Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

Jon Seals

Firmware, configuration files and static data are protected from unauthorized modification by Floodgate Anti-tamper

Floodgate Anti-Tamper is the first solution to provide device manifest validation for embedded Linux and RTOS based devices

Icon Labs enables The Internet of Secure Things™

WEST DES MOINES, Iowa – Icon Labs (www.iconlabs.com), a leading provider of embedded networking and security technology, today announced the availability of Floodgate Anti-Tamper, an application and data protection solution that protects RTOS and embedded Linux devices from malicious or accidental changes to firmware, configuration information and static data.

Anti-Tamper support makes it more difficult for a hacker to change the software or firmware running in an embedded device, or even change the configuration of the device. For example, if a utility company installs smart meters at their customer’s homes, hackers will not be able to re-program them to steal data or modify the behavior of the meter to under-report electrical usage. 

Floodgate Anti-tamper also protects against accidental or malicious changes made by insiders who are authorized to access the device.  In addition, all changes to the device are recorded and saved in the device audit log, allowing forensic analysis if and when problems do occur.  

By adding a critical, missing layer of security, Floodgate Anti-Tamper enables device OEMs to validate the integrity of device firmware and configuration.  Floodgate Anti-Tamper implements software-based anti-tamper detection, allowing this protection to be added to legacy systems without hardware “root-of-trust” capability.  On newer systems, Floodgate Anti-Tamper is integrated with hardware root of trust support to embed anti-tamper support within the hardware.

  

“Floodgate Anti-Tamper closes a critical security hole for embedded devices, making possible the Internet of Secure Things™,” said Alan Grau, CEO of Icon Labs. “While hardware root-of-trust capabilities are supported in some new designs, they often lack easy to use software support and don’t solve the security issue for legacy devices running older hardware.  With Floodgate, anti-tamper support can easily be added to new designs as well as to legacy systems.”

A recent HP Research study1 found that 70 percent of IoT devices are vulnerable to attack, and many devices had multiple security loopholes.  Protecting IoT devices requires a multi-layer security strategy, and Floodgate Anti-Tamper provides an important missing piece of that solution for embedded devices.  

“As IoT devices proliferate, they present new attack vectors for hackers to exploit, including device-to-cloud communication links, IoT gateways and the IoT devices themselves.  Complicating matters further, many of these new devices exist outside of the traditional corporate security perimeter,” said Steve Hoffenberg, analyst and director for IoT & Embedded Software at VDC Research.  “The IoT requires multiple layers of protection and end-to-end security from the device through the gateway and to the cloud. However, time-to-market pressure is not an excuse to shortcut security.”

Floodgate Anti-Tamper features include:

  • hardware root of trust integration for secure boot
  • full device manifest support
  • hash validation of all manifest components
  • local and remote audit
  • secure remote upgrade
  • configurable action upon detection of unauthorized changes
  • run time audits
  • Application Guarding APIs for run-time validation of applications/processes
  • Integration with the Icon Labs Floodgate Product family for management and event reporting

Icon Labs delivers a full suite of security solutions for embedded devices. The Floodgate product family provides intrusion detection and intrusion prevention capabilities that are designed specifically for use in embedded and RTOS-based devices.

Floodgate products support management system integration for policy management, event reporting and situational awareness. Icon Labs also provides solutions to harden the device, secure communication channels, and block DOS attacks. In addition to embedded security software and hardware solutions, Icon Labs provides professional services capabilities to accelerate customer deployments and facilitate unique implementation. Icon Labs helps you secure YOUR things.


About Icon Laboratories, Inc.
Icon Labs, a 2014 Gartner “Cool Vendor”, is a leading provider of embedded software for device security, device protection and networking management, including the award winning Floodgate Defender. Founded in 1992, Icon Labs is headquartered in West Des Moines, Iowa. For more information, visit www.iconlabs.com, send email to info@iconlabs.com, or call 1.888.235.3443 (U.S. and Canada) or 515.226.3443 (International).

DALLAS, Texas – DataBank Holdings, Ltd., a leading custom data center and colocation provider based in Dallas, announced the addition of HIPAA/HITECH Attestation to their annual audit certifications. With this latest compliance standard, DataBank offers the healthcare industry assurance and ease to deploy IT assets within compliance in DataBank data center facilities.

