Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 29, Issue 3

Full Contents Now Available!

Jon Seals

A Southern California hospital fell victim to hackers last week — offering a glimpse at one of many digital threats facing health care.

Criminals reportedly infected Hollywood Presbyterian Medical Center computers with ransomware — malware that cryptographically locks devices. The thieves have demanded 9,000 bitcoins, the equivalent of $3.65 million, to unlock the machines, according to sources who spoke with Los Angeles television stations.

Hollywood Presbyterian is at least the fourth hospital this year to be reportedly affected by ransomware.



Thursday, 18 February 2016 00:00

Microsoft Tests Underwater Data Centers

Microsoft is testing a self-contained data center that could be deployed deep underwater so as to reduce cooling costs and emissions from land-based centers, the New York Times has reported.

Code-named Project Natick, Microsoft's experimental data complex is enclosed in a steel capsule designed to sit on the cold ocean floor.

The company is also exploring suspending capsules just below the ocean surface in order to capture energy from currents and generate electricity.



Thursday, 18 February 2016 00:00

The Five Myths of Big Data

While socializing with my partner (something that will abruptly stop for a while after the imminent birth of my second child), when I tell people that I recruit for Big Data & Data Science professionals, their reactions vary from a vacant, glazed look in their eyes to a knowing nod (that actually masks a total lack of understanding). It is fair to say that most people don’t really get what Big Data & Data Science is about.

The industry is developing at a rapid pace, with the technology improving month-on-month instead of year-on-year. There is such a buzz about Big Data that the narrative has almost taken on a life of its own – it has become this mythical being that can slay uncertainty and save any business from an untimely end.

That is, unfortunately, not the case, so I thought that it was about time to take a light look at five of the more prevalent myths:



In 2013 the Financial Stability Board (FSB), the single most globally influential financial and securities regulator, issued the guidance that calls on national regulators to codify a new regulatory expectation from Boards of Directors:

“The Board of Directors must establish the institution-wide RAF (Risk Appetite Framework) and approve the risk appetite statement, which is developed in collaboration with the Chief Executive Officer (CEO), Chief Risk Officer (CRO) and Chief Financial Officer (CFO).”[i]

Likewise, in the UK, the 2014 update of the “comply or explain” UK Corporate Governance Code, which governs all UK-listed public companies, states the following principle in section C.2, “Risk Management and Internal Control:”



All information held and processed by an organization is subject to the risks of attack, error and natural disaster, and other vulnerabilities inherent to its use. Information security is therefore at the heart of an organization’s activities and focuses on information that is considered a valuable “asset” requiring appropriate protection, for example against the loss of availability, confidentiality and integrity.

The family of standards on information security management systems (ISMS) lets organizations develop and implement a robust framework for managing the security of their information assets, including financial data, intellectual property, employee details, and information otherwise entrusted to them by customers or third parties.


Prof. Edward Humphreys, Convenor of working group ISO/IEC JTC 1/SC 27/WG 1.

The recently revised ISO/IEC 27000:2016, Information technology – Security techniques – Information security management systems – Overview and vocabulary, gives a comprehensive view of information security management systems covered by the ISMS family of standards, and defines related terms and definitions. Every common language requires a common set of terminology, and this is provided by ISO/IEC 27000,”says Prof. Edward Humphreys, Convenor of working group ISO/IEC JTC 1/SC 27/WG 1 that developed the standard.

Protecting its information assets through defining, achieving, maintaining and improving security levels is essential for an organization to meet its objectives and strengthen its legal compliance and image. The coordinated activities needed to direct the implementation of suitable controls and mitigate unacceptable information security risks are part of what is known as information security management.

ISO/IEC 27000 gives a high-level overview of the ISMS family of standards (ISO/IEC 27001), how they support the implementation of requirements contained in ISO/IEC 27001, Information technology – Security techniques – Information security management systems – Requirements, and how they relate to each other. Elzbieta Andrukiewicz, the editor of ISO/IEC 27000, explains:ISO/IEC 27000 provides a very brief introduction to the information security area and information security management systems, describing how to implement, operate, maintain and improve the ISMS.”

The standard lays down the key factors of a successful implementation and the numerous benefits of using the ISMS family of standards. It provides an understanding of how the ISO/IEC 27001 family fits together through its multi-faceted approach, clarifying the standards’ scopes, roles, functions and relationship to each other. In addition, ISO/IEC 27000 gathers in one place all the essential terminology used in the ISO/IEC 27001 family.

