Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Bonus Journal

Volume 29, Issue 5

Full Contents Now Available!

Industry Hot News

Industry Hot News (6923)

(TNS) — When Mount St. Helens erupted 35 years ago Monday, killing 57 people and blanketing much of Central Washington in ash, officials were ill-prepared for the magnitude of the emergency.

“When the mountain blew, everyone was kind of out there on their own,” said Charles Erwin, emergency management specialist for the city of Yakima. “That’s what got the county started on doing disaster planning and coordinating with all the local jurisdictions.”

The explosion caused two different disasters on either side of the mountains. While the west side was dealing with mud and debris flows taking out bridges and roads, the prevailing winds pushed an estimated 520 million tons of ash eastward, turning Sunday morning in Yakima into midnight.



(TNS) — Under a new state law signed by Gov. Jay Inslee on Thursday, May 14, large railroads will be required to plan with the state for “worst-case spills” from crude oil unit trains, but exactly what that worst-case scenario looks like is not yet clear.

The law requires railroads to plan for the “largest foreseeable spill in adverse weather conditions,” but doesn’t define “largest foreseeable spill.”

In April, BNSF railway employees told Washington emergency responders that the company currently considers 150,000 gallons of crude oil – enough to fill five rail tank cars – its worst-case scenario when planning for spills into waterways. Crude oil trains usually carry about 100 rail tank cars.



Saturday, 16 May 2015 00:00

Risking It

The challenge of planning is significant; anyone who has ever been required to plan anything in detail will know of the problems and issues that even thinking about it planning is difficult and can quite easily spin beyond the controllable. Plans can be effective or useless for various reasons, and the translation of thoughts to realities can be fraught with issues.

In attempting to make informed judgements, the perceived effectiveness of response and protective measures has been traditionally based on a combination of anticipation, information and intelligence assessment and a suitable selection of mitigation measures.  However there is perhaps also an element of chance and luck in detecting and deterring any type of malicious activity and this has served to add to the range of variables which can complicate an attempt to manage risks.   The most thorough risk analysis will not be able to address all variables which will hamper the effectiveness of managerial processes in providing an adequate contribution to pre-emptively managed protective efforts.



Editor’s Note: This is part of a series on the factors changing data analytics and integration. The first post covered cloud infrastructure.

It’s a truism that technology changes quickly and ages fast — and yet, despite massive network and computer evolutions, not much changed for data until Big Data came along.

To be fair, for all practical purposes, Big Data was first seen as a natural extension of the relational database, but with larger amounts of data and faster processing speed. Almost immediately, though, vendors like IBM and research firms like Gartner pushed the definition of Big Data to include other data types — semi-structured and unstructured data, delivered at high speeds, which can mean real time, near-time and streaming or, as I privately call it, all time data.



CHICAGO – May is Building Safety Month, a public awareness campaign to help individuals, families and businesses understand what it takes to create safe and sustainable structures by increasing awareness about how building codes and code officials improve and protect the places where we live, learn, work, worship and play.

“We’re all at some level of disaster risk,” said Andrew Velasquez III, FEMA Region V administrator.  “It is important that we prepare now for the impacts that disasters can have on our homes, our businesses and in our communities.”

The power of natural disasters can be overwhelming. While you can't stop natural disasters from happening, there are steps you can take to increase your home's chance of survival, even in the face of the worst Mother Nature can dish out.

1. Reinforce your Residence. Consider retrofitting options, or steps to improve your home’s protection from natural disasters, including high wind events. One of the most common types of wind damage to a structure is called “uplift”— which occurs when a roof lifts and collapses back down on the house causing costly damage. Fortunately, you can minimize the chances of this happening by installing straps connecting the structural members of your roof to the wall studs or columns.

Other risk reduction ideas include:
a. Use shingles rated for 90+ mph wind and use a minimum of four nails per shingle.
b. Make sure windows and doors are properly shimmed and nailed into the framed opening, tying the window and door frames into the adjacent studs, and 
c. Install a garage door that is designed for higher wind speeds.

FEMA recommends consulting with a certified home inspector to determine if these are viable options for your home. For even more home strengthening options, click here.

