Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

Jon Seals

It must be the human condition that does it; the certainty with which we approach the issues that may affect us. Risk assessment incorporates a requirement to analyse probability or likelihood; we can attach mathematical process to this and I have attached an example – not to critique it – but to illustrate the concept of what I term ‘buffering’. Buffering is something which protects us from actuality, and allows us to distance ourselves from the realities of issues.  In the example, the mathematics are quite simple but convincing to the layman; I term myself a layman in mathematics and I have colleagues who can do this type of thing to a very significant and complicated level indeed.  However, the problem that I have with this is that buffering allows us to interpret what we see and orientate it to our needs.

Risk and uncertainty are not about rolling dice; of course they are linked aspects and the loss risks associated with the activities of some dice rollers can be extreme.  Maths allow calculation of probability  - but the die will roll a different way every time due to other unmeasured variable such as who is throwing, where and with what degree of energy.  There is therefore uncertainty that is additional even to the study and assessment of random variables.

...

http://buckssecurity.wordpress.com/2014/04/06/why-so-certain-about-uncertainties/

The shooting rampage at Fort Hood has once again focused attention on the military’s ­mental-health system, which, despite improvement efforts, has struggled to address a tide of psychological problems brought on by more than a decade of war.

Military leaders have tried to understand and deal with mounting troop suicides, worrying psychological disorders among returning soldiers, and high-profile violent incidents on military installations such as the one that left four people dead and more than 16 injured at the Army post in Texas on Wednesday.

But experts say problems persist. A nationwide shortage of mental-health providers has made it difficult for the military to hire enough psychiatrists and counselors. The technology and science for reliably identifying people at risk of doing harm to themselves or others are lacking.

...

http://www.washingtonpost.com/world/national-security/militarys-mental-health-system-faces-shortage-of-providers-lack-of-good-diagnostic-tools/2014/04/05/e7e7da42-bb4a-11e3-96ae-f2c36d2b1245_story.html

A discussion is going on right now about the role of the enterprise service bus in cloud integration. Does it matter?

I’m not convinced it does. Most of the discussion seems to be coming from vendors, and while it’s probably good thought fodder for architects, I’m unconvinced there’s much of a strategic case for caring here.

One recent example, “Why Buses Don't Fly in the Cloud: Thoughts on ESBs,” appeared on Wired Innovation Insights and was written by Maneesh Joshi, the senior director of Product Marketing at SnapLogic.

...

http://www.itbusinessedge.com/blogs/integration/does-integrations-heritage-matter-in-the-cloud.html

One of the reasons energy conservation is such a hot button issue in the data center these days  is that no one has a clear idea how to assess the situation.

To be sure, metrics like PUE (Power Usage Effectiveness) are a step in the right direction, but even its backers will admit that it is not a perfect solution and should not even be used to compare one facility against another. And as I pointed out last month, newer metrics like Data Center Energy Productivity (DCeP) provide a deeper dive into data operations but ultimately rely largely on subjective analysis in order to gauge the extent that energy is being put to good use.

...

http://www.itbusinessedge.com/blogs/infrastructure/energy-metrics-no-easy-answers.html

Did you get a boatload of World Backup Day pledge messages through Facebook and Twitter last week? This independent global initiative encourages everyone to backup important data on all computing devices — and spread the word. As they say, “friends don’t let friends go without a backup.” Absolutely right.

As people around the globe were taking the World Backup Day pledge, I was presenting at DRJ Spring World 2014, the world’s largest BC/DR conference. As I reported, the vast majority of organizations are NOT prepared to respond to intentional or accidental threats to IT systems.

  • 73% failing in terms of disaster readiness (scored a D or F)
  • 60% do not have a documented DR plan
  • 68% plans don’t exist or proved not very useful

The news is not much better for the minority of organizations who have a DR plan in place. Again, the 2014 annual report documents that where they exist, DR plans are largely gathering dust:

...

http://drbenchmark.org/is-your-business-operating-without-an-it-safety-net/

By Rakesh Shah

Distributed denial of service (DDoS) is no longer just a service provider problem: far from it. It can be a very real business continuity issue for many organizations.

DDoS attacks are what some would consider an epidemic today for all sorts of organizations. Why? The stakes continue to skyrocket. The spotlight continues to shine brightly, attracting attackers looking for attention for many reasons and motivations.

In recent times, attack motivation has been politically or ideologically motivated. Attackers want to make a statement and to make headlines (and to cause many headaches along the way) – quite similarly to the effect a sit-in or a strike would have in the ‘offline’ world. 

This new breed of attacker targets high profile organizations in order to ensure his or her grievances will be heard. Few targets are as high profile or mission critical to the economy as financial services.