The HIPAA Security assessment was conducted in a structured approach that can identify and evaluate the controls in place which are associated with the operations of the IT environment and the business operations environment. The assessment addressed a wide range of Administrative Safeguards, Technical Safeguards, Physical Safeguards, Policies & Procedures, as well as Documentation Requirements as they relate to DataBank’s Data Center Services.

“We have a number of healthcare clients which currently conform to the HIPAA regulations and standards,” said Michael Gentry, VP of Operations for DataBank. “By securing DataBank’s attestation as a part of our own annual audit process, we make it much simpler for both current and future customers to comply with the guidelines laid out in the audit, potentially saving them a significant financial and manpower investment.”

DataBank’s HIPAA/HITECH examination was performed by a full-service audit and consulting firm that specializes in integrated compliance solutions and examinations. By completing such examinations on an annual basis, DataBank is able to demonstrate substantially higher levels of assurance and operational visibility to both prospects and clientele.

To learn more about DataBank, the company facilities, compliance standards, and the company’s complete suite of service solutions, please visit the corporate website at http://www.databank.com.

 

About DataBank
DataBank is a leading provider of enterprise-class data center solutions aimed at providing customers with 100% uptime availability of data, applications and deployed infrastructure. We offer a full suite of hosting solutions including colocation, managed services and cloud solutions that are anchored in world-class secure data center facilities with best of breed infrastructure and highly robust network architecture. Our customized customer deployments are designed to effectively manage risk, improve their technology performance and allow them to focus on their core business objectives. DataBank is headquartered in the historic former Federal Reserve Bank Building, in downtown Dallas, TX and has additional data centers in Dallas, Minneapolis and Kansas City. For more information on DataBank locations and services, please visit http://www.databank.com or call 1(800) 840-7533

Road marking company Lafrentz benefits from real-time project management with Flowfinity enterprise app software

VANCOUVER, British Columbia – Flowfinity Wireless Inc., a proven provider of enterprise mobile apps, today announced that Lafrentz Road Marking recently entered its 10th year of successful road construction project management with Flowfinity software.

Ten years ago, Western Canada's leading road marking company was relying on handwritten job reports from crews in the field, which were hard to read and time consuming to process. Time, materials, and incident tracking all needed to be streamlined for better accuracy and faster reporting.

Lafrentz selected the Flowfinity platform and quickly launched custom mobile apps for crews to keep track of time and jobs status throughout the day using smartphones. The real-time information and reporting allowed the company to improve management of person hours, equipment hours, and materials handling to improve its competitive position.

Lafrentz later expanded its use of Flowfinity to include an extensive catalog of municipal construction standards, which enables crews to access the information they need at their fingertips. If any incidents occur on job sites, the details are also immediately recorded in Flowfinity, providing an audit trail for safety standards.

"For the past 10 years, Flowfinity has remained the critical mobile technology used by Lafrentz to manage time, materials, equipment, and standards at job sites," said Tim Zapf, Marketing Manager, Lafrentz. "The Flowfinity platform is so flexible that we have been able to extend our use of the software to new business processes, and even switch mobile devices seamlessly."

Lafrentz uses Flowfinity Actions Enterprise Edition, and recently migrated its self-hosted solution to Flowfinity's cloud hosting service.

To read the Lafrentz success story, visit: http://www.flowfinity.com/customers/case_lafrentz_actions.aspx.

 

About Flowfinity

Flowfinity provides a proven, fully customizable solution for building enterprise mobile apps without programming. Since 2000, Flowfinity has helped leading companies across industries improve productivity, engage management, and improve business insight through all areas of the organization. By making it easy and fast to mobilize day-to-day business processes on smartphones and tablets, Flowfinity enables mobile teams to access, survey, report, and share information when and where they need to. Top global brands in consumer goods and other industries rely on Flowfinity software as the standard technology for automating critical business processes. For more information, visit http://www.flowfinity.com.

Fourth annual benchmark of Net Promoter® Scores (NPS®) includes data on 283 companies across 20 industries.

WABAN, Mass. – Temkin Group released a new research report, "Net Promoter Score Benchmark Study, 2014", based on a study of 10,000 U.S. consumers.

Net Promoter Score (NPS) has become a popular customer experience metric. NPS identifies the likelihood of consumers to recommend a company to their friends and family, using a scoring range from -100 to +100.

