Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

Jon Seals

Distributed-denial-of-service attacks are the perfect weapons for cybercriminals and political adversaries. And Prolexic CEO Scott Hammack says any organization with an online presence should brace itself for attacks.

"As the world becomes more chaotic - which I do believe it will be - there will be more and more disenfranchised countries or people," Hammack says during an interview with Information Security Media Group [transcript below]. "This is a perfect weapon," he says.

And as the attacks get more sophisticated, defending against them gets more challenging, Hammack says. Today's attacks are increasingly using standard Internet security mechanisms, such as secure sockets layer protocol, to defeat online-outage defenses, he says.



The following guest post is by Dwayne Melancon, CISA, chief technology officer, Tripwire, an IT security software company.

The SEC is getting pretty explicit about information security risk. You have to identify it, you have to declare it, and you have to manage it.  The problem is, a lot of the CEOs I talk with have no clue what they are accepting when they sign off on information security risk.

Sometimes, they blindly accept the cryptic recommendations from their chief information security officers (a.k.a., CISO).  Sometimes, their guts tell them there may be a problem, but they don’t know which questions to ask to figure out what’s really going on.  In both cases, I think it’s a problem that senior business managers are accepting risks they don’t fully understand.  How can this represent the best interests of your stakeholders?



Yesterday I spent the day with a number of people from across the nation looking at what lessons can be learned from the Hurricane Sandy Experience.  The key person putting this event together was Steven Flynn.  Because he was able to get grant funding to support the work he could sponsor the travel for a variety of people to attend.  Generally he drew on people from other major metropolitan areas that have been doing catastrophic planning and also have significant risks.  I liked the mix of attendees.  Due to the significant business interruptions to the NY/NJ ports there was a number of other port authority representatives in attendance.  

The first panel of the day was a federal one that spoke to what they learned from the Hurricane Sandy Experience.  See my notes below.  Please note that this is what I could capture, certainly not a verbatim record for what was said.



When it comes to compliance risk, board members know the drill all too well. Every six months or so, they receive a new report indicating that everything is mostly under control.  So it’s no wonder they’re surprised when a compliance issue blows up – and it’s no wonder they’re asking tougher questions of compliance executives with every passing quarter.

As regulatory oversight continues to grow, the challenge of dealing with compliance risk will only become more pressing.  It’s not just an item on the agenda – compliance is its own agenda these days.  Given the pace and scale of change, both compliance executives and boards are increasingly concerned that old, reactive ways of managing compliance may cause them to fall behind the competition — or leave them exposed to new regulatory and reputational risks.

If your organization is looking to increase its Risk Intelligence quotient through full-spectrum compliance, three broad areas will command your attention:  Environment, execution, and evaluation.



So, what do you do when the sky caves in, as it has in the last week for Savannah culinary personality Paula Deen? What do you do when the past comes knocking in a most unfavorable way? What are the steps for digging out from under a public relations disaster?

Without speaking directly to the still-unfolding Deen contretemps, Jennifer Abshire, of the Savannah public relations firm that bears her name, said there are three basic rules for dealing your way out of any PR crisis.

“If you’re looking at a crisis, I think dealing with it directly is extremely important,” Abshire said Monday. “I do, however, believe that a simple statement is sufficient. And I think the most important thing for anyone who has dealt in crisis PR is to immediately get as much good news out as possible of the wonderful things the client or person has done to help the community.”



This was only an exercise.

Police, firefighters and medical technicians swarmed onto the grounds of Canopy Oaks Elementary on a cloudy Friday morning.

They lined up stretchers and plastic kiddie pools in the parking lot behind the school. They set up washing stations to rinse hazardous chemicals off the 15 high school students who spilled into the breezeway in the middle of the school grounds, and doused the students with fire hoses.

Sheriff's deputies interviewed the students one at a time, and one of them admitted there was a bomb in a car parked out front.

The Big Bend Regional Bomb Squad arrived and deployed remote-control robots with mechanical arms that shattered windows and ripped doors off a beat-up Dodge Stratus parked out front.

Friday’s “chemical chaos” drill involved 10 agencies — from Leon County Schools to the Florida Department of Law Enforcement and the hazardous materials unit of the Tallahassee Fire Department. Evaluators followed them every step of the way, taking notes and film that will help them analyze their performance and look for ways they could respond better in the event of a real disaster.



LAFAYETTE — Sussex County amateur radio operators recently concluded a 24-hour emergency preparedness drill that saw them contact more than 2,600 other operators throughout North America and overseas.