2. Fortify Your Home’s Floors. Homeowners can secure their structure to the foundation by using anchors or metal straps. Your builder should ensure there are properly installed anchor bolt connections between the plate and the foundation at least every four feet to ensure maximum fastening to the foundation.

Consult with your local building code official as well as a certified home inspector to determine the best options for you. For more information on wind-resistant home construction techniques, click here.

3. Trim & Tighten. High velocity winds from thunderstorms and tornadoes can turn patio furniture, grills and tree branches into destructive missiles. In addition, if the area immediately surrounding your house contains trees, outbuildings, trash cans, yard debris, or other materials that can be moved by the wind, your house will more likely be damaged during a tornado or windstorm.

All storage sheds and other outbuildings should be securely anchored, either to a permanent foundation or with straps and ground anchors. The straps and ground anchors used for manufactured homes can be used as anchoring systems for outbuildings, such as garden sheds, which are not placed on a permanent foundation. Outdoor furniture and barbecue grills can be secured by bolting them to decks or patios or by attaching them to ground anchors with cables or chains. Trees should also be trimmed so they’re at a safe distance away from your home.
4. Elevation is a Smart Renovation. Flooding is a real risk, and elevating your home and its critical utilities can significantly reduce the risk of water damage. Elevating your home may even reduce your flood insurance premiums. Contact your local floodplain manager to learn the flood risk and elevation requirements for your residence. For more information on elevation techniques to protect your home from flood damage, click here

5. Assure You’re Fully Insured. Take the time to review your insurance coverage. Are you adequately insured for the risks your community faces? Are you covered for wind, flood and sewer backup? Has your policy been updated to reflect the value of your home? For a list of questions to ask your insurance agent, click here. Many homeowners find out too late that their insurance coverage has not increased with the value of their home. Contact your insurance agent to get these questions answered and ensure your home is financially protected.

To learn more about Building Safety Month and how you can protect your home, business and valuables, visit www.iccsafe.org.  For even more readiness information follow FEMA Region V at twitter.com/femaregion5 and facebook.com/fema. Individuals can always find valuable preparedness information at www.Ready.gov or download the free FEMA app, available for Android, Apple or Blackberry devices.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at twitter.com/femaregion5, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

The prevailing wisdom holds that cloud architectures will float comfortably on a layer of virtualization that itself will rest on commodity hardware. As long as underlying bulk resources are available in sufficient amounts, all of the fine-tuning and optimization for higher-level applications and services can be done on abstract, software-defined planes.

This isn’t necessarily wrong, but it isn’t the whole truth either – at least according to those who are developing next-generation, cloud-optimized hardware.

For the current crop of hardware vendors to survive much longer, it is hard to see how they can avoid devising cloud-facing product lines. According to IDC, about 30 percent of the IT hardware spend is in support of cloud infrastructure, up more than 14 percent from a year ago. The private cloud alone accounts for some $10 billion in revenue, generating annual growth of about 20 percent, while public infrastructure spending tops $16.5 billion and is growing at 17.5 percent per year.



(TNS) — The ER was already busy, close to full — gunshots, car wrecks, strokes — when the “get ready” call came in at 9:45 p.m.

By 10:30, they began arriving by police car, ambulance, anything.

By midnight, 54 had made it to Temple University Hospital, which treated more passengers from Amtrak’s Tuesday night disaster than any other emergency room.

The most critical patients were rushed into one of the three trauma bays just inside the ER door. Teams of doctors and nurses were assigned to each bay, responsible for stabilizing patients and moving them through with skill and speed, making room for the next.



Most IT organizations provide services to the business in several forms. According to author Terry Critchley, services are comprised of three things:

  • Products
  • Processes
  • People

Each of these things come together to ensure that required business functions are available. But every service has the potential for failure and outages even though today’s world demands that uptime be as close to 100 percent as possible. In this scenario, IT must use all of its technologies to provide this availability, including virtualization, cloud computing, disaster recovery, business continuity and strong security. Still, human factors can prevent services from being available, too.



When drive-by drills, known as lockdown in most of the country, were widely used in response to school shootings with little or no adaptation of tactics, we began down a path that ultimately led to the tragic shooting at Sandy Hook that took 26 innocent lives. There were stops along the way in places called Columbine, Virginia Tech, Aurora and many others. These were all opportunities to learn that our model for response was at great risk from those who would seek to use our plan (or lack of plan) against us.

