Propuesta de Valor TEA

1
Telefonica USA October 17, 2007
Business Continuity / Disaster Recovery Carlos
David
2
Telefonica Group 2006 results
Figures in Thousands (/ 1.31)
Revenue in thousands of US, does not include
intercompany
3
Telefonica is one of the largest companies in the
industry by number of customers
Million Customers in 2003
Million Customers in 2007
301,2
CHINA MOBILE
CHINA TELECOM
251,4
CHINA TELECOM
CHINA MOBILE
206,2
DEUTSCHE TELEKOM
198,6
VODAFONE
VODAFONE
173,7
DEUTSCHE TELEKOM
VERIZON
158,6
FRANCE TELECOM
FRANCE TELECOM
150,4
TELMEXA.MOVIL
NTT GROUP
147,4
CHINA UNICOM
147,4
SBC
ATTBELLSOUTH
133,7
CHINA UNICOM
CHINA NETCOM
114,7
CHINA NETCOM
NTT GROUP
Number of customers based on number of end user
access devices
4
Telefonicas customer base distribution
Customer distribution by geography - June 2007
Number of service accesses by type (millions)
5
Telefonica is one of the largest companies in the
industry by Enterprise Value
Assets 2003 (billion US)
Assets 2006 (billion US)
ATT
145,0
VODAFONE
205,9
VODAFONE
111,0
140,8
VERIZON
133,1
107,0
DEUTSCHE TELEKOM
FRANCE TELECOM
98,6
120,5
CHINA MOBILE
NTT DOCOMO
VERIZON
92,8
112,6
NTT
87,1
101,0
DEUTSCHE TELEKOM
SBC
78,9
93,6
FRANCE TELECOM
78,5
82,8
TELECOM ITALIA
66,9
TELECOM ITALIA
78,0
NTT
47,1
64,1
BELLSOUTH
AMERICA MOVIL
Enterprise value Market Capitalization
(31-Dec-06) Debt (30-Sep-06). Source Bloomberg
6
and also by market capitalization
WORLD RANKING BY MARKET CAPITALIZATION
US billion dollars
Source trading value on Sep 13th 2007
7
We have become the most multi-domestic integrated
operator in the world
of revenues generated outside of home country
70
60
60
50
42
42
40
30
20
20
9
6
10
3
1
0
Telecom Italia
Deustche Telekom
France Telecom
Verizon
Sprint
NTT
ATT
British Telecom
8
Telefonica, a recognized industry leader
For a fourth consecutive year Telefónica has been
included in 2007 in the European and Global Dow
Jones Sustainability Indexes, which include the
industry leaders based on financial,
environmental and social success.
9
Telefonica ranked 3 in 2007 Information
Technology 100 ranking of the top tech
performers(ahead of companies like ATT,
Microsoft, BT, Google, Cisco, IBM, and Verizon)
Telefonica, a recognized industry leader
10
Telefonica, a recognized industry leader
11
Telefonica Business Lines Corporate Structure
Chairman CEOCésar Alierta
Europe
Americas
Spain
José M. Álvarez Pallete
Antonio Viana
Peter Erskine
International Wholesale Contact Centers
International Wholesale Services
Telefonica has an equity interest of 6.9 of
Telecom Italia and 5 of China Netcom
12
We have a specialized business unit to serve our
best customers Multinationals, Large Enterprises
and Government Institutions
Multinationals, Large Enterprises and Government
The most DEMANDING AND SOPHITISCATED customers
13
Latin America seems to have a good outlook
Telecom market growth CAGR 2006-2009
Latin America 8
Africa Middle East 6
Asia Pacific 4
North America 2
Europe 2
Source IDC
14
Telefonicas presence in the Americas
USA
31,000 professionals in 15 countries
México
More than US 90 billion invested in the region
Puerto Rico
Guatemala
Panamá
Venezuela
El Salvador
Nicaragua
Colombia
Ecuador
Brazil
Perú
Uruguay
Chile
Argentina
15
Supported by an integrated global IP network
The largest international network in the Americas

• Tier-1 IP backbone
• More than 45,000 Km of optical fiber
• 15 landing stations and more than 40 PoPs in
  Latam, US and Europe
• 14 Billion Minutes of international voice
  transported with more than 300 direct
  interconnections to carriers
• Next generation IP-MPLS services
• Access agreements in more than 230 countries

16
... and complemented by a broad portfolio of
additional services

• TOP ISP in LATAM
• Presence in 18 countries
• 4.7 Million Subscribers
• 1.4 Million Broadband Clients
• 32.6 Million Unique Users
• Second largest portal in the US Hispanic market

