Fall World 2014

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 27, Issue 3

Full Contents Now Available!

Jon Seals

The buildup to fall is in full swing. The next step is Labor Day parades and barbeques and, then, the school busses will begin to roll.

IT and telecommunications never had a real summer slowdown this year, though. Much was done and lots of news was made, and hasn’t even slowed down during the latter half of August. Here is a look at some of the news and more interesting commentary.

...

http://www.itbusinessedge.com/blogs/data-and-telecom/byod-proponents-get-bad-news-in-california.html

"I always imagined a few people on the phones in a small office taking calls, not a big office with actual departments, and definitely not anyone thinking about business continuity and risks." Over the past year I have heard this line said to me in varying forms when I have explained that I give advice on corporate risk and business continuity in the non profit sector.

Not a common misconception and when being able to easily list the risks relevant to the financial services industry for example, applying that to the non profit industry along with the associations of what is important is not as easily obvious straight away.

Some Challenges and observations:

The varying degrees of academia in non profit organisations are expansive and the primary challenge is making it accessible and relatable to all.

The attitudes that this would take too long - it’s not required in our industry and focusing on delivering primary front line services was more important. But has anyone thought about those supporting functions?

"This will never happen to us anyway." At first, it made me feel uneasy hearing this but this is the best challenge to promote business continuity in any industry. Using the "if we don’t comply, we will get fined" card almost shifts the desired affect from wanting to provide great assurance to an exhausting check box exercise. The appetite and denial factor is a tough barrier to get around.

Forgotten plans - in most cases contingency plans were in people’s minds but just not on paper. Hearing various stories of incidents taking place which resulted in an instant panic before the swift realisation that "oh yes, we have a plan, we know what we need to" kicked off a series of reactions to get things back to normal.

Planning V’s practicing - countless months were spent planning and writing but practicing those BCP’s were missing. In recent exercises some feedback I got was that no one had ever tested their plans and found it really useful. The actions that were thought to take five minutes took twenty. This started a chain of actions which plan owners needed to implement in order to become more resilient in an incident. A friend said to me once that businesses don’t fail because of a bad business continuity plans, but because of bad choices. That stuck with me.

So what does BC look like in these industries?

We live in a robust and dynamic society and whilst a generic approach to start off a plan is valuable, they can be adaptable. I quickly realised that I was getting too hung up on wanting to make each teams plan look the same and what really mattered was that it absolutely has to work for the people invoking it, and if it is clear and coherent, that is sufficient.

It is without a doubt that the non-physical threats such as reputational risks, loss of funding from a major donor and employee scandals can have serious impacts on your operation, especially when the majority of funding is provided by the public generosity. If an incident occurred what would be the emergency funding protocol? It is things like this that needs the most consideration. Yes, every industry needs to consider the building, IT/data and staff but what about the intangible factors that essentially calls for a disaster.

Making those threats relatable is key and, the empowerment resulting in a shift in view of risk and business continuity only being related to IT and Financial services is essential. (Because of the varying levels of academics in these industries often sit under one roof).

What does this all mean?

All non profits, for example charities, are run like businesses. Fact!

Non profit or not, business continuity is on everyone’s mind, but they just don’t know that this is what it is. Yes, the variations of levels in what constitutes a threat differs from industry to industry but essentially, what matters most is the resiliency each organisation has to overcome any incident it faces.

RISKercizing until next time

Rina Bhakta is a Corporate Risk Advisor at the NSPCC. If you would be interested in being a member of a special interest group and want to talk/share ideas about business continuity and risk management challenges at your non-profit contact Rina via her blog RISKercize or via Twitter or Linked In.
 

It’s hard to have a conversation in the enterprise these days without the topic veering toward Big Data. What is it? Where does it come from? And what are we supposed to do with it?

But despite the fact that none of these questions have clear answers yet, IT is still tasked with preparing to accommodate Big Data and then figuring out how to derive real value from it.

Part of the problem is the term “Big Data” itself. While large data volumes are a facet of Big Data, that’s not where the challenge lies. Rather, says IBM’s Doug Balog, it’s the need to accommodate the ‘variety, velocity and veracity’ that advanced analytics require that will give most managers fits. This will require not only bigger, more scalable infrastructure, but entirely new ways to collect, analyze and store data, which, from IBM’s perspective, will require advanced Power8 architectures married to powerful third-party platforms like Canonical and the various Linux distributions.

...

http://www.itbusinessedge.com/blogs/infrastructure/ITs-big-data-challenges-extend-beyond-size.html

Hybrid and All-Flash Storage Appliance Leader Achieves Key Milestones as StorTrends 3500i is Deployed Broadly to Seamlessly Expand Capacity and Boost Enterprise Application Performance

 

NORCROSS, Ga. StorTrends® today announced significant momentum as demand for its hybrid and all flash storage arrays for virtual and physical environments escalates. The is the only storage area network (SAN) device to combine solid state drive (SSD) caching and SSD tiering into a single storage appliance. Optimized to support VMware, Microsoft Hyper-V, Citrix and RHEV enterprises of all sizes, the solution delivers dramatic performance and reliability for the most demanding applications including high performance databases, Virtual Desktop Infrastructure (VDI), On-Line Transaction Processing (OLTP), cloud storage and mixed workload environments - at industry leading price points.

