decided to certify to the new British Standards Institution’s certification for business continuity management, BS 25999. See the October 8, 2008, “Case Study: Vodafone UK Uses Business Continuity As A Competitive Advantage” report. 7 In our Forrester/Disaster Recovery Journal Crisis, Risk, And Business Continuity Management Survey, Q4 2008, we found that businesses are taking the time to complete each phase and regularly update BIAs, RAs, and plans. This is due in part to the increasing priority that businesses place on BC readiness, but it’s also due to the increasing scrutiny businesses are under from both internal auditors and external parties such as regulatory bodies, strategic partners, and even customers. For more information, see the February 26, 2009, “Businesses Take BC Planning More Seriously” report. Forrester Research, Inc. (Nasdaq: FORR) is an independent research company that provides pragmatic and forward-thinking advice to global leaders in business and technology. Forrester works with professionals in 19 key roles at major companies providing proprietary research, customer insight, consulting, events, and peer-to-peer executive programs. For more than 27 years, Forrester has been making IT, marketing, and technology industry leaders successful every day. For more information, visit www.forrester.com. © 2010, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, RoleView, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. To purchase reprints of this document, please email clientsupport@forrester.com. For additional information, go to www.forrester.com. 57818

Recomendados

The TOP 10 tech trends of 2011
The TOP 10 tech trends of 2011The TOP 10 tech trends of 2011
The TOP 10 tech trends of 2011
dvasilyev
 
Effective Communications in Business Continuity Planning
Effective Communications in Business Continuity PlanningEffective Communications in Business Continuity Planning
Effective Communications in Business Continuity Planning
Cloudnition Web Development & Online Marketing
 
Metrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in CommunicationMetrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in Communication
Chris Ross
 
Right size enterprise disaster recovery plans
Right size enterprise disaster recovery plansRight size enterprise disaster recovery plans
Right size enterprise disaster recovery plans
Info-Tech Research Group
 
Will You Be Prepared When The Next Disaster Strikes - Whitepaper
Will You Be Prepared When The Next Disaster Strikes - WhitepaperWill You Be Prepared When The Next Disaster Strikes - Whitepaper
Will You Be Prepared When The Next Disaster Strikes - Whitepaper
Christian Caracciolo
 
Consumer tech invasion
Consumer tech invasionConsumer tech invasion
Consumer tech invasion
Info-Tech Research Group
 
Business Risk: Effective Technology Protecting Your Business
Business Risk: Effective Technology Protecting Your BusinessBusiness Risk: Effective Technology Protecting Your Business
Business Risk: Effective Technology Protecting Your Business
at MicroFocus Italy ❖✔
 
Empowering Defense Enterprise Mobility
Empowering Defense Enterprise MobilityEmpowering Defense Enterprise Mobility
Empowering Defense Enterprise Mobility
Gov BizCouncil
 

Recomendados

The TOP 10 tech trends of 2011
The TOP 10 tech trends of 2011The TOP 10 tech trends of 2011
The TOP 10 tech trends of 2011
dvasilyev
 
Effective Communications in Business Continuity Planning
Effective Communications in Business Continuity PlanningEffective Communications in Business Continuity Planning
Effective Communications in Business Continuity Planning
Cloudnition Web Development & Online Marketing
 
Metrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in CommunicationMetrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in Communication
Chris Ross
 
Right size enterprise disaster recovery plans
Right size enterprise disaster recovery plansRight size enterprise disaster recovery plans
Right size enterprise disaster recovery plans
Info-Tech Research Group
 
Will You Be Prepared When The Next Disaster Strikes - Whitepaper
Will You Be Prepared When The Next Disaster Strikes - WhitepaperWill You Be Prepared When The Next Disaster Strikes - Whitepaper
Will You Be Prepared When The Next Disaster Strikes - Whitepaper
Christian Caracciolo
 
Consumer tech invasion
Consumer tech invasionConsumer tech invasion
Consumer tech invasion
Info-Tech Research Group
 
Business Risk: Effective Technology Protecting Your Business
Business Risk: Effective Technology Protecting Your BusinessBusiness Risk: Effective Technology Protecting Your Business
Business Risk: Effective Technology Protecting Your Business
at MicroFocus Italy ❖✔
 
Empowering Defense Enterprise Mobility
Empowering Defense Enterprise MobilityEmpowering Defense Enterprise Mobility
Empowering Defense Enterprise Mobility
Gov BizCouncil
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
GFI Software
 
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Energy Network marcus evans
 
Disaster recovery white_paper
Disaster recovery white_paperDisaster recovery white_paper
Disaster recovery white_paper
CMR WORLD TECH
 
PwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO ReprintPwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO Reprint
Kim Jensen
 
