Fall World 2016

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 29, Issue 2

Full Contents Now Available!

Jon Seals

LONDON, UK — Context Information Security has joined the “Bit9 + Carbon Black Connect” Alliance Program as an incident response (IR) partner. Bit9® + Carbon Black® is the market leader in Next-Generation Endpoint Security (NGES).

 

As a “Connect” IR partner, Context uses Carbon Black in investigating and remediating cyber incidents and breaches for its customers. Context deploys Carbon Black across endpoints within their clients’ environments to hunt for and investigate evidence of compromise, revealing the entire “kill chain” of the attack. Using Carbon Black, their responders can quickly identify malware, attacker tools and their access, to develop an intelligent and informed response. This enhanced visibility enables Context to rapidly contain attacks and accelerate remediation efforts.

 

“Carbon Black is an essential tool within our armoury. It is a key component in our investigations with its ability to interrogate the end point and to aid in our assessment of the forensic evidence left by the whole range of cyber threat actor groups during security breaches,” said Peter Barbour, Principal Investigative Consultant, Context. “Carbon Black in a cornerstone in our protection of our client base who rely on us to safeguard their reputation and prevent their customers from harm.”

 

“Combining the remarkable skills of the Context Incident Response Team with the cutting-edge capabilities of Bit9 + Carbon Black has truly created a force to be reckoned with,” said Tom Barsi, vice president of business development for Bit9 + Carbon Black. “Context now has the ability to offer its customers the industry’s most comprehensive solution to protect endpoint devices, where the valuable data that their attackers are targeting resides.”

 

About the “Bit9 + Carbon Black Connect” Alliance Partner Program

The “Bit9 + Carbon Black Connect” Alliance Partner Program integrates the leading endpoint and server security solution from Bit9 + Carbon Black with solutions from top companies in four categories:

  • Incident response
  • Managed security services
  • Threat intelligence
  • Network security, analytics and SIEM

This enables enterprises to create a unified defence against cyber threats. Enterprises that deploy the Bit9 Security Platform and/or Carbon Black with certified alliance partners’ offerings experience a fully integrated strengthening of their security posture, a decrease in their total cost of ownership, achievement of faster deployment times, and gain increased value from their integrated solutions.

 

About Context IS

Context is an independently managed cyber security consultancy, founded in 1998. Our broad service portfolio covers the areas of security penetration testing and assurance, incident response and investigations, and technical security research.

We specialise in providing network security monitoring and incident response services, with offerings across the full spectrum of consultancy - from training and familiarisation through to rapid incident response and long-term dedicated monitoring. These services have been designed and honed through extensive experience to give organisations the support and capability they need to effectively and efficiently detect, respond to and protect against the most sophisticated cyber threats.

In recognition of our capability and reputation in this area Context were among the first companies to be accredited under the joint CESG and CPNI run Cyber Incident Response Scheme and we are one of only five companies currently accredited under this scheme.

Assured cloud services provider announces enhanced and updated services for customers

 

LONDON – Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave assured cloud services company today announced that its full range of assured cloud services will be available on the latest iteration of the G-Cloud Framework – G-Cloud 7. 

 

Skyscape is committed to supporting public sector digital transformation and recognises how important service performance and customer support are to its customers who deliver critical services to citizens. As a result, the company is announcing various new service enhancements will be available for its customers on G7. 

 

“As a firm supporter of G-Cloud, we welcome the latest iteration and are pleased to confirm that our full range of accredited services will be available via G-Cloud 7,” said Simon Hansford, CEO of Skyscape Cloud Services. “We are introducing a number of enhancements to our services in order to support our public sector customers in delivering cost-effective and secure transactional services to citizens. We have developed these in line with our customers’ feedback, which demonstrates our continued and exclusive commitment to the UK public sector.”

 

Skyscape has made a significant investment in developing its catalogue of cloud services. For instance, its Platform-as-a-Service (PaaS) Hadoop in the Cloud now offers the choice of either Cloudera or Hortonworks distributions, along with additional flexibility options to cater for varying big data workloads. Skyscape is the UK’s first certified Cloudera Hadoop Platform-as-a-Service (PaaS) provider for the public sector. 

 

Skyscape is launching a new cloud credits capability, to meet the customer requirement to know how much they’ll be invoiced and when. Organisations may purchase cloud credits up front and redeem them against Skyscape’s services over a maximum two year period, benefiting public sector organisations who need to effectively commit their CAPEX or budget spend in advance. Monthly usage will be deducted from the balance until all credits have been used. 

