IN THE BOARDROOM™ with...
Mr. Philippe Jarre
Vice President IBM Business Continuity and Resiliency Services
www.IBM.com
NYSE: IBM
SecuritySolutionsWatch.com:
Please give us an overview of your background and your role with IBM
Business Continuity and Resiliency Services.
Philippe Jarre: In 2005, I was appointed IBM’s
Global Vice President of Business Continuity and Resiliency Services (BCRS),
a service product line of IBM Global Technology Services. With over 1500
experts around the globe, the BCRS division helps clients build, deploy,
and manage the continuity of their business so they can minimize disruption
while building a resilient organization.
Prior to this position, I was Vice President of IBM Global Integrated
Technology Services and before this the Executive Assistant to the Senior
Vice President of IBM Global Services in New York. I have also served
as VP for BCRS Europe and was leading the successful acquisition of Schlumberger
Business Continuity in 2004.
SecuritySolutionsWatch.com: One will read on IBM.com that,
“Our services go well beyond traditional disaster relief. We help
companies build resilience into every layer of their business by anticipating
the potential impact of a wide range of threats. IBM's business continuity
experts have identified three categories of threats that must be addressed
in a continuity program. Our comprehensive portfolio addresses all three
categories: business-driven, data-driven and event-driven." Please
give us a summary of IBM’s capabilities in each of these three categories.
Philippe Jarre: Any comprehensive approach to business
continuity and resiliency is going to include both proactive and reactive
components. If clients plan well, they can deliver day-to-day value to
the organization in terms of improved efficiency, higher service levels,
increased satisfaction, more effective operations, more effective risk
mitigation programs and greater alignment with regulations. Based on this,
our offerings are designed to match three main areas of concern –
business driven, data driven and event driven concerns.
On the more proactive end of the spectrum, IBM has business- driven approaches
to continuity programs. Business continuity and regulatory compliance
would both fit under the business-driven category.
- IBM Business Continuity Services can leverage our business process expertise
and over 40 years of experience in disaster recovery to help clients identify
and fill gaps in their current continuity strategy, and to develop and
manage a program aligned to their business needs and to documented industry
best practices.
- IBM Regulatory Compliance Services provides objective, industry-specific
input regarding client exposure to regulatory risk—so clients
can mitigate the danger of noncompliance while anticipating and responding
competitively to changes in the regulatory landscape.
For many organizations data continuity is business continuity, but when
it comes to protecting business-critical data, many organizations fall
short. IBM offers data-driven services to help address these concerns.
- IBM High Availability Services are designed to help clients avoid
the costs of downtime and recovery. Clients can rely on IBM for assistance
in assessing, planning for, creating and running an infrastructure that
supports the availability and performance objectives of their businesses,
including access to business processes, IT environments and networks.
- IBM Data Continuity Services helps identify clients’ most critical
business data and develop and implement a prioritized plan for its retention
and retrieval. The plan is based on regulations and business needs—so
information is available virtually anytime, anywhere—equipping
employees, partners and customers with the tools they need for making
decisions, driving revenue and reducing costs.
A lot of companies begin business continuity planning with disaster preparedness,
because when a disaster does strike, what matters is how rapid and effective
is their response and then how quickly they recover. For these concerns,
IBM offers event-driven services:
- IBM Disaster Recovery Services are designed to help clients plan
for and respond to a disruptive event. The service helps clients easily
recover their business operations in accordance with their predefined
service level objectives.
- IBM Crisis Management Services delivers an exceptional level of onsite
crisis response experience to help clients prepare for, respond to and
recover from emergency situations. Clients can rely on the support of
a trusted teammate that can provide communications and coordination
enablement services as well as trauma counseling and infrastructure
repair and replacement.
SecuritySolutionsWatch.com: We understand that your business
unit has provided services in connection with the Katrina disaster. Care
to provide any details?
Philippe Jarre: IBM responded to the Hurricane Katrina
crisis with a commitment of people and resources to meet the needs of
the affected communities and businesses.
