Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

Jon Seals

NAKIVO has released a 2014 VM Backup report providing insight into the state of virtualization data protection globally.
  
NAKIVO Inc., the fastest-growing virtualization and cloud backup software company, today released the 2014 Annual VM Backup Report. NAKIVO 2014 Annual VM Backup Report provides insight in the current state of virtualization data protection worldwide. The data has been collected via a global survey of SMBs (companies with up to 250 employees or up to $100M in annual revenue) who are using VMware virtualization in their datacenters.

The report can be downloaded at: www.nakivo.com/2014-vm-backup-report.htm.

Key risks identified:
• Complete data loss: 1 in 4 SMBs keep all of their VM backups and replicas onsite, and thus run a high risk of losing all of their data in case of a disaster, storage failure, or backup repository corruption.
• Failed recoveries: Almost a third of companies do not verify their VM backups for recoverability and run a risk of not being able to recover data because VM backups are corrupted.
• Long disaster recovery times: 35% of businesses rely solely on VM backup, and thus run a risk of long recovery times in case of a disaster.
• High cost of a downtime: 41% of SMBs do not know the cost of their business-critical VMs being down, and can suffer significant revenue/customer loss if their Tier 1 VMs become unavailable.

NAKIVO recommendations:
• Keep at least one copy of business-critical VM backups offsite to ensure that VMs can be recovered in case of a disaster. NAKIVO Backup & Replication provides a single-click integration with Amazon cloud, providing a simple, reliable, and affordable offsite backup storage solution.
• Schedule VM backup verification. On average, 2/3 of SMBs had to recover VMs in the past 12 months, and 16% of those VM recoveries failed. NAKIVO Backup & Replication provides built-in backup verification that can be run on schedule and ensure that files, application objects, and VMs can be recovered.
• Use VM replication for business-critical VMs. NAKIVO Backup & Replication provides a simple and intuitive way to create and maintain identical copies of source VMs (aka “replicas”) on a target site. In case of a disaster, the VM replicas can be simply powered on, providing near-instant disaster recovery.
• Identify business-critical VMs and assess downtime/data loss costs. NAKIVO Backup & Replication can help achieve high RPOs with frequent backup and replication job run schedules, and low RTOs with VM replicas and Flash VM Boot.

Named one of the top 10 coolest storage startups of 2014 by CRN, NAKIVO is delivering a new way for cloud providers, enterprises, and SMBs to protect their VMware environments more reliably, efficiently, and cost effectively. NAKIVO Backup & Replication is VMware-certified, purely agentless, and can be deployed on both Linux and Windows. Featuring a simple and intuitive Web UI, the product can back up and replicate VMware VMs onsite, offsite, and to private/public clouds (including single-click integration with Amazon cloud). NAKIVO Backup & Replication supports live applications and databases and provides data deduplication and compression, instant file recovery, instant Exchange object recovery, flash VM boot (beta), and network acceleration.

RESOURCES
• Overview: www.nakivo.com/VMware-VM-backup-replication-recovery-software.htm
• Datasheet: www.nakivo.com/Resources/NBR-DS.pdf
• Backup to Cloud: www.nakivo.com/vmware-cloud-backup-as-a-service.htm
• Success Stories: www.nakivo.com/success-stories.htm
• Trial Download: www.nakivo.com/en/VMware-Backup-Free-Trial.htm

ABOUT NAKIVO
Headquartered in Silicon Valley, NAKIVO is a privately-held software company that has been profitable since founding in 2012. With more than 4,000 customers - including many Fortune 1,000 companies - and over 500 channel partners across 70 countries worldwide, NAKIVO develops and markets a line of next generation data protection products for clouds and VMware virtualized environments. NAKIVO provides a fast, reliable, and affordable VM backup and replication solution for enabling SMBs and enterprises to protect and recover VM data onsite, offsite, and to the cloud. NAKIVO has also enabled over 50 hosting, managed, and cloud services providers to create and offer VM Backup-as-a-Service, Replication-as-a-Service, and DR-as-a-Service to their customers. NAKIVO was the first virtualization backup specialist to offer SMBs cloud backup to public clouds such as Amazon and multi-tenancy to cloud service providers and enterprise customers. For more information, please visit www.nakivo.com.

Follow us on Twitter: www.twitter.com/Nakivo
Connect on Facebook: www.facebook.com/NakivoInc
Join us on LinkedIn: www.linkedin.com/company/nakivo

Well into the 21st century, businesses worldwide are focusing more and more on managing risks, be they internal or external, financial, operational or strategic, involving technology or regulations or related to reputation.

While organizations are raising the bar on effective risk management, executives face extraordinary headwinds spawned by a turbulent environment in which risks materialize virtually overnight. Just this year, global financial and business markets have been rocked by spectacular cybersecurity breaches, geopolitical instability in the Middle East and Eastern Europe, refugee crises and more.

Internal auditors working from risk-based annual plans developed before March are increasingly finding themselves addressing yesterday’s challenges.