ISO/IEC 27000:2016 revises the 2010 edition; it has been updated and extended to align with the revised version of ISO/IEC 27001 and other standards of the family that are currently under review.

ISO/IEC 27000:2016 was developed by joint technical committee ISO/IEC JTC 1, Information technology, subcommittee SC 27, IT security techniques, whose secretariat is held by DIN, the ISO member for Germany. It is available from your national ISO member or through the ISO Store.

New Book ‘Earthquake Time Bombs’ Sounds the Alarm to Protect Vulnerable Earthquake-prone Cities Around the World

NEW YORK, N.Y. – The earth shook in southern Taiwan last week. A 6.4 magnitude earthquake killed 116, injured 550 and damaged 34 historical monuments.

Scientists can tell you where earthquakes are likely to occur and predict their frequency over time, but no one can predict when the next big one will strike.

Bob Yeats, a retired emeritus professor of geology at Oregon State University, sounds the alarm in his new book, ‘Earthquake Time Bombs,’ now available in hardcover from Cambridge University Press ($29.99), and takes predictions one step further by detailing megacities that are likely to be struck by earthquakes.

“The massive migration of people to cities in the last century means that the next big earthquake will produce orders of magnitude with greater losses than the last earthquake affecting the same region,” says Yeats. “And as scientists, we have a responsibility to reduce the impact of these future earthquakes.”

Yeats says the implications of time bomb earthquakes are worldwide. 

An earthquake in Tehran completely changes the political situation in the Middle East because Tehran accounts for such a large percentage of the GNP of Iran.  Same for Jerusalem, Caracas, and Mexico City.

He examines these seismic threats in the context of recent cultural history, including economic development, national politics, and international conflicts and draws comparisons between the capacity of the first world and developing world countries to prepare for the inevitable to mitigate the effects of future disasters.

Potential Earthquake Time Bombs
Kabul, Afghanistan / Tehran, Iran / Damascus & Aleppo, both Syria / Beirut, Lebanon / Jerusalem, Israel /Istanbul, Turkey / Caracas, Venezuela / Guantánamo, Cuba / Dhaka, Bangladesh / Chandigarh, India /Islamabad‐Rawalpindi, Pakistan / Nairobi, Kenya / Yangon, Mandalay & Naypyidaw, all Burma (Myanmar) /Los Angeles, San Francisco & Seattle, United States / Tokyo, Japan / Athens, Greece / Christchurch, New Zealand / L’Aquila, Italy.

Catastrophic earthquake forecasting isn’t an exact science, but Yeats has previous experience when it comes to the timely and prescient prediction of significant seismic threats.

In a media interview in January 2010, he sounded the alarm on Port-au-Prince, Haiti, as an ‘earthquake time bomb’, a region at critical risk of significant seismic activity. One week later, a catastrophic magnitude-7 earthquake struck the city, leaving over 100,000 dead and triggering a humanitarian crisis.

No one could have predicted the exact timing of the Haiti earthquake, but by analyzing its proximity to an active fault and its earthquake history, Yeats was able to point out the severity of the threat to Port-au-Prince.

Earthquake Time Bombs is essential reading for politicians, policymakers, infrastructure and emergency planners, risk managers, scientists, the media, and anyone living in the real or metaphorical shadow of an earthquake.

Praise for Earthquake Time Bombs
“Yeats provides the proverbial wake‐up call for earthquake‐prone major cities around the world. History, politics, economics, and seismology are interwoven to demonstrate the unique challenges each city faces, as well as the lessons to share with the others.”
-Mark Benthien, Southern California Earthquake Center

Yeats’ book, Earthquake Time Bombs is available in hardcover ($29.99 US) from Cambridge University Press. 361 pages. The book contains 61 black & white illustrations. [ISBN: 9781107085244].

About the Author
Robert Yeats is a Fellow of the American Association for the Advancement of Science and the Geological Society of America. He is a senior consultant and partner in Earth Consultants International, an international firm focusing on earthquake hazards, and also an Emeritus Professor at Oregon State University, where an endowed professorship has been named in his honor. He has decades of experience in earthquake geology worldwide, including acting as chair of an active fault working group of the International Lithosphere Program for several years and writing four previous books: Geology of Earthquakes (with Kerry Sieh and Clarence R. Allen), Living with Earthquakes in California, Living with Earthquakes in the Pacific Northwest, and Active Faults of the World.