Plans continued to emphasize single-option lockdown, with location dependency on classrooms for a response. Vague and largely unworkable mentions of reverse evacuations or reverse fire drills back to classrooms for active threats or terrorism inside the building, over facility evacuation, continued to be widely used. The single-option hiding concept became common practice in buildings, though every room was occupied. Shoving people into bathrooms, closets, under desks and into corners became recommended, despite the tragic effects of limiting movement. Being mobile in a crisis equals increasing survivability.



(TNS) — Disaster recovery just from extreme weather and wildfires cost American taxpayers $300 billion in the past decade, the White House's former "resilience" specialist told the general session of the 29th annual Florida Governor's Hurricane Conference.

"That is just what Uncle Sam spent," Josh Sawislak told the conference. He said the figure doesn't count billions in insured and uninsured losses by individuals, businesses and local governments. Nearly half of that was just from 2011 to 2013.

"So when someone tells me, 'We can't afford to pay for resilience,'" Sawislak said, "I immediately ask, 'How can we afford not to?'"



(TNS) — Tuesday night's fatal derailment was the worst Philadelphia train disaster in decades. The timing seemed chillingly prophetic: Just one day before the crash, the city's Office of Emergency Management had held a "mass casualty workshop" with police, fire and health personnel.

Moments after Train 188 careened off the tracks, emergency calls went out across the city and scores of first responders rushed to the scene to find the mangled bodies of those killed and more than 200 injured and bloodied passengers.

Here's a look at how the city's response unfolded throughout Tuesday night and into Wednesday:



What do Edward Snowden, the U.S. PRISM scandal and the corporate data hack on Sony Corp. have in common? All involved breaches in data security and sovereignty. While the cloud offers many benefits--such as cost savings, scalability and flexibility--there are also added risks. Data security always tops that list of risks.

To combat these risks, it’s crucial for service providers to have a fundamental understanding of data security and data sovereignty. Use these 10 facts as your foundation to ensure you’re offering customers the best security, reliability and performance in the market.



When a disruptive incident impacts critical national or regional infrastructure, or when public safety is at stake, multiple emergency agencies are often involved in the response.

Those responders could be from federal or state agencies as well as local teams of EMT’s, police, firefighters and other volunteers.  Emergency response organizations specialize in a certain aspect of response based on their skill sets.  From coastguards, firefighters, bomb-disposable squads and EMT’s animal control and hazmat clean-up or cyber expert, those teams’ skills and actions are generally unique, well defined and perfected through regular practice.

In the event of multi-disciplinary emergency response, command, control and communication (between the responders) are critical for an effective – and efficient – response.  Protocols for collaboration among responders are defined by NIMS (the National Information Management System) of which the Incident Command System (ICS) is a critical component.



Taking the whole concept of data security to its most logical conclusion, Secure Islands has come up with a method that automates the application of security to any piece of data, depending on how it’s classified, as that data is being generated.

Secure Islands CEO Aki Eldar says version 5.0 of the IQProtector Suite (IQP) adds what the company describes as a Data Immunization process. IQProtector automatically assigns security controls to data at the point that data is actually created, regardless of location. Those controls then attach themselves to that data wherever it is consumed.

Based on rights management technology developed by Microsoft, Secure Islands has different renditions of IQProtector for endpoints, servers, clouds and applications to make sure that wherever data is created, a security policy gets enforced.



There’s been plenty of attention paid over the past few years to what appears to be a growing IT skills gap.  Managed service providers (MSPs) can help alleviate the pain of this this gap for customers by providing services that customers would normally handle inhouse. For instance, they can offer and manage cloud-based file sharing and other IT services.

In her recent article for FierceCIO.com, Sarah Lahav weighs in on the IT talent shortage.

“Whether the IT talent shortage is myth or reality, I believe IT leaders can agree on at least one thing: some roles are harder to fill than others,” says Lahav.  “The needs of IT and the business have shifted faster than educators and professionals adapt.”



