Summer Journal

Volume 29, Issue 3

Full Contents Now Available!

Jon Seals

These days, enterprise software implementation statistics are low. If a program does not have a passionate leader to champion the project and sell it to others, the chances of success start to decline. Forrester, an independent global technology and market research company, reports almost half of CRM rollouts fail—a dismal 49%. In addition, less than 12% of companies ever reach 75% adoption by target users—which means less than three-quarters of employees are actually using the software. Even in light of these murky statistics, at MissionMode, we know it is possible to be successful and have a positive experience that is better than the industry norm when implementing your Incident Management System IMS.

Understand How to Effectively Use IMS

Although IMS were initially adopted by public sector organizations, today they are used across a wide variety of industries, including private and not-for-profit organizations. These organizations are using IMS for many different types of events, all dependent upon their specific needs. MissionMode works side by side with clients bringing industry-specific knowledge to each deployment that addresses the unique applications that exist by sector. Browse the sectors listed below to better understand the many ways MissionMode Situation Center Suite can support your industry:

...

http://www.missionmode.com/successfully-implement-ims/

Recent federal government policy is targeting data centers that are consuming too much power, and seeking to block agencies from allocating money to new or expanding federal data centers, without approval from the Federal CIO himself. This new mandate, in development for several years, basically leaves no other option for federal agencies but to “go green.”

Here is a bit of background to help make sense of these new policies:

  • In 2010, the Office of Management and Budget (OMB) launched the Federal Data Center Consolidation Initiative (FDCCI) to promote the use of Green IT by reducing the overall energy and real estate footprint of government data centers, reducing the cost of data center hardware, software and operations.
  • In December 2014, the President, by signing into law the Federal Information Technology Acquisition Reform Act (FITARA), enacted and built upon the requirements of the FDCCI. FITARA requires agencies to submit annual reports to include: comprehensive data center inventories; multi-year strategies to consolidate and optimize data centers; performance metrics and a timeline for agency activities; and yearly calculations of investment and cost savings.

FITARA also requires the Administrator of the Office of E-Government and Information Technology, now the Office of the Federal Chief Information Officer (OFCIO), to provide public updates on cumulative cost-savings and optimization improvements, review agency data center inventories, and implement data center management strategies. This government framework helps achieve FITARA’s optimization requirements.

...

http://www.datacenterknowledge.com/archives/2016/06/16/federal-government-data-center-mandate-gets-ahead-public-sector/

Jun 16, 2016 14:57 BST

Horizon scanning post-Brexit: What should businesses prepare for?

With not long to go until the EU referendum when the people of the UK go to the polls to decide the fate of the country's membership of the European Union, the Business Continuity Institute has published a new paper highlighting what some of the challenges may be should the UK choose to leave the EU, an institution it has been a member of since 1973.

'Horizon scanning post-Brexit: What should businesses prepare for?', the latest in the BCI's Working Paper Series, and written by the BCI's Research Assistant – Gianluca Riglietti, notes that a leave vote could result in changes to the regulations that govern our organizations, as well as implications on staffing, supply chains and cyber security. The only clear effect of the referendum however, is the ambiguity relating to what could happen. In this climate, businesses need to think and clearly identify their vulnerabilities linked to Brexit. Firms will need to have plans on how to adjust in order to thrive.

The paper concludes that making sure an organization is resilient requires adopting a proactive approach. The nature of today’s threats is constantly unfolding and evolving, which means that in order to stay on top of them, contingency plans need to be able to change and evolve as well.

Patrick Alcantara, Senior Research Associate at the BCI, commented: “There is certainly a gap in this kind of publication as most tend to focus on the political dimension surrounding the UK referendum. I see this paper as useful material for organizations as it raises important questions pertaining to preparations related to a possible Brexit. It highlights specific areas which may benefit from further analysis in the hope of raising overall levels of resilience following the vote.

Download your free copy of 'Horizon scanning post-Brexit: What should businesses prepare for?' to understand more about the possible challenges of the UK leaving the EU.

