The Continuity Logic customized demo provides an opportunity for qualifying organizations to evaluate Frontline Live 5™, with their plans, desired controls, policies, and procedures. This first-of-its-kind system for both business continuity and many other areas of Governance, Operational Risk and Compliance (GRC) is powerful, but often best viewed with some of your familiar plans, data and templates.


Spring World 2016

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 28, Issue 3

Full Contents Now Available!

Jon Seals

While many companies would like to adopt cloud services, many still resist over concerns about data security. Here's how managed service providers (MSPs) can overcome the two main objections to cloud computing and cloud-based file sharing in 2015.

As a recent article from CloudWedge says, “The most cited barrier to entry for cloud into the enterprise continues to be the security concerns involved with an infrastructure overhaul.” The problem with that lingering concern is that the enduring lack of education is hindering the market for MSPs. Yet, this knowledge also presents an opportunity.

What these hesitant or resistant organizations really fear is the unknown. And, what they don’t know is what adopting the cloud will mean for their most valuable, most highly-protected data.



Concepts and fashions in business come and go. And sometimes they come back again with a new look or a different name. The origin of the DevOps name is simple to guess. It’s a combination of development and operations. The advantages cited of using a DevOps approach include a lower failure rate of software releases, a faster time to fix, and a faster time to recover if a new release crashes your server. DevOps is currently a buzzword in IT circles, but despite an inception date of 2008, just how new is it?



The data experts are still sounding the warning bell about data lakes, prognosticating a list of problems that data lakes will cause you.

Meanwhile, word on the street is that enterprises are building data lakes anyway, because everyone else thinks it’s a great idea. This means that many enterprises are now stuck looking for ways out of the prognosticated problems.

It’s going to get interesting for the rest of us—and possibly very expensive for some.

Gartner Director of Public Relations Christy Pettey revisited the problems of data lakes, drawing on Research Director Nick Heudecker’s presentation at the Business Intelligence & Analytics Summit. Pettey’s article identifies the three main problem areas with data lakes:



If your system has been hacked, what would your first reaction be?

Speaking for myself, I think I would want to know who did it and figure out how it was done. That’s my personality, to learn the who, what, and why of a situation first, and then focus on the damage control. I suspect that this is human nature for a lot of people, too.

On the other hand, when I asked that question to a security professional during an informal conversation, his response was this: Find out what information was hacked and determine whether the FBI needs to be involved immediately. You have to figure the data had already been compromised, he said, so you’ve got to work on minimizing the damage.

According to Edward J. McAndrew, assistant United States attorney and cybercrime coordinator with the U.S. Attorney’s Office in the District of Delaware, and Anthony DiBello, director of strategic partnerships for Guidance Software, the security professional I spoke with is on the right track. When a hack happens, it is important to resist human nature regarding the hacker (at least immediately). Instead, you want to focus on mitigating damage and data loss and providing information to law enforcement so the cops can identify and take action against the bad guys.



The cloud has given business units within the enterprise a chance to do an end-run around IT when they need quick resources to complete a given task.

The CIO is rightly concerned about this, given the security and governance issues that such free-wheeling activity promotes. But in the front office, the end results of greater productivity and lower costs are hard to resist, particularly once the appropriate agreements are struck with cloud providers that enable broad protection and availability measures for data placed on third-party infrastructure.

It stands to reason, then, that many providers are positioning their services away from the technical elements of the enterprise and more toward the people who actually stand to benefit – the line-of-business managers who are under increasing pressure to get the job done no matter what. This is why we are seeing the rise of cloud services tailored toward key functions, such as marketing, as opposed to generic server and storage resources.



The role of the IT manager ain’t what it used to be. There was a time when responsibilities primarily included building a software stack, managing the company’s infrastructure, and operating company-owned equipment. With the rapid adoption of cloud technology, including cloud-based file sharing, those roles and responsibilities have changed dramatically – and it’s critical for MSPs to understand this shift.

IT managers now fill more of a relationship manager role and are ideally viewed as partners by business leaders and department heads. MSPs looking to provide cloud services to clients need to understand this shift in roles in order to work – and be successful with – the new IT department.

Russ Banham from Forbes recently outlined some of the things IT pros are doing now instead of managing infrastructure. Here are a few things IT managers are doing now that MSPs should be prepared for:



World Backup Day 2015 gave managed services providers (MSPs) a great opportunity to educate their customers about the importance of backing up personal data.

And even though this year's event has come and gone, MSPs don't have to wait until 2016 to teach customers about the value of data protection.

For example, a new survey from data backup and disaster recovery (BDR) solutions provider Kroll Ontrack revealed 61 percent of data recovery customers had a backup solution in place at the time of data loss.



(TNS) — Critics call it “sharpening the pencil.”

Since the Diablo Canyon nuclear power plant opened on a rocky stretch of California coast in 1985, researchers have discovered three nearby fault lines capable of stronger quakes than the one that struck Napa last year.

And yet the plant’s owner, Pacific Gas and Electric Co., insists that Diablo isn’t in greater danger than previously thought. If anything, it’s in less.

PG&E has, at several times in Diablo’s complicated history, changed the way the company assesses the amount of shaking nearby faults can produce, as well as the plant’s ability to survive big quakes.



Monday, 06 April 2015 00:00

The Risky Side of Unmanaged Spreadsheets

For years enterprises have attempted to move away from spreadsheets in favor of enterprise resource planning (ERP) systems, accounting systems and various other software systems and applications. Yet, no matter how hard organizations try, it seems spreadsheets will not go away.

Besides being easy to use and accessible, people are comfortable working with spreadsheets. When they have a job to do, spreadsheets are there—not waiting for IT. Yet when left unmanaged, the risks associated with spreadsheets can prove costly, resulting in bad business decisions, regulatory penalties, and even lawsuits. In some instances, unmanaged spreadsheets are costing organizations millions of dollars.

For example, last October a spreadsheet mistake cost Tibco shareholders $100 million during a sale to Vista Equity Partners. Goldman, Tibco’s adviser, used a spreadsheet that overstated the company’s share count in the deal. This error led to a miscalculation of Tibco’s equity value, a $100 million savings for Vista and a slightly lower payment to Tibco’s shareholders.



Monday, 06 April 2015 00:00

Being Better at Resilient Thinking

Last week we began the first workshop in our MSc Organisational Resilience from the module that has a specific focus on Security Management.  We covered the usual discussions about crime theory and motivational influence before going on to discuss the scope and parameters of security.  So far so routine: vanilla security management ideas.  Then we began to move onto the more interesting and challenging elements of the workshop, where the contextualised approach was developed.  Where does security management ‘fit’ with other resilience disciplines; and what does the critically evaluative approach that we undertake at postgrad level reveal about security’s true profile and organisational relevance?

It is context that is important and that is something that we can develop and analyse extremely well. How?  Because our students and tutors are multi-disciplinary.  If you undertake a security management course and staff it with criminologists; and all of your students are from a security, military or law enforcement background; you get bias.  Bias is not something that we are too fond of as it tends to skew research and its outcomes.  So with, for example, business continuity and emergency and crisis management specialists within our group, we have the opportunity to challenge the rigidity of thought that some see as the underlying trait of many security people.  We have covered the theories of crime and we will not cover the processes of security (and its multiple sub activities) in any more detail from now on.  However, we will look at the development of ideas, thoughts and research into security management in the organisation and its resilience; dismantling the behaviours and attitudinal approaches that restrict organisational capability from much wider viewpoints.