Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 27, Issue 3

Full Contents Now Available!

Jon Seals

The other day I attended a meeting of a local business continuity forum. It was a very well run, very interesting meeting – the latter despite the fact that one of the topics was business interruption insurance, living proof that any subject can be made interesting by an engaging speaker. There was, however, one small glitch in proceedings that I thought was worthy of note. Or that at least gave me an excuse to write a blog.

The second item on the agenda involved a live link-up, via Skype, to a presenter in some far flung, desolate location – Reading, I think. At the appropriate time, the chairman initiated the call. And then… nothing happened, apart from a deafening silence. The technology didn’t work. Now, before you say anything, yes, of course it had been tested beforehand. This was, after all, a group of consummate business continuity professionals. It had, however, been tested on the previous Friday afternoon, whereas the live event was on a Monday morning, when the volume of traffic on the network is, apparently, much greater. To the extent that there wasn’t enough room left in the pipe for a teeny weeny little Skype call.

...

http://thebceye.blogspot.com/2014/02/never-work-with-children-or-animals-or.html

Target, Neiman Marcus and nearly 100 million of their customers whose personal information was stolen this past holiday season learned the hard way what companies of all sizes must: cybercrime is becoming more pervasive, its perpetrators more sophisticated and the harm it causes (individuals and companies) harder to calculate.

As cyber attacks become more common, companies are adopting policies to prevent and respond to them.  Unfortunately, cyber attacks are like viruses: they are not static, but rather always evolving and adapting in order to infect as many people as possible.  In most cases, before companies or industries can agree and implement defensive measures or best practices, those perpetrating cyber attacks are diligently working to circumvent the defensive measures and expand into completely new areas.  Thus, companies must keep a vigilant eye on both yesterday’s attack and the emerging threat that may not materialize for another six months to a year.

...

http://www.corporatecomplianceinsights.com/cybersecurity-trends-for-2014/

Two months after Target announced a massive data breach in which hackers stole 40 million debit and credit card accounts from stores nationwide and the rising costs related to the incident are becoming clear.

Costs associated with the Target data breach have reached more than $200 million for financial institutions, according to data collected by the Consumer Bankers Association (CBA) and the Credit Union National Association (CUNA).

Breaking out the numbers, CBA estimates the cost of card replacements for its members have reached $172 million, up from an initial finding of $153 million. CUNA has said the cost to credit unions has increased to $30.6 million, up from an original estimate of $25 million.

So far, cards replaced by CBA members and credit unions account for more than half (54.5 percent) of all affected cards.

...

http://www.iii.org/insuranceindustryblog/?p=3559

NETWORK WORLD — Imagine this in your data center: A swath of compute, networking and storage hardware from a variety of different vendors that are all controlled not individually but by software that overlays the entire operation.

Sound like a fantasy? It's the idea behind the software defined data center (SDDC) and research firm Enterprise Management Associates has declared that 2014 is the year for enterprises to seriously take a look at it.

But how do you get there? EMA analyst and blogger Torsten Volk has outlined three key priorities to adopting a SDDC strategy.

...

http://www.cio.com/article/748556/3_Essentials_Steps_to_a_Software_Defined_Data_Center

CSO — Security pros should reevaluate their use of technology and policies to bolster defenses against insider threats that many organizations downplay, a new study shows.

The threat of employees causing a data breach due to ignorance or malicious intent was behind viruses, data loss and hacking as the top security risks listed by 500 IT decision makers polled by IS Decisions, which specializes in securing Windows infrastructure. The respondents worked in organizations ranging from 50 to 10,000 employees in the U.S. and the U.K.

Only 21 percent of the respondents listed insider threats in the top three, demonstrating a lack of awareness of the seriousness of the risk, according to the survey. A separate study conducted by Forrester Research last year found that insiders were the top source of breaches, with 36 percent of such incidents stemming from inadvertent misuse of data by employees.