The US Department of Homeland Security has published a new National Terrorism Advisory System (NTAS) Bulletin which describes the government’s current terrorism risk assessment.

The Bulletin states that DHS is ‘particularly concerned about homegrown violent extremists who could strike with little or no notice’ and points out that ‘the tragic events of Orlando several days ago reinforce this’.

Public events and places could be particular targets for homegrown attacks says the Bulletin, explaining that ‘the public may observe an increased law enforcement and security presence across communities, in public places and at events in the months ahead. This may include additional restrictions and searches on bags, more K-9 teams, and the use of screening technologies.’

Read the Bulletin (PDF).

Continuity thriving across the continent

At an Awards Ceremony In Dublin, sponsored by Continuity Shop, the Business Continuity Institute presented its annual European Awards to recognize the individuals and organizations who have excelled throughout the year.

The BCI European Awards consist of nine categories – eight of which are decided by a panel of judges with the winner of the final category (Industry Personality of the Year) being voted for by their peers.

There is a wealth of talent across the continent, so the volume and quality of submissions were exceptional, giving the judges some tough decisions to make. In one case the decision was so close they couldn't be separated. The winners were:

Continuity and Resilience Consultant
Werner Verlinden FBCI, CEO at Musena Consulting 

Highly Commended
Gianna Detoni AFBCI, President at PANTA RAY, and
Charlie Maclean-Bristol FBCI, Director at Business Continuity Training

Continuity and Resilience Professional Private Sector
Neal Mullen MBCI, Global Business Continuity Manager at Arvato Financial Solutions

Continuity and Resilience Professional Public Sector
John Ball AFBCI, Business Continuity Coordinator at Surrey and Sussex Police, and
Russ Parramore MBCI, Emergency Planning Officer at South Yorkshire Fire and Rescue

Continuity and Resilience Newcomer
Tamara Boon AMBCI, Business Continuity Manager at Adidas Group

Highly Commended
Anne-Marie Hobley CBCI, Insurance, Risk and Business Continuity Adviser at University of Exeter

Continuity and Resilience Team
Belfius Bank Belgium, Business Continuity and Crisis Management Team

Continuity and Resilience Provider (Service/Product)
Sungard Availability Services, Education, Good Practice and Events Publications

Continuity and Resilience Innovation
Regus, Dynamic Workplace Recover

Most Effective Recovery
VTB Capital Plc

Industry Personality
David Window MBCI, Director at Continuity Shop

The BCI European Awards are one of seven regional awards hosted by the BCI, which culminate in the annual Global Awards held in November during the Institute’s annual conference in London, England. All winners of a BCI Regional Award are automatically entered into the Global Awards.

TAIPEI, TAIWAN--(Marketwired - Jun 17, 2016) - Gemini Open Cloud Computing Inc. (Gemini) launched Gemini Open Cloud (GOC) solution with integrated cloud services including Big Data Cloud (Hadoop Cloud) and VSaaS Cloud (Video Surveillance as a Service), and hyper-converged cloud solution in 2016 Computex. Gemini obtained the attentions of numerous potential customers from all over the world throughout the exhibition and got visibility to expand the businesses to global. Gemini was invited by the Industrial Development Bureau, Ministry of Economic Affairs to take part in the Taiwan Cloud Expo pavilion at the 2016 Computex Taipei.

Gemini provides both cloud infrastructure software as well as an end-to-end cloud application service integration platform. GOC is based on OpenStack and runs on standard Intel server platform. GOC provides multi-tenancy architecture and offers self-service provisioning portal for CSPs (Cloud Service Provider), automations cloud service orchestration, Restful API, virtual resource management and monitoring/reporting capabilities. GOC allows CSPs to turn legacy applications into cloud services without changing binary code and offer these cloud service to multiple users. CSPs don't need to understand the complexities of cloud virtualization infrastructure nor do any complicated programming to port an application to a cloud service under GOC.