...

http://www.continuitycentral.com/feature1166.html

Avere Systems has released the findings of its ongoing original study into cloud adoption conducted at the recent Cloud Expo Europe 2014.

Like their US counterparts at the AWS Summit in Vegas last November, the majority of the attendees in London surveyed indicated that they currently use or plan to use cloud within the next two to five years for compute (71 percent), storage (76 percent), with application purposes (80 percent).

One major difference in response was that 53 percent of US respondents cited organizational resistance as a major barrier to cloud use compared to just 11 percent in Europe indicating a potentially less conservative approach in the region.

...

http://www.continuitycentral.com/news07158.html

Strohl Systems was acquired by SunGard in 2008: now the Strohl name is back as FI Compliance Solutions changes its name to Strohl Risk Solutions.

The company, led by former Strohl Systems’ President Eric Strohl, says that it has made the name change in order to align with its core business strategy and vision for the future.

"When we opened our doors in 2009, our initial focus was to help financial institutions comply with the FFIEC and NCUA's safety and soundness standards," says Eric Strohl, President & CEO of FI Compliance Solutions. "The fact that we initially planned to work solely with financial institutions focusing on compliance led to the use of FI Compliance Solutions as our legal name."

The company's first product to market, GRC Pro, was well received. However, customer feedback and the changing regulatory environment necessitated that changes be made. The combination of both factors led to a redesign of its core offering and rebranding in late 2011 to a new platform – ERM 365. The goal of the new platform was to help institutions assess, monitor, and control risk through interactive dashboards, email alerts, and notifications. The change was met with success, resulting in the addition of 150 new customers and 600 users. The ERM 365 product line has since expanded to include risk solutions for Vendor Management, ALLL/Troubled Loans, Findings Manager, and Compliance.

ERM 365's platform has enabled the company to scale faster and serve more customers by offering a combination of software that is easy-to-use and service from dedicated experts.

According to Eric Strohl, "The decision to incorporate the Strohl name is a nod to our 30 plus years of experience providing business continuity planning services to banks and credit unions. The name change also serves our long term strategy for entering new markets and bringing new risk solutions online. Strohl Risk Solutions will continue FI Compliance Solutions’ mission by providing industry leading risk management solutions helping organizations reduce risk and lower the cost of regulatory compliance."

The company's new website www.strohlrisksolutions.com is currently under development and will debut during the second quarter of 2014.

For more information, visit www.erm365.com

Today ends my review of what I believe to be the five steps in the management of a third party under an anti-bribery regime such as the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. On Monday, I reviewed Step 1 – the Business Justification, which should kick off your process with any third party relationship. On Tuesday, I looked at Step 2 – the questionnaire that you should send and third party and what information you should elicit. On Wednesday, I discussed Step 3 – the due diligence that you should perform based upon the information that you have received from and ascertained on the third party. On Thursday, I examined Step 4 – how you should use the information you obtain in the due diligence process and the compliance terms and conditions which you should place in any commercial agreement with a third party. Today, I will conclude this series by reviewing how you should manage the relationship after the contract is signed.

I often say that after you complete Steps 1-4 in the life cycle management of a third party, the real work begins and that work is found in Step 5– the Management of the Relationship. While the work done in Steps 1-4 are absolutely critical, if you do not manage the relationship it can all go down hill very quickly and you might find yourself with a potential FCPA or UK Bribery Act violation. There are several different ways that you should manage your post-contract relationship. This post will explore some of the tools which you can use to help make sure that all the work you have done in Steps 1-4 will not be for naught and that you will have a compliant anti-corruption relationship with your third party going forward.

...

http://tfoxlaw.wordpress.com/2014/04/04/life-cycle-management-of-third-parties-step-5-management-of-the-relationship/

Computerworld — Although Apple isn't the sole focus of Microsoft's Enterprise Mobility Suite (EMS) or of Satya Nadella's new "mobile-first cloud-first" vision for the company, its iOS devices dominate enterprise mobility, meaning that Apple will play a major role in Microsoft's mobility strategy. In pursuing this strategy, Microsoft is, in a way, copying Apple's approach to business and enterprise iOS customers, albeit from a different perspective.

Microsoft began adding the ability to manage iOS and Android devices to its cloud-based Intune management suite last year. Although initial support for iOS device management was very basic, the company updated Microsoft Intune's iOS capabilities in January. While Microsoft has a ways to go before it catches up to the feature sets of the major mobile device management and enterprise mobility management vendors, the company looks committed to advancing its mobile management tools quickly.

...

http://www.cio.com/article/750992/Microsoft_Gets_Strategic_with_its_Enterprise_Mobility_Suite