About Cambridge University Press
Cambridge University Press dates from 1534 and is part of the University of Cambridge. We further the University's mission by disseminating knowledge in the pursuit of education, learning and research at the highest international levels of excellence. Playing a leading role in today's global marketplace, we have over 50 offices around the globe, and we distribute our products to nearly every country in the world. We publish titles written by authors in over 100 different countries.

For further information, please visit: www.cambridge.org

CISOs Say Cyber Insurance is Growing and Evolving, but Adoption Comes with Many Caveats

TENAFLY, N.J. – Security Current, an information and collaboration company by CISOs for CISOs, has published a collection of leading Chief Information Security Officer's (CISOs) insights on the future of cyber insurance and tips for success.

Most CISOs agree the market for cyber insurance is growing and evolving.

In the wake of high-profile mega breaches that have occurred over the last several years, many organizations will look to reduce risk, in part, by offloading it to insurance providers, according to Roota Almeida, Head of Information Security for Delta Dental of New Jersey.

Although CISOs tout the benefits of cyber insurance, such as comprehensive risk assessments and other helpful resources, they warn that its adoption comes with a number of caveats, making it imperative for CISOs to take an active role in procuring policies.

Principal Financial Group CISO Meg Anderson suggested security teams treat the process of cyber insurance underwriting as a point in time review, and warns that constantly evolving security infrastructures should be addressed from the outset.

"All parties should be sure there are clear guideposts for handling changes related to technology infrastructure – on premises, in the cloud or provided in other ways outside of your organization," Anderson said. "In the case of a breach, the worst case scenario would be to find out your insurance was voided due to a contractual issue, related to a control change."

CISOs recommend closely evaluating the language in the policy to understand both the coverage points – what assets are covered and to what extent – and the necessary controls and frameworks stipulated by the insurance companies for coverage. However, Zephyr Health CISO Kim Green cautions that allowing insurance providers to determine security strategy by meeting frameworks set by the insurers could be a slippery slope.

"Requiring adherence to a framework, in my mind, is a sound business principle for the insurer, but I do not think it is appropriate for insurers to specify which frameworks are required, a decision best made by the insured," said Green.

Overall, CISOs agree that cyber insurance is a necessary and beneficial component of any enterprise's security and risk strategy, but there are aspects of a breach that cannot be remedied by coverage alone.

"Cyber insurance, if procured correctly, can truly help offset the costs of a breach," said Fairfax County CISO Michael Dent. "What cyber insurance cannot do is repair the reputation of an entity once it is publicly announced a breach or successful hack occurred and records were exposed."

Participating CISOs include:

Roota Almeida, Head of Information Security, Delta Dental of New Jersey
Meg Anderson, CISO, Principal Financial Group
Paul Calatayud, CISO, Surescripts
Jonathan Chow, CISO, Live Nation Entertainment
Darren Death, CISO, ASRC Federal
Michael Dent, CISO, Fairfax County
Kim Green, CISO, Zephyr Health
Michael Molinaro, CISO, BioReference Labs
Farhaad Nero, VP of Enterprise Security, Bank of Tokyo-Mitsubishi UFJ
Larry Wilson, CISO, University of Massachusetts

Read the full list of CISO Perspectives

About Security Current
Security Current improves the way security, privacy and risk executives collaborate to protect their organizations and their information. Its CISO-driven proprietary content and events provide insight, actionable advice and analysis giving executives the latest information to make knowledgeable decisions.

Native Solution Offers Seamless Integration of Apache Hadoop® to Advance Big Data Initiatives

NEW YORK, NY – Information Builders, a leader in business intelligence (BI) and analytics, information integrity, and data integration solutions, today announced iWay Hadoop Data Manager, a modern, native approach to Hadoop-based data integration and management that ensures high levels of capability, compatibility, and flexibility.

Many organizations struggle with making Hadoop the centerpiece of their big data strategy because of the cost and knowledge base of developer tools, user interfaces, and professional skills required for the environment. In addition, organizations must ensure Hadoop can extend, reinforce, or replace existing BI and data warehousing strategies and tools, but need clarity on which approach is best.

iWay Hadoop Data Manager provides a simplified, easy-to-use interface to generate portable, reusable code for data integration tasks in Hadoop, including data ingestion, transformation, and cleansing. By eliminating Hadoop coding, it enables a more rapid response to business requirements using less-expensive skill sets.

Modern data integration often requires rapid ingestion of data into a data lake from varied data sources, while minimizing the impact on their performance. iWay Hadoop Data Manager hides the complexity of data ingestion, replacement, and de-duplication using Sqoop, Flume, and Information Builders' iWay Service Manager -- without programming.