Developing Enterprise Cyber Situational Awareness
Developing Enterprise Cyber Situational AwarenessDeveloping Enterprise Cyber Situational Awareness
Developing Enterprise Cyber Situational Awareness
IJMIT JOURNAL
 
Websense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityWebsense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile security
arms8586
 
2012 security services clientprex
2012 security services clientprex2012 security services clientprex
2012 security services clientprex
Kim Aarenstrup
 
Hybrid Technology
Hybrid TechnologyHybrid Technology
Hybrid Technology
GFI Software
 
Disaster Recovery - Deep Dive
Disaster Recovery - Deep DiveDisaster Recovery - Deep Dive
Disaster Recovery - Deep Dive
Envision Technology Advisors
 
Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438
Erik Ginalick
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of Bloatware
GFI Software
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
 
Idc cost complexitycompliance
Idc cost complexitycomplianceIdc cost complexitycompliance
Idc cost complexitycompliance
ReadWrite
 
Business Continuity Getting Started
Business Continuity Getting StartedBusiness Continuity Getting Started
Business Continuity Getting Started
mxp5714
 
Cloud Computing Disaster Readiness Report
Cloud Computing Disaster Readiness ReportCloud Computing Disaster Readiness Report
Cloud Computing Disaster Readiness Report
Gandhi Legacy Tour
 
A Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityA Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise Security
Juniper Networks
 
MTW03011USEN.PDF
MTW03011USEN.PDFMTW03011USEN.PDF
MTW03011USEN.PDF
Marisol Rawlins
 
Transforming the Public Sector Affordably in the Cloud
Transforming the Public Sector Affordably in the CloudTransforming the Public Sector Affordably in the Cloud
Transforming the Public Sector Affordably in the Cloud
Capgemini
 
The Nuts and Bolts of Disaster Recovery
The Nuts and Bolts of Disaster RecoveryThe Nuts and Bolts of Disaster Recovery
The Nuts and Bolts of Disaster Recovery
InnoTech
 
Whitepaper : ESG Whitepaper: Backup and Recovery of Large Scale VMware Enviro...
Whitepaper : ESG Whitepaper: Backup and Recovery of Large Scale VMware Enviro...Whitepaper : ESG Whitepaper: Backup and Recovery of Large Scale VMware Enviro...
Whitepaper : ESG Whitepaper: Backup and Recovery of Large Scale VMware Enviro...
EMC
 
Srdf overview latency_v.5
Srdf overview latency_v.5Srdf overview latency_v.5
Srdf overview latency_v.5
jas3399
 
Micro Datacenters Venema Advies Nigeria Limited
Micro Datacenters Venema Advies Nigeria LimitedMicro Datacenters Venema Advies Nigeria Limited
Micro Datacenters Venema Advies Nigeria Limited
Dick Venema
 

Más contenido relacionado

La actualidad más candente

Developing Enterprise Cyber Situational Awareness
Developing Enterprise Cyber Situational AwarenessDeveloping Enterprise Cyber Situational Awareness
Developing Enterprise Cyber Situational Awareness
IJMIT JOURNAL
 
Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438
Erik Ginalick
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
 
Idc cost complexitycompliance
Idc cost complexitycomplianceIdc cost complexitycompliance
Idc cost complexitycompliance
ReadWrite
 
Business Continuity Getting Started
Business Continuity Getting StartedBusiness Continuity Getting Started
Business Continuity Getting Started
mxp5714
 
A Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityA Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise Security
Juniper Networks
 

La actualidad más candente (20)

When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
 
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
 
Disaster recovery white_paper
Disaster recovery white_paperDisaster recovery white_paper
Disaster recovery white_paper
 
PwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO ReprintPwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO Reprint
 
Developing Enterprise Cyber Situational Awareness
Developing Enterprise Cyber Situational AwarenessDeveloping Enterprise Cyber Situational Awareness
Developing Enterprise Cyber Situational Awareness
 
Websense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityWebsense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile security
 
2012 security services clientprex
2012 security services clientprex2012 security services clientprex
2012 security services clientprex
 
Hybrid Technology
Hybrid TechnologyHybrid Technology
Hybrid Technology
 
Disaster Recovery - Deep Dive
Disaster Recovery - Deep DiveDisaster Recovery - Deep Dive
Disaster Recovery - Deep Dive
 
Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438Planning For Disaster And Everyday Threats Wp111438
Planning For Disaster And Everyday Threats Wp111438
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of Bloatware
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
 
Idc cost complexitycompliance
Idc cost complexitycomplianceIdc cost complexitycompliance
Idc cost complexitycompliance
 
Business Continuity Getting Started
Business Continuity Getting StartedBusiness Continuity Getting Started
Business Continuity Getting Started
 
Cloud Computing Disaster Readiness Report
Cloud Computing Disaster Readiness ReportCloud Computing Disaster Readiness Report
Cloud Computing Disaster Readiness Report
 
A Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityA Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise Security
 
MTW03011USEN.PDF
MTW03011USEN.PDFMTW03011USEN.PDF
MTW03011USEN.PDF
 
Transforming the Public Sector Affordably in the Cloud
Transforming the Public Sector Affordably in the CloudTransforming the Public Sector Affordably in the Cloud
Transforming the Public Sector Affordably in the Cloud
 
The Nuts and Bolts of Disaster Recovery
The Nuts and Bolts of Disaster RecoveryThe Nuts and Bolts of Disaster Recovery
The Nuts and Bolts of Disaster Recovery
 
Whitepaper : ESG Whitepaper: Backup and Recovery of Large Scale VMware Enviro...
Whitepaper : ESG Whitepaper: Backup and Recovery of Large Scale VMware Enviro...Whitepaper : ESG Whitepaper: Backup and Recovery of Large Scale VMware Enviro...
Whitepaper : ESG Whitepaper: Backup and Recovery of Large Scale VMware Enviro...
 

Destacado

Srdf overview latency_v.5
Srdf overview latency_v.5Srdf overview latency_v.5
Srdf overview latency_v.5
jas3399
 
White Paper on Disaster Recovery in Geographically dispersed cross site virtu...
White Paper on Disaster Recovery in Geographically dispersed cross site virtu...White Paper on Disaster Recovery in Geographically dispersed cross site virtu...
White Paper on Disaster Recovery in Geographically dispersed cross site virtu...
EMC Forum India
 
Best Practices from EMC: Ingest High Availability Performance, Trust and Effi...
Best Practices from EMC: Ingest High Availability Performance, Trust and Effi...Best Practices from EMC: Ingest High Availability Performance, Trust and Effi...
Best Practices from EMC: Ingest High Availability Performance, Trust and Effi...
EMC Forum India
 
Elvis In The Movies Original Recordings Remastered
Elvis In The Movies Original Recordings RemasteredElvis In The Movies Original Recordings Remastered
Elvis In The Movies Original Recordings Remastered
Elvis Presley Blues
 
ScienceDirect_undergrad_sc
ScienceDirect_undergrad_scScienceDirect_undergrad_sc
ScienceDirect_undergrad_sc
Gritiga Soothorn
 
1 konsep-dasar-akuntansi2
1 konsep-dasar-akuntansi21 konsep-dasar-akuntansi2
1 konsep-dasar-akuntansi2
dwe3m3
 

Destacado (20)

Srdf overview latency_v.5
Srdf overview latency_v.5Srdf overview latency_v.5
Srdf overview latency_v.5
 
Micro Datacenters Venema Advies Nigeria Limited
Micro Datacenters Venema Advies Nigeria LimitedMicro Datacenters Venema Advies Nigeria Limited
Micro Datacenters Venema Advies Nigeria Limited
 
White Paper on Disaster Recovery in Geographically dispersed cross site virtu...
White Paper on Disaster Recovery in Geographically dispersed cross site virtu...White Paper on Disaster Recovery in Geographically dispersed cross site virtu...
White Paper on Disaster Recovery in Geographically dispersed cross site virtu...
 
Best Practices from EMC: Ingest High Availability Performance, Trust and Effi...
Best Practices from EMC: Ingest High Availability Performance, Trust and Effi...Best Practices from EMC: Ingest High Availability Performance, Trust and Effi...
Best Practices from EMC: Ingest High Availability Performance, Trust and Effi...
 
Business Continuity Knowledge Share
Business Continuity Knowledge ShareBusiness Continuity Knowledge Share
Business Continuity Knowledge Share
 
Enterprise-Grade Disaster Recovery Without Breaking the Bank
Enterprise-Grade Disaster Recovery Without Breaking the BankEnterprise-Grade Disaster Recovery Without Breaking the Bank
Enterprise-Grade Disaster Recovery Without Breaking the Bank
 
Designing a Modern Disaster Recovery Environment
Designing a Modern Disaster Recovery EnvironmentDesigning a Modern Disaster Recovery Environment
Designing a Modern Disaster Recovery Environment
 
Replication for Business Continuity, Disaster Recovery and High Availability
Replication for Business Continuity, Disaster Recovery and High AvailabilityReplication for Business Continuity, Disaster Recovery and High Availability
Replication for Business Continuity, Disaster Recovery and High Availability
 
Enterprise grade disaster recovery without breaking the bank
Enterprise grade disaster recovery without breaking the bankEnterprise grade disaster recovery without breaking the bank
Enterprise grade disaster recovery without breaking the bank
 
El Leon Y La Hormiga
El Leon Y La HormigaEl Leon Y La Hormiga
El Leon Y La Hormiga
 
Elvis In The Movies Original Recordings Remastered
Elvis In The Movies Original Recordings RemasteredElvis In The Movies Original Recordings Remastered
Elvis In The Movies Original Recordings Remastered
 