USAA's insurance business (67) and JetBlue (61) earned the only NPS scores above 60. Other companies with NPS above 50 are H-E-B, USAA (banking and credit cards), Trader Joe's, Mercedes-Benz, Amazon.com, Apple (computers), Lexus, Toyota, and Aldi.

Citibank and HSBC earned the lowest NPS, followed by four firms that also had scores of -10 or below: Comcast, Charter Communications, Commonwealth Edison, and Super 8.

"Net Promoter Scores can provide a strong indication of your relationship with customers," states Bruce Temkin, Managing Partner of Temkin Group. Temkin goes on to say, "Like any customer metric, NPS is only valuable when it's used to drive improvements."

Here are some additional findings from the research:

  • Auto dealers earned the highest average NPS (38) followed by grocery chains (32), computers (30), and insurance carriers (30).
  • TV service providers (1), Internet service providers (2), and utilities (5) are the only industries with averages below 10.
  • USAA's insurance, banking, and credit card businesses earned NPS levels that are 37 or more points above their industry averages. Seven other firms are 25 or more points above their peers: JetBlue, credit unions, Chick-fil-A, H-E-B, Kaiser Permanente, Amazon.com, and Trader Joe's.
  • Five companies fell more than 20 points below their industry averages: Super 8, Motel 6, HSBC, Quality Inn, and Citibank.
  • HSBC's NPS is 55 points below the industry average for banks and Super 8 is 42 points below the hotel industry. Four other firms are 30 or more points below their industry averages: Motel 6 (hotels), HSBC (credit cards), US Airways (airlines), and 7-Eleven (retail).

The 20 industries included in this report are airlines, auto dealers, banks, computer makers, credit card issuers, fast food chains, grocery chains, health plans, hotel chains, insurance carriers, Internet service providers, investment firms, major appliance makers, parcel delivery services, rental car agencies, retailers, software firms, TV service providers, utilities, and wireless carriers.

The report "Net Promoter Score Benchmark Study, 2014" can be downloaded from the Customer Experience Matters blog, at ExperienceMatters.wordpress.com as well as from the Temkin Group website, www.TemkinGroup.com.

About Temkin Group: Temkin Group is widely recognized as a leading customer experience research and consulting firm. Many of the world's largest brands rely on its insights and advice to steer their transformational journeys. Temkin Group combines customer experience thought leadership with a deep understanding of the dynamics of organizations to help accelerate results. Rather than layering on cosmetic changes, Temkin Group helps companies embed practices within their culture by building four critical competencies: Purposeful Leadership, Employee Engagement, Compelling Brand Values, and Customer Connectedness. The firm's ongoing research identifies leading and emerging best practices across a wide range of activities for engaging the hearts and minds of customers, employees, and partners. For more information, contact Bruce Temkin at 617-916-2075 or send an Email.

About Bruce Temkin: Bruce Temkin is widely recognized as a customer experience thought leader and is Customer Experience Transformist and Managing Partner of Temkin Group. He is also the author of a very popular blog, Customer Experience Matters® (ExperienceMatters.wordpress.com). Prior to forming Temkin Group, he was a VP at Forrester Research for 12 years. Bruce is a highly demanded speaker who consistently receives high marks for his content-rich, entertaining keynote addresses. He is also the co-founder and Chair of the Customer Experience Professionals Association (CXPA.org), a global non-profit organization dedicated to the advancement of customer experience management.

Net Promoter ScoreNet Promoter, and NPS are registered trademarks of Bain & Company, Satmetrix Systems, and Fred Reichheld. Customer Experience Matters is a registered trademark of Temkin Group.

NAKIVO has released a 2014 VM Backup report providing insight into the state of virtualization data protection globally.
  
NAKIVO Inc., the fastest-growing virtualization and cloud backup software company, today released the 2014 Annual VM Backup Report. NAKIVO 2014 Annual VM Backup Report provides insight in the current state of virtualization data protection worldwide. The data has been collected via a global survey of SMBs (companies with up to 250 employees or up to $100M in annual revenue) who are using VMware virtualization in their datacenters.

The report can be downloaded at: www.nakivo.com/2014-vm-backup-report.htm.