The IBM Crisis Response Team (CRT), supported by the IBM Emergency Operations
Center (EOC) in Sterling Lake, New York, began monitoring Katrina before
it crossed Florida. IBM employees in the region and members of the IBM
EOC, and the Crisis Response Team were put on alert. Menu prompts for
the 1 800 IBM-SERV number were changed to give priority to customers affected
by Katrina. EOC representatives — call handlers, project managers,
engineers and other IBM experts — began talking to clients about
their preparations as the storm churned across the Gulf of Mexico.
Once the hurricane hit, it became clear that a full-scale response would
be required. The IBM Crisis Response Team converged on Baton Rogue, Louisiana,
and a second EOC was activated in Boulder, Colorado. The IBM team members
were in direct contact with federal, state and local officials, interacting
with the governors’ offices of Louisiana, Alabama and Mississippi,
as well as the governors’ emergency offices. These team members
provided advice and expertise, and served as touch points between the
authorities and agencies that needed help and the available IBM resources
coordinated by the Crisis Response Team, IBM corporate community relations
and the BCRS emergency operations center.
The chaotic evacuation of thousands of people from the area to shelters
around the country created enormous challenges. Displaced individuals
needed to reconnect with missing family members and loved ones. Many local
residents needed help in finding a place to live and obtaining the services
needed for their families. One of IBM’s solutions included the use
of a database technology from IBM Entity Analytics Solutions. This system
was utilized for collecting and processing information needed to facilitate
the missing person reunification process.
IBM provided application development and hosting services for a variety
of relief efforts and the IBM Crisis Response Team “Trauma Docs”
were also brought in to help address the emotional trauma issues being
faced.
SecuritySolutionsWatch.com: Are there any other “wins”
in the public or private sector you’d like to mention?
Philippe Jarre: One very interesting win for our recently
launched Crisis Response service was around the last World Cup event which
took place in Europe. What IBM has learned is that regardless of type
or magnitude of disaster, interoperable communications and information
flow is key to effectively responding to an emergency. In this particular
customer situation, the City of Munich had contracted with IBM’s
Software Group to operate an incident management tool that IBM offers
to manage any emergency situation that may occur during the event. For
the public safety officials to effectively use this tool, it was planned
to ride on a temporary private network given that the public network would
most likely be overloaded with fans calling back home, emailing pictures
and videos, etc. At the last minute, the City learned that the provider
of that temporary network was not ready, and there would be no incident
management tool or process to operate without the network to run it on.
So, IBM rapidly deployed our suitcase-based, emergency response network
platform and personnel to Munich and within hours of arrival, the interoperable
network was operational and the incident management tool was in the hands
of the emergency management personnel to use.
This is just one example of how our service was actually able to help
the customer avoid an impending crisis which would have surely occurred
had they operated the event in the dark so to speak with no overt communications
and no overt coordination systems in place. By deploying our Crisis Response
service rapidly, the City and World Cup organizing committee was able
to successfully operate throughout the event in a coordinated manner with
no major, unhandled incidents reported.
SecuritySolutionsWatch.com: Without divulging any proprietary
or confidential information, how does IBM assure that contingency plans
will actually work when needed?
Philippe Jarre: Although the customer is ultimately
responsible for ensuring that their contingency plans are aligned with
their business objectives, IBM BCRS has available a series of offerings
comprised of proven methodologies and services that will assist clients
in the development, maintenance and testing of a robust contingency plan.
These offerings include a combination of consulting methodologies, technical
and recovery procedures. For example, Business Impact Analysis, Disaster
Recovery Planning and Recovery Readiness Assessments help identify the
customers’ critical business processes. Technical recovery procedures,
standard test processes, and highly trained technical recovery experts
(both IBM and non-IBM equipment) help the customer with the recovery of
their necessary business processes and supporting systems. The key to
preparedness is testing. IBM encourages customers to test their plans
yearly to ensure that they can recover in the event it is required.
SecuritySolutionsWatch.com: Congratulations on the recent
announcement regarding the teaming arrangement with Cisco to offer crisis
management services. What is the solution that this partnership will bring
to the marketplace?