Big Education File
Big Education FileBig Education File
Big Education File
 
Ss
SsSs
Ss
 
ScienceDirect_undergrad_sc
ScienceDirect_undergrad_scScienceDirect_undergrad_sc
ScienceDirect_undergrad_sc
 
PréSentation Axir
PréSentation AxirPréSentation Axir
PréSentation Axir
 
Williams 2007 Mandala Significance In Magindanawn Society
Williams 2007 Mandala Significance In Magindanawn SocietyWilliams 2007 Mandala Significance In Magindanawn Society
Williams 2007 Mandala Significance In Magindanawn Society
 
Directconnect200808 Help Jp
Directconnect200808 Help JpDirectconnect200808 Help Jp
Directconnect200808 Help Jp
 
Alcohol Non-Use at University of New Hampshire
Alcohol Non-Use at University of New HampshireAlcohol Non-Use at University of New Hampshire
Alcohol Non-Use at University of New Hampshire
 
1 konsep-dasar-akuntansi2
1 konsep-dasar-akuntansi21 konsep-dasar-akuntansi2
1 konsep-dasar-akuntansi2
 
Comenius Project
Comenius ProjectComenius Project
Comenius Project
 

Similar a Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011

Iaetsd design and implementation of secure cloud systems using
Iaetsd design and implementation of secure cloud systems usingIaetsd design and implementation of secure cloud systems using
Iaetsd design and implementation of secure cloud systems using
Iaetsd Iaetsd
 
PwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital ValuePwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital Value
Eileen Chan
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
PECB
 
ANZ SMS Synopsis
ANZ SMS SynopsisANZ SMS Synopsis
ANZ SMS Synopsis
patrikbzz
 
Pdf wp-emc-mozyenterprise-hybrid-cloud-backup
Pdf wp-emc-mozyenterprise-hybrid-cloud-backupPdf wp-emc-mozyenterprise-hybrid-cloud-backup
Pdf wp-emc-mozyenterprise-hybrid-cloud-backup
lverb
 
Disaster Recovery Deep Dive
Disaster Recovery Deep DiveDisaster Recovery Deep Dive
Disaster Recovery Deep Dive
Liberteks
 
Mak ing Leaders Successful Ever y DayFebruary 26, 2009 .docx
Mak ing Leaders Successful Ever y DayFebruary 26, 2009 .docxMak ing Leaders Successful Ever y DayFebruary 26, 2009 .docx
Mak ing Leaders Successful Ever y DayFebruary 26, 2009 .docx
infantsuk
 
Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011
subramanian K
 

Similar a Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011 (20)

BCI Counting The Cost
BCI Counting The CostBCI Counting The Cost
BCI Counting The Cost
 
An Introduction To ICT Continuity Based On BS 25777
An Introduction To ICT Continuity Based On BS 25777An Introduction To ICT Continuity Based On BS 25777
An Introduction To ICT Continuity Based On BS 25777
 
Whitepaper : Building a disaster ready infrastructure
Whitepaper : Building a disaster ready infrastructureWhitepaper : Building a disaster ready infrastructure
Whitepaper : Building a disaster ready infrastructure
 
Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...
 
Iaetsd design and implementation of secure cloud systems using
Iaetsd design and implementation of secure cloud systems usingIaetsd design and implementation of secure cloud systems using
Iaetsd design and implementation of secure cloud systems using
 
P r o t e c t i n g y o u r b u s i n e s s
P r o t e c t i n g y o u r b u s i n e s sP r o t e c t i n g y o u r b u s i n e s s
P r o t e c t i n g y o u r b u s i n e s s
 
PwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital ValuePwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital Value
 
Cii-PwC Cloud Summit Report 2016
Cii-PwC Cloud Summit Report 2016Cii-PwC Cloud Summit Report 2016
Cii-PwC Cloud Summit Report 2016
 
Webinar: CX up AND costs down?
Webinar: CX up AND costs down?Webinar: CX up AND costs down?
Webinar: CX up AND costs down?
 
Cybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lensCybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lens
 
Cybersecurity Improvement eBook
Cybersecurity Improvement eBookCybersecurity Improvement eBook
Cybersecurity Improvement eBook
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
 
ANZ SMS Synopsis
ANZ SMS SynopsisANZ SMS Synopsis
ANZ SMS Synopsis
 
Outsourcing for Profit: Make investment work
Outsourcing for Profit: Make investment workOutsourcing for Profit: Make investment work
Outsourcing for Profit: Make investment work
 
Pdf wp-emc-mozyenterprise-hybrid-cloud-backup
Pdf wp-emc-mozyenterprise-hybrid-cloud-backupPdf wp-emc-mozyenterprise-hybrid-cloud-backup
Pdf wp-emc-mozyenterprise-hybrid-cloud-backup
 