• Largest Call Center in LATAM
• Full Connectivity between call centers on
  Telefónicas network
• Over 300 Clients TELCO, Finance, Consumer and
  Technology
• 51 Contact Centers
• 35,000 Workstations with 90,000 Agents (more than
  5,000 bilingual)

17
In summary
18
Telefonica USA October 18, 2007
Business Continuity / Disaster Recovery Carlos
David
19
Business Continuity / Disaster Recovery

• Need To Be Proactive To
• Natural Disasters, Human Errors, Internet Attacks
• Laws and Regulations
• Impact of Business Continuity Planning On the
  Business
• Solutions
• Business Continuity Management
• Disaster Recovery Planning (Collocation Managed
  Services)
• Workgroup Recovery Services
• Telefonicas Value Proposition

20
Types of ThreatsWhat Type of Major Disaster Are
We Talking About?
Source Sungard
21
Other Threats To Corporate Data and
InformationPrimary Security Vulnerabilities
Source US Federal Bureau of Investigation (FBI)
22
Cyber AttacksNo One Is Safe (24x7)

Source US Federal Bureau of Investigation (FBI)
23
Other Secondary Type of Risks

• Lack of Power
• Communication Infrastructure
• Civil Unrest
• Food Supply / Lack of Water (Drinking, Cooking,
  etc.)
• Cash Availability - Bank ATMs Out of Order or
  Without Cash
• HW and SW Failures
• Human Errors
• Public Transportation
• Roads to Working Places Not Accessible
• Personnel Not Available to Work

24
Types of ThreatsReality Check

• Industry analysts estimate that 80 of the
  unplanned business interruptions are due to
  Software or Human Errors
• Source Business continuity strategies Time for
  a reality check, Bronna Shapiro, BMC -Software,
  October 12, 2005 Computerworld
• Software and Human Errors Are NOT Seasonal, They
  Happen Every Day!!!!

25
The Regulatory IT Compliance EnvironmentOverlap
ping Regulations

• HIPAA Requirements
• Sarbanes-Oxley (SOX)
• Payment Card Industry Data Security Standard
• ISO 17799 2005
• COBIT 4.0
• NERC Standards CIP
• Graham-Leach-Bliley Act
• PIPEDA Canada
• Other Countries Regulations Codes

26
The Regulatory IT Compliance Environment
Overlapping Regulations
Source Regulatory Compliance and Critical System
Protection, The Role of Mission-Critical Power
and Cooling in Data Integrity and Availability,
Liebert IT White Paper
27
The Regulatory IT Compliance Environment
Mandatory Compliance By Industry Type
28
The Regulatory IT Compliance Environment
e-Discovery Amendments To Federal rules

• New Federal Rules (Dec. 2006) For e-Discovery and
  Production of Documents Are Very Stringent And
  Specific About Information (Records) That Must Be
  Produced (Cannot Be Destroyed, Erased, Modified!)
• Record Redefined by the Federal Government
• Information On ANY Media Recorded With The
  Intent To Preserve The Position, Rights or
  Obligations of The Company

29
The Regulatory IT Compliance Environment
e-Discovery Amendments To Federal rules

• The List Of Electronically Stored Evidence Has
  Increased
• eMail (Including Attachments), Word Processing
  Documents, Spreadsheets, Presentation Documents,
  Graphics, Digital Images, Audio, Video, And
  Audiovisual, Recordings, Voicemail, IM Logs,
  Blogs, Files Residing On Your Home Computer If
  Information Is Related To Your Company, etc. etc.
• The List Of Devices Or Platform Where
  Discoverable Information May Reside
• Laptops, Desktops, Network Servers, Backup or
  Disaster Recovery Systems, Archive Systems, All
  Types of Storage Media (tapes, hard drives, pen
  drives, etc.), PDA, Mobile Phones, Paging
  Devices, Audio Systems (including voicemail)

Source Ogletree, Deakins, Nash, Smoak Stewart,
P.C. New Rules Tighten Requirements for
Electronic Document Discovery - Legal Alert
November 2006
30
Regulatory and Compliance EnvironmentVery Large
Number of Regulations

• The Number of Current Regulations For Protection
  of Data and Information Is Very Large. More
  Regulations Are Expected.
• The New PCI (Payment Card Industry) Data Standard
  Will Affect Most Organizations hat Accept Credit
  Card Payments
• New PCI Data Standard Will Apply To All Credit
  Cards