All of this reinforces my long-held belief that internal audit must take a more continuous approach to risk assessment. Audit plans and coverage should constantly evolve as new, potential risks surface and undergo assessment. Such an approach adds significant value for internal audit’s stakeholders, particularly during sudden or unexpected crises.

...

http://www.corporatecomplianceinsights.com/auditing-at-the-speed-of-risk/

October 22, 2014

Another BCP Anagram

Yes, I realize that the last thing we need in Business Continuity Planning practices is another anagram, but, hey, what’s the fun in writing a blog if you can’t cause trouble?  So here goes – another BCP anagram …

I have been stating for a while now, that the BCP Methodology needs to be revisited.  I think that the tried and true practice of conducting BIAs is a bit flawed.  In practice, I think, the methodology attacks middle management and department level areas in the organization without first establishing corporate-wide and senior level objectives for business during a crisis.  When we ask people to establish RTOs and RPOs (more of those lovely anagrams – see the chart below) what are they basing their answers on?  When we ask for impacts of being down, to set those recovery objectives, what business objectives are they being designed to meet?

I think that the BCP Methodology needs to add a step in the beginning of our analyses in which we establish – are you ready for it, here it comes, the new anagram, in three, two, one – our ABOs, Adjusted Business Objectives.  I think part of the fallacy in our current process is that RTOs (or MADs if you prefer that anagram) are set with the assumption that the company is still aiming to hit its established business objectives for the year.  And, I think that is wrong.  During times of crisis, I think management’s expectations of what the company should achieve are adjusted.  During times of crisis, we may not have the same Income Targets, Profit Targets, Sales Targets, Margin Targets, Production Targets, etc.

...

http://safeharborconsulting.biz/blog2/2014/10/21/another-bcp-anagram/

The Hamilton Project at the Brookings Institution and the Stanford Woods Institute for the Environment released a new report Oct. 20 that addresses how Western states can confront the crippling drought that threatens the nation’s entire water system.

The report is comprised of three papers, each of which examines particular strategies for coping with ongoing drought conditions. The first paper, Shopping for Water, advocates using market forces to manage water resources and lessen the impact and frequency of water shortages. The second paper, The Path to Water Innovation, highlights the need for innovative new technologies for promoting efficiency and conservation and suggests reviews of regulatory practices and creating statewide offices for water innovation. The third paper looks at nine economic facts about water in the United States with “the aim of providing an objective framing of America's complex relationship with water.”

In conjunction with the release of the papers, a forum was hosted on Oct. 20 at Stanford University to discuss the topics and issues within the report. Authors of the paper were joined by other water experts, as well as California Gov. Jerry Brown, who opened the forum with his vision of the landscape of water in the west.

“Water is going to be a major issue that is going be addressed in the California Legislature, in Congress – water issues don’t get solved in one place. It’s a complicated interplay of governmental jurisdiction at every level,” Brown said.

...

http://www.emergencymgmt.com/disaster/Confronting-Wests-Water-Crisis-EM.html

The Ebola epidemic in Africa and fears of it spreading in the U.S. have turned the nation’s attention to the federal government’s front-line public health agency: the Centers for Disease Control and Prevention (CDC). But as with Ebola itself, there is much confusion about the role of the CDC and what it can and cannot do to prevent and contain the spread of disease.  The agency has broad authority under federal law, but defers to or partners with state and local health agencies in most cases.

Julie Rovner answers some common questions.

...

http://www.emergencymgmt.com/health/What-CDC-Can-Do-Fight-Ebola.html

As the number of companies suffering a data breach continues to grow – with U.S. retailer Staples now reported to be investigating a breach – so do the legal developments arising out of these incidents.

While companies that have suffered a data breach look to their insurance policies for coverage to help mitigate some of the enormous costs, recent legal developments underscore the fact that reliance on traditional insurance policies is not enough, notes the I.I.I. white paper Cyber Risks: The Growing Threat.

A post in today’s Wall Street Journal Morning Risk Report, echoes this point, noting that a lawsuit between restaurant chain P.F. Chang’s and its insurance company Travelers Indemnity Co. of Connecticut could further define how much, if any, cyber liability coverage is included in a company’s CGL policy.

...

http://www.iii.org/insuranceindustryblog/?p=3822

Cloud-based Solution Simplifies ILM, Data Storage and Addresses HIPAA Compliance Challenges

BATON ROUGE, La. – Venyu, a leader in business continuitycloud-based virtualization, and battle-tested data recovery, today announced that Hendrix Orthodontics has adopted VenyuCloud to provision virtual servers, comply with HIPAA regulations and run its full suite of dental applications. The full case study can be viewed here.

Located in Kennett Square and West Grove, PA, Hendrix is small, growing orthodonticpractice facing many of the same Infrastructure Lifecycle Management (ILM) challenges associated with most large businesses. The company faced a choice:  Undertake an expensive infrastructure upgrade -- likely to recur every five years -- or evolve into a more centralized, secure and HIPAA-compliant IT environment. Hendrix elected to transition approximately 50 PCs and three data servers from its unsupported Windows XP operating system into the cloud, in addition to hosting its company files, patient records, charts and x-rays.

