Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 ITM 6.1: Managing The Risky Data Center Donald John ‘Jack’ Rich

Published byGertrude Atkins Modified over 8 years ago

Similar presentations

Presentation on theme: "1 ITM 6.1: Managing The Risky Data Center Donald John ‘Jack’ Rich"— Presentation transcript:

1 1 ITM 6.1: Managing The Risky Data Center Donald Byrnedbyrne@METRIX411.com John ‘Jack’ Pynejpyne@dcinvest.com Rich Bantarbanta@lifelinedatacenters.com Property of D Byrne. Copyright 2016 – All Rights Reserved

2 2 Data Center World – Certified Vendor Neutral Each presenter is required to certify that their presentation will be vendor-neutral. As an attendee you have a right to enforce this policy of having no sales pitch within a session by alerting the speaker if you feel the session is not being presented in a vendor neutral fashion. If the issue continues to be a problem, please alert Data Center World staff after the session is complete.

3 3 Property of D Byrne. Copyright 2016 – All Rights Reserved Managing The Risky Data Center A host of risks faces data center operators, whether they use colocation sites or internal facilities. This session will explore the risks threatening data center operators and provide a methodology for prioritizing hazard mitigation measures. Drawing on insights provided by international standards such as TIA 942, attendees will learn how to identify and assess risks, formulate responses, and manage the cost of proper preparedness. The result will be a more robust and resilient data center that offers the flexibility and up-time performance businesses demand.

4 4 Property of D Byrne. Copyright 2016 – All Rights Reserved Managing the Risky Data Center

5 5 Property of D Byrne. Copyright 2016 – All Rights Reserved Agenda and Panel Discussion Some definitions Risk management techniques Estimating costs Suggested strategy

6 6 Property of D Byrne. Copyright 2016 – All Rights Reserved Dealing with some confusing terms World’s largest language 20% larger than German Contribute many ‘loan words’ to other languages Complicates the development of international standards

7 7 Example: 62 entries for the word Threat 7

8 8 Hazards: Events that could pose a danger 8

9 9 Threats: Hazards that could impact you

10 10 Uncertainty Plays a Key Role in Risk ISO 31000: 2009 Risk Management – Principles and Guidelines Defines risk as: “the effect of uncertainty on events.” Much more comprehensive definition provided by Dr. Frank Knight in Risk, Uncertainty and Profit (1921) Knight’s work ties together estimable (measurable) doubt and consequences.

11 11 Intuitively We Understand the Difference

12 12 It all has to do with consequences

13 13 Measurable Doubt + Consequence

14 14 Risk Assessment Process Steps we take to control some element of risk

15 15 Risk Preparedness Steps we take to in an attempt to moderate or control some element of risk. These steps can impact risk in multiple ways

16 16 What is your risk appetite? Turning the DC into a competitive advantage

17 17 Risk Management and Control

18 18 A single step can mitigate multiple threats

19 19 Standards follow a well defined process Draws on ‘wisdom of the crowd’ if done correctly An open and inclusive process monitored by an oversight groups such as ANSI, UKAS, JIS, others Diverse set of reviewers significantly increases the value of comments and elimination of poor practices and potential errors Ensures a common and precisely understood set of terms and metrics Supports interoperability => better value

20 20

21 21 Foreseeable vs Unforeseeable Risks

22 22 Black Swans and now - Gray Swans Unforeseeable Events Unprecedented Events

23 23 Risk assessment process

24 24 Common Data Center Risks. Foreseeable or Not? Unlicensed software____ Home-grown code in critical path____ Single carriers/ utility providers (no diversity)____ No policy/guidance for controlling BYOD____ Rogue wireless access points____ Local purchasing leading to a lack of configuration control____ Inaccurate change management tracking____ Out-of-date documentation____ Changing compliance requirements with rules/standards/laws____ Unnoticed facility flaws (e.g., internal wooden frames)____ ‘Sandbox’ projects using actual client data for testing____ No data governance software ____ YesNo

25 25 Some key findings of the SANS Institute Survey add to the list of common risks Lack of dedicated compliance staff Labor intensive and error prone processes Mixed technologies and architectures Range of Platforms Operating Systems

26 26 With all these risks - where does one start?

27 27 Property of D Byrne. Copyright 2016 – All Rights Reserved Can standards help prioritize risk?

28 28 What Are Standards?

29 29 Property of D Byrne. Copyright 2016 – All Rights Reserved Examples of DC related Standards TIA-942 SS 507 ISO 27XXX ISO 14001 ISO 50001 BICSI 002 ISO 24762 Int’l Building Code ASHREA 9.9 NFPA 75 TIA 568 NIST 800 MIL-HNBK-217 CBEMA And many others

30 30 Property of D Byrne. Copyright 2016 – All Rights Reserved TIA 942 is structured around the T.E.A.M. concept T elecommunications and cabling E lectrical and power A rchitecture and facility M echanical and HVAC Allows a data center to rate itself along these 4 parameters – T 3 E 3 A 2 M 4 Other key areas also covered, e.g., fire suppression, security, operating policies