31
Business Continuity / Disaster Recovery

• Need To Be Proactive To
• Natural Disasters, Human Errors, Internet Attacks
• Laws and Regulations
• Impact of Business Continuity Planning On the
  Business
• Solutions
• Business Continuity Management
• Disaster Recovery Planning
• Workgroup Recovery Services
• Telefonicas Value Proposition

32
The Value of Data InformationIndustry Leaders
and Protection of the Data
Percentage of organizations
Figure 3 What lagging and leading organizations
consider sensitive Source IT Policy Compliance
Group, 2007
33
The Regulatory IT Compliance Environment
Sample Fines

• UBS was fined part of 49.5M for failure to
  produce appropriate records (including metadata)
  within the timeframe allowed by the courts .
  Source UBS fined 49.5 million for fraudulent
  trading in US By Finfacts Team Jan 13, 2006
• Morgan Stanley was fined 1.5B for failure to
  produce required content by the courts - Source
  Coleman Parent Holdings, Inc. v. Morgan Stanley
  Co (Florida)
• 6.2 Million was invested to produce backup tape
  records Murphy Oil US v Fluor Daniel (2002)

34
The Cost of Not Being PreparedWho Gets To Stay?

• 43 of U.S. Companies Never Re-open After A
  Disaster
• 72 of U.S. Companies Close Within Three Years
  Following A Disaster
• 93 of Companies That Suffer A Significant Data
  Loss Event Are Extinct Within Five Years
• 20 of Small To Medium-Size Businesses Suffer A
  Major Disaster Every Five Years
• 45 of U.S. Companies Have Actually Tested Their
  Disaster Recovery Plan

35
The Value of Being PreparedYou May Win If You
Are Prepared
36
Business Continuity / Disaster Recovery

• Need To Be Proactive To
• Natural Disasters, Human Errors, Internet Attacks
• Laws and Regulations
• Impact of Business Continuity Planning On the
  Business
• Solutions
• Business Continuity Management
• Disaster Recovery Planning
• Workgroup Recovery Services
• Telefonicas Value Proposition

37
Fundamental Corporate AssetsProtecting The Most
Important Assets
38
Business ContinuityBCP, DRP, WGR Protecting
your Business

• Business Continuity Planning
• The Business Continuity Plan pulls together the
  response of the whole organization to a
  disruptive incident. Those using the plan should
  be able to analyze information from the response
  team concerning the impact of the incident,
  select and deploy appropriate strategies from
  those available in the plan and direct the
  resumption of business units according to agreed
  priorities.
• Disaster Recovery Plan
• Disaster Recovery Planning (in the realm of
  Information Technology) is a coordinated
  activity to enable the recovery of IT/business
  systems due to a disruption. A DRP can be
  achieved by restoring IT/business operations at
  an alternate location (collocation), recovering
  IT/business operations using alternate equipment
  or outsourcers (managed services), and/or
  performing some or all of the affected business
  processes using manual methods
• Work Group Recovery Services
• Establishes a remote work capability, or virtual
  workplace, to keep critical functions running in
  the event of unplanned or planned business
  interruption.

39
Business ContinuityAnnual Allocation Trends

• Average budget allocation at US corporations was
  29.8 million
• At least 63 of the companies interviewed will
  have greater than 100K allocated for BC/DR in
  2008
• The trend is that more companies recognize the
  need and value of BC/DR plans

Table 1 Allocations from operational risk
reserves for BC/DR
Source Business Continuity Research - Financial
Times Sponsored by Symantec June 2005
40
Business ContinuityAnnual Allocation Trends

• On average, the priority of most was Server,
  Network, Telecom, and eMail
• Main priority continues IT DRP
• Solid DRP does not necessarily imply good BCP

Table 4 Most important aspects of BC
architecture
Respondents were asked to identify all that
apply
Source Business Continuity Research - Financial
Times Sponsored by Symantec June 2005
41
Business Continuity ManagementRelationship of
Business Continuity and Risk Management
Table Comparision of Risk Management and
Business Continuity Management
42
Business Continuity at TelefonicaTelefonica Uses
a Lighter Version of the BCI BC Methodology
BS 25999-1 Business Continuity Institute
Implementation of the Plan
Analysis Design of Strategy

• Deploy RPIs and Infrastructure
• Description of the Backup Strategy
• Organization of the Emergency Teams
• Development of the Procedures
• Documentation fo the Plan
• Return to Normalcy Procedures

• Representation of all Immediate Bussiness Units.
• Identification of Services
• Contracted Obligatory Busines Services
• Asset Inventory
• Areas of SSII
• Structure of Operations Group