Philippe Jarre: The solution that IBM recently launched
with Cisco involves the bundling of critical services, commercial software
and hardware, networking equipment and applications into a single package
provided on a subscription basis as a service. By combining these commercial
technologies along with critical services, our solution is able to help
customers properly plan and prepare for disasters of all types, rapidly
deploy the interoperability necessary during the first stages of a crisis
and continue operating those capabilities to accelerate one’s recovery
efforts. And since IBM and Cisco have preconfigured these capabilities
along with the experts to maintain them, clients are less likely to encounter
a situation where their employees can’t communicate either with
one another or with first responders because of technical glitches or
incompatible protocols.
As a service-oriented solution, IBM and Cisco are also able to tailor
the piece parts to address individual crisis management needs, to supplement
clients’ daily operations capabilities, to fill gaps and give clients
a means of affordable scalability over time as their needs change.
In a simplistic manner, our recent Crisis Management Solution combines
IBM’s global reach and reputation in information management with
Cisco’s technical credibility and reputation in communications to
bring to our customers the thought leadership and level of interoperability
they need to effectively prepare for, respond to and recover from emergency
situations.
SecuritySolutionsWatch.com: And, can we have a similar overview
of the IBM’s strategic relationship with Citrix?
Philippe Jarre: In partnership with Citrix, IBM offers
Virtual Workplace Continuity which is designed to provide clients with
a quick and efficient approach for enabling employees to access critical
applications and communicate effectively during emergencies or other disruptive
events.
During an unplanned event, such as a pandemic, transit strike, hurricane
or terrorist act, it could be days—or even weeks—before employees
can report to their normal work locations. And even if companies have
a written plan for dealing with a disaster, without a comprehensive strategy
and the right tools, they still may not be prepared.
Virtual Workplace Continuity is designed to provide clients with an effective
strategy for dealing with disasters and other work-disrupting events.
Not only does the service help clients enable employees to continue to
collaborate, communicate and perform their work even when they are suddenly
unable to come into the office, but it assists clients in staying in contact
with employees and keeping them informed about the status of the situation.
In addition, this service provides the tools that will allow clients to
maintain contact with employees so that they may respond with any assistance
they may need.
Virtual workplace continuity is designed to enable clients to:
- Notify employees, partners and suppliers of emergencies or other events
impacting business operations
- Allow employees to remotely access their desktops and vital corporate
applications
- Redirect inbound and outbound calls
- Enable collaboration through instant messaging
- Provide employees with a virtual bulletin board for sharing information
with one another
- Quickly ascertain whether employees have checked in and what their status
may be
SecuritySolutionsWatch.com: What is your perspective on
the market drivers for IBM Business Continuity and Resiliency Services
at this time?
Philippe Jarre: The fact is the world is riskier than
it used to be. There do seem to have been more natural and man-made disasters
in the headlines recently. But what’s also changed is the impact
these events have on globalized businesses. And while clients might be
located in an area that’s relatively stable, a critical facility
or supply chain partner may not be. With this in mind some of the specific
drivers for Business Continuity & Resiliency are as follows:
- Expanding risk exposures: Natural disasters have
continued to increase in intensity and impact; critical lifeline infrastructures
(power, water, telephone) are rapidly aging; and effects of a low-probability,
high-impact terrorism event cannot be ignored.
- Greater financial implications: Insurance premiums
for business interruption have significantly increased since 9/11. Coverage
levels have decreased while minimal acceptable coverage standards have
increased. In addition, the impact of downtime may be more far reaching
than one might think.
- Data integrity requirements: Key business records
necessary for business operations, litigation and compliance must be
preserved (e.g., patient records, customer data, transactions histories,
e-mail).
- Changing industry and regulatory standards: Ignoring
known risks is not acceptable to stockholders, customers, employees
or regulators. Legislative and regulatory actions continue to increase.
Accurate record keeping and reporting are assumed and required and there
can be major penalties for noncompliance.
- Geographic dispersal requirements: Close proximity
of facilities increases the impact of an outage. Data centers and their
complex web of applications are increasingly vital for day-to-day activities.
SecuritySolutionsWatch.com: What resources such as streaming
video, webinars, webcasts, podcasts, “white papers” and “case
studies” are available for end-users on www.IBM.com?
Philippe Jarre: We have many resources on our website
for our clients to learn more about business resilience issues and how
they should approach these challenges. Below is a selection of some of
these resources:
|