31 31 Property of D Byrne. Copyright 2016 – All Rights Reserved Value of this approach Provides a systematic ‘roadmap’ that covers all key areas and helps highlight vulnerabilities. Following the TEAM Model provides : Comprehensive review - complete coverage Well tested – based on 100+ yrs of experience Scalable – applies to any size site Accepted – has worldwide recognition Provides an ROI – established spending guidelines

32 32 There are studies that provide support 22% share price difference Over 3yrs – 33% to 40% Supply/demand chain asking about uptime guarantees and data breach protection Clients are asking about SLAs Today, a competitive advantage. Tomorrow, cost of business! The Impact on Shareholder Value Cumulative Abnormal Returns (%) i.e., change in market cap adjusted for market movement Trading Days After the Event 255075100125150175200225250 Effective Crisis Response Ineffective Crisis Responses After initial reflex (10 days), market begins to assess company’s response. Source: “The Impact of Catastrophes on Shareholder Value,” Rory F. Knight & Deborah J. Pretty, Templeton College, University of Oxford, p. 3.

33 33 Some other ways to justify risk control Competitive marketing advantage Offset the cost of downtime Seek support from other stakeholders Internal audit and compliance office Various line of business managers Perform a marginal cost-benefit analysis How much does a ‘9’ cost? Look to industry sources for case-study support

34 34 Property of D Byrne. Copyright 2016 – All Rights Reserved Conclusions Standard provide a creditable framework for identifying and prioritizing risks Several risk treatment strategies are available. Choosing one is tied to your risk appetite With some work, the cost of risk control can be justified in several ways

35 35 Property of D Byrne. Copyright 2016 – All Rights Reserved Hope we cleared up some confusion

36 36 Property of D Byrne. Copyright 2016 – All Rights Reserved Time for our panel discussion Jack Pyne – Data Center Invest Rich Banta – Lifeline Data Centers

37 37 Property of D Byrne. Copyright 2016 – All Rights Reserved Managing the Risky Data Center Closing Comments

38 38 Property of D Byrne. Copyright 2016 – All Rights Reserved 3 Key Things You Have Learned During this Session 1. The difference between risks, threats, and hazards. 2.How to evaluate the cost of increasing data center reliability. 3.How to accurately identify, estimate and mitigate the risks facing data centers.

39 39 Property of D Byrne. Copyright 2016 – All Rights Reserved Thank you. Donald Byrnedbyrne@METRIX411.com John ‘Jack’ Pynejpyne@dcinvest.com Rich Bantarbanta@lifelinedatacenters.com For More Information

Download ppt "1 ITM 6.1: Managing The Risky Data Center Donald John ‘Jack’ Rich"

Similar presentations

Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
Bring Your Own Device (BYOD) Understanding BYOD June 27, 2013 © 2013 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks.

Bring Your Own Device (BYOD) Understanding BYOD June 27, 2013 © 2013 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks.
Presentation for the Management Study of the Code Enforcement Process City of Little Rock, Arkansas August 3, 2006.

Presentation for the Management Study of the Code Enforcement Process City of Little Rock, Arkansas August 3, 2006.
Chapter 11 11-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
McGraw-Hill/Irwin © 2005 The McGraw-Hill Companies, Inc., All Rights Reserved. 1 CHAPTER 11 Strategic Control and Continuous Improvement.

McGraw-Hill/Irwin © 2005 The McGraw-Hill Companies, Inc., All Rights Reserved. 1 CHAPTER 11 Strategic Control and Continuous Improvement.
1 Risk Management at Progressive Insurance How we got started Getting corporate support Capital Management Examples of deliverables The value risk management.

1 Risk Management at Progressive Insurance How we got started Getting corporate support Capital Management Examples of deliverables The value risk management.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
1 Corporate Capabilities. Adayana was founded in 2001 to improve human capital performance Our clients come to Adayana to help improve their people’s.

1 Corporate Capabilities. Adayana was founded in 2001 to improve human capital performance Our clients come to Adayana to help improve their people’s.
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
MODELING CORPORATE RISK AT FORD Freeman Wood Director Global Risk Management.

MODELING CORPORATE RISK AT FORD Freeman Wood Director Global Risk Management.
Crisis Management in Organizations

Crisis Management in Organizations
Date: 03/05/2007 Vendor Management and Metrics. 2 A.T. Kearney X/mm.yyyy/00000 AT Kearney’s IT/Telecom Vendor Facts IT/Telecom service, software and equipment.

Date: 03/05/2007 Vendor Management and Metrics. 2 A.T. Kearney X/mm.yyyy/00000 AT Kearney’s IT/Telecom Vendor Facts IT/Telecom service, software and equipment.
By Saurabh Sardesai www.starvaluemodel.com October 2014.

By Saurabh Sardesai October 2014.
Vulnerability Assessments

Vulnerability Assessments
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.

Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.
Don Cole Risk Assessment and Mitigation Project Management for ARA Engineers and Scientists.

Don Cole Risk Assessment and Mitigation Project Management for ARA Engineers and Scientists.
1 Analysys Mason undertook an international programme of customer satisfaction research for a telecoms billing system vendor  A billing systems vendor.

1 Analysys Mason undertook an international programme of customer satisfaction research for a telecoms billing system vendor  A billing systems vendor.
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.

1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.

Similar presentations

Ads by Google