 

Skyscape will now also offer a new Premier Support service option to provide a more personalised support experience for customers with large or complex solutions. Customers subscribing to this option will be assigned a designated Technical Account Manager who will work pro-actively with customers to optimise their solution as well as help with problem solving. Customers will also receive onsite bespoke training (including advice on DevOps), tailored workshops, performance analysis and solution suggestions, and quarterly reporting and reviews.

 

“As cloud computing continues to be widely adopted by the public sector for more complex projects, we have responded to customer requirements to provide technical support for these more complicated solutions, particularly to customers who may not have in-house cloud expertise readily available.” continued Hansford. 

 

As with previous G-Cloud iterations, Skyscape has made further improvements to its SLAs, increasing the SLA for its Compute-as-a-Service Test & Development and Essential service options to 99.95 percent and increased the SLA for its Hadoop PaaS service to 99.90 percent. Furthermore, Skyscape is also extending its collaboration with Neustar to ensure its industry-leading security assurance standards are both maintained and extended with the availability of additional services. 

 

Skyscape has always offered a pay-by-the-hour usage model across its catalogue of assured cloud services and for G-Cloud 7 is also reducing some prices of its Compute-as-a-Service and Hadoop in the Cloud offerings. 

 

About Skyscape Cloud Services

Skyscape’s assured cloud solutions have been specifically designed to meet the needs of the UK public sector, delivering UK sovereign services that are easy to adopt, easy to use and easy to leave, with genuine pay-by-the-hour consumption models. As a UK SME, Skyscape has won a number of high-profile contracts via the G-Cloud Framework and through its large number of channel partners that embed Skyscape’s cloud platform in their solutions.

Skyscape’s full range of services are suitable for all data at OFFICIAL (including OFFICIAL-SENSITIVE) and connected to government networks including the Public Services Network (PSN), the N3 health network and others. Its services are delivered with leading technologies from the Skyscape Cloud Alliance Partners: QinetiQ, VMware, Cisco, EMC and Ark Data Centres. 

Skyscape has been named a “Cool Vendor” by analyst firm, Gartner. To learn more about Skyscape, visit www.skyscapecloud.com or follow on twitter @skyscapecloud

Just 11 days left to participate in BC Management's 1st Annual Program Maturity Study - Measuring the Effectiveness of the Business Continuity/ Resiliency Program.  Be sure to Participate by December 1, 2015 to Qualify to Receive a Complimentary Report of the Study Findings!

Switch, the Las Vegas-based company that builds mega-scale data centers, is pushing officials in the State of Michigan to quickly pass a series of data center tax incentives, so it can proceed with plans to build a data center campus that will include a pyramid-shaped building that used to house offices of the large office furniture supplier Steelcase.

At full build-out, which may take up to 10 years, Switch’s plans call for two million square feet of building space across multiple data center buildings around the Steelcase pyramid. “It could be as many as six buildings,” company spokesman Adam Kramer said.

The pyramid’s basement would be turned into a data center, and additional buildings would be constructed around it.

...

http://www.datacenterknowledge.com/archives/2015/11/20/switch-may-turn-michigan-pyramid-data-center/

Amazon Web Services, the e-commerce giant’s cloud services arm, has contracted with a wind farm developer for energy from a future 100 MW wind project in Paulding County, Ohio, to offset grid energy consumption of its cloud data centers, the company announced Thursday.

Utility-scale renewable power purchase agreements are becoming increasingly common among hyperscale data center operators like Amazon, its cloud services rivals Google and Microsoft, as well as Facebook, which does not provide cloud services but has multiple massive data centers in the US and Europe to support its user base. This year Equinix also started contracting for utility-scale renewables – something commercial data center service providers, whose customer base includes the aforementioned cloud giants, have traditionally been reluctant to do.

About one year ago, AWS made a commitment to power its operations entirely by renewable energy. The cloud provider said earlier this year that about one quarter of energy it consumed was renewable, and that its goal was to get to 40 percent renewable by the end of 2016.

...

http://www.datacenterknowledge.com/archives/2015/11/19/amazon-buys-more-wind-power-for-cloud-data-centers/

Friday, 20 November 2015 00:00

County Web Presence, Smart911 Updated

(TNS) - Officials with Limestone County announced this week upgrades to the county's website and the Smart911 system as part of a new branding initiative.