Key risks identified:
• Complete data loss: 1 in 4 SMBs keep all of their VM backups and replicas onsite, and thus run a high risk of losing all of their data in case of a disaster, storage failure, or backup repository corruption.
• Failed recoveries: Almost a third of companies do not verify their VM backups for recoverability and run a risk of not being able to recover data because VM backups are corrupted.
• Long disaster recovery times: 35% of businesses rely solely on VM backup, and thus run a risk of long recovery times in case of a disaster.
• High cost of a downtime: 41% of SMBs do not know the cost of their business-critical VMs being down, and can suffer significant revenue/customer loss if their Tier 1 VMs become unavailable.

NAKIVO recommendations:
• Keep at least one copy of business-critical VM backups offsite to ensure that VMs can be recovered in case of a disaster. NAKIVO Backup & Replication provides a single-click integration with Amazon cloud, providing a simple, reliable, and affordable offsite backup storage solution.
• Schedule VM backup verification. On average, 2/3 of SMBs had to recover VMs in the past 12 months, and 16% of those VM recoveries failed. NAKIVO Backup & Replication provides built-in backup verification that can be run on schedule and ensure that files, application objects, and VMs can be recovered.
• Use VM replication for business-critical VMs. NAKIVO Backup & Replication provides a simple and intuitive way to create and maintain identical copies of source VMs (aka “replicas”) on a target site. In case of a disaster, the VM replicas can be simply powered on, providing near-instant disaster recovery.
• Identify business-critical VMs and assess downtime/data loss costs. NAKIVO Backup & Replication can help achieve high RPOs with frequent backup and replication job run schedules, and low RTOs with VM replicas and Flash VM Boot.

Named one of the top 10 coolest storage startups of 2014 by CRN, NAKIVO is delivering a new way for cloud providers, enterprises, and SMBs to protect their VMware environments more reliably, efficiently, and cost effectively. NAKIVO Backup & Replication is VMware-certified, purely agentless, and can be deployed on both Linux and Windows. Featuring a simple and intuitive Web UI, the product can back up and replicate VMware VMs onsite, offsite, and to private/public clouds (including single-click integration with Amazon cloud). NAKIVO Backup & Replication supports live applications and databases and provides data deduplication and compression, instant file recovery, instant Exchange object recovery, flash VM boot (beta), and network acceleration.

RESOURCES
• Overview: www.nakivo.com/VMware-VM-backup-replication-recovery-software.htm
• Datasheet: www.nakivo.com/Resources/NBR-DS.pdf
• Backup to Cloud: www.nakivo.com/vmware-cloud-backup-as-a-service.htm
• Success Stories: www.nakivo.com/success-stories.htm
• Trial Download: www.nakivo.com/en/VMware-Backup-Free-Trial.htm

ABOUT NAKIVO
Headquartered in Silicon Valley, NAKIVO is a privately-held software company that has been profitable since founding in 2012. With more than 4,000 customers - including many Fortune 1,000 companies - and over 500 channel partners across 70 countries worldwide, NAKIVO develops and markets a line of next generation data protection products for clouds and VMware virtualized environments. NAKIVO provides a fast, reliable, and affordable VM backup and replication solution for enabling SMBs and enterprises to protect and recover VM data onsite, offsite, and to the cloud. NAKIVO has also enabled over 50 hosting, managed, and cloud services providers to create and offer VM Backup-as-a-Service, Replication-as-a-Service, and DR-as-a-Service to their customers. NAKIVO was the first virtualization backup specialist to offer SMBs cloud backup to public clouds such as Amazon and multi-tenancy to cloud service providers and enterprise customers. For more information, please visit www.nakivo.com.

Follow us on Twitter: www.twitter.com/Nakivo
Connect on Facebook: www.facebook.com/NakivoInc
Join us on LinkedIn: www.linkedin.com/company/nakivo

Well into the 21st century, businesses worldwide are focusing more and more on managing risks, be they internal or external, financial, operational or strategic, involving technology or regulations or related to reputation.

While organizations are raising the bar on effective risk management, executives face extraordinary headwinds spawned by a turbulent environment in which risks materialize virtually overnight. Just this year, global financial and business markets have been rocked by spectacular cybersecurity breaches, geopolitical instability in the Middle East and Eastern Europe, refugee crises and more.

Internal auditors working from risk-based annual plans developed before March are increasingly finding themselves addressing yesterday’s challenges.

