Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 27, Issue 3

Full Contents Now Available!

Jon Seals

A 2010 American Red Cross survey found that an alarming 75 percent of 1,058 respondents expected help to arrive within an hour if they posted a request on a social media site. Hold that thought.

The public, and by that I mean the average Joe and Sally, doesn’t know that much about emergency and disaster response, and even less about disaster recovery and what is involved with getting federal assistance. What little they do know often comes from disaster movies.

There was a made-for-TV movie, 10.5, which had the FEMA director being lowered into a hole to personally set off an atomic bomb to stop a devastating series of earthquakes from continuing. I could think of a couple of past FEMA directors who I’d volunteer for the task — and no, not Craig Fugate, the current one.

...

http://www.emergencymgmt.com/training/5-Educate-People-Realities-of-Disaster-Recovery.html

The Business Continuity Institute presented its 2013 business continuity awards at an event in Dubai on 29th May.

The winners of the BCI Middle East Awards 2013 were:

Business Continuity Manager of the Year
This year’s winner of Business Continuity Manager of the Year went to Neyaz Ahmed, Ag. director of Business Continuity, at Etihad Etisalat – Mobily for the role he played in achieving organizational resilience through the successful implementation and embedding of a business continuity management system.

Business Continuity Team of the Year
Business Continuity Team of the Year was awarded to Etihad Etisalat – Mobily for its “relentless efforts to achieve all-round resiliency of business & technical functions, processes and infrastructure through the successful implementation and embedding of a business continuity management system that is not only based on good business continuity practice but meets the requirements of international standards.”

Most Effective Recovery of the Year
Most Effective Recovery of the Year was awarded to Etihad Etisalat – Mobily for its formidable business continuity capability, which enabled the company to restore services within one day and to recover the full site within one week following the explosion of a gas truck near one of its main technical buildings in Riyadh.

BCM Newcomer of the Year
BCM Newcomer of the Year was awarded to Maan Al Saqlawi, head of BCM at bank muscat. Since joining the business continuity team at bank muscat in August 2011, Maan Al Saqlawi has established himself as an extremely capable and valued team member.

Business Continuity Consultant of the Year
Thomas Keegan MBCI and Director at PwC was awarded Business Continuity Consultant of the Year. Since joining his organization, Thomas Keegan has made a real impact with clients and his team, transforming the business continuity management approach and delivering a solid return on investment for his clients.

Business Continuity Provider of the Year (Service)
Business Continuity Provider of the Year (Service) went to PwC. Its Business Resilience Practice has been established in various forms for over ten years in the Middle East, with services evolving from basic risk assessment to integrated resilience management systems.

Business Continuity Provider of the Year (Product)
Business Continuity Provider of the Year (Product) was awarded to eBRP Solutions Network Inc. eBRP has been a provider of business continuity software since 2002.

Business Continuity Innovation of the Year
Cobalt was awarded Business Continuity Innovation of the Year for a business continuity management and communications tool described as “the next step in sustainable, efficient and user-friendly business continuity planning and crisis management.”

Business Continuity Personality of the Year
Business Continuity Personality of the Year was awarded to Nisar Khan MBCI, head of Business Continuity at Kuwait International Bank. Nisar Khan has more than 10 years’ experience in managing corporate business continuity programmes and is a dedicated ambassador of the discipline.

www.thebci.org

No one at the Credit Union of New Jersey remembers when local device networking cables were first connected to a telephone junction block in the data center. Nor did anyone know how the tangled mess grew to span two such boxes and eight feet of wall space before finally reaching CUNJ’s core networking switches at its Trenton offices.

Fortunately, thanks to a recent remediation project, the crisscrossing thicket is no more.

Let’s face it: Many data centers could use some form of spring cleanup. Whether it’s cable management, consolidation, virtualization or just making better use of an existing footprint, initiatives that transform cluttered server rooms into efficient spaces can pay big dividends.

...

http://www.biztechmagazine.com/article/2013/05/spring-cleaning-refresh-tips-data-center

We've all seen enough news stories to know what can happen when a business doesn't get compliance right or falls foul of data protection legislation.

No organisation wants the negative exposure that results – exposure that reduces public trust, puts brand and reputation at risk, incurs financial penalties and invites customer churn. However, it's not just the fear of negative exposure and financial loss that is putting organisations under pressure – it is the changing nature of the laws and regulations surrounding data protection.

Critical changes are in the works to certification requirements for the Payment Card Industry Data Security Standard (PCI DSS), to legal compliance with the European Data Protection Regulation and to enforcement of data protection requirements from the UK Information Commissioner's Office (ICO).