Gemini also teamed up with AIC, the high quality IT hardware vendor in Taiwan, to deploy GOC in hyper-converged HA mode with only three nodes in a 2U4Node chassis system. The HA configuration can also be scaled up to multiple racks of computing and storage servers to support multiple CSPs (tenants) in an IDC environment. GOC, with its all-in-one virtualization cloud platform technology, distinguished itself with its ability to provide cloud turn-key solutions. Gemini can work with partners including system integrators, independent solution vendors, distributors and even IDC/Telecom to provide end-to-end solutions to global customers.

GOC enables customer to manage cloud service life cycle from develop to operate under the unified user portal, as well as deployment of application/service to heterogeneous environment based on the requirement, to increase the experience of enterprise cloud service management.

About Gemini Open Cloud Computing Inc.

Gemini Open Cloud Computing Inc. was founded in December 2014 and officially spin-off from ITRI (Industrial Technology Research Institute) in March 2015. Patrick Fu, CEO of Gemini, has over 30 years' experience in enterprise software development and management in US. Before becoming Gemini's CEO, he held the role as Cloud OS team lead in ITRI. Backed by an experienced team of system software R&D engineers from Taiwan and the United States, Gemini makes cloud computing easy for business and is now enterprise and telecom grade ready.

AS VEGAS, NEVADA--(Marketwired - June 16, 2016) - NRT Technology Corp. ("NRT"), a provider of integrated ticket redemption and cash access kiosks and payment services to global casino operators, today announced its SecureSmart initiative. NRT's SecureSmart solution promotes best practices, education and awareness, driving the adoption of security products to add layers of protection to the payments process, such as end-to-end encryption, tokenization and EMV.

"On September 26, 2014, NRT announced the launch of our EMV payment processing solution at Ellis Island Casino in Las Vegas, Nevada. This was the start of a long and gruelling process with the end goal of making NRT ATM and Point-of-Sale (POS) kiosks and payments infrastructure the safest and most secure solution for casino operators," said Michael Dominelli, VP Marketing and Product at NRT. "We realized that the only way to protect cardholders, casino operators and ourselves against fraud, data breaches and other threats related to payments was to commit the time and resources necessary to make our hardware, software and systems as secure as possible. At the end of the day we are making NRT and its customers less attractive targets for hackers and fraudsters, that's what it really comes down to."

NRT is doing this through the adoption of EMV, point-to-point encryption and tokenization technologies across its entire payments ecosystem, starting at the ATM, POS and QuickJack kiosks, through its communications infrastructure and onto its payments switching and processing data center platforms. "We successfully achieved PCI-DSS 3.1 compliance in April 2016. This is something I'm extremely proud of because we have heard and continue to hear negative stories from auditors and other processors about the inability of legacy systems and products to satisfy the demanding PCI 3.1 requirements," said John Dominelli, President and CEO of NRT. "As part of our push for complete end-to-end security, I personally challenged my management team to build the best payment security ecosystem in the Casino industry and I am thrilled to be able to say they have surpassed my expectations. The encryption and tokenization solution they developed is truly world class, and the best part is that deploying this solution for our casino customers will be a seamless and streamlined process."

NRT's push for end-to-end security and component hardening across all hardware, software and infrastructure platforms was achievable only because NRT builds, develops and maintains all of its own solutions. "If we had to rely on hardware providers, third party development firms, data center operators and security consultants to develop and deploy this kind of security solution I think this SecureSmart announcement would have come in 2019, not 2016," said Michael Dominelli. "We were able to make this happen because NRT is the only provider of cash access kiosks and processing services that maintains and controls its own infrastructure. Controlling our own solutions is a decision we made for this exact reason. SecureSmart is a great example of what sets NRT apart from its competitors and allows us to provide significant benefits for casino operators and their patrons."

About NRT

NRT Technology Corp. (NRT) provides the most innovative payment processing, cash handling and cash management products, services and solutions in the casino industry. NRT's world-class payment processing (cash access) solution connects to all financial institutions, giving your casino patrons instant access to ATM, Credit Card Cash Advance, POS Debit, Dynamic Currency Conversion and Check Cashing Services at the cage and kiosk, all in one fully integrated package. NRT also provides turnkey applications for jackpot redemption, ticket redemption as well as other cash handling related applications. Our products are used around the globe by Casinos, Lotteries & Retailers.