 

According to International Data Corporation (), the solid state drive market will grow from $3.3 billion in 2013 to $10.9 billion in 2018. That represents a 5-year compound annual growth rate (CAGR) of 26.9 percent. StorTrends is experiencing a surge of growth to address the pent up demand for its family of flexible storage solutions.

 

To support SSD growth and match the dynamics of business, the StorTrends 3500i enables both SSD cache and SSD tier upgrades. The scalable solution enables options to upgrade from 200GB SSD drives to 400GB, 800GB or 2000GB SSD drives without costly forklift upgrades. In addition, by running the tool, customers can easily identify exactly how much flash is required to support their environment. The StorTrends iDATA software runs unobtrusively and analyzes capacity utilization, IOPS usage, reads vs. writes for volumes, network bandwidth, performance, server statistics and more to classify the amount of "hot data" and "cold data" required.

 StorageReview Enterprise Lab tested the StorTrends SSD hybrid storage array built for high performance and maximum capacity. During the benchmark testing, which was conducted against well-known Tier 1 storage vendors, the StorTrends 3500i demonstrated top-of-the-class performance.

According to the lab testing, the biggest selling point of the 3500i was its availability in both hybrid and full SSD configurations, as well as the inclusion of both SSD caching and tiering functionality in the same array. This feature boosts overall system performance and is unique in the hybrid storage market as most vendors provide only caching or only tiering. StorTrends offers a variety of configurations for the 3500i, with the typical accelerated configuration using four SSDs for tiering and two for caching. The array supports multiple HDD tiers as well, letting users opt for performance or capacity oriented configurations. With an expansion shelf customers can tune for both, taking advantage of capacity and performance HDDs with the rapid flash layer on top. For enterprises that need even more performance, the 3500i may be configured entirely with flash drives to deliver unparalleled performance.

Key StorTrends milestones include the following:

- Launched  StorTrends 3500i hybrid and all flash storage area network (SAN) to combine SSD Caching and SSD Tiering into a single storage appliance.

Taneja Group Lab validation recognized StorTrends 3500i array as one of the most comprehensive, versatile and cost effective solid state systems on the market. The hybrid and all flash storage appliance delivers solid state performance and scalability for enterprises.

 - Unveiled StorTrends PROFIT Program, a comprehensive channel program that gives partners one of the highest protected margins in the industry for StorTrends' All-Flash, Hybrid and Spinning Disk storage solutions.
- Launched
StorTrends iDATA assessment tool, a software solution designed to provide an accurate assessment of IT infrastructure performance, capacity and throughput requirements. The StorTrends iDATA tool can assess pain points in an environment before they become disruptive and provide the details needed to make informed storage decisions - while eliminating the need to over-provision costly storage resources.

SSG-NOW Lab Review identified StorTrends iDATA tool as an "invaluable" tool for accurately assessing an IT infrastructure in order to find and eliminate pain points, avoid business disruption and make informed storage purchase decisions.

"From day one we designed a patented, hybrid and all flash storage array that eliminates performance barriers impacting enterprise applications," said Justin Bagby, Director of StorTrends. "As the SSD market continues to explode, so does the need for scalable, reliable, low cost solid state storage that can deliver the performance improvements that help organizations realize the true potential of their virtual and physical infrastructure investments."

 

Tweet this:  @StorTrends achieves record milestones as SSD Market Grows

About StorTrends

StorTrends® from American Megatrends (AMI) isPerformance Storage with Proven Value. StorTrends SAN and NAS storage appliances are installed worldwide and trusted by companies and institutions in a wide range of industries including education, energy, finance, state & local government, healthcare, manufacturing, marketing, retail, R&D and many more. StorTrends meets the challenges and demands of today's business environments by offering key network storage functionality such as unified storage, simplified management, business continuity, disaster recovery, high efficiency and virtualization support.  For further information, please visit: http://www.stortrends.com/.

Every organization should have an Emergency Action or Evacuation Plan.  Even when it is not required (by the building owner, fire department or occupancy regulations) it is a ‘best practice’ for every organization to plan and practice to evacuate all personnel from the workplace.  Often, evacuation focuses on getting out quickly.  Surely that’s the most critical objective.  .  While simple in principle, there are some considerations that should not be overlooked:

Too Close for Safety:  The standard ‘rule of thumb’ for Assembly points is at least 200 feet from the evacuated building.  This is intended to assure personnel will not be endangered is window glass or other debris falls.  Keep in mind that taller buildings may have a wider potential debris pattern.  Two-hundred feet should be used as the minimum.  Assuring employee safety should be the priority.

