• WHAT IF YOU COULD HAVE A CONTINUITY, COMPLIANCE AND RISK CLOUD SOLUTION THAT... INTRODUCING FRONTLINE LIVE 5 WHERE CONTINUITY AND COMPLIANCE CONVERGE

    Continuity Logic’s Frontline Live 5™ is the first leader in Gartner’s Magic Quadrant Business Continuity (BCMP) software category that has effectively converged continuity, risk and compliance in a one easy to use cloud-based solution.

Fall World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 28, Issue 3

Full Contents Now Available!

Jon Seals

Why should data be erased?

Companies, no matter whether they are part of a large corporation or a smaller business, definitely need to use a professional data erasure method if they want to ensure that their data doesn’t fall into the wrong hands, like the Brighton and Sussex University Hospitals NHS Trust experienced in 2008.

Generally speaking, due to legal and internal regulations, data should be erased at the end of its so-called lifecycle. There are a number of existing national rules, regulations and laws that already require companies to comply with data protection measures, and thus also with data erasure. The provisions concerning data erasure will also become significantly tougher with the introduction of the European data protection regulation. The central element of this regulation, which is expected to come into force early next year, is certainly Article 17, which gives force of law to the “right to deletion” or the “right to be forgotten”.

To cut a long story short: Article 17 requires that all saved personal information that is no longer needed for its original purpose, for which no consent was given for its processing, or if its agreed retention period has expired, is to be securely erased. This requirement applies to all data collected, structured, transmitted and distributed concerning EU citizens, irrespective of the country or the storage system where the data is saved. For all companies, regardless of their size, this means that they should prepare intensively as of now and adapt all their processes to the new rules.

...

http://blog.krollontrack.co.uk/top-tips/when-to-use-data-erasure-software-or-a-degausser/

When it comes to singling out sectors that are in the forefront of disaster recovery, finance is often quoted as an example. With so much depending on the ability to recover systems and data rapidly after any incident, major banks were among the first to implement hot failover data centres for instance – as well as being among the only organisations that could afford them. At the other end of the scale, there are those that are particularly ill-equipped to deal with IT disasters. The education sector has been identified as one example, but another group falling short of the levels required could surprise you.

...

http://www.opscentre.com.au/blog/teachers-and-role-models-falling-down-on-disaster-recovery/

Tuesday, 23 June 2015 00:00

Tangents on Resilience

It seems that it now officially become a buzz-phrase – ‘Organisational Resilience’: impossible to define because there are many differing perceptions about what it is.  BS 65000-2014 says that it’s this: ‘ability of an organization to anticipate, prepare for, and respond and adapt to incremental change and sudden disruptions in order to survive and prosper’.  So I’m going with that for the time being.  I want to particularly focus on the last three words: ‘survive and prosper’. I think that there is too much emphasis on the ‘survive’ part when in fact it is probably the focus of most organisations to prosper, unless there is an oncoming wave of water, disease or armed terrorists.  The fact that there may well be a variable risk of such waves affecting many elements of our societies at some level or another is probably lost – or at least ignored by – most business organisations. The truth is they have to focus on the bottom line – and scaremongering about the catastrophes that may (not will) befall them will cut no ice.

...

https://buckssecurity.wordpress.com/2015/06/22/tangents-on-resilience/

If the FirstNet national first responder network succeeds, it’ll be because federal officials who are planning and deploying the network forged strong partnerships with states and localities. That’s why comments from state CIOs at the NASCIO Midyear Conference in April are troubling.

Although state CIOs generally support the concept of a nationwide interoperable public safety network, they’re clearly frustrated with the lack of details coming from the federal First Responder Network Authority about how the new network will be built and paid for.

“FirstNet is a fantastic idea, but people like me are very skeptical of something where nobody can show me the plan and nobody can show me the cost,” said Alabama CIO Brunson White. “I’ll remain skeptical until somebody does that, and we’ve been asking for a while now.”

...

http://www.emergencymgmt.com/safety/CIOs-Raise-Questions-About-FirstNets-Viability-.html

(TNS) — Private security guards working at Iowa malls, schools and corporations have no required training and no recurring background checks, despite increased threats at these facilities.

Lawmakers and the public are raising questions about licensing requirements for private security companies after an off-duty guard fatally shot a woman June 12 at Coral Ridge Mall in Coralville.