County Commission Chairman Mark Yarbrough said the website upgrade was necessary as a means to continue recruiting new industries, businesses, students and citizens. He added that the new look of the website would help give “the right impression” to those groups looking to locate to Limestone County.

“Limestone County is proud of our place in North Alabama, and we needed to upgrade our look and messaging to better tell our story,” Yarbrough said.

The county's new website is also more mobile-friendly as a growing number of Internet users continue to use their smartphones as much or more than traditional computers.

...

http://www.emergencymgmt.com/next-gen-911/County-web-presence-Smart911-updated.html

(TNS) - Florida received a failing grade on its long-term preparations for coastal flooding, in a study released Wednesday that assessed how well the 50 states were gearing up for the impact of climate change.

The study, called States at Risk, says Florida lacks a long-term plan for dealing with rising sea levels, despite being the nation's most vulnerable state as oceans inch higher. The report gave Florida a C- overall, with B+ grades on preparing for drought and wildfires – for which the report says the state faces average or below-average risk – a D on preparing for extreme heat and a D- grade on preparing for inland flooding.

"Florida has a lot of work to do," stated the report, prepared by the environmental group Climate Central, which publishes peer-reviewed articles on climate change, and ICF International, a 5,000-employee consulting firm with 70 offices worldwide. "Even though the state has plans in place to face today's threats, Florida has not taken sufficient steps to prepare for the serious threats posed by future climate change, particularly coastal flooding."

...

http://www.emergencymgmt.com/disaster/Florida-flood-preparations-slammed-in-national-report.html

Shadow IT is nothing new as employees and lines of business bypass IT departments to get the cloud services they need to complete their jobs.   Rogue IT has resulted in a conversation around the unintended and potentially dangerous consequences of increased security risks, compliance concerns and hidden costs.

We all know that private and public clouds are here to stay, but in a recent study it was proven that the average enterprise organization is unaware of just how much shadow IT exists.

Cisco recently completed a study with large enterprise customers across the United States, Europe, Canada and Australia.   This study was conducted from January 2014 through July of this year.  Actual usage data was collected from customer’s networks representing millions of users.

...

http://blogs.cisco.com/datacenter/shadow-it-you-cant-manage-what-you-cant-see

Friday, 20 November 2015 00:00

Why SMBs Should Consider Hybrid Cloud Backup

If you’re looking to build a backup solution that is scalable, cost-efficient and allows multiple disaster recovery scenarios, then switching to a hybrid cloud backup strategy is for you.

Hybrid solutions work in conjunction with your existing backup applications and policies. Local on-premise data can remain local if required and still have the flexibility of expanding onto cloud storage should you require additional capacity. Utilizing this cost-effective storage means you can store a full copy of all your backups on the cloud in the event of a site disaster.

Almost any size of business can take advantage of a hybrid backup solution, from the smallest of start-ups to huge conglomerates. How it’s implemented may differ between them, but both ends of the scale can achieve an efficient, secure, highly available and scalable solution. Consider an appropriate-sized solution for your business; this could be as simple as storing one data set on a local NAS drive with a resilient copy stored in the cloud, or as complex as implementing a VM appliance installed within your data center acting as a gateway between your private network and the cloud.

...

http://www.datacenterknowledge.com/archives/2015/11/19/smbs-consider-hybrid-cloud-backup/

Companies with operations around the world face the reality of having to deal with an often complicated web of interconnected third-party entities and organizations and will usually create third-party risk models to produce an objective risk score for each one. These models consider many factors, such as the third party’s location, the nature and closeness of the relationship with the third party, the level of control over the third party, how much business it generates and the extent of the third party’s interactions with government officials. However, not all third parties are the same, and after creating a risk-rating model, companies typically face three due diligence options:

For low-risk parties, companies can simply execute an internal review and check publicly available databases such as government watch lists, sanctions and embargo lists.

For moderate-risk parties, companies can perform open-source investigations (OSI), collecting and analyzing all publicly available online information for a third party and its principals after searching in English and native languages.

The due diligence scope required for the riskiest parties exceeds what is typically covered in an OSI alone, especially in developing nations where online information may be limited or where bad actors can easily manipulate local media. In these situations, companies should resort to Enhanced Due Diligence investigations (EDD).

...

http://corporatecomplianceinsights.com/know-your-risks-3-scenarios-where-enhanced-due-diligence-was-the-right-choice/