Obstruction:  When Emergency Services (Fire, police, ambulance) arrive, will they have sufficient room to do their job?  Crowds of evacuated personnel shouldn’t impede their work.    Emergency services may need room to park and to turn their vehicles around.  Make sure Assembly Points are a reasonable distance from entrances and drive paths- and assure personnel won’t interfere.

...

http://ebrp.net/evacuation-assembly-points/

(MCT) — For six weeks, Florida reeled under the assault of four hurricanes.

First Charley struck Port Charlotte Aug. 13, 2004, with 150-mph winds. Then Frances pounded Martin and Palm Beach counties, collapsing part of Interstate 95 near Lake Worth and sending gusts into Broward that left a quarter-million people without electricity. Ivan came ashore near Pensacola with 120-mile-per-hour winds and a storm surge that swamped coastal towns. Jeanne struck the same area as Frances, turning out the lights in most of Palm Beach County, ripping off roofs and flooding houses.

It came to be known as the Year of the Four Hurricanes.

Following that beating, and another one the next year with Hurricanes Wilma and Katrina, there have been dramatic improvements to Florida’s electric grid, shelters, forecasting abilities and ability to communicate. And while another season like 2004 still would be disastrous, residents would have more warning and stand a better chance of returning faster to normal life.

...

http://www.emergencymgmt.com/training/Year-of-the-Four-Hurricanes-Changed-Florida.html

(MCT) — The good news is people are more alert to and educated about weather this time of year.

Husbands and wives on the Coast can carry on a conversation about how the amount of sand in the upper atmosphere along the Atlantic affects the chances a tropical storm will develop.

But the down side is the array of information can be confusing and the social media sites, looking for clicks, tend to hype tropical activity.

Find a trusted source, local emergency managers say.

...

http://www.emergencymgmt.com/training/Social-Media-Adds-Hype-to-Storms.html

Here’s a tip that might take a little pressure off the data scientist talent search: A data scientist doesn’t necessarily need to be a math wizard with a PhD or other hard science background.

In fact, that type of person might actually prove disappointing if your goal is Big Data analytics for humans, according to data scientist Michael Li.

That may seem odd, given that Li’s work focuses on exactly the kind of credentials normally associated with the term “data scientist.” Li founded and runs The Data Incubator, a six-week bootcamp to prepare science and engineering PhDs for work as data scientists and quantitative analysts.

...

http://www.itbusinessedge.com/blogs/integration/humanizing-the-data-scientist.html

You can’t just wing it anymore. Many things have changed since you first said you wanted to become a fireman, an astronaut, a veterinarian or a nun. This is especially true in the field of business continuity.

Business continuity is not just concerned with IT recovery anymore. Supply chain management is critical to sustaining company operations. How do we determine what is or isn’t critical? Shouldn’t we bring these issues to the attention of our C-Level management?

These are just some of the issues confronting BCP Managers and most practitioners today had to learn how to handle these things along the way. As time goes by, trying to cover all bases regarding continuity has become more and more complicated. Instead of learning while working the job, a little bit of education to start would go a long way to getting ahead of what needs to be done.

...

http://www.strategicbcp.com/blog/business-continuity-programs-cropping-up/

The GlaxoSmithKline PLC (GSK) corruption matter in China continues to reverberate throughout the international business community, inside and outside China. The more I think about the related trial of Peter Humphrey and his wife, Yu Yingzeng for violating China’s privacy laws regarding their investigation of who filmed the head of GSK’s China unit head in flagrante delicto with his Chinese girlfriend, the more I ponder the issue of risk in the management of third parties under the Foreign Corrupt Practices Act (FCPA). In an article in the Wall Street Journal (WSJ), entitled “Chinese Case Lays Business Tripwires”, reporters James T. Areddy and Laurie Burkitt explored some of the problems brought about by the investigators convictions.

They quoted Manuel Maisog, chief China representative for the law firm Hunton & Williams LLP, who summed up the problem regarding background due diligence investigations as “How can I do that in China?” Maisog went on to say, “The verdict created new uncertainties for doing business in China since the case hinged on the couple’s admissions that they purchased personal information about Chinese citizens on behalf of clients. Companies in China may need to adjust how they assess future merger partners, supplier proposals or whether employees are involved in bribery.”

I had pondered what that meant for a company that wanted to do business in China, through some type of third party relationship, from a sales representative to distributor to a joint venture (JV). What if you cannot get such information? How can you still have a best practices compliance program around third parties representatives if you cannot get information such as ultimate beneficial ownership? At a recent SCCE event, I put that question to a Department of Justice (DOJ) representative. Paraphrasing his response, he said that companies still need to ask the question in a due diligence questionnaire or other format. What if a third party refuses to answer, citing some national law against disclosure? His response was that a company needs to very closely weigh the risk of doing business with a party that refuses to identify its ownership.

...

http://tfoxlaw.wordpress.com/2014/08/21/what-can-you-do-when-risk-changes-in-a-third-party-relationship/