The annual exercise, conducted this past weekend in Lafayette, afforded members of the Sussex County Amateur Radio Club an opportunity to showcase their craft to the public and, just as importantly, contributed to the group's ongoing partnership with the Sussex County Office of Emergency Management.

"We want the community to know that in the event of an emergency, we will be ready to assist in any way we can," said John Santillo, the group's president. "While people often think that cell phones or other communications technologies have replaced ham radio, we can provide vital communications in an emergency that others can't."



The day you need business continuity planning isn’t the day to start thinking about implementing a program.

In the wake of devastating flood waters that hit Calgary and parts of southern Alberta, many organizations in Wild Rose Country have had to flip the switch on their continuity plans to ensure operations continue on as close to normal as possible.

That’s not easy, given the scope of the damage. How bad is the flooding? One need look no further than the city’s iconic Saddledome, home of the Calgary Flames, which filled with water like a giant bathtub up to row 10.

According to estimates from the Calgary Chamber of Commerce, somewhere between 150,000 and 180,000 people work in the city’s downtown core, and the city has a $120-million a day economy. That’s a huge number of displaced employees with a giant price tag, and Calgary Mayor Naheed Nenshi says it will likely be mid-week before most employees can return downtown. It’s hard to imagine the city returning to business as usual this week at all.

- See more at: http://www.hrreporter.com/blog/Editor/archive/2013/06/25/dont-have-a-business-continuity-plan-start-working-on-it-today#sthash.ozTfxrRt.dpuf


In my career as an asset manager, and as a manager of financial risk, I have learned that all good risk management is done upfront, before the first purchase is made or product is sold.  Secondarily, good risk management relies on the concept of feedback, i. e., are the results expected at inception happening?  If not, are they happening in a way that makes us doubt the margin of safety that we thought we had?



NEWARK, Calif. – Tegile Systems, a leading provider of hybrid storage arrays for virtualized server and virtual desktop environments, today announced that 
The University of Colorado School of Dental Medicine (SDM) in Aurora has upgraded to Tegile Zebi™ hybrid storage arrays  after experiencing I/O bottleneck and latency issues with its existing Dell HDD-based arrays.
The University of Colorado School of Dental Medicine (SDM) in Denver is one of the six schools that comprise the university’s Anschutz Medical Campus. But the School of Dental Medicine is unique in that it is the only one of the six schools that serves actual patients, providing low-cost dental services to 65,000 patients last year at the on-campus dental clinic.  
When the clinic opens every day at 9:00am, front desk employees check in up to 300 patients simultaneously. The SDM was experiencing its own unique type of boot storm, with inadequate IOPS to handle the load and register that many patients simultaneously, frustrating the front desk staff with intolerable waits for patient records. 
According to Jaymil Patel, Director of Information Services at UC’s SDM, “We are the only building on campus that has actual patients come in the door. We have hundreds of patients every day so we have the task of not only being a school, but a business. The pressure on us is a lot higher. If the other schools have an IT problem, students might not be able to take a test. But if we have a problem we have actual patients in dental chairs all day long and we can’t function.”
An engineer from Citrix evaluated the school’s infrastructure and confirmed the IOPS problem with the Dell storage. He recommended that SDM look at hybrid solid state-hard disk drive storage solutions. The SDM team initiated the research and evaluation process after identifying four important criteria for a new storage system: high IOPS, low latency, multi-protocol and built-in data reduction. After evaluating products from Tegile, Nimble Storage and Whiptail, the school picked Tegile as the clear winner.
“When we compared the price and the functionality we were looking for, Tegile was the winner because it does everything we wanted,” said Patel. “The hybrid model that Tegile presented was really attractive to us. Compression and data deduplication were big factors for us and Tegile was the only one with both to significantly save capacity.”
The school installed a Tegile Zebi HA2100EP array and J1100 expansion array last August and added a J2100 expansion array in January with an additional 26 TB of storage capacity.  
According to Rob Commins, Vice President of Marketing at Tegile, “Our Zebi arrays win ‘hands down’ when users are looking for high IOPS, low latency, functionality, multi-protocol and built-in data reduction. Fitting into the university’s budget, while taking the frustration out of the equation for the staff who were living with intolerable waits for patient records, and making the patient experience a good one, is exactly what our Zebi hybrid arrays are designed to do.”    
According to Patel, “In the past, if all 300-plus chairs were refreshing the status, everything was so slow, but now we don’t even realize that this issue exists. It’s just phenomenal for everybody. You can imagine at 9 o’clock we check in more than 300 patients, so all of them are refreshed every 30 seconds and we don't see any latency, no issues, nothing.”
Tegile, which has significant market share with universities, is helping colleges and universities protect their strained IT budgets while boosting their scholarship funds with its new “Don’t Overpay for Storage” promotion. Under the program, Tegile will contribute $2,500 to a college’s scholarship fund for every Zebi hybrid array purchased through June 30, 2013.
About Tegile Systems
Tegile Systems is pioneering a new generation of enterprise storage arrays that balance performance, capacity, features and price for virtualization, file services and database applications. With Tegile’s Zebi line of hybrid storage arrays, the company is redefining the traditional approach to storage by providing a family of arrays that is significantly faster than all hard disk-based arrays and significantly less expensive than all solid-state disk-based arrays.
Tegile’s patented MASS technology accelerates the Zebi’s performance and enables on-the-fly de-duplication and compression of data so each Zebi has a usable capacity far greater than its raw capacity. Tegile’s award-winning technology solutions enable customers to better address the requirements of server virtualization, virtual desktop integration and database integration than other offerings. Featuring both NAS and SAN connectivity, Tegile arrays are easy-to-use, fully redundant, and highly scalable. They come complete with built-in auto-snapshot, auto-replication, near-instant recovery, onsite or offsite failover, and virtualization management features. Additional information is available at www.tegile.com. Follow Tegile on Twitter @tegile.

