1 RSA Business Resiliency Management Preparing for the Inevitable RSA Security Summit, Paris, France May 20, 2014 David Walter General Manager, GRC EMEA
2 Where is Business Continuity Today? Most companies have business continuity and IT disaster recovery programs, but are they positioned to keep up with changes constantly affecting the organization? Complexity Frequency Cost Damage
3 The Impending Disaster? We believe organizations today face inevitable and almost constant disruptions but are not prepared to deal with the variety, speed or impact of events. Growing number of man-made and natural disasters Regulations with BCM requirements are multiplying 24/7 service delivery requirements Domino effect from globalization and highly complex supply chains More complex and frequent disruptive events lead to a need for better crisis management Operational incidents IT disruptions Security breaches How Prepared is the Organization?
4 The New World of Business Resiliency The magnitude and impact of today s disruptions are driving businesses to realize that business recovery is not enough. We must build resiliency into the way business is done - through business priority, end-to-end approaches and on collaboration
5 We Need to Change our Approach To be prepared now for the inevitable and develop a strategy for resiliency. Business Continuity IT Crisis Management Business Operations Collaborative and Prepared Independent and Reactive
6 Intelligent Resilience We provide solutions that turn disruptions into intelligent information that drives priority, results and progress towards resiliency Noise Action
7 Intelligent Resilience We provide solutions that turn disruptions into intelligent information that drives priority, results and progress towards resiliency Visibility Analysis Action Metrics Visibility + Analysis = Priority Priority + Action = Results Results + Metrics = Progress
8 Business Resiliency Management Not a single answer but rather a solution leveraging people, process, and technology as a force multiplier. Enables organizations to: establish business context for resiliency Business Operations prepare for IT and business disruptions catalog and resolve operational incidents Business Continuity manage crisis events and communications reducing the risk of IT and business disruptions, harmful operational events and significant business crises. Crisis Management Information Technology
9 Planning Your Journey Recovery silo ed recovery planning, little business context, stale reporting Continuity combined business and IT focus, recovery to continuity, root causes Resiliency fully risk aware, proactive analysis, operational & differentiating Reduce duplicative tasks Reactive Maturity Maintain Gain cooperation resources && visibility priority Proactive Manage known & emerging risks Intelligent
10 Business Resiliency Management Manage Operational Incidents, Catalog, Resolve and Trend Improving the Lifecycle Establish Business Context for Resiliency Perform Risk Assessments and Business Impact Analyses to determine recovery priorities Manage Crisis Events, Activate Plans and Notify Key Parties Document BC/DR Recovery Plans, Strategies and Tasks Test BC/DR and Crisis Management Plans, Automate Plan Maintenance and Train Key Resources
Establishing Business Context and Priority for Resiliency Copyright 2014 EMC Corporation. All rights reserved. 11 Catalog business hierarchy establishing organizational structure for resiliency reporting Catalog business processes, products and services, IT assets, information, facilities and contacts Measure, decompose and track business criticality of relationships Understand and manage relationships between business and IT infrastructure
12 Risk and Business Impact Analysis BCM Risk Register helps identify, evaluate and mitigate risks Business Impact Analysis enables evaluation of criticality of processes and assets and determine RPOs and RTOs Prioritize business processes based on: Financial Impact Operational Impact Regulatory Impact Reputation Impact
13 Business Continuity & Disaster Recovery Centrally manage BC and DR plans Associate plans to business processes, risks, BIAs, and IT assets Leverage call trees and specific recovery strategies and tasks Document results of BC/DR plan ownership, workflow and testing
14 Business Continuity Mobile Application BCM Mobile Application for iphone and ipad enables users to view business continuity or disaster recovery plans and associated strategies, tasks, calling trees, and requirements Reduces reliance on hard copies Key technical features: Secure authentication Off-line availability of encrypted data Click to call, email, and text functionality from the app Regular data synchronization URI convenience
15 Crisis Management Report crisis events that occur anywhere you do business Quickly capture the details of a crisis, including the time of occurrence, event location, type and severity Communicate crisis information and leverage emergency notifications and call trees Manage activated BC/DR plans
