CSO — "Data Lake" is a proprietary term. "We have built a series of big data platforms that enable clients to inject any type of data and to secure access to individual elements of data inside the platform. We call that architecture the data lake," says Peter Guerra, Principal, Booze, Allen, Hamilton. Yet, these methods are not exclusive to Booze, Allen, Hamilton.
"I have read what's available about it," says Dr. Stefan Deutscher, Principal, IT Practice, Boston Consulting Group, speaking of the data lake; "I don't see what's new. To me, it seems like re-vetting available security concepts with a name that is more appealing." Still, the approach is gaining exposure under that name.
In fact, enterprises are showing enough interest that vendors are slapping the moniker on competing solutions. Such is the case with the Capgemini / Pivotal collaboration on the "business data lake" where the vendors are using the name to highlight the differences between the offerings.
Shadow IT is a fact of life for nearly every IT department across the board. But does that mean it’s time to throw in the towel? Not exactly, but it does mean that things will have to change, both for users and managers of data infrastructure.
First, some numbers. According to CA Technologies, more than a third of IT spending is now heading to outside IT resources, and this is expected to climb to nearly half within three years. The figures are shocking, but keep two things in mind: First, they come from CA, which makes its living building systems that help organizations keep track of their data infrastructure, and second, they represent all outsourcing activity, not just what is termed “shadow IT.”
In this article Charlie Maclean-Bristol, a highly experienced business continuity consultant, lists ten areas where many business continuity plans can be improved. How does your plan stack up?
Charlie’s list is as follows:
1. Scope. On many of the business continuity plans that I see it is not clear what the scope of the plan is. The name of the department may be on the front of the plan but it is not always obvious whether this is the whole of the department, which may cover many sites, or just the department based in one location. It should also be clear within strategic and tactical plans what part of the organization the plan covers. Where large organizations have several entities and subsidiaries it should be clear whether the tactical and strategic plans cover these.
2. Invocation criteria. I believe it should be clear what sort of incidents should cause the business continuity plan to be invoked. I also believe that these invocation criteria should be ‘SMART’ (specific, measurable, attainable, realistic and timely), so as not to be open to misinterpretation. The criteria should be easy to understand so if you get a call at 3am in the morning to inform you of an incident it should be obvious whether you invoke or not. Focus should be on the loss of an asset such as a building or an IT system, not on the cause of the loss. There needs to be a ‘catch-all’ in the invocations criteria which says 'and anything else which could have a major impact on our operations’ so that the criteria are not too rigid if you need to invoke for an incident you have not yet thought of.
Costs and benefits of BCM: let us ask the right questions, not answer the wrong ones
By Matthias Rosenberg
The costs and benefits of BCM : I have dealt with this issue for almost 20 years now and it always goes back to one question: Why would a company invest in something that does not provide a contribution to revenue and that is meant to protect the company against something that hopefully never happens? This question is quite understandable from a business perspective and therefore justified as a basic question. Those who cannot give a plausible answer to this question will fall at the first hurdle. This issue is fundamental to our profession and at the same time underrepresented in the BCM literature. Even the Good Practice Guide (GPG) 2013 does not see the task of selling BCM as a central task of a BC manager; but in reality the sale and presentation of the business continuity topic are critical for our success.
Soft skills are as important in BCM as in any other management discipline.
Let me give you some examples: BCM professionals need strong presentation skills and they need strong training skills (e.g. to train BCM coordinators). These are specific skills that can be described. Analytical skills (e.g. to prepare BIA results for top management) and communication skills are equally important. In the end it is not enough to read another BCM standard, to take part in a training course or to buy BCM software and hope to run a BCM programme successfully. A BCM professional needs experience and one of the most important skills to implement a BCM programme successfully: patience.
By Jayne Howe
The costs associated with developing and implementing a business continuity program in your organization can vary greatly. Most of the cost variables are going to be dependent on two factors: what you already have in place and what components still need to be addressed; and whether your organization has internal business continuity expertise.
It’s likely that any organization successfully operating in this century will have at least a few basic components in place. They may be components that are necessary to be eligible for insurance coverage; to meet the criteria for regulatory bodies that your organization’s industry needs to be part of; or complying with basic building fire codes. But even if you don’t have internal BC expertise, you don’t need to start with a blank piece of paper to try to configure the other components that are necessary for a complete and robust business continuity program.