Cloud complexity: the need for resilience
Cloud complexity: the need for resilienceCloud complexity: the need for resilience
Cloud complexity: the need for resilience
 
Disaster Recovery Deep Dive
Disaster Recovery Deep DiveDisaster Recovery Deep Dive
Disaster Recovery Deep Dive
 
Mak ing Leaders Successful Ever y DayFebruary 26, 2009 .docx
Mak ing Leaders Successful Ever y DayFebruary 26, 2009 .docxMak ing Leaders Successful Ever y DayFebruary 26, 2009 .docx
Mak ing Leaders Successful Ever y DayFebruary 26, 2009 .docx
 
Iot viewpoints. Ovum explores the IoT opportunity in 2018 and beyond
Iot viewpoints. Ovum explores the IoT opportunity in 2018 and beyondIot viewpoints. Ovum explores the IoT opportunity in 2018 and beyond
Iot viewpoints. Ovum explores the IoT opportunity in 2018 and beyond
 
Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011
 

Más de Citrix Online

Más de Citrix Online (14)

How To Stay Covered in the Mobile Work Downpour
How To Stay Covered in the Mobile Work DownpourHow To Stay Covered in the Mobile Work Downpour
How To Stay Covered in the Mobile Work Downpour
 
Emergency Telecommuting Guide
Emergency Telecommuting GuideEmergency Telecommuting Guide
Emergency Telecommuting Guide
 
The Power of Virtual Collaboration in Project Management
The Power of Virtual Collaboration in Project ManagementThe Power of Virtual Collaboration in Project Management
The Power of Virtual Collaboration in Project Management
 
Leading Virtual Effectiveness: Four Strategies for Effective Communication
Leading Virtual Effectiveness: Four Strategies for Effective CommunicationLeading Virtual Effectiveness: Four Strategies for Effective Communication
Leading Virtual Effectiveness: Four Strategies for Effective Communication
 
Instantly Connecting Developers Across The Miles
Instantly Connecting Developers Across The MilesInstantly Connecting Developers Across The Miles
Instantly Connecting Developers Across The Miles
 
Connecting And Engaging Teams In A Distributed Workforce
Connecting And Engaging Teams In A Distributed WorkforceConnecting And Engaging Teams In A Distributed Workforce
Connecting And Engaging Teams In A Distributed Workforce
 
The Employee Point of View: The Economic Downturn
The Employee Point of View: The Economic DownturnThe Employee Point of View: The Economic Downturn
The Employee Point of View: The Economic Downturn
 
9 Management Practices for Exceptional Webinars
9 Management Practices for Exceptional Webinars9 Management Practices for Exceptional Webinars
9 Management Practices for Exceptional Webinars
 
What's Working in Small Business Marketing and Webinars
What's Working in Small Business Marketing and WebinarsWhat's Working in Small Business Marketing and Webinars
What's Working in Small Business Marketing and Webinars
 
Deer In The Headlights How To Create Content Without Blinking
Deer In The Headlights How To Create Content Without BlinkingDeer In The Headlights How To Create Content Without Blinking
Deer In The Headlights How To Create Content Without Blinking
 
Making the Most of Your Marketing Budget in 2010
Making the Most of Your Marketing Budget in 2010Making the Most of Your Marketing Budget in 2010
Making the Most of Your Marketing Budget in 2010
 
Actionable Strategies for Driving Sales and Increasing ROI
Actionable Strategies for Driving Sales and Increasing ROIActionable Strategies for Driving Sales and Increasing ROI
Actionable Strategies for Driving Sales and Increasing ROI
 
Driving Growth and Cutting Costs in 2010 with Online Collaboration
Driving Growth and Cutting Costs in 2010 with Online CollaborationDriving Growth and Cutting Costs in 2010 with Online Collaboration
Driving Growth and Cutting Costs in 2010 with Online Collaboration
 
Training Trends for 2010: How to Embrace the New Training Landscape
Training Trends for 2010: How to Embrace the New Training LandscapeTraining Trends for 2010: How to Embrace the New Training Landscape
Training Trends for 2010: How to Embrace the New Training Landscape
 

Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011

  • 1. For Security & Risk Professionals September 2, 2010 Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011 Six Percent Of IT Operating And Capital Budgets Goes To BC/DR by stephanie Balaouras with Chris McClean, Laura Koetzle, and Lindsey Coit ExECUT I v E S U M MA Ry According to Forrester’s recent survey of 2,803 IT decision-makers, improving their business continuity and disaster recovery (BC/DR) capabilities is the No. 1 priority for SMBs and the second highest priority for enterprises for the next 12 months. The scope of BC/DR programs is growing also; mature BC/DR programs address all sources of downtime — including mundane power outages and weather-related disruptions, not just rare, catastrophic disasters. Security and risk professionals should take advantage of this increased visibility as the economic recovery slowly thaws IT budgets to improve the BC/DR’s organizational and process maturity for the long term. awareness and increased regulation drive Bc/dr prioritization Historically, it has been difficult to build the business case for BC/DR spending because senior executives viewed it as an expensive insurance policy for risks for which no one had determined the probability or accurately assessed the impact. When security and risk professionals tried to highlight certain threats to the business, the common response from senior executives was, “I know there’s a risk of XYZ event, but it hasn’t happened yet.” Thankfully, this misperception of BC/DR spending is finally changing because: · We can better identify, measure, and quantify risk. Security and risk organizations have become much better at using formal methods for identifying risks, measuring their probability, and quantifying their impact. They’re also much better at incorporating business leaders into their formal risk measurement processes. A survey of 345 Disaster Recovery Journal subscribers found that 65% of business continuity management (BCM) teams work with the business to determine the impact of risks.1 And the benefit of this approach is clear: It’s much more likely that a CIO or other executive will approve budget for a BC/DR upgrade if you can explain that in the next five years there is a 20% probability that a severe winter storm will knock out power to the data center and cost $500,000 in lost revenue and employee productivity. · We have a better understanding of the economic impact of disasters and events. According to the Centre for Research on the Epidemiology of Disasters (CRED), between 2000 and 2008, the average number of disasters per year was 392, and the average annual economic damage was $102.6 billion worldwide. In 2009, there were 335 disasters and economic damages of $41.3 billion. The US suffered the worst economic impact in 2009 ($10.8 billion), followed by China ($5.2 billion) and France ($3.2 billion).2 The number of disasters doesn’t necessarily increase each year (it seems to be holding steady), but the attention that government agencies, nonprofit Headquarters Forrester Research, Inc., 400 Technology Square, Cambridge, MA 02139 USA Tel: +1 617.613.6000 • Fax: +1 617.613.5000 • www.forrester.com
  • 2. Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011 2 For Security & Risk Professionals organizations, media organizations, and other outlets pay to disasters does. Awful though they are, high-profile catastrophic events can have one positive outcome: They can inspire senior executives to action. · We must deal with a bevy of government and industry regulations related to BC/DR. Post- 9/11, there have been at least 22 worldwide government or industry regulations and standards to address BC/DR in some shape or form.3 On June 15, 2010, the US Department of Homeland Security (DHS) announced the adoption of the final standards for the Voluntary Private Sector Preparedness Accreditation and Certification Program. Title IX of the Implementing Recommendations of the 9/11 Commission Act of 2007 mandated the creation of the program.4 The final standards are the National Fire Protection Association 1600, British Standard 25999, and ASIS SPC.1-2009.5 Although the program is voluntary, Forrester believes that with the adoption of these three recognized industry standards, more US private-sector companies are likely to certify when certification becomes available. There are three types of organizations that are more likely to certify: 1) organizations that must prove preparedness to major customers or partners; 2) organizations that must frequently comply with audits of their BC/DR program; and 3) organizations that believe it provides a competitive advantage in the market.6 · We have to answer to our partners and customers about our preparedness. Since 2008, security and risk organizations have had to respond to an increasing number of BC/DR preparedness audit requests. According to the Forrester/Disaster Recovery Journal Crisis, Risk, And Business Continuity Management Survey, Q4 2008, almost 80% of respondents tell us that their firms have had to provide proof of BC readiness to at least one — but sometimes more — external parties in the past 12 months.7 · We have less and less tolerance for downtime and data loss. Today, business process owners and managers won’t accept downtime and data loss that lose revenue, reduce employee productivity, or damage the company’s reputation. As a result, BC/DR teams across all industries and company sizes must provide recovery times measured not in hours and days but in minutes and hours. In addition, process owners no longer care about the source of downtime — it doesn’t matter if it’s a power outage, distributed denial of services (DDoS) attack, disk drive failure, hurricane, or pandemic — they want business processes and the IT systems they rely on up and running at all times. In response to these drivers, BC/DR is one of the top IT priorities for the next 12 months (see Figure 1). September 2, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