16 Incident Management Identify events that may escalate to incidents Prioritize incidents based on business impact Manage the investigation and resolution process end-to-end Report on incident management, trends, status and impact Relate incidents with crisis events for better causal analysis
The Value of Business Resiliency Management Copyright 2014 EMC Corporation. All rights reserved. 17 Business Owner/CIO Business/IT Recovery Breach/ Incident Coordinator Better prepared for disruptions Coordinate BC/DR, Crisis & Incident efforts Manage Business Resiliency Risk Visibility & business context Incident prioritization Monitor KPIs Identify gaps & improve Aligned BC/DR Plans Coordinated Crisis Management Reduce costs Automation Highest risks planned for manage response from minor operational issue to Crisis Built in operational resiliency
19 Governance, Risk, Compliance Références client RSA Benoit Rostagni Avant-vente Senior RSA
20 Référence client : Natixis Natixis a industrialisé la cartographie de la sécurité informatique et la gestion des risques pour répondre à leurs enjeux métiers! Challenges Avoir une solution industrielle opérationnelle, Piloter les activités de Sécurité et de gestion des Risques par les enjeux métiers, S intégrer avec le dispositif des Risques Opérationnels Répondre aux exigences réglementaires, Orienter les choix de la DSI. Solution choisie et gestion du changement Modules Archer: Enterprise, Risk, Policy, Compliance, Incident, ODA (le module Business Continuity Management est en réflexion), Ateliers pointus d architecture, de modélisation organisationnelle, d'importation de données, de modélisation avancée du risque sécurité IT, Formulaires, Rapports, Configuration des flux et des processus d approbation. Rédaction des livrables : spécifications fonctionnelles, architecture technique, manuel d'utilisation pour les utilisateurs, les administrateurs et les opérateurs, etc. Bénéfices Le temps passé à effectuer le mappage annuel a été divisé par 3, les erreurs réduites. Les équipes de se concentrent maintenant sur des tâches plus significatives : analyse, communication, ce qui apporte de la valeur ajoutée à l entreprise.
21 Référence client : Grande Banque française implantée mondialement Avec près de 80 pays et presque 200.000 collaborateurs et intervenants, elle a industrialisé la gestion de ses Incidents de Sécurité sur une plateforme centralisée pour l ensemble de ses filiales mondiales. Challenges Gestion de la fraude IT interne, Création manuelle des incidents, Consolidation groupe. Solution choisie Modules Archer: Incident Management (le module BCM est en réflexion).
22 Référence client : Groupe Pharmaceutique français. Avec plus de 40.000 collaborateurs et plus de 100 sites sur 40 pays, il possède une dynamique industrielle forte et de nombreux fournisseurs dans un domaine à risques : la santé. Challenges Gestion du risque fournisseur, Automatisation des questionnaires d évaluation, Normalisation pour chaque appel d offre, Suivi dans le temps. Solution choisie Modules Archer: Vendor Management.
23 Référence client : SSII française avec une offre de consulting. Avec plus de 70.000 collaborateurs sur plus de 40 pays, elle est une société de services de technologie de l'information internationale au service d'une clientèle mondiale. Le département d audit interne a choisi Archer Audit Management. Challenges Modélisation flexible des assets, Audit transverse ET matriciel. Solution choisie Modules Archer: Audit Management (les modules Risque et Policy sont en réflexion).
24 Référence client : SSII française avec une offre de SOC managé. Avec plus de 20.000 collaborateurs sur plus de 16 pays, elle fournit du conseil, de l'expertise numérique, ainsi que des infrastructures optimisées, des services applicatifs et des processus métiers. Elle a fait le choix de Archer SecOps (anciennement AIMS) pour la gestion de son SOC Security Operations Center mutualisé. Challenges Connexion avec des outils de SIEM, Regroupement automatique des alertes de même type, Priorisation des incidents, Workflow de résolution d incidents, Base de résolution d incidents enrichissable. Solution choisie Modules Archer: SecOps (AIMS).
Critères critiques à prendre en compte pour lancer un programme de GRC Copyright 2014 EMC Corporation. All rights reserved. 25 Coût Total Rentabilité Ecosystème L'automatisation des tâches Configuration sans programmation Déploiement flexible Fonctionnalités prêtes à l'emploi Commencer petit pour grandir Maturité de l offre de services Partenaires technologiques Bibliothèques de Solutions Recommandations des clients Communautés
26 Ecosystème Partenaire de RSA Archer Partenaires Technologiques & de Contenu Partenaires de Conseil & d Implementation 50 + Partenaires pour le transfert des données, du contenu et du service
27 Leadership Leader in egrc MQ for 2013 Leader in BCM MQ for 2013 Leader in IT GRC MS for 2013 Leader in Forrester GRC Wave Quoted as the most mature offering in many occasions 700 + customers 40 + countries 55 Fortune 100 companies 25 + industries