Using a business continuity standard as a base guideline for your own internal development can assist in identifying those modules that are necessary to develop an all-inclusive and comprehensive BC program. This can be extremely helpful in preventing you from travelling down an incorrect or incomplete path, and therefore saving wasted resource time and costs.
Managing vulnerabilities in a business context.
By Paul Clark
Network security can be both an organization’s saviour, and its nemesis: how often does security slow down the business? But security is something you can’t run away from. Today’s cyber-attacks have a direct impact on the bottom line, yet many organizations lack the visibility to manage risk from the perspective of the business.
Traditionally, network security revolves around scanning the servers for vulnerabilities, reviewing them and the risk to the server by drilling down through the reporting to assess how vulnerabilities could be exploited, and then looking at how those risks can be remediated. Looking at vulnerabilities in this technical context leaves a lot to be desired in terms of actual impact on the business.
These risks can be put into two groups. There is the security risk, which is about compromise. How can the network be compromised and what would happen if the vulnerability was exploited? What damage would be done, and what information could be lost? Assessing these types of risk is usually the domain of the information security team.
On March 13th BATS Global Markets (BATS), a leading operator of securities markets in the US and Europe, successfully conducted a full-scale business continuity test
of its US equities exchanges BZX and BYX, and BATS Options. These operations were switched to BATS’ disaster recovery site and the company’s global headquarters was disconnected from all outside network access for the entire day.
All of BATS’ Kansas City-area employees reported to the disaster recovery site and conducted their daily routines from the secure and remote location. The BATS offices in New York City, Jersey City, and London continued normal operations.
Turn Around Don’t Drown
Turn Around Don’t Drown, or TADD for short, is a NOAA National Weather Service campaign used to educate people about the hazards of driving a vehicle or walking through flood waters.
This year is the 10th anniversary of the TADD program. Hundreds of signs depicting the message have been erected at low water crossings during the past decade. The phrase “Turn Around Don’t Drown” has become a catchphrase in the media, classroom, and even at home. It’s one thing to see or hear the phrase, and another to put it into practice.
Flooding is the 2nd leading cause of weather related fatalities in the U.S. (behind heat). On average, flooding claims the lives of 89 people each year. Most of these deaths occur in motor vehicles when people attempt to drive through flooded roadways. Many other lives are lost when people walk into flood waters. This happens because people underestimate the force and power of water, especially when it is moving. The good news is most flooding deaths are preventable with the right knowledge.
Just six inches of fast-moving water can knock over an adult. Only eighteen inches of flowing water can carry away most vehicles, including large SUVs. It is impossible to tell the exact depth of water covering a roadway or the condition of the road below the water. This is especially true at night when your vision is more limited. It is never safe to drive or walk through flood waters. Any time you come to a flooded road, walkway, or path, follow this simple rule: Turn Around Don’t Drown.
For more information on the TADD program, visit http://tadd.weather.gov
For flood safety tips, visit the newly redesigned website at www.floodsafety.noaa.gov or http://emergency.cdc.gov/disasters/floods/index.asp
Essentially the Non-Executive Director's role is to provide a creative contribution to the board by providing objective criticism. So I recommend that all Non-Executive Directors consider challenging the board to count the costs involved in deploying business continuity management and balancing these costs against quantifiable benefits gained from its Business Continuity Management System and Programme.
The Good Practice Guidelines suggest that embedding BCM is hard to measure, but secretly I believe that Executive Directors deep down in their hearts and minds know full well if they are merely trying to be compliant.
In the busy world of the Executive, maybe they only have time to ask if the business is adequately covered from a risk and business continuity perspective. Is it the difference between plausible deniability and culpable liability? To paraphrase a well-known political interviewer: “Did you know there was a problem, in which case you are culpable or did you genuinely not know in which case you were incompetent, which is it?”
Before I start I feel I should make two important points :
1) If you’re expecting a serious, academic blog containing a reasoned argument backed up by empirical evidence, you’ve come to the wrong place;
2) I was asked to write 500 words, which I understand is what proper bloggers do. I’ve exceeded that ever so slightly so if you have a short attention span, you might want to leave now.
Assuming you’re still with me…