Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

Jon Seals

A recent poll by the Security Executive Council set out to discover which business continuity standards are being used when organizations are developing their business continuity programs.

The results show that ISO 22301 was used most often. 34 percent of poll respondents use this standard to benchmark against. However, surprisingly 30 percent stated that they do not benchmark their business continuity program against any standard.

The other standards in use are:

  • NFPA 1600 12 percent
  • ISO/IEC 27001 8 percent
  • BS 25999 6 percent
  • ISO/PAS 22399 4 percent
  • Other 6 percent

The ‘Other’ category included write-in votes for other business continuity related standards, the most popular being CSA Z1600, HB 221/292, and NIST 800-53.

More details.

Blue Coat Systems has published research results that show that the growing use of encryption to address privacy concerns is creating perfect conditions for cyber criminals to hide malware inside encrypted transactions, and even reducing the level of sophistication required for malware to avoid detection.

The use of encryption across a wide variety of websites — both business and consumer - is increasing as concerns around personal privacy grow. In fact, eight of the top 10 global websites as ranked by Alexa deploy SSL encryption technology throughout all or portions of their sites. For example, technology goliaths Google, Amazon and Facebook have switched to an ‘always on HTTPS’ model to secure all data in transit using SSL encryption.

Business critical applications, such as file-storage, search, cloud-based business software and social media, have long-used encryption to protect data-in-transit. However, the lack of visibility into SSL traffic represents a potential vulnerability to many enterprises where benign and hostile uses of SSL are indistinguishable to many security devices. As a result, encryption enables threats to bypass network security and allows sensitive employee or corporate data to leak from anywhere inside the enterprise.

...

http://www.continuitycentral.com/news07453.html

If your employees travel on behalf of your business – whether in the U.S. or abroad – you are legally responsible for their health and safety. In fact, Duty of Care legislation has become increasingly important in the corporate travel world.  Companies that fail to safeguard their employees not only risk the health and safety of their people, but also can face legal, financial and reputational consequences.

Someone in your company must be responsible for ensuring the safety and health of traveling employees (usually, this falls on an administrator from the human resources or risk management department). This should include implementing a well balanced, company-wide travel risk management plan.

...

http://www.corporatecomplianceinsights.com/understanding-reducing-business-travel-risks-employees

Wednesday, 19 November 2014 16:12

Why Incident Management Matters

Throughout its history, the Business Continuity industry has maintained a steady focus on Preparedness – understanding the organization’s most critical business functions (both technological and operational) and development of Plans to respond to any disruption of those critical functions. That makes sense.  How that can be accomplished has been refined and tweaked over time through various ‘standards’ and ‘best practices’. Those activities answer some basic questions:

  • What do we need to protect?
  • How will we prepare to respond to a disruption of those critical functions?

What has always been omitted in that analysis has been the third major question:

  • How will we manage that response?

If you ask 20 BCM practitioners that question you will get a wide variety of answers:

...

http://www.ebrp.net/why-incident-management-matters/

Integration permeates all four stages of cloud adoption, from experimenters to companies that are “brutally transforming” their business and workflows through cloud, a recent report by CompTIA shows. In other words, it’s not so much a barrier to cloud adoption as it is a “hidden challenge,” according to Seth Robinson, senior director of Technology Analysis for the firm.

“Integration pops up in every stage; it's the one that runs through everything,” said Robinson via a call this week. “Even as, in general, the early stages see more technical challenges and the leaders see more behavioral or culture challenge, that challenge of integration — which is more of a technical challenge — does run through every stage.

“And that really goes back to what was known for a long time, that integration tends to be the lion's share of the cost or effort in an IT project."

...

http://www.itbusinessedge.com/blogs/integration/integration-still-a-costly-hidden-challenge-for-cloud-adopters.html

Wednesday, 19 November 2014 16:10

Washington State Mudslide: The New Normal

SAN ANTONIO — Snohomish County, Wash., Emergency Management Director John Pennington said he hoped the audience at a breakout session during the International Association of Emergency Managers conference in San Antonio on Tuesday, Nov. 18, would never have to go through what he and his colleagues experienced in March when part of a hill collapsed, sending mud and debris across the North Fork of the Stillaguamish River taking a whole neighborhood with it. It covered a square mile and buried some of the 43 dead as much as 75 feet deep.

