Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Jon Seals

Orchestration Extends Malware Detection to Cloud Environments for Improved Security Posture in Hybrid Environments

WALTHAM, Mass. – CloudLock®, the leading Cloud Access Security Broker (CASB) and Cloud Cybersecurity Platform, today announced its expanded cybersecurity orchestration ecosystem, delivering advanced malware detection capabilities through integrations with OPSWAT and VMRay to complement the company's existing integration with the threat emulation capabilities of Check Point. The first-of-its-kind integration unifies protection against malware and the growing volume of ransomware across hybrid cloud environments.

"The threat landscape -- particularly for malware -- is evolving as more organizations shift workloads to the cloud and adopt online business productivity and operations applications," said John Amaral, Head of Product Delivery at CloudLock. "By extending the power of CloudLock's cloud-native, multi-mode CASB through integrations with leading providers, our mutual customers gain powerful insight and threat mitigation capabilities to secure environments from the growing barrage of malware."

With a 30x increase in connected cloud apps over the past two years combined with the increasing volume of malware and ransomware headlines (i.e., Medstar Health) over recent weeks tells a disturbing story about the evolving nature of this threat vector and the resulting damage to the organization's productivity, safety, reputation, and bottom line. CloudLock is uniquely positioned to thwart ransomware attacks on cloud infrastructure through an API-driven, cloud-native approach to cloud cybersecurity. By performing extended analysis across an organization's disparate cloud environments, the CloudLock Cybersecurity Orchestrator™ allows customers to identify and remediate instances of malware that would otherwise go unnoticed, with support for Amazon S3, Dropbox, Box, Google Apps, and Office 365.

CloudLock further helps security analysts by enabling proactive, automated cross-platform response actions to mitigate risk and provide deep security intelligence. CloudLock integrates with customers' established security operations workflows via APIs and out-of-box integrations to drive policy-based threat mitigation and remediation. In addition to identifying malware through integration, CloudLock can detect anomalous activity within monitored cloud environments indicative of malware infection, such as user logins from suspicious locations or risky data sharing practices, for additional threat protection beyond initial malware identification.

Malware Orchestration Ecosystem Launch Partner Quotes:
"With CloudLock's CASB and Cloud Cybersecurity Platform and OPSWAT's Metadefender, enterprises can now enforce secure data flows to and from cloud applications. Metadefender provides the best prevention and detection of known and unknown threats by combining dozens of anti-malware engines with heuristics and data sanitization," said Benny Czarny, CEO, OPSWAT.

"Enterprises want frictionless interoperability and total visibility across their security solutions whether on-premise or in the cloud. The seamless integration between VMRay Analyzer and CloudLock's CASB platform combines advanced automated threat analysis and detection with comprehensive cloud security. This is a real step forward facilitating for enterprises automating of malware detection and blocking in hybrid cloud environments. We're honored and excited to be a launch partner with CloudLock on this initiative," said Chad Loeven, VP of Sales and Marketing at VMRay.

About CloudLock
CloudLock is the cloud-native CASB and Cloud Cybersecurity Platform that helps organizations securely leverage cloud apps they buy and build. CloudLock delivers security visibility and control for SaaS, IaaS, PaaS and IDaaS environments across the entire enterprise in seconds. Founded by Israeli Elite Cybersecurity Military Intelligence experts, the company delivers actionable cybersecurity intelligence through its data scientist-led CyberLab and crowdsourced security analytics across billions of data points daily. CloudLock has been recognized by Inc. Magazine as the fastest growing security product company in the U.S. and by Glassdoor as one of the top 3 best places to work in the U.S. Learn more at www.cloudlock.com.

These documents will help enhance public safety, prevent financial loss and maintain operational continuity during extreme weather situations.

Regroup Mass Notification, the award-winning leader in emergency and day-to-day communication technology, has made available a set of highly-valued resources to help organizations, businesses and government agencies better prepare for natural disasters.

