Fall World 2016

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 29, Issue 2

Full Contents Now Available!

Jon Seals

MINNEAPOLIS, Minn. – DataBank, Ltd., a leading super-regional provider of outsourced solutions for data center, cloud and managed services has announced the expansion of both data center capacity and cloud services in their premier Minneapolis-Saint Paul-area facility. The addition of a cloud node and the commencement of construction on the site’s second data hall will increase the facility’s onsite IT service suite as well as augment the available white-floor data center space by over 15,000 sqft, to accommodate increasing market demand.

DataBank’s site, known as MSP2, is located on a dedicated and secured site in the Southeastern Twin Cities suburb of Eagan, MN. The Tier-III (Uptime Institute Certified - Constructed) facility boasts some of the highest specs for a multi-tenant data center in the entire region. Designed for 20MW of onsite power (diverse feeds of 10MW A&B), the 2N design in both utility and onsite power generation has differentiated DataBank to discerning businesses seeking the utmost security and uptime availability.

“We are very pleased with the interest and growth of demand in this market for the high quality services we offer,” said Tim Moore, DataBank’s CEO. “The expansion we’ve begun in both space and cloud services represent our commitment to offer the best outsourced information technology solutions here in the Twin Cities.”

In addition to the two Minneapolis-area sites, DataBank’s super-regional footprint also includes two enterprise-class data centers in Kansas City, as well two more in Dallas. To find out additional details on DataBank data center facilities and suite of managed services, please visit the company website at http://www.databank.com.

About DataBank
DataBank is a leading provider of enterprise-class business solutions for Data Center, Managed Services, and Cloud. We aim to provide our customers with 100% uptime availability of all their critical data, applications and deployed infrastructure. Our suite of services is anchored by our top-tier data center environments and highly available robust connectivity. We offer customized deployments tailored to effectively manage risk, improve technology performance and allow our clients to focus on their own core business objectives. DataBank is headquartered in the historic former Federal Reserve Bank Building in downtown Dallas, TX and has additional data centers in North Dallas, Minneapolis and Kansas City. For more information on DataBank locations and services, please visit http://www.databank.com or call 1(800) 840-7533.

The cyber thief develops a new advantage, breaks into an IT system, and swipes data. An enterprise spots the hack too late, figures out how it was done, and changes its defense to stop the hack from happening again. The defense holds until the cyber thief figures out the next work-around.

That is the action/reaction cycle. Like a perverse iteration of Newton's third law, every clever action is followed by an equally clever reaction.

Companies are getting wise to this, adding depth to their cyber-defenses to contain, rather than prevent breaches. Yet, there can be no change in strategy without a change in thinking first.

...

http://www.informationweek.com/strategic-cio/security-and-risk-strategy/cyber-security-the-best-plan-of-action-to-keep-your-data-safe/d/d-id/1324328

From an investor’s point of view, Rackspace Hosting is now operating in uncharted territory, and Mr. Market hates uncertainty.

Fanatical belief in “fanatical support” and anecdotes about the potential of managed services for Amazon Web Services and Microsoft’s Azure, Private Cloud, and Office 365 simply didn’t excite analysts on the Q4 2015 earnings call.

Rackspace (RAX) investors bid the stock up 3 percent to close at $18.17 prior to the release of Q4 earnings and full-year 2015 results after the bell Tuesday.

...

http://www.datacenterknowledge.com/archives/2016/02/18/data-center-stocks-rackspace-pivot-to-cloud-support-fails-to-impress-investors/

Cloud computing has completely revolutionized the way businesses handle data. No longer limited by their own hardware, companies can now take advantage of technology tools offered by providers around the world. This trend will only continue as more organizations transition storage and compute power to the cloud. According to analysts at Gartner, cloud services are predicted to grow to $244 billion by 2017.

With all the benefits the cloud has to offer, it is imperative that businesses develop the essential awareness and master the fundamental security capabilities required to safely and securely deploy cloud computing solutions. This is especially critical for functions—and even entire industries—with a high risk of data breach, such as payroll processing, human resources management, health care services and anything related to financial data, from consumer banking to payment card transactions to retirement fund distributions.

...

http://corporatecomplianceinsights.com/cloud-computing-cyber-liability-risk-management/

Across the world, hackers are taking control of networks, locking away files and demanding sizeable ransoms to return data to the rightful owner. This is the ransomware nightmare, one that a Hollywood hospital has been swallowed up by in the last week. The body confirmed it agreed to pay its attackers $17,000 in Bitcoin to return to some kind of normality. Meanwhile, FORBES has learned of a virulent strain of ransomware called Locky that’s infecting at least 90,000 machines a day.

The Hollywood Presbyterian Medical Center’s own nightmare started on 5 February, when staff noticed they could not access the network. It was soon determined hackers had locked up those files and wanted 40 Bitcoins (worth around $17,000) for the decryption key required to unlock the machines. Original reports had put the ransom at 9,000 Bitcoin (worth roughly $3.6 million), but Allen Stefanek, president and CEO of Hollywood Presbyterian Medical Center, said in an official statement they were inaccurate.

Despite receiving assistance from local police and security experts, the hospital chose to pay the attackers. “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”

...

http://www.forbes.com/sites/thomasbrewster/2016/02/18/ransomware-hollywood-payment-locky-menace/

Thursday, 18 February 2016 00:00

How mature are vendor risk management programs?