The slide and response and recovery missions were what Pennington calls the “new normal.” That consists of a new way of doing business, considering climate change and trends of more natural disasters that tax communities to the hilt — and catch them off guard, as Pennington said the slide did with him and his colleagues.

...

http://www.emergencymgmt.com/disaster/Washington-State-Mudslide-New-Normal.html

The enterprise seems to be developing a love/hate relationship with the public cloud. On the one hand, the prospect of virtually limitless resources seems ready to take on any processing or storage load that comes along. On the other, issues of security, availability and portability threaten to inhibit productivity unless sophisticated new management layers are introduced.

Nevertheless, enterprise deployment of public cloud resources is on the rise, if the data from the provider community is to be believed. Gigaom Research, for one, estimates that public cloud infrastructure is nearly deployed or already in place at more than half of large enterprises, most of which are looking to provide the underpinnings of broad scale-out architectures to support Big Data analytics. This trend cuts across a wide swath of industry verticals, including manufacturing, tech firms, finance and ecommerce, with specific applications ranging from real-time workload and batch processing to app development and social media.

Clearly, this is good news for the large public cloud providers, and at the moment there is none larger than Amazon. At its AWS re:Invent show last week, the company claimed no less than one million active customers who are driving revenue growth to about 40 percent per year. Gartner estimates that AWS offers about five times the capacity as the next 14 cloud competitors combined.

...

http://www.itbusinessedge.com/blogs/infrastructure/public-clouds-still-looking-for-the-enterprise-sweet-spot.html

Wednesday, 19 November 2014 16:07

Security: What of the Future?

It is becoming clear that the prevailing piecemeal approach to security is no longer sufficient to thwart increasingly sophisticated attacks. Gaps in coverage provide possible entry points, blended attacks in several sectors can mask the actual threat, and sophisticated attacks involving multiple targets and approaches can find their way around many current defenses.

Interest is growing in unified threat management (UTM) for small to medium-sized businesses, which centralizes all network intrusion response in a single device, and next-generation firewalls (NGFs), which defend against most of the same things but are aimed at the enterprise. Although some currently define these as separate product areas, major vendors are now providing this form of protection as a continuum. Centralizing network perimeter protection in this way has innumerable benefits, making it possible to apply best practices and meet regulatory requirements. Centralized devices can provide a variety of deep-screening techniques through virtualized systems and across changing areas of concern. In addition, they can be quickly updated, reducing effectiveness of zero-day exploits, and dedicated hardware permits use of ASICS (application-specific integrated circuits engineering) and FPGAs (field-programmable gate arrays) to improve throughput.

...

http://blog.cutter.com/2014/11/18/security-what-of-the-future/

NEWARK, Calif. – Tegile Systems, the leading provider of flash-driven storage arrays for databases, virtualized server and virtual desktop environments, today announced that Oklahoma Heart Hospital has chosen its T2800 All-Flash Array to provide the speed and performance necessary to support its large-scale VDI deployment.

Oklahoma Heart Hospital is the nation’s first all-digital hospital totally focused on heart care services.  The physician-owned facility considers every facet of a heart patient’s care and hospital experience to ensure a patient-centered care experience that delivers better outcomes.  By saving valuable time for patients by making information readily available to caregivers, Oklahoma Heart Hospital has achieved a ranking in the top 1 percent nationally for patient satisfaction.

To help support its state-of-the-art mandate, Oklahoma Heart Hospital looked to replace its traditional infrastructure and build a new tiered storage infrastructure with the best-performance flash-based solution available in support of its Citrix XenDesktop environment.  After building a real-world test environment deployed in the middle of its data center, Oklahoma Heart Hospital evaluated the fastest, highest-performing offerings from several major storage vendors before choosing Tegile for its speed, flexibility, ease of management and enterprise-class capabilities.

“Specifically, what I was after was something that was very good for VDI and XenApp, that keeps latency down, that keeps network utilization down, with a good amount of storage and excellent amount of speed,” said David Stinson, Senior IT Specialist for Oklahoma Heart Hospital.  “I almost couldn’t believe what I was seeing with Tegile.  I couldn’t believe how well it performed.  Everything about Tegile worked.  It had everything we needed and it did it extremely well.  The bottom line?  Choosing Tegile was a ‘no brainer’ for me.”

Introduced more than two years ago, Tegile’s All-Flash Arrays deliver enterprise-grade performance without the potential for any service interruption or delay, making them an ideal solution for applications that require the highest performance and low latencies.  