The free disaster preparedness bundle covers a wide variety of topics relating to some of the most common natural disasters, along with ways on how to prepare for them. Topics covered in this series include:

  • Coordinating response efforts with internal and external response teams
  • Preparedness and communication strategies that can be combined with existing protocols to create a plan that meets specific needs
  • Viable methods for enhancing emergency communications to facilitate a more effective response that can in turn save lives

“Here at Regroup, we work hard to provide organizations with informative resources on preparing for disaster situations, as well as best practices for emergency mass communication,” said Joe DiPasquale, CEO of Regroup.  “We know that insightful resources combined with a powerful mass communication platform like Regroup will go a long way on the road to preparedness.”

The decision to make this valuable set of disaster preparedness guides available is a direct result of recent events across the United States relating to natural disasters, such as flash floods, wildfires, tornadoes, as well as seasonal events like the beginning of hurricane season.

This disaster preparedness guides provided by Regroup can be downloaded at: http://1.regroup.com/disaster-preparedness-bundle/

To learn more about how Regroup’s Emergency Notification System can provide rapid communications during a crisis, as well as streamline day-to-day communications, call 1-855-REGROUP or email inquiries(at)regroup(dot)com.

Charleston, W.Va.– In the face of disaster, the people of West Virginia have come together with courage and compassion to ask “How can I help?”

The main needs now are cash donations and volunteers.

Although there has been an outpouring of financial support already to help flood survivors more is needed. Cash donations enable nonprofit organizations to purchase what disaster survivors need most. Buying the items from local businesses helps the economy recover. No gift is too small.

West Virginians and people from throughout the nation have donated thousands of hours of labor to help the many affected folks who are elderly, disabled, living on fixed incomes or otherwise overwhelmed by the flood’s after effects. But more volunteers are needed.

There are many organizations that need donations and are looking for volunteers and at least two comprehensive groups focused on West Virginia flood recovery. The West Virginia Chapter of  National Voluntary Organizations Active in Disasters (WVVOAD) represents dozens of faith-based, community, nonprofit and non-governmental organizations active in flood response and recovery. wvflood is a new website updated by Volunteer West Virginia, the state’s Commission for National and Community Service, in partnership with WV VOAD with the support of the Office of Governor Earl Ray Tomblin. Anyone who can make a cash donation or volunteer may do so at the WVVOAD or wvflood websites.

Unfortunately, disasters tend to attract con artists who will take advantage of well meaning people. Donate to legitimate national or local organizations. Beware of solicitations to help survivors from people or groups who may sound sincere but you haven’t verified. If you are unsure or uncomfortable about the intentions of anyone you encounter, please contact local law enforcement. If you suspect fraud please call the West Virginia consumer protection hotline 800-368-8808.

Finally, be ready to stick around  for the long haul. The work of recovery lasts a lot longer than the media attention. There will be a need for donations and volunteers to help West Virginia recover for many months, even years, to come.

Even if you’re not ready to take any action at this time, you may find recovery information and survivors can find out about and ask for assistance by visiting either of the websites:

#wvflood http://wvflood.com/about/Pages/default.aspx

or VOAD https://wvvoad.communityos.org/cms/

Additional information on West Virginia’s disaster recovery can be found by visiting fema.gov/disaster/4273, twitter.com/femaregion3, twitter.com/FEMA and fema.gov/blog.

The National Crime Agency has published its ‘Cyber Crime Assessment 2016’, outlining the immediate threat to UK businesses from cyber crime. This is the first cyber crime assessment produced jointly by the NCA and industry partners.

The NCA reports that the accelerating pace of technology and criminal cyber capability currently outpaces the UK’s collective response to cyber crime, calling for stronger collaborative working between government, law enforcement and, crucially, business to reduce vulnerabilities and prevent crime.

The assessment shows that cyber crime activity is growing fast and evolving, with the threats from distributed denial of service (DDoS) and ransomware attacks increasing significantly in 2015.

...

http://www.continuitycentral.com/index.php/news/technology/1261-uk-national-crime-agency-publishes-cyber-crime-report

One of the most common concerns raised by business continuity managers is the difficulty of getting senior management support. In this article Brad Law MBCI, provides five ideas for making progress in this tricky area.