Test of the Business Continuity Plan
Startegy forGlobal Support

• Definition of the Objective of the Plan
• Proof of the Plan
• Proof of the Strategy
• Organize Orient the Affected Personnel

Map of Services
Events

• Mantenimiento

Maintenance of the Plan

• Develop the processes and persons needed to keep
  the plan updated and alive along with all the
  asscoiated documentaiton

Critical Services
RPI requirements prior to implementation
(individula weaknesseso f the components)
43
IT Solutions Managed Services Product Portfolio
Virtualized Services
S2
Managed Storage
S2
Virtualized Firewall
Virtualized Servers (Windows Linux)
Standard SAN
Premium SAN
Virtualized Storage
Backup Standard
Messaging Collaboration
S1
Premium Backup (BCV, Snapshots Tape Backup)
Exchange
Standard Restore Services
Office Live Communication
Application Restore (eMail, DB)
Monitoring Reporting
S2
Compliance Restore Services
Bandwidth Utilization
Security Devices
Applications
Database
Performance
Server OS
44
Communication Solutions Managed Services
Product Portfolio
Voice Products
VPN Servicios en Red Domésticos e Internacionales
Managed Telephony
S1
S2
S6
Managed Telephony (On-Site)
Frame Relay
MPLS
LD VoIP Breakout
ATM
Metro Ethernet
Voice Plus
Centrix/SIP
Leased Line
IPSEC
International Toll Free
Residential Products
WAN Security
Collaboration
S5
S1
S4
Voice and Video Collaboration
PinLess On-Line
Managed WAN Firewall
PinLess Physical
WAN IDS/IPS
Terra VoIP
Duo
Speedy
45
Data Vaulting TechniquesProtecting of your Data
and Corporate Information
46
BC/DRP Business Case Phases

• The Plan Consisted of the Following Phases
• Risk Analysis
• Business Impact Analysis
• Definition of RTO and RPO
• Project Design
• Definition of Costs and Resources Needed
• Approval by the Customer
• Project Plan
• Implementation
• Documentation
• Annual Test ( Certification) of the DR Plan
• Annual Review of the DR Plan
• Education Training

47
BC/DRP Business Case High Level Overview of DR
Requirements

• Guarantee The Service Continuity of the Mission
  Critical Applications In Eight Latin American
  Countries Should A Disaster Occur That Renders
  The Customers Data Center Un-operable (In A
  Particular Country)
• To Have An IT Infrastructure Hosted At a Robust
  Facility Capable of Supporting The Corporations
  Mission Critical Applications
• To Ensure a MINIMAL Loss of Data Through the Use
  of On-line Data Replication Schemes

48
BC/DRP Business Case High Level Overview of DR
Requirements

• Re-home the Communications so that the Regional
  (Branch) Office In the Country that Declared the
  Contingency can Access the Mission Critical
  Applications Hosted At the Telefonicas KeyCenter
  Located in Miami
• Temporary Relocation of Critical Strategic
  Personnel so That The Mission Critical Business
  Units Can Resume Work
• RTO 10 Hours, RPO 6 Hours
• Only One Country Would Declare A Contingency At A
  Time

49
BC/DRP Business Case Major Components of the
Solution

• CUSTOMERs DRP solution has five components
• Data Center / Infrastructure
• Communications / MPLS Network
• Call Center / NOC
• Managed Services
• Processes and Procedures

50
Data and Information Security Framework

• Monitoreo y Respuesta (MOR)
• IDS
• Monitoreo de Evento
• Respuesta ante Incidentes
• Servicios de Consulta
• SOC

• Acceso físico a control (PAC)
• Reconocimiento de Identidad por Video
• Sistema de control de acceso físico
• Escaners de proximidad

• Administración del Acceso Perimetral (PAM)
• IPS
• Routers
• Firewalls
• In-line Out-of-band Appliances
• SW Endpoint Agents

• Protección Integridad de Datos (DIP)
• Antivirus
• Antispam
• AntiPhishing

• Administración de Identidad y Acceso (IAM)
• Dispositivos de Administración y Acceso
  (Appliances)
• Servidores RADIUS
• Directorio Activo
• Codificación
• Hardware Tokens
• VPN

• Valoración y evaluación de seguridad (SAE)
• Análisis de vulnerabilidad
• Prueba de penetración de seguridad
• Cumplimiento de regulaciones y administración de
  configuraciones
• Prueba de seguridad de aplicaciones