“Based on everything I’d read, the global transition to a cloud-based environment is inevitable. Despite this, people kept telling me the complexities associated with my type of data made the cloud option impossible,” said Dr. Jeff Hendrix, Hendrix Orthodontics. These fears were alleviated when Hendrix turned to VenyuCloud. 

VenyuCloud enables secure and highly-available IT-as-a-Service (IaaS) to create a scalable and HIPAA-compliant outsourced infrastructure. The model lets companies like Hendrix pay only for the processing power consumed, all while leveraging the power of VMware virtualization, full redundancy and high-availability.

With the help of Venyu, the practice began moving all core data applications to the cloud, including documents and files, billing, video presentations -- as well as specific industry tools, such as:  Carestream OrthoTrac Office, Dolphin Imaging and Aquarium, Ormco Insignia with Damon System, QuickBooks, Microsoft Office, and Invisalign.

“What’s truly amazing is that storing and accessing x-rays and patient records to and from the cloud is seamless; taking only seconds no matter where we are.  The infrastructure is much faster and more reliable than our previous in-house server solution,” Hendrix noted.

Within several months, the practice fully consolidated multiple data servers into one cloud-based system and all workstations are now simple machines which require no maintenance.  In addition, VenyuCloud delivers an elastic service so Hendrix can easily adjust the bandwidth and processing power to meet specific application requirements.

“VenyuCloud made it simple to manage what used to be a highly cumbersome process.  In the past, I used to walk in circles across both offices to upgrade and reboot our PCs and servers.  With Venyu, those problems are now obsolete,” Hendrix concluded.

“Hendrix is a perfect example of how a small business can avoid the costly and repetitive process of upgrading IT hardware and software,” said Scott Thompson, CEO, Venyu. “Leveraging the cloud for IT needs, companies can devote more time to concentrate on their core competencies by effectively and efficiently outsourcing their IT burden.”

About Venyu
Venyu is a premier provider of data center, managed hosting, cloud, virtualization and data protection solutions. By leveraging Venyu's portfolio of innovative, ROI-focused solutions, including VenyuCloud and RestartIT, within secure, highly available data centers, organizations can reduce IT costs while increasing security and scalability. For more information about Venyu and its industry-leading offerings, please visit www.venyu.comYour Data Made Invincible™.

By Paul Kirvan.

The Ebola outbreak shows how esoteric threats shelved in the ‘it will never happen’ folder can erupt to cause major disruption. Two other such threats spring to mind and it may be a good time for a reminder of these:

Solar storms

Solar flares traveling from the sun to the earth contain massive amounts of energy that have been known to disrupt electronic systems. Such an event could potentially cripple the world’s electrical grids for years, causing billions (trillions?) in damages.

Back in 2010, the US House of Representatives’ Energy and Commerce Committee voted unanimously to approve a bill allocating $100 million to protect the US energy grid from this rare but potentially devastating occurrence. The Grid Reliability and Infrastructure Defense Act, or H.R. 5026, aimed "to amend the Federal Power Act to protect the bulk-power system and electric infrastructure critical to the defense of the United States against cybersecurity and other threats and vulnerabilities."

...

http://www.continuitycentral.com/feature1239.html

Risk management is developing into a strategic function within European organizations. At the same time, risk management can contribute much more as its strategic role grows. Currently, risk managers are not satisfied with the level of mitigation for six of the top 10 risks ‘that keep their CEO awake at night’.

These are the key findings from the 2014 Risk Management Benchmarking Survey conducted earlier this year by the Federation of European Risk Management Associations (FERMA). Now its 7th edition, the FERMA Benchmarking Survey this year received a record number of 850 responses from 21 European countries.

Using the results of the survey, FERMA has published its first European Risk and Insurance Report. FERMA President Julia Graham says, "FERMA has said that risk managers are becoming risk leaders - the European Risk and Insurance Report provides evidence to support that view. It, therefore, also endorses FERMA's objective to shape and support risk management as a profession."

...

http://www.continuitycentral.com/news07400.html

Would a football player take to the field without attending training? Would an actor take to the stage without going to rehearsals? Would a pilot take to the skies without having practiced how to fly a plane? I’m sure any sensible person would answer ‘no’ to these questions. Before you know you're good enough to take on a role, you need to have practiced it first. Similarly, before you know your business continuity plan is fit for purpose, you need to have practiced it too.

We all know that every organization should have a business continuity plan – common sense dictates that when disaster strikes you would want to continue functioning as normal as possible. But how many organizations actually test their plans? They can be time consuming, they can be expensive, it can be difficult to get management buy-in and you can often be frustrated by the lack of enthusiasm from the general workforce who just want to get on with their jobs without your disruption. According to a recent study by Databarracks, less than a third of respondents to a survey (29%) claimed they had tested their plan in the last twelve months.

...

http://www.thebci.org/index.php/about/news-room#/news/putting-your-plans-to-the-test-95573

Page 1 of 359