It seems nowadays that most of our working hours are spent in meetings, writing emails, calling back those voicemails and working on that endless proposal that you know is already 15 slides too long. So the last thing on your mind is trying to convince your boss that a resilient and concise business continuity plan is something 'we should focus on this quarter' and, let’s face it, they're thinking the same thing too. However, maybe it's time to ponder how you and your boss would cope without a task orientated, simple to use, business continuity plan. Below are my five tips on where to start and how to finish that conversation:

...

http://www.continuitycentral.com/index.php/news/business-continuity-news/1260-five-tips-for-convincing-your-ceo-to-focus-on-business-continuity

Wednesday, 13 July 2016 00:00

Global Risk Report 2016

By Ben J. Carnevale

Given the continuity and compliance objectives of this website, it is not too often that we don’t have the topics of global risk, risk management and risk mitigation discussed in this blog.  And, this posting will be no exception to that pattern.

This posting intends to provide an additional lens of insight into the world of perceived risks present in the global environment of the world in which we work, play and live.

This posting will offer a great reference source reading about global risk, how it might affect your company’s long term strategic growth and planning process or perhaps, even influence how your purchasing team builds its global supply base to support its platform of building faster, better and cheaper into this year’s purchasing plan and strategy.

With so many doing so much self-directed research on search engines and social media to help address problems and identify solutions, in many cases as much of 70% of the decision-making process is now over before potential clients are ready for a conversation with a data center’s executive- or sales team.

Today’s data centers face a very different buyer’s journey where the traditional marketing and sales playbooks have been severely disrupted.

Why? People got tired of being interrupted by obnoxious marketers and sales reps. So fed up that it’s fueled massive changes in consumer preferences that have powered selective-consumption platforms like iTunes, Netflix, SiriusXM, and TiVo.

...

http://www.datacenterknowledge.com/archives/2016/07/12/are-data-centers-and-msps-like-oil-and-water-or-peanut-butter-and-jelly/

There is an ongoing national conversation around the relationship between law enforcement and various civilian populations. In talking to friends of diverse ethnic backgrounds, it has become clear to me that my perceptions and how I go about my daily activities are different from some of my friends and acquaintances. This blog is not to comment on that, but rather to relate it to our business risk assessment.

There is not a single risk profile. Depending on the type of business, facility location, public perceptions, etc., the same event may be more or less likely to occur or may have a different impact. This may be an obvious statement, but how many of us in the risk or business continuity area evaluate the actual risks to our organization rather than looking at risk in the same old way or with the same bias? The following are items or areas to consider. While not necessarily complete, this list may prompt thoughts specific to your organization.

...

http://www.mha-it.com/2016/07/actual-risks-organization/

The Internet of Things (IoT) is a hot button topic. Experts, users and commentators are worried about keeping it secure. Progress – or at least news – is being made, however. During the past few weeks, several announcements have been made, suggesting that the industry is hard at work at putting people’s fears to rest.

The highest profile announcement was made late last week: Security firm Avast Software acquired AVG, another security firm, for $1.3 billion. The acquisition is designed in part to enable Avast to move into the IoT security space. If the deal closes, the combined company will have a presence in about 400 million endpoints, including about 160 million mobile devices.

The second announcement, which was also made last week, is that SAP and WISeKey, a Swiss company, are collaborating. According to Engineering.com, WISeKey offers a managed cryptographic root of trust (RoT) that can be recognized by both applications and operating systems. The trust level can be extended to IoT devices using SAP’s HANA platform.

...

http://www.itbusinessedge.com/blogs/data-and-telecom/companies-are-working-hard-to-make-the-iot-more-secure.html

Fintech Start-Up Just Received Largest UK Crowdfunding Investment of All Time

LONDON – Rackspace® (NYSE: RAX), today announced that goHenry, the UK's first fully digital family banking solution designed to help young people manage their money, has achieved 470 percent annual growth with help from the VMware® Managed Virtualisation offering from Rackspace.

goHenry recently achieved the record largest amount of equity raised from crowdfunding in the world (£4m), which went far beyond its initial target of £2 million. This is the latest in a line of investments in the fintech space which brought £524m to the UK in 2015 alone. The capital was raised so that the business could accelerate its UK growth and begin its international expansion, while continuing to enhance its product. The start-up is already one of the UK's fastest growing companies with annual growth currently standing at more than 470 percent.