"Organizations don't have to be left wondering if their big data integration choices are limited to complex native scripting on one hand and non-Hadoop tools on the other. With iWay Hadoop Data Manager, complexity, cost, and training are reduced to provide businesses much more sophisticated big data integration that sets the course for future success," said Gregory Dorman, senior vice president and general manager of iWay Software.

Visit our website, for more information on iWay Hadoop Data Manager and other integration solutions from Information Builders. 

About Information Builders
Information Builders helps organizations transform data into business value. Our software solutions for business intelligence and analytics, integration, and data integrity empower people to make smarter decisions, strengthen customer relationships, and drive growth. Our dedication to customer success is unmatched in the industry. That's why tens of thousands of leading organizations rely on Information Builders to be their trusted partner. Founded in 1975, Information Builders is headquartered in New York, NY, with offices around the world, and remains one of the largest independent, privately held companies in the industry. Visit us at informationbuilders.com, follow us on Twitter at @infobldrs, like us on Facebook, and visit our LinkedIn page.


New Cielo Suite Simplifies Discovery, Migration and Cloud Services Success for Data Center Providers, MSPs and IT Service Providers

MIAMI, Fla. – Itopia today announced the IT channel's first end-to-end cloud services automation platform equipped to deliver Workspace-as-a-Service (WaaS) on any cloud infrastructure. Available exclusively to channel partners in the U.S., itopia's new Cielo® Suite accelerates the adoption of cloud services by simplifying and monetizing the discovery, migration, delivery and ongoing management of WaaS to businesses of all sizes.

"Being able to deliver a consistent, secure and reliable computing experience across any device at any time is a service promise few channel partners have been able deliver on until now," said Scott Markley, senior vice president of sales, itopia. "Our new user friendly Cielo Suite gives channel partners the flexibility and control to move their clients' on premises applications, infrastructure and workspaces to whatever cloud infrastructure they choose -- whether it's public, private or a combination of the two. Tailor-made for service providers, the Cielo Suite is the only true end-to-end WaaS solution on the market." 

Use cases from itopia's growing partner base demonstrate the Cielo Suite performing 10x faster and costing 10x less than alternative WaaS offerings that compete directly against channel partners and cost thousands of dollars to deploy and maintain. Adding to the excitement around WaaS, market research firm IDC forecasts demand for hosted WaaS will continue to grow from an estimated $466 million in 2014 to $4.7 billion in 2020*, representing a five-year CAGR of nearly 60 percent and indicating a major transformation in business computing and business transformation.

Cielo Suite Accelerates Time to Market and Maximizes Profit Potential for Channel Partners

Leaving no channel partner behind, MSPs and IT service providers who do not own or operate a data center or Network Operations Center (NOC) can also take full advantage of the new itopia Cielo Suite and complementary support services. Additionally, channel partners can easily private label and quickly customize the innovative WaaS platform to fit the business needs of their customers.

Itopia's Cielo Suite is aggressively priced to disrupt the market and simplify time to value by making WaaS a profitable, easy-to-manage, turn-key service. Upon purchasing the platform, channel partners receive a dedicated channel account manager, application installation and certification services, in-depth sales and support training, white-label marketing collateral, 24x7x365 help desk, Tier 2, 3 and 4 support, managed backup/file recovery, access to a branded login portal and much more. To ensure zero sales conflict, itopia remains the only WaaS player 100% committed to selling exclusively to and through the IT channel.

"Itopia is a channel first company dedicated to offering data center providers, MSPs and IT service providers the simplest, most cost-effective way to migrate legacy on-premises desktop, application and IT infrastructure in the cloud -- any cloud -- and manage them with ease," said Jonathan Lieberman, Co-Founder and CEO, itopia. "Together with our channel partners we are using the Cielo Suite to change how and where business gets done. Workspace-as-a-Service is the future of successful and agile business and an exploding business segment for the IT channel."

*Source: IDC Worldwide Workspace-as-a-Service 2014-2018 Forecast, doc #250048, July 2014. 