  • 3. Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011 3 For Security & Risk Professionals Figure 1 Top Technology Priorities Over The Next 12 Months “Which of the following initiatives are likely to be your IT organization’s top technology priorities over the next 12 months?” Consolidate IT infrastructure Significantly upgrade disaster recovery and business continuity capabilities Significantly upgrade our security environment Expand use of mobility technologies for employees and customers Implement or expand use of videoconferencing, video analysis, and other video technologies Redesign/redeploy IT architecture (e.g., implementing a services-oriented architecture) Pursue strategy of embracing cloud infrastructure services (virtual servers or software platforms at service providers) Implement or expand use of collaboration capabilities (video, unified communications) Pursue/implement cloud computing strategy SMB Enterprise Pursue strategy of embracing software-as-a-service offerings Support Web 2.0 technologies like blogs, wikis, Twitter, and social networking tools Pursue outsourcing or offshoring 0% 10% 20% 30% 40% 50% 60% 70% 80% Base: 1,228 SMB budget decision-makers and 1,575 enterprise budget decision-makers Source: Global IT Budgets, Priorities, And Emerging Technology Tracking Survey, Q2 2010 57818 Source: Forrester Research, Inc. September 2, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
  • 4. Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011 4 For Security & Risk Professionals it plans to spend at least 5% More on Bc/dr in the next 12 Months Not only is BC/DR a top priority but it is also earning a larger share of financial investment in both SMB and enterprise organizations: · Most organizations plan to maintain or increase spending on BC/DR. According to our survey, 32% of enterprises and 36% of SMBs plan to increase spending on BC/DR by at least 5%. Only 11% of enterprises and 8% of SMBs plan to decrease spending on BC/DR (see Figure 2-1). · BC/DR represents between 6% and 7% of the IT budget. As a percentage of overall operating and capital budgets, BC/DR spending still falls short of other IT functions such as security at an average of 6% among enterprises and 7% for SMBs (see Figure 2-2). However, considering the level of priority and increased investment, BC/DR can confidently consider itself among the critical elements of a comprehensive IT program. September 2, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
  • 5. Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011 5 For Security & Risk Professionals Figure 2 Business Continuity Spending 2-1 Spending increases on business continuity “How do you expect your spending on business continuity and disaster recovery to change in 2010?” Decrease more than 10% 2% 2% Decrease 5% to 10% 6% 9% About the same 54% 55% Increase 5% to 10% 30% 25% SMB 6% Enterprise Increase more than 10% 7% Don’t know 2% 2% Base: 1,228 SMB budget decision-makers and 1,575 enterprise budget decision-makers 2-2 IT budget breakdown “In 2010, how much of your IT operation and capital budget will go to the following IT functional activities?” SMB Enterprise IT management (CIO or equivalent and direct 9.5% 8.3% reports) Research and development of emerging technologies 5.3% 4.4% Business continuity and disaster recovery 7.0% 6.0% Security 8.2% 7.3% Application development, customization, and 13.7% 15.0% implementation Application maintenance 11.8% 13.9% Information management and storage 10.1% 9.9% Server and mainframe operations 12.6% 13.1% Desktop operations 11.0% 11.0% Network operations 10.9% 11.0% Base: 1,036 SMB budget decision-makers and 1,183 enterprise budget decision-makers Source: Global IT Budgets, Priorities, And Emerging Technology Tracking Survey, Q2 2010 Note: Mean numbers provided. Percentages may not add up to 100% due to rounding. 57818 Source: Forrester Research, Inc. September 2, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
  • 6. Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011 6 For Security & Risk Professionals R e C O M M e N D AT I O N S never let a crisis go to waste Ideally, we should make investment decisions based on rational, objective risk assessments, but unfortunately, all security and risk pros know that’s not always how it works. Headline-grabbing catastrophes, pandemics, and security breaches get the attention of senior executives. Impending regulation or the knowledge that they significantly lag behind their industry peers in spending or best practices also gets their attention. Use industry examples to gauge your BC/DR preparedness level, even running scenarios to see how your organization might have handled similar situations. As you start planning your 2011 budget, you should: · aim for Bc/dr to claim between 6% and 7% of your overall it budget. Aside from dedicated staff (usually continuity analysts and managers), software (such as BC planning and automated notification software), and any outsourced BC/DR services, it’s often very difficult to know exactly how much you spend on BC/DR. You can usually find BC/DR costs built into — and therefore, hidden among — budgets for data center facilities, servers, storage, networking, and telecommunications. you may spend more or less depending on your recovery objectives. For example, if you are in a financial services firm and your executives demand zero downtime and zero data loss, you could spend more. If you are a manufacturing firm and your executives are comfortable with a 48-hour recovery with a few hours of data loss, you could spend a little less. · if you are a us organization, select one of the three dHs standards as your Bc framework. Given that the DHS has adopted three standards to support the voluntary certification program, you should select one of these standards as the framework for your own BC management program. While your organization might not have any plans to voluntarily certify today, that could change in the future. In case you do change your mind, it’s best to have already adopted one of the three standards. Adoption doesn’t mean that you have to go through any certification process. It just means that you use the standard as a model or a framework for your BC management program. suppleMental Material Methodology Forrester’s Global IT Budgets, Priorities, And Emerging Technology Tracking Survey, Q2 2010, was fielded to 2,803 IT executives and technology decision-makers located in Australia/New Zealand, Brazil, Canada, China/Hong Kong, France, Germany, India, Japan, Mexico, Russia, the UK, and the US from SMB and enterprise companies with 100 or more employees. This survey is part of Forrester’s suite of Business Data Services studies. Forrester fielded the survey from March 2010 to May 2010. LinkedIn Research Network fielded this survey online on behalf of Forrester. Survey respondent incentives included gift certificates and research summaries. We have provided exact sample sizes in this report on a question-by-question basis. September 2, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