Thursday, 14 May 2015 00:00

High Availability IT Services

Reliability and Availability

This book starts with the basic premise that a service is comprised of the 3Ps—products, processes, and people. Moreover, these entities and their sub-entities interlink to support the services that end users require to run and support a business. This widens the scope of any availability design far beyond hardware and software. It also increases the potential for service failure for reasons beyond just hardware and software; the concept of logical outages.



With so many of today's businesses dependent on SAP as the core technology platform for some of their most critical business functions, it would follow that IT organizations would dedicate significant effort in securing SAP systems. But the truth is that SAP and other enterprise resource planning (ERP) software remain largely forgotten by even the most security-conscious organizations today. And the attackers have found this gap.

For years now, security researchers have warned of hefty security vulnerabilities in SAP that make it possible to create ghost accounts, change records in some of the most sensitive financial tracking applications and use the platform to break into other connected systems. And while security researchers and consultants confirm that attackers are already exploiting these vulnerabilities for malicious purposes, these attacks have largely gone unreported to the public. That all changed this week.



Thursday, 14 May 2015 00:00

How Would You Hire an Emergency Manager?

Let’s suppose you want to fill a position in your organisation by hiring an emergency manager. The role of this person is to coordinate the actions of different services responding to a sizable disaster, to translate strategy into tactics, and to keep senior officials or management informed of the situation and progress towards resolution. So far, so good – except this kind of person, or experience, doesn’t grow on trees. However, it is a role that is needed in many public sector areas, including utilities, health, education, airports and port authorities. You could place an ad asking for candidates, but what do you then need to know to evaluate applications?



DENTON, Texas – People who live in Texas are urged to get ready now for the possibility of flooding, following days of rain and with more potential rain in the forecast.

The Federal Emergency Management Agency’s (FEMA) Region 6 office continues to monitor the flooding threat across parts of the state and stands ready to support state and local partners as needed and requested in any affected areas.

Know Your Risk Before a Flood:

•    Do your homework. Be aware of the potential flooding risks for the particular area where you live.
•    Familiarize yourself with the terms used to identify a flooding hazard. Some of the more common terms used are:

  •  A Flash Flood Watch: Flash flooding is possible.  Be prepared to move to higher ground; monitor NOAA Weather Radio, commercial radio, or television for information.
  • A Flash Flood Warning: A flash flood is occurring; seek higher ground on foot immediately.

Take Action Before and During a Flood:

•    Build an emergency kit and make a family communications plan.
•    Listen to local officials and monitor your local radio or television for information.
•    Do not drive into flooded areas. Turn Around; Don’t Drown. Two feet of rushing water can carry away most vehicles.
•    Do not walk through flowing water.  Six inches of swiftly moving water can knock you off your feet.
•    Wireless Emergency Alerts (WEAs) are now being sent directly to many cell phones on participating wireless carriers' networks.  WEAs sent by public safety officials such as the National Weather Service are designed to get your attention and to provide brief, critical instructions to warn about imminent threats like severe weather.  Take the alert seriously and follow instructions.  More information is available on WEA at www.fema.gov/wireless-emergency-alerts.

Visit www.ready.gov or www.nws.noaa.gov for more information on preparing for floods or other disasters.


FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at http://twitter.com/femaregion6 , and the FEMA Blog at http://blog.fema.gov

It’s clear that our relationship to data is changing, both in terms of how we work with data and our relationship on individual levels. That, in turn, is triggering changes in the underlying technologies.

Integration technology in particular is in the spotlight these days. After all, you can use the data only as fast as you can integrate, wrangle or blend the data. That’s leading to a lot of talk from vendors about “modern integration” that’s less concerned with on-premise, batch integration and more concerned with real-time access for business users.

At Informatica’s recent customer conference, CEO Sohaib Abbasi identified four disruptive technology trends changing data. His opinion is more significant than most because he heads one of the industry’s leading integration vendors, and despite a thriving data integration market, that company was recently acquired.



The data center has been the foundation of enterprise IT operations since the dawn of the computer age, so it is understandable that there is a lot of uncertainty now that it is undergoing the most monumental change in its history.

Indeed, many executives are still trying to wrap their heads around the idea of having no data center at all, or at best a rack or two of modular boxes devoted to maintaining access to external applications and resources.