Alexander M. Kozak, 22, of North Liberty, is being held on first-degree murder charges that he targeted mall employee Andrea Farrington, 20, and gunned her down amid hundreds of shoppers.

“Most organizations want to give the appearance of security, but they don’t want the substance,” said Tom M. Conley, president and chief executive officer of the Conley Group, a private security company in Urbandale.

...

http://www.emergencymgmt.com/safety/Mall-shooting-draws-attention-to-lack-of-training-oversight-for-private-security-industry.html

Tuesday, 23 June 2015 00:00

Three Problems that Prove You Need a CDO

A few signs show that organizations might be retreating from the idea of a chief data officer. Instead, some organizations are adding strategic data functions to the CIO’s job. But is that enough or does the growing demand require a dedicated data executive?

Here are three reasons why I think organizations may want to embrace chief data officers.

First, as I shared in my last piece, most CIOs don’t want the data officer task. Experian surveyed CIOs last November and found that an incredible 92 percent of CIOs “are calling out for a CDO role to release the data pressures they face and enable a corporate wide approach to data management.” Call me crazy, but to me, it’s pretty clear that the people who have thus far handled the job say it needs a separate role.

...

http://www.itbusinessedge.com/blogs/integration/three-problems-that-prove-you-need-a-cdo.html

With great convenience comes great responsibility...

Once a month I use my blog to highlight some of S&R’s latest and greatest. The cloud is attractive for many reasons -- the possibility of working from home, the vast array of performance and analytical capabilities available, knowing that your backups are safe from that fateful coffee spill, etc. Although the cloud is not a new concept, the security essentials behind it unfortunately remain a mystery to practically all users. What’s worse, the security professionals tasked with protecting corporate data rarely have visibility into all the risk -- it’s simply too easy for users to make critical cloud decisions without process or oversight.   

Underestimating or neglecting the necessary security practices that a cloud requires can lead to hacks, breaches, and horrendous data leaks. We’ve seen our fair share of security embarrassments that range from Hollywood execs to the US government, and S&R pros know that these are far from done.

...

http://blogs.forrester.com/stephanie_balaouras/15-06-22-forresters_security_risk_research_spotlight_dont_let_cloud_go_over_your_head

Tuesday, 23 June 2015 00:00

Creating a Risk Intelligent Organization

Many organizations spend time and effort building and developing robust risk mitigation frameworks and strategies to handle business-specific risks. In spite of constant monitoring through dashboards and reports, many companies still face major and unexpected issues. One of the main reasons for shortfalls in risk management is the general attitude towards risk mitigation. Although companies are well-prepared with an infrastructure in place, they often struggle when cultivating a sense of risk awareness, responsibility and intelligence into and across the fabric of an organization, which results in gaps and deficiencies.

Every organization realizes the significance of risk intelligence, but they frequently face issues in the initial stage of their transition. Developing a risk culture is frequently viewed as just a requirement to be fulfilled rather than something that adds value to an enterprise. Without a clear agenda, many companies find it impossible to cultivate risk-taking capabilities into its employee base.

Risk intelligence demands that every individual in an organization take responsibility for managing risks in the day-to-day operations. Senior management should assess the existing risk management strategy and gauge its effectiveness in alleviating risks as well as developing awareness throughout the organizational structure.

...

http://www.riskmanagementmonitor.com/creating-a-risk-intelligent-organization/

Here’s the conundrum: There is a shortage of IT professionals who have the skills that employers need, and at the same time, there is an abundance of bright, eager people who dream of obtaining those skills and building a career in IT, but who simply lack the wherewithal to obtain a four-year college degree to realize that dream. The solution to this problem has long seemed destined to elude us. But maybe there is an answer after all.

That’s the conclusion I drew after learning about the Creating IT Futures Foundation (CITFF), the philanthropic arm of CompTIA, the Downers Grove, Ill.-based IT trade association best known for its certification programs. Formerly called the CompTIA Educational Foundation, CITFF is headed by CEO Charles Eaton, who was brought on board in 2010 “to find a more impactful way to engage in our strategy.” That strategy, in Eaton’s words, is to “move the needle on getting people who need an opportunity into IT careers.”