All of this reinforces my long-held belief that internal audit must take a more continuous approach to risk assessment. Audit plans and coverage should constantly evolve as new, potential risks surface and undergo assessment. Such an approach adds significant value for internal audit’s stakeholders, particularly during sudden or unexpected crises.

...

http://www.corporatecomplianceinsights.com/auditing-at-the-speed-of-risk/

October 22, 2014

Another BCP Anagram

Yes, I realize that the last thing we need in Business Continuity Planning practices is another anagram, but, hey, what’s the fun in writing a blog if you can’t cause trouble?  So here goes – another BCP anagram …

I have been stating for a while now, that the BCP Methodology needs to be revisited.  I think that the tried and true practice of conducting BIAs is a bit flawed.  In practice, I think, the methodology attacks middle management and department level areas in the organization without first establishing corporate-wide and senior level objectives for business during a crisis.  When we ask people to establish RTOs and RPOs (more of those lovely anagrams – see the chart below) what are they basing their answers on?  When we ask for impacts of being down, to set those recovery objectives, what business objectives are they being designed to meet?

I think that the BCP Methodology needs to add a step in the beginning of our analyses in which we establish – are you ready for it, here it comes, the new anagram, in three, two, one – our ABOs, Adjusted Business Objectives.  I think part of the fallacy in our current process is that RTOs (or MADs if you prefer that anagram) are set with the assumption that the company is still aiming to hit its established business objectives for the year.  And, I think that is wrong.  During times of crisis, I think management’s expectations of what the company should achieve are adjusted.  During times of crisis, we may not have the same Income Targets, Profit Targets, Sales Targets, Margin Targets, Production Targets, etc.

...

http://safeharborconsulting.biz/blog2/2014/10/21/another-bcp-anagram/

The Hamilton Project at the Brookings Institution and the Stanford Woods Institute for the Environment released a new report Oct. 20 that addresses how Western states can confront the crippling drought that threatens the nation’s entire water system.

The report is comprised of three papers, each of which examines particular strategies for coping with ongoing drought conditions. The first paper, Shopping for Water, advocates using market forces to manage water resources and lessen the impact and frequency of water shortages. The second paper, The Path to Water Innovation, highlights the need for innovative new technologies for promoting efficiency and conservation and suggests reviews of regulatory practices and creating statewide offices for water innovation. The third paper looks at nine economic facts about water in the United States with “the aim of providing an objective framing of America's complex relationship with water.”

In conjunction with the release of the papers, a forum was hosted on Oct. 20 at Stanford University to discuss the topics and issues within the report. Authors of the paper were joined by other water experts, as well as California Gov. Jerry Brown, who opened the forum with his vision of the landscape of water in the west.

“Water is going to be a major issue that is going be addressed in the California Legislature, in Congress – water issues don’t get solved in one place. It’s a complicated interplay of governmental jurisdiction at every level,” Brown said.

...

http://www.emergencymgmt.com/disaster/Confronting-Wests-Water-Crisis-EM.html

The Ebola epidemic in Africa and fears of it spreading in the U.S. have turned the nation’s attention to the federal government’s front-line public health agency: the Centers for Disease Control and Prevention (CDC). But as with Ebola itself, there is much confusion about the role of the CDC and what it can and cannot do to prevent and contain the spread of disease.  The agency has broad authority under federal law, but defers to or partners with state and local health agencies in most cases.

Julie Rovner answers some common questions.

...

http://www.emergencymgmt.com/health/What-CDC-Can-Do-Fight-Ebola.html

As the number of companies suffering a data breach continues to grow – with U.S. retailer Staples now reported to be investigating a breach – so do the legal developments arising out of these incidents.

While companies that have suffered a data breach look to their insurance policies for coverage to help mitigate some of the enormous costs, recent legal developments underscore the fact that reliance on traditional insurance policies is not enough, notes the I.I.I. white paper Cyber Risks: The Growing Threat.

A post in today’s Wall Street Journal Morning Risk Report, echoes this point, noting that a lawsuit between restaurant chain P.F. Chang’s and its insurance company Travelers Indemnity Co. of Connecticut could further define how much, if any, cyber liability coverage is included in a company’s CGL policy.

...

http://www.iii.org/insuranceindustryblog/?p=3822

Page 1 of 360