ATLANTA – Colo Atl, a leading provider of carrier-neutral colocation, data center and interconnection solutions, announces today that FiberLight , a provider of mission-critical, high performance networking services including Ethernet, Wavelengths, Dedicated Internet Access, and Dark Fiber optical transport network solutions, has completed a significant fiber installation in its 55 Marietta Street facility in downtown Atlanta. The installation provides virtually unlimited bandwidth in and out of the Colo Atl facility.

“As the Colo Atl facility grows, so too do the demands of our increasing number of tenants,” comments Tim Kiser, Owner and Founder of Colo Atl. “FiberLight’s high-count diverse fiber installation will significantly help both companies prepare to meet the needs of our current and future customers, particularly as cloud-based service demand increases.”

FiberLight chose the Colo Atl facility based on its downtown Atlanta location, and diverse and growing tenant roster. The installation will allow FiberLight to provide secure, high-speed mission critical data transport access at virtually limitless speeds in and out of the location to enterprise, wholesale and government entities collocated in the Colo Atl facility.

“The Colo Atl facility meets our needs in a number of ways, including location, customer access and overall growth trajectory,” comments Joe Patton, Executive Vice President of Sales and Marketing at FiberLight. “It’s also important to point out the incredible level of customer service and support we receive from Colo Atl. This too is an important factor in bringing all of this together.”

The new fiber installation comes as Colo Atl is experiencing significant growth. The company is also home to The Georgia Technology Center (GTC), a live laboratory for network equipment vendors to highlight their optical and electrical hardware and operating systems, and the Southeast Network Access Point (SNAP), which provides next-generation Internet Exchange (IX) solutions, including SDN peering, testing, collaboration and implementation.

For more information about Colo Atl, visit www.coloatl.com or email info@coloatl.com.



About Colo Atl 

Located in the global telecom hub of Atlanta, Georgia, Colo Atl, a JT Communications Company, provides colocation, data center & interconnection services, at an affordable rate. Colo Atl is a neutral-colocation facility that allows tenants and carriers to securely and conveniently cross-connect within a SSAE16 certified facility. Colo Atl has no monthly recurring cross connect fees between tenants and provides exceptional customer service. Visit Colo Atl online at: www.coloatl.com and follow us on Twitter @ColoAtl.


About FiberLight

FiberLight is a premier provider of mission-critical, high performance networking services including Ethernet, Wavelengths, and Dedicated Internet Access, SONET, and Dark Fiber optical transport network solutions. Solutions are provided to telecom carriers, government, enterprise, content providers and web-centric businesses. FiberLight wholly owns its 500,000 fiber mile network in key growth areas and offers robust metro networks in 23 metros within Georgia, Florida, Washington, D.C., Texas, Virginia and Maryland, as well as Wide Area Networking options at layer 1, 2 and 3 to major commercial hubs throughout the country. Visit FiberLight at www.fiberlight.com.