...

http://www.itbusinessedge.com/blogs/from-under-the-rug/a-ray-of-hope-for-disadvantaged-people-who-dream-of-a-career-in-it.html

Dot Hill Next-Generation RealStor Storage Operating System Now Available with All AssuredSAN 3004 Arrays

 

LONGMONT, Colo. Dot Hill Systems Corp.(Nasdaq: HILL), a trustedsupplier of innovative enterprise-class storage systems, today announced that Dot Hill’s next-generation RealStor™ storage operating system is now available with all AssuredSAN® 3004 arrays. This break-through innovation, combined with enterprise-level features and functionality delivered at a very cost-effective price point, enables Dot Hill OEM partners to compete effectively with hybrid cache-only arrays on the market.

Ideal for remote and branch offices, small businesses, general purpose server applications (Web, file, database, email) and backup appliances, AssuredSAN 3004 arrays with RealStor allow OEMs to deliver entry-level storage systems with enterprise-level features such as faster disk rebuilds, easy-to-manage pooled storage, cost-optimized provisioning and SSD read-cache performance at a starting price point of less than $10,000.

“Research shows that storage IT decision makers are looking for highly reliable storage at the lowest price per terabyte and solutions that optimize application performance for key business processes. They also want features that reduce operational costs such as staff, power and cooling requirements,” said Bill Wuertz, senior vice president, products and solutions, Dot Hill. “In a VMware environment, the 3004 array can support three times the number of VM’s at half the cost per VM when SSD caching is enabled. With RealStor technology, our 3000 Series hybrid storage systems deliver real-time access to data for constantly changing workloads common in virtualized SMB environments and workloads associated with the Internet of Things and third platform technologies.” 

“Small businesses invariably don’t have the resources to dedicate to managing storage systems,” said Mark Peters, practice director and senior analyst at ESG. “Featuring an improved user interface in its RealStor storage operating system, Dot Hill has made significant improvements to the total user experience. AssuredSAN 3004 solutions are easier than ever to install and manage, without requiring storage experts.”

Dot Hill AssuredSAN 3004 storage systems are available with multiple host interface options including Dot Hill's unique, flexible 16Gb Fibre Channel/10Gb iSCSI converged interface as well as a new two-port 12Gb SAS interface option.

RealStor features include these advantages:

·      RealCache allows solid-state device (SSD) cache to become an extension of the controller cache, increasing effective cache capacity by up to 100 times.

·      RealPool enables users to simplify system management without complex policy settings to allow configuration for capacity expansion in less than 10 minutes with no downtime.

·      RealThin thin provisioning optimizes capacity management and offers file-system integrated space reclamation which reduces the cost of capacity investments by up to 50 percent.

·      RealSnap virtual snapshots dramatically streamline the action of creating point-in-time images, providing capabilities to snap volumes multiple times with no performance impact, resulting in improved backup and recovery.

·      RealQuick rebuild improves system uptime and data protection by reducing the risk of data loss after a drive failure and providing up to 10 times faster restore time.

 

About AssuredSAN 3004 Storage Solutions

Dot Hill AssuredSAN 3004 solutions are built on the company's proven RAID architecture with sustained sequential read performance of up to 3,300 MB/second, writes of up to 2,400 MB/second and 40,000 input/output operations per second (IOPS) from disk. The Dot Hill RAID Companion Processor (RCP) allows AssuredSAN 3004 solutions to deliver dramatic performance gains at very aggressive price points. Unlike some competitive arrays that utilize an active-passive controller design, all AssuredSAN arrays support dual active-active controllers for the highest reliability and availability. Dot Hill's latest firmware utilizes a proprietary Adaptive Read-Ahead Algorithm that analyzes workloads and fine-tunes options for optimal performance, delivering better response times to meet IT service level agreements. For future upgrades, 3004 customers can upgrade to 4004 controllers, with no data migration, and achieve performance up to 120,000 IOPS for transaction-oriented workloads.

 

About Dot Hill

Leveraging its proprietary AssuredSAN family of hybrid storage solutions with RealStor—the next generation real-time storage operating system—Dot Hill solves today’s storage workload challenges created by the Internet of Things and third platform technologies. In today’s interconnected world, Dot Hill storage solutions support people accessing information, and machines collecting sensor data—all in real time. Dot Hill’s solutions combine innovative intelligent software with the industry’s most flexible and extensive hardware platform and simplified management to deliver best-in-class solutions. Headquartered in Longmont, Colo., Dot Hill has offices and/or representatives in the United States, Europe, and Asia. For more information, contact Dot Hill at http://www.dothill.com/ or @Dot_Hill.