So You Want to Learn DevOps? Then WAKE UP!!!

SAN FRANCISCO, CA--(Marketwired - Jun 16, 2016) - Students at the Holberton School, San Francisco's innovative new school for teaching students of any age to be full stack engineers, are being woken early, really early, to learn just what's it's like to be a part of a DevOps team.

DevOps is a set of practices, a philosophy aiming for agile operations, to expand the collaboration between developers and operation folks to make them work toward the same goal: contribute to the entire product lifecycle, from design, development, shipping, up to the production stage. This is a radical shift from the industry norm of separate engineering and operations departments which often operate in opposition to each other.

Holberton is partnering with PagerDuty, a 6-year old IT incidents management startup, to wake students up to the reality of on-call engineering. Students will be on-call, 24/7 for their personal projects but also for group projects. In the industry, engineers are often on-call for systems they did not build, but that they still need to support; in that situation the challenge is even trickier.

"Uptime is the number one goal of any SRE/DevOps/System administrator team," said Casey Brown, manager, Site Reliability Engineering at LinkedIn. "Nowadays, well established companies like LinkedIn, Facebook and Google are also expecting developers to be fully responsible for their code in production. Having production in mind and being ready for it is something that every good developer must have, yet no school prepare students to that."

"One of the core precepts of the Holberton School is that our students learn by doing, and being on call is a lot about experience, it is not something you can learn in a book," said school founder Sylvain Kalache. "With this program, students will already have one and half years of on-call experience, because we put our students through their paces, and that sometimes means a panicked call at 3am. What better way to be prepared?"

The school has been innovating since its inception last year, offering unique opportunities for students from its tuition model and admissions process to certificate verification process. Students apply to the program using a four step, hands off, software-based admissions process that is meant to start the curriculum at the onset. Once the students are accepted, which is harder to do than Harvard, they are guided by seasoned mentors and attend cost free until they have graduated and are working. And to ensure that student certificates are the real deal when applying for jobs, certificates are secured and are accessible through the blockchain, the technology behind bitcoins, ensuring a high-quality certificate recognition for Holberton School students and tackling the threats of false resumes and fake certificates.

About Holberton School
Holberton School is a project-based alternative to college for the next generation of software engineers.

Using project-based learning and peer learning, Holberton School's mission is to train the best software engineers of their generation. At Holberton School, there are no formal teachers and no formal courses. Instead, everything is project-centered. The school gives students increasingly difficult programming challenges to solve, and gives them minimal initial directions on how to solve them. As a consequence, students naturally look for the theory and tools they need, understand them, use them, work together, and help each other.

Read more about Holberton School:
- Holberton School website
- Holberton School Meetup page
- Holberton School blog
- Facebook page
- Follow Holberton School on Twitter

Partnership With Harbor Technology Group Delivers Cyber Security Assessments and CISO as a Service

RAMSEY, NJ--(Marketwired - June 16, 2016) - Comport Consulting announced today that it will offer enterprise-grade cyber security services in conjunction with Harbor Technology Group, in response to increasing ransomware and other cyberattacks impacting hospitals and small to mid-size companies. Comport's security services, available immediately, ensure that an organization's IT infrastructure is properly designed, secured and maintained to the levels required to support today's non-stop business environments.

"Hospital systems in particular have become prime targets for cyber threats and cybercrimes -- but today no business is immune," said Mike Vencel, Comport's Executive Vice President. "Security is complex, involving infrastructure, behaviors and best practices. Together with Harbor Technology Group we can provide valuable services to prevent and mitigate the devastating business and financial impacts for our customers."