  • 7. Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011 7 For Security & Risk Professionals Forrester’s Business Data Services fields eight business-to-business technology studies in 19 countries each calendar year. For quality control, we carefully screen respondents according to job title and function. Business Data Services ensures that the final survey population contains only those with significant involvement in the planning, funding, and purchasing of IT products and services. Additionally, quotas are set for company size (number of employees) and industry as a means of controlling the data distribution and establishing alignment with IT spend calculated by Forrester analysts. In addition to sampling error, one should bear in mind that the practical difficulties in conducting surveys can introduce error or bias into the findings of opinion polls. Other possible sources of error in polls are probably more serious than theoretical calculations of sampling error. These other potential sources of error include question wording, question ordering, and nonresponse. As with all survey research, it is impossible to quantify the errors that may result from these factors without an experimental control group, so we strongly caution against using the words “margin of error” in reporting any survey data. These statements conform to the principles of disclosure of the National Council on Public Polls. We have illustrated only a portion of survey results in this document. For access to the full data results, please contact bds@forrester.com. endnotes 1 Business continuity is an essential element of enterprise risk management (ERM), although organizationally, the two disciplines are not often connected directly. In a survey of 345 Disaster Recovery Journal subscribers, Forrester found that only 15.5% of business continuity teams reported directly to the risk management function, even though nearly 40% of respondents noted that the two functions work closely together. Upon further analysis, business continuity teams frequently use risk management techniques to prioritize their efforts, and they work closely with the business to understand risk impacts. See the April 30, 2010, “Strengthening The Relationship Between Risk Management And Business Continuity” report. 2 Source: Femke Vos, Jose Rodriguez, et al., Annual Disaster Statistical Review 2009, CRED, 2010 (http://cred. be/sites/default/files/ADSR_2009.pdf). 3 Some examples include Sarbanes-Oxley Act of 2002, HIPAA Final Security Rule, FFIEC BCP Handbook, NASD Rule 3510, NERC Security Guidelines, FERC Security Standards, NAIC Standard on BCP, NIST Contingency Planning Guide, FRB-OCC-SEC Guidelines for Strengthening the Resilience of US Financial System, NYSE Rule 446, Australia Standards BCM Handbook, and the UK Civil Contingencies Act. 4 Source: Federal Emergency Management Agency (FEMA) Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep) Resource Center (http://www.fema.gov/privatesector/ preparedness/#1). September 2, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
  • 8. Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And 2011 8 For Security & Risk Professionals 5 National Fire Protection Association (NFPA) publishes NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs (http://www.nfpa.org/aboutthecodes/AboutTheCodes. asp?DocNum=1600). The British Standards Institution (BSI) publishes BS 25999 Business Continuity (http://www.bsigroup.com/en/Assessment-and-certification-services/management-systems/Standards- and-Schemes/BS-25999). ASIS International publishes ANSI/ASIS SPC.1-2009 Security, Preparedness, and Continuity Management Systems — Requirements with Guidance for Use Standard (http://www.asisonline. org/guidelines/or.xml). 6 Vodafone UK already had a solid approach to business continuity preparedness and ongoing management, but the company wanted to assess itself relative to industry best practices as well as determine a way it could more quickly comply with requests from customers and regulatory authorities for proof of preparedness. Vodafone UK decided to certify to the new British Standards Institution’s certification for business continuity management, BS 25999. See the October 8, 2008, “Case Study: Vodafone UK Uses Business Continuity As A Competitive Advantage” report. 7 In our Forrester/Disaster Recovery Journal Crisis, Risk, And Business Continuity Management Survey, Q4 2008, we found that businesses are taking the time to complete each phase and regularly update BIAs, RAs, and plans. This is due in part to the increasing priority that businesses place on BC readiness, but it’s also due to the increasing scrutiny businesses are under from both internal auditors and external parties such as regulatory bodies, strategic partners, and even customers. For more information, see the February 26, 2009, “Businesses Take BC Planning More Seriously” report. Forrester Research, Inc. (Nasdaq: FORR) is an independent research company that provides pragmatic and forward-thinking advice to global leaders in business and technology. Forrester works with professionals in 19 key roles at major companies providing proprietary research, customer insight, consulting, events, and peer-to-peer executive programs. For more than 27 years, Forrester has been making IT, marketing, and technology industry leaders successful every day. For more information, visit www.forrester.com. © 2010, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, RoleView, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. To purchase reprints of this document, please email clientsupport@forrester.com. For additional information, go to www.forrester.com. 57818