The recently published 2015 Risk Management Association (RMA) Third-Party/ Vendor Risk Management Survey report provides insights into the third-party risk management programs of leading financial services organizations of various asset sizes across the US, Canada, and Europe. The report, featuring the perspectives of 80 financial services institutions, provides detailed information on the current challenges and best practices in third-party risk management. All the participating institutions are regulated by one or more of the following regulators – OCC, FRB, FDIC, State, FINRA, and OSFI (Canada).

The survey is an update to, and extension of, the 2014 Third-Party/ Vendor Risk Management Survey conducted by the RMA, and is designed to track the progress and evolution of third-party risk management practices at financial services companies. Both the 2015 and 2014 surveys were sponsored by MetricStream.

Some key findings from the 2015 RMA survey include:

  • 35 percent of the institutions surveyed reported that their vendor third-party risk management program is fully mature, compared to 0 percent in 2014. However, only 13.8 percent of respondents reported that their non-vendor third-party risk management program is fully mature.
  • 50 percent of the respondents said that non-vendor third-party risk management is a regulatory requirement and their institution is formally addressing the risk.
  • The majority of institutions surveyed have a ‘center-led’ or ‘hybrid’ approach to supporting the first line of defense / defence in the execution of their responsibilities for both vendor and non-vendor third-party relationships. Meanwhile, the number of FTEs supporting related activities has grown since the 2014 survey.
  • Technology adoption is much higher than reported in the 2014 survey. Today, only a minority (28.8 percent) of the respondents still use manual tools such as MS Access, Excel, or SharePoint to manage their third-party risk management programs. Most institutions also acquire data from third parties like Dunn and Bradstreet, LexisNexis, and Moody's to support due diligence and monitoring.
  • 17 institutions surveyed disclosed that they have achieved ‘clean’ regulatory examinations.
  • According to respondents, the areas that received criticism during the most recent regulatory exams included due diligence: quality and completeness of documentation (20 percent), consistency of program across all lines of business (18.8 percent), monitoring (18.8%), and business continuity / resilience (15 percent).

www.rmahq.org
www.metricstream.com

In this era of shooting-from-the-hip or bombastic Donald Trump comments, companies have to attend to reducing employment litigation risks. In this era of nuisance litigation and employment-focused litigation, companies need to take affirmative steps to reduce employment claims and related litigation.

There are three key steps that every company should take in order to reduce employment litigation exposure.   Companies have to recognize potential employee concerns early and take steps to act according to policies and practices designed to minimize employment litigation claims.

...

http://blog.volkovlaw.com/2016/02/three-keys-minimizing-employment-litigation-risks/

As organisations have boldly gone when no enterprise has gone before, meaning out to the far corners of cyberspace, the face of data security has changed significantly. The traditional firewall model has collapsed as companies store their data in cloud servers they do not own, perhaps even in countries where they have no corporate presence. External threat actors have developed new methods of attack and customer data breaches have become headline news. While organisations rethink their data security plans and actions, it is however important to remember that another important risk exists, which may need different treatment. It is the risk of employees stealing information about their colleagues.

...

http://www.opscentre.com.au/blog/employees-vs-employees-the-internal-battle-for-data-security/

For any data center cooling system to work to its full potential, IT managers who put servers on the data center floor have to be in contact with facilities managers who run the cooling system and have some degree of understanding of data center cooling.

“That’s the only way cooling works,” Adrian Jones, director of technical development at CNet Training Services, said. Every kilowatt-hour consumed by a server produces an equivalent amount of heat, which has to be removed by the cooling system, and the complete separation between IT and facilities functions in typical enterprise data centers is simply irrational, since they are all essentially managing a single system. “As processing power increases, so does the heat.”

Jones, who spent two decades designing telecoms infrastructure for the British Army and who then went on to design and manage construction of many data centers for major clients in the UK, will give a crash course in data center cooling for both IT and facilities managers at the Data Center World Global conference in Las Vegas next month. The primary Reuters data center in London and a data center for English emergency services – police and fire brigade – are two of the projects he’s been involved in that he’s at liberty to disclose.

...

http://www.datacenterknowledge.com/archives/2016/02/17/what-it-managers-need-to-know-about-data-center-cooling/

WASHINGTON — The U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA), in coordination with state, local, tribal, and territorial emergency managers and state broadcasters’ associations, will conduct a test of the Emergency Alert System (EAS) in twenty-two states, two territories, and the District of Columbia on Wednesday, February 24, at 2:20 p.m. (Eastern).

Broadcasters from the following locations are voluntarily participating in the test: Alabama, Arkansas, Delaware, District of Columbia, Florida, Georgia, Illinois, Indiana, Iowa, Kansas, Louisiana, Maryland, Mississippi, Missouri, Nebraska, New Jersey, New York, North Carolina, Oklahoma, Pennsylvania, Puerto Rico, South Carolina, Texas, U.S. Virgin Islands, and Virginia. The EAS test is made available to radio, broadcast and cable television systems is and scheduled to last approximately one minute.

The test will verify the delivery and broadcast, and assess the readiness for distribution of a national-level test message. The message of the test will be similar to the regular monthly test message of EAS, normally heard and seen by the public: “This is a national test of the Emergency Alert System. This is only a test.”

The EAS test might also be seen and heard in states and tribes bordering the states participating in the test.

Public safety officials need to be sure that in times of an emergency or disaster they have methods and systems that will deliver urgent alerts and warnings to the public when needed.  Periodic testing of public alert and warning systems is a way to assess the operational readiness of the infrastructure for distribution of a national message and determine what improvements in technologies need to be made. 

More information on the Public Alert and Warning System and Wireless Emergency Alerts (WEA) is available at www.fema.gov/ipaws or www.ready.gov/alerts.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.