Tegile Intelligent Flash arrays deliver exceptional performance and economics for VDI deployments regardless of the choice of hypervisor and virtual desktop server solution.  Tegile has worked closely with VMware, Citrix and Microsoft to develop and validate several Virtual Desktop reference architectures.  Through extensive testing with various hypervisors and desktop servers, Tegile eliminates any interoperability and operational risk, enabling organizations to realize the promise of desktop virtualization.

"Oklahoma Heart Hospital went looking for the fastest, highest-performing storage available on the marketplace today and found that Tegile fit the bill after performing head-to-head, real-world testing," said Rob Commins, vice president of marketing at Tegile.  "Running hundreds of virtual machines on a centralized infrastructure requires a storage architecture that delivers consistent and best end-user experience.  We’re pleased that Oklahoma Heart Hospital found our Intelligent Flash Arrays to be the perfect platform to keep up with the performance demands of their virtual desktops without compromise."

About Tegile Systems
Tegile Systems is pioneering a new generation of intelligent flash arrays that balance performance, capacity, features and price for virtual desktop and database applications. With Tegile’s line of all-flash and hybrid storage arrays, the company is redefining the traditional approach to storage by providing a family of arrays that accelerate business critical enterprise applications and allow customers to significantly consolidate mixed workloads in virtualized environments.
Tegile’s patented IntelliFlash™ technology accelerates performance and enables inline deduplication and compression of data so each array has a usable capacity far greater than its raw capacity. Tegile’s award-winning solutions enable customers to better address the requirements of virtualization, virtual desktop integration and database integration than any other offerings. Featuring both NAS and SAN connectivity, Tegile arrays are easy-to-use, fully redundant and highly scalable. They come complete with built-in snapshot, remote-replication, near-instant recovery, onsite or offsite failover, and VM-aware features. Additional information is available at www.tegile.com. Follow Tegile on Twitter @tegile.

LONDON – Brainloop has launched its portfolio of simple, secure, collaboration tools into the UK to address the serious risks facing British organisations whose employees share high-value confidential and sensitive data on public storage platforms like Dropbox.

Brainloop’s solutions are designed to be used by any organisation that needs to securely manage and collaborate on confidential documents and other information both within their local IT infrastructure and also remotely – i.e. across the Internet and on mobile devices.

UK industries that most urgently need this capability include banking and financial services, legal, pharmaceutical and manufacturing sectors where corporate compliance, IP protection and data security are crucial ‘must-haves’ to minimise the risk of loss or fraudulent use of business-critical information.

Security analyst Bob Tarzey of Quocirca said: “There are lots of consumer-focused cloud storage products which can be accessed with ease if controls are not put in place. Employees invoke them for good reasons - to backup data from their devices and share content with customers and partners. However, there is always the danger that confidential and sensitive files end up in the wrong hands. Intellectual property may be compromised and, if regulated data is involved, there may be financial penalties. Those responsible for data security in most businesses know confidential data must be made accessible to those with a need-to-know and protected from access by others. The challenge is putting the right levels of control in place.”

Mark Edge has been appointed Country Manager UK and VP of Sales, Brainloop and will be responsible for building out the UK team and driving the company’s growth across the region. He was previously the regional Vice President of EMEA Sales at WatchDox and before that held senior sales positions at several renowned business technology brands including A10 Networks and Citrix.

Mark Edge believes that a holistic approach to enterprise data security is the only way forward in today’s uber-connected, always-on, digital economy. He claims: “It won’t be long before the majority of UK firms ban the use of consumer storage platforms like Dropbox in the workplace. But any alternative enterprise-ready solution must be all encompassing – to avoid backdoor leaks – and easy to use – so as not to impact the business workflow.”

About Brainloop

Founded in 2000, Brainloop is the market-leading provider of highly intuitive SaaS solutions that enable its customers to securely manage and collaborate on confidential documents and information, whether inside or outside of their IT environments. Brainloop's customers comprise numerous Fortune, FTSE and DAX companies across a wide range of sectors, both private and public. They rely on the regulatory and corporate compliance, collaboration and process capabilities of Brainloop, as well its complete portfolio of security solutions and features including full encryption, audit trail, two-factor authentication, and provider and administrator shielding, all with a convenient and easy to use interface.