The business was founded with a mission to make the next generation of young people better at managing their money than the last. It's a subscription service operating in the Fintech space, which provides 8-18 year olds with a prepaid debit card and app with unique parental controls. Parents can use the app to easily manage pocket money, set spending limits and rules on where the card can be used, and much more. These tools are designed to help children and teens learn to earn, save and spend responsibly whilst giving parents peace of mind and an easy way to manage their children's pocket money.

Like any other e-commerce website and app, goHenry requires stability during their online sales cycle and periods where interest spikes and traffic volumes increase. goHenry's recent crowdfunding success and other busy periods, like when young people are keen to spend money such as Saturday mornings (when the website receives five times more traffic than any other day of the week), school holidays and Christmas, are a case in point.

Alex Zivoder, CEO at goHenry says: "It's impossible to focus on achieving large scale growth if you are constantly being distracted by day-to-day tasks which only maintain the business' current status. This is one of the main reasons we chose a managed cloud solution, because I can trust that our IT infrastructure will be run at a high standard by a team of Rackspace experts so I can concentrate on work that helps us progress towards our key growth goals. This is why we see Rackspace as more of a valued advisor that contributes towards our growth rather than a traditional cloud vendor."

Zivoder and his team opted for Rackspace after reviewing the market for a cloud provider that could not only meet their current needs, but also support the company through their international growth.

Darren Norfolk, MD of Rackspace UK added: "It was great to see goHenry breaking the record for the largest round of crowdfunding investment in UK history. Not only have we helped the company towards this fantastic achievement, but the investment was raised through the Crowdcube platform, which is another Rackspace customer. We have also shared our vast experience of helping companies overcome IT challenges caused by rapid growth and I'm glad that goHenry has benefitted from this."

goHenry uses VMware® Managed Virtualisation from Rackspace for its front end presence and its backend operations which includes the mobile app, while using a Public Cloud Powered by OpenStack® for its website. As well as providing valuable reliability and speed, the solution is set up in this way so that sign ups can be handled on one part of the infrastructure and transactions can be handled on the other. This solution can be considered very innovative for a company in the financial sector, but it was able to take this approach because it was 'born in the cloud' era and isn't faced with the huge task of updating legacy systems like more traditional players in the financial sector.

About Rackspace

Rackspace (NYSE: RAX), the #1 managed cloud company, helps businesses tap the power of cloud computing without the complexity and cost of managing it on their own. Rackspace engineers deliver specialized expertise, easy-to-use tools, and Fanatical Support® for leading technologies developed by AWS, Google, Microsoft, OpenStack, VMware and others. The company serves customers in 120 countries, including more than half of the FORTUNE 100. Rackspace was named a leader in the 2015 Gartner Magic Quadrant for Cloud-Enabled Managed Hosting, and has been honoured within the top 100 Great Places to Work for the past 12 years. Learn more at www.rackspace.co.uk.

Forward-Looking Statement

This press release contains forward-looking statements that involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of Rackspace Hosting could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including any statements concerning expected development, performance or operational results related to any particular customer or customers of our customers associated with our hosting solutions; any other statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include issues relating to the performance of a customer's configuration caused by forces outside of the control of Rackspace; changes in the economy, technological and competitive factors, regulatory factors, and other risks that are described in Rackspace Hosting's Form 10-Q for the quarter ended March 31, 2016 filed with the SEC on May 10, 2016. Except as required by law, Rackspace Hosting assumes no obligation to update these forward-looking statements publicly, or to update the reasons actual results could differ materially from those anticipated in these forward-looking statements, even if new information becomes available in the future.