...

http://www.scmagazineuk.com/the-shifting-sands-of-data-regulations--threat-or-opportunity/article/295388/

A large US supermarket chain has implemented an innovative endpoint security technology to secure point of sales systems running legacy applications to save additional development or patching costs.

Bromium’s vSentry endpoint security software applies virtualisation expertise to isolate and secure every untrusted network task within its own tiny virtual machine or microVM.

According to Bromium, it is impossible to detect all the possible attacks or monitor all the possible forms of suspicious behaviour.

However, the firm maintains it is possible to protect endpoints using highly granular virtualisation in combination with hardware-enforced isolation.

...

http://www.computerweekly.com/news/2240184942/Case-Study-US-supermarket-chain-solves-security-challenge-virtually

“Why should we have a critical communications business continuity and disaster recovery plan?” It’s one of the most common questions asked in our business. The answer is simple for companies in certain industries. Often a variety of laws and regulations require or imply the need for a recovery plan to protect critical communications. Healthcare, financial, utility and government are just a few.

The answer for others is less defined. Common objections include cost, having a second facility with backup capabilities or outsourcing of print-to-mail operations. But the consequences of not having a proven recovery plan in place can be severe. They can range from loss of revenue and critical cash flow to service level penalties and fines or corporate image issues. Consider these five reasons your company should have a business continuity and disaster recovery plan in place:

...

http://www.iwco.com/blog/2013/05/29/business-continuity-and-disaster-recovery-plan/

Social sign-in has become a powerful force for marketers and consumers, validating the notion of federated identity in consumer-facing contexts. (Ironic that consumerization of IT is successfully tackling even the single sign-on problem that has bedeviled IT, showing how identity for the top line of the business can overcome resistance in ways that business-to-employee scenarios typically can't.)

But not all consumer-facing federated SSO is social. When I was with PayPal, our team worked on the underpinnings of what eventually turned into Log In with PayPal, which is strictly about federated identity flows for commercial purposes. And today Amazon has come out with Login with Amazon, a powerful statement of Amazon-as-identity-provider. They've been testing this with their own web properties Zappos and Woot; now they're enabling third-party merchants and other sites to use Amazon for authentication of people who already have active Amazon accounts, along with learning a few selected user attributes: name, email, and optionally the zip code of the default shipping addresses. No huge social graphs here, just data that partner eCommerce sites need to function (and make money).

...

http://blogs.forrester.com/eve_maler/13-05-30-amazon_and_aws_moves_further_validate_the_value_of_portable_identity

CIO — Companies with strong relationships between the CIO and other C-suite executives are four times as likely as less-collaborative teams to achieve business results such as revenue growth and high profit margins, according to PricewaterhouseCoopers' fifth annual Digital IQ study.

PwC polled 1,108 business and technology leaders globally and split their responses into two groups: the 13 percent of respondents who rated themselves as "strong collaborators" in the C-suite, and the rest who didn't.

The study found a big correlation between strong C-suite collaboration and top business performers, which PwC defined as companies reporting revenue growth of 5 percent or more in the previous year and high levels of profitability, revenue and innovation.

...

http://www.cio.com/article/733735/Companies_Profit_When_the_CIO_Collaborates_in_the_C_Suite

Computerworld - Despite the growing threat of state-sponsored cyberattacks launched from China and other countries, U.S companies should not be allowed to fight back on their own, security experts say.

Such corporate counterstrikes would undermine U.S.-led efforts to develop international cyberspace standards and norms while exposing U.S. companies to retaliatory strikes.

"This is a remarkably bad idea." said James Lewis, senior fellow and director of the technology and public policy program at the Center for Strategic and International Studies in Washington. "It would harm the national interest."

...

http://www.computerworld.com/s/article/9239606/Private_retaliation_in_cyberspace_a_remarkably_bad_idea_

The United Nations cautioned global businesses that economic losses due to natural disasters are at a high level, and the threat of profit loss will rise until risk assessment procedures become a core component of company strategies. 

"We have carried out a thorough review of disaster losses at a national level, and it is clear that direct losses from floods, earthquakes and drought have been underestimated by at least 50 percent," said Ban Ki-moon, secretary general of the UN. "So far this century, direct losses from disasters are in the range of $2.5 trillion." He added that risk management should receive more focus in business schools.

...

http://www.strategicsourceror.com/2013/05/economic-losses-due-to-natural.html