Deep Security Risk Assessments

A series of independent, highly customized Security Risk Assessments will help uncover and mitigate areas of vulnerability. Harbor Technology Group's approach is based on industry standard cybersecurity frameworks such as NIST, FFIEC, and CIS CSC. The Security Risk Assessments include:

  • Infrastructure Security Assessment including backups, archive and disaster recovery
  • Mobility/Wireless Security Architecture Assessment
  • Endpoint/Core Virtual Environment Security Assessment
  • Strategic Security Assessment

Remediation recommendations are customized, and may include Hewlett Packard Enterprise's leading security systems as well as other solutions.

Chief Information Security Officer (CISO) as a Service

Comport also announced the availability of Chief Information Security Officer (CISO) as a Service aimed at small and medium businesses (SMBs) and hospitals. SMB's face similar cyber and data security pressures as large enterprises, and also require strategic leadership and expert guidance. CISO as a Service provides affordable expertise in an environment where CISO salaries are high and CISO availability is low. The CISO can also serve as the HIPAA Security Officer in many cases.

"Criminal attacks in healthcare continue to escalate and are the leading cause of data breaches," stated Michael Markulec, Founder and Partner of Harbor Technology Group. "Healthcare organizations often lack the resources and processes to protect patient and other essential data. The current wave of threats is slipping past perimeter security to reach the unprotected internal network. We are thrilled to combine our cyber security expertise with Comport's leading IT lifecycle services and healthcare industry experience."

Data Protection for Virtualized Environments

Separately, Comport and partners HPE and Veeam are developing best-practice security/backup solutions for virtualized environments. Many ransomware attacks can be neutralized when proper backups and procedures are in effect. This solution is fully HIPAA compliant.

About Comport Consulting Corp.

Comport is an award-winning HPE Platinum Partner and CRN Triple Crown winner recognized for helping clients more effectively deliver services to end users and customers. Comport has expertise in demanding, complex IT solutions including on premise, hybrid cloud, data protection and security, networking, and enterprise-level personal systems. Comport is a true IT partner that invests in clients to achieve the organization's strategy and maximize return on IT investments. For more information visit www.comport.com.

About Harbor Technology Group

Harbor Technology Group was founded by networking and security veterans to address the cybersecurity threats impacting small to medium businesses (SMB). Harbor Technology Group specializes in enterprise-level solutions that meet the budgetary restrictions of growing organizations, and forward-thinking to provide advanced protection as your business evolves. For more information visit www.harbortg.com

The Business Continuity Institute - Jun 17, 2016 09:31 BST

Companies that have predefined Business Continuity Management (BCM) processes in place are able to find and contain data breaches more quickly, discovering breaches 52 days earlier and containing them 36 days faster than companies without BCM. This is according to a study sponsored by IBM and conducted by the Ponemon Institute.

This is of significant importance as the study revealed that the average cost of a data breach for companies has grown to $4 million, representing a 29% increase since 2013, at least among those companies surveyed as part of research.

The Cost of Data Breach Study found the longer it takes to detect and contain a data breach, the more costly it becomes to resolve. While breaches that were identified in less than 100 days cost companies an average of $3.23 million, breaches that were found after the 100 day mark cost over $1 million more on average ($4.38 million). The average time to identify a breach in the study was estimated at 201 days, and the average time to contain a breach was estimated at 70 days.

Cyber security incidents continue to grow in both volume and sophistication, with 64% more security incidents reported in 2015 than in 2014. As these threats become more complex, the cost continues to rise. In fact, the study found that companies lose $158 per compromised record. Breaches in highly regulated industries were even more costly, with healthcare reaching $355 per record – a full $100 more than in 2013.

Business continuity professionals are well aware of the threat the cyber world poses to their organizations, as identified in the Business Continuity Institute's latest Horizon Scan Report. In this report cyber attack and data breach were ranked as the top two threats with the vast majority of respondents to a global survey (85% and 80% respectively) expressing concern about the prospect of them materialising.

"The amount of time, effort and costs that companies face in the wake of a data breach can be devastating, and unfortunately most companies still don't have a plan in place to deal with this process efficiently," said Ted Julian, Vice President, Resilient an IBM Company. "While the risk is inevitable, having a coordinated and automated incident response plan, as well as access to the right resources and skills, can make or break how much a company is impacted by a security event."