...

http://www.cio.com/article/748516/Why_Companies_Need_to_Check_Their_Handling_of_Internal_Threats

IDG NEWS SERVICE (Boston Bureau) — Companies that move the bulk of their IT operations to cloud services can end up realizing significant overall cost savings, according to a study by analyst firm Computer Economics.

The study looked specifically at companies that had moved mostly to the cloud and compared their spending habits to those of "more typical organizations," report author and Computer Economics President Frank Scavo wrote.

Computer Economics surveyed seven organizations with revenue ranging from US$50 million to $550 million. While acknowledging the sample size is small, the respondents' relative size is crucial, Scavo said in an interview.

...

http://www.cio.com/article/748531/Study_Companies_that_go_all_in_with_SaaS_can_save_big

There are critical differences in cloud storage according to backup size and priority. SMB – including education and small government agencies – primarily require acceptable backup and restore performance plus security and compliance reporting. The enterprise needs these things plus additional solutions for backing up larger data sets across multiple remote sites and/or storage systems and applications.

Note that no one is talking about backing up the corporate data center’s petabyte-sized storage to the cloud, not yet anyway. At its present level of development, online backup is best done for smaller scale systems. But even with this limited approach, it can have real advantages for business backup.

Cloud storage is not a do-all and be-all of data protection but it does have real benefits for some environments. One of its biggest advantages is replacing extensive off-site tape vaults. Tape libraries for active archives and massive on-site backup can be quite valuable in big data environments. But traditional off-site vaults require users to change tapes, label them, track usage, and order the truck to take them to the off-site vault; then go through another multi-step process to recover the tapes. In this respect online backup is far easier and less prone to manual error.

...

http://www.itbusinessedge.com/articles/cloud-storage-for-business-pros-and-cons.html

It’s the end of the world as we know it,

It’s the end of the world as we know it

It’s the end of the world as we know it, and I feel fine

 The above lyrics came from REM and they reflect how I generally feel about law firm and lawyer pronouncements about the Foreign Corrupt Practices Act (FCPA) enforcement because [SPOILER ALERT] I am a lawyer, I do practice law and I do work for a law firm, the venerable TomFoxLaw. The FCPA Professor regularly chides FCPA Inc. for their scaremongering tactics, usually monikered as ‘Client Alerts’. Mike Volkov is even more derisive when he calls them the FCPA Paparazzi and cites examples from his days in Big Law, where law firm marketing campaigns are centered around doomsday scenarios about soon-to-occur FCPA; UK Bribery Act; or [fill in the anti-corruption law here] prosecutions and enforcement actions. I usually take such law firm scaremonger and blathering’s to be about worth as much as the paper they are printed on. Indeed I chide the FCPA Professor and Monsieur Volkov for their protestations. In other words, I feel fine.

...

https://tfoxlaw.wordpress.com/2014/02/20/cmon-man-or-the-end-of-the-world/

How many passwords do you have? How many can you remember – and what do you do about the others? Business and consumer life is controlled to a significant degree by passwords. It’s a balancing act between making them memorable (for their rightful owners) without opening the door to password abuse or theft. The business continuity challenges that organisations face include weeding out passwords like ‘secret’, ‘1234’ or even just ‘password’, restricting password knowledge to only those who should know, and dealing with passwords that have been forgotten.

...

http://www.opscentre.com.au/blog/the-perils-of-the-password-how-to-protect-your-business-continuity/

Organizations are dealing with more data coming in and out from all sorts of directions these days, without a doubt. Dealing strategically with that data, from integration to analysis, is a huge part of this blog’s goal.

Sometimes, however, you have to stop and smell the tactical. And a recent study conducted by the government IT site MeriTalk raises some BIG red flags about whether federal, state and local governments can manage the influx of data we’re about to see.

The report identifies five factors, which it calls the Big Five of IT, that will significantly affect the flow of data into and out of organizations: Big Data, data center consolidation, mobility, security and cloud computing.

...

http://www.itbusinessedge.com/blogs/integration/survey-shows-government-pipelines-not-ready-for-data-heavy-projects.html