About itopia

Itopia offers IT service providers the fastest, easiest, most cost-effective way to transition their clients to public and private clouds. A leader in Workspace as a Service (WaaS), the innovator's core offering -- the itopia Cloud Workspace -- is the only end-to-end cloud workspace offering that delivers desktops, software applications and entire corporate IT systems as a high-performance, secure cloud service.  Sold exclusively to channel partners, itopia's proprietary Cielo® Suite completely automates the otherwise lengthy and labor-intensive process of on-boarding and migrating legacy IT systems and infrastructures to the cloud. Nearly 1,000 leading enterprise software applications are certified on itopia's platform, with new applications added regularly.  For further information, contact itopia at //www.info@itopia.us">www.info@itopia.us or visit www.itopia.us.

Illumio's Adaptive User Segmentation Capabilities Dynamically Integrate Microsoft's Active Directory Entitlements for Hundreds of Millions of Users, Dramatically Expanding the Reach of the Adaptive Security Platform

SUNNYVALE, Calif. – Illumio, the Adaptive Security Company, today announced it has extended the capabilities of its industry-leading Adaptive Security Platform (ASP)™ through integration with Microsoft's Active Directory groups. The new capability, known as Adaptive User Segmentation, dynamically calculates and provisions connectivity rules based on user identity to prevent unauthorized communications with, and access to, any Illumio-protected applications. Illumio ASP now can govern how hundreds of millions of users connect to applications across data centers, clouds or hybrid-cloud compute environments.

"Illumio's mission since our founding has been to help our customers regain control over their applications and data," said Andrew Rubin, co-founder and chief executive officer of Illumio. "With the introduction of Adaptive User Segmentation, Illumio once again is dramatically reducing computing attack surface through dynamic, policy-driven enforcement that allows users to only connect to the data center and cloud compute they are entitled to access."

Illumio's Adaptive User Segmentation extends to all of these environments and delivers the most meaningful reduction in the cyber attack surface area in computing history. The company has fused governance of both workload-to-workload communications and user-to-workload communications through this technology breakthrough, strengthening the traditional entitlement model in a way never possible before today. According to statcounter.com, Windows 7 -- the target OS for VDI desktops/laptops connecting to the data center -- accounts for just under 50 percent of all desktop operating systems in operation.

"Illumio's new capabilities will resonate with security professionals assessing their security posture," said Jon Oltsik, senior principal analyst, Enterprise Strategy Group. "Security leaders must deal with both sides of the user/data center equation and are well served to do it together rather than separately."

Today, users within an organization can see and connect to most, if not all, applications within the data center or cloud environment, regardless of their Active Directory entitlements. Given heightened challenges to deliver trust and security, relying on central systems of record like Active Directory to ensure users only have access to the appropriate assets is no longer sufficient. The breaches that occurred in the past few years in large enterprises and government agencies underscore that entitlements and authentication alone are unable to provide the protection required by high-value applications and data. 

Leveraging the Illumio ASP approach of writing and delivering a dynamic policy using a whitelist model, the integration of Illumio ASP and Active Directory allows an organization to ensure that only the correct users can connect to the appropriate workloads and applications in the data center, public cloud, private cloud or hybrid compute environment. 

Adaptive User Segmentation is the latest step in Illumio's core mission to secure data anywhere it resides:

  • When Illumio launched in October 2014, it introduced a complete range of adaptive segmentation models to reduce the attack surface, from environmental separation to micro-segmentation. It also introduced "MRI-like" visualizations of data center and cloud environments, as well as policy-driven transport layer encryption.
  • During RSA 2015, the company introduced its nano-segmentation capability, which provides process-level segmentation among both physical servers and virtual machines and reduces the surface area of server-to-server communications by over 99 percent. Illumio also extended its policy-driven segmentation model to incorporate F5 Local Traffic Manager and Application Firewall Modules.
  • Later in 2015, Illumio announced partnerships with Docker and Mesosphere to extend adaptive security capabilities to fast-growing Linux container deployments.

To find out more about Illumio ASP, the company and adaptive user segmentation, visit Illumio during RSA Conference 2016 in the Moscone Center, Feb. 29-March 3.

About Illumio
Illumio delivers adaptive security for every computing environment, protecting the 80 percent of data center and cloud traffic missed by the perimeter. The company's Adaptive Security Platform™ visualizes application traffic and delivers continuous, scalable, and dynamic policy and enforcement to every bare-metal server, VM, container, and VDI within data centers and public clouds. Using Illumio, enterprises such as Morgan Stanley, Plantronics, NTT, King Entertainment, NetSuite, and Creative Artists Agency have achieved secure application and cloud migration, environmental segmentation, compliance, and high-value application protection from breaches and threats with no changes to applications or infrastructure. For more information, visit www.illumio.com or follow @Illumio