51
A Data Warehouse Architecture
52
How server virtualization transforms x86 systems
Without Virtualization
53
Interconnected Infrastructure Own Submarine
Cables
54
IP/MPLS Network with International Coverage
55
Own Telecommunication Infrastructure Submarine
Cables Ground Transport Networks
56
(No Transcript)
57
BC/DRP Business Case Flow of Data Traffic During
Disaster Recovery Mode (Contingency Declared)
Atento
Customers Data Center
Internet
Telefonica Network

KeyCenter (Miami, FL)
58
BC/DRP Business Case - IT Disaster Recovery
Infrastructure Original IT DRP
59
BC/DRP Business Case - IT Disaster Recovery
Infrastructure Original IT DRP
60
Workgroup Recovery Services
04

• Part of our b-Sure suite of Business Continuity /
  Disaster Recovery Solutions.
• Assurance that key employees have direct access
  to important systems before, during and after
  catastrophic business disruptions
• Office suites in Category 5, Hardened, 100 Power
  SLA facility
• Highly redundant Telecommunications and Internet
  Access infrastructure
• Ensures key systems can be accessed and
  maintained through the toughest of conditions

61
Workgroup Recovery ServicesHow Utilized
04

• Workgroup Recovery Services are often utilized in
  response to emergency conditions most commonly
  caused by Natural Disaster, Power Outage,
  Hardware Failure, or Fire.
• When required by such conditions, Workgroup
  Recovery will be initiated and employees will be
  deployed to Telefonica Key Center with office
  seating, Internet Access, Telephone connections
  and often direct access to hosted infrastructure.
• Facility is open 24/7, may be accessed at any
  time and employees may remain for required
  duration.

62
Work Group RecoverySample Layout
04
63
Components Options
04

• Workgroup Recovery Services are configurable to
  best meet the company needs.

64
Business Continuity / Disaster Recovery

• Need To Be Proactive To
• Natural Disasters, Human Errors, Internet Attacks
• Laws and Regulations
• Impact of Business Continuity Planning On the
  Business
• Solutions
• Business Continuity Management
• Disaster Recovery Planning
• Workgroup Recovery Services
• Telefonicas Value Proposition

65
Telefonicas Value PropositionWhy Telefonica?

• Carrier Grade, Shareable State-Of-The-Art
  Solutions Scalable To All Sizes of Customers
• Class 5 Data Center Facilities
• Solid IT and Communications Product Portfolio
• Experienced Professionals In All Components of
  DRP (IT) Solutions
• World Class Connectivity to Latin America, Europe
  and the US owned and operated by Telefonica
• A Centralized Solution Sharing Infrastructure and
  Communications Offered By The Same Provider and
  With In-Country Presence And Support

66
Telefonicas Value PropositionWhy Telefonica?

• Highly Experienced Project Management Team
• Proven Solutions (Success Stories)
• Telefonica USA Has Implemented Different DR
  Solutions In The Miami Key Center To Meet The
  Needs Of Its Multinational Customers
• Telefonicas Methodology for BCP Has Been
  Certified by The US National Institute of
  Standards and Technology (NIST)
• Organizations With Proven Experience and Know-How
  Are Part Of Alliances Created To Deliver The Best
  Solutions Possible To Our Customers. (UM ITEx
  and other such alliances)

67
Benefits of Partnering with Telefonica for
Business Continuity and Disaster Recovery

• Protecting Data, Being Compliant Costs Time
  Money
• Telefonica Has Spent Millions Of Dollars In
  Infrastructure And Ensuring Compliance
• To Replicate In Your Own Facilities Probably You
  Will Incur The Same Scale Of Investment
• By Partnering With Telefonicas Business
  Continuity / Disaster Recovery Program You Can
  Realize
• Time
• Savings
• Compliance
• Risk Avoidance And Management
• Success

68
Who is Prepared?

• Who, amongst you, believe that
• Your company has a solid BC/DR Plan?
• Your mission critical applications will continue
  operating in the event of a major unplanned
  disaster?
• Can re-home your communications to a failover
  site so that your mission critical applications
  can be accessed by your customers and personnel
  in the event of an unplanned business
  interruption?
• Can provide an alternate nearby working location
  and facilities to your key personnel so that your
  critical business functions continue operating
  even during the duration of a major disaster or
  unplanned business interruption?
• The Top Executives of your company are fully
  aware of the need of having a Business Continuity
  Plan?
• Your organization has all the tools and process
  to fully protect your digital assets against
  security threats?

69
Questions and Answers

• Questions and Answers
• Carlos David

70
Telefonica USA October 18, 2007
Business Continuity / Disaster Recovery Carlos
David