But those who have been to the mountaintop say that the other side is indeed a lush, green valley in which advanced services and capabilities can be had at low cost and with little effort, and that the flexibility that comes from shedding fixed hardware assets more than makes up for the loss of direct control over infrastructure. The key, though, is to first realize that the new data environment does not serve the same purpose as the old, and then to learn how to leverage that app-centric, service-based environment for your business model.



(TNS) — Investigators rushed to the scene of a derailed Amtrak train in Philadelphia Wednesday morning as the death toll climbed to six after the deadly accident in one of the nation’s busiest transportation corridors.

Dawn showed the extent of the devastation from the Tuesday disaster with all seven cars of the Amtrak train askew, off the rails in a chaotic wreck. One car was seemingly collapsed like an accordion and three cars were overturned. The other three were a twisted mess.

Hundreds of rescue workers using heavy equipment were at the scene, searching for survivors.

“It is an absolute disastrous mess,” Philadelphia Mayor Michael A. Nutter told reporters. “I have never seen anything like this in my life.”

The train was carrying 238 passengers and five crew when it left Washington for New York Tuesday.



(TNS)East Naples might not be the place most people think of when they think of rising sea levels, but that's what Jerry Kurtz sees.

On the north side of U.S. 41, not far from the Walmart, a weir that controls water flows into Haldeman Creek and eventually Naples Bay is one of four aging weirs that sit on the county's front line against climate change.

With the National Oceanic and Atmospheric Administration predicting sea levels to rise as much as 2 feet by 2050 and by as much as 6.6 feet by 2100, the new weirs being planned need to be built to handle any extra water that might slosh their way, Kurtz said.



Wednesday, 13 May 2015 00:00

Cyber Losses vs. Property Losses

The financial impact of cyber exposures is close to exceeding those of traditional property, yet companies are reluctant to purchase cyber insurance coverage.

These are the striking findings of a new Ponemon Institute  survey sponsored by Aon.

Companies surveyed estimate that the value of the largest loss (probable maximum loss) that could result from theft or destruction of information assets is approximately $617 million, compared to an average loss of $648 million that could result from damage or total destruction of property, plant and equipment (PP&E).

Yet on average, only 12 percent of information assets are covered by insurance. By comparison, about 51 percent of PP&E assets are covered by insurance.




Nearly nine in 10 financial services firms plan to increase their investment in risk management capabilities in the next two years in response to the emerging risks of cyber security and fraud, according to a new report from Accenture.

The Accenture 2015 Global Risk Management Study – based on a survey of more than 450 senior risk management executives in the banking, capital markets and insurance industries – found that 86 percent of respondents said their organizations plan to increase their investment in risk management capabilities in the next two years, with one in four (26 percent) planning to increase it by more than 20 percent. In addition, three in 10 respondents (29 percent) said their companies plan to increase by more than 20 percent their investment in cloud / software-as-a-service (SaaS) and big data and analytics.

The report found clear evidence of the increasing impact that cyber security and fraud is having on financial services firms’ business and the risk management function in particular.  For example:

  • More than one-third (34 percent) of respondents said that understanding cyber risk will be the most-needed capability in their risk function.
  • Nearly two-thirds (65 percent) of respondents said that cyber/IT risk will have an increased impact on their business in the next two years, with 26 percent saying that the increase would be significant.
  • More than eight in 10 respondents (82 percent) said that emerging risks, such as cyber and social media, account for more of the chief risk officer’s (CRO) time than ever before.

“The combination of market forces, advances in technology and customer demands are pushing financial institutions to become more digital and requiring a broader range of skills from today’s risk management professionals,” said Steve Culp, senior global managing director for Accenture Finance and Risk Services. “Financial services firms are struggling to keep pace with the demand for people with highly specialized skills, such as cyber risk experts, business analysts, security specialists and fraud experts. To fill these gaps, most firms will have to look outside of their organizations — and the competition for the right people is increasingly intense.”

The report indicates that the surging demand for talent by financial services institutions in recent years shows no signs of abating. While firms are focusing on enhancing their specialized skills, fewer than half (41 percent) claim to have extensive skills in understanding digital technologies. Only 10 percent said that their risk function has the resources needed in specialized areas like emerging risks.  Many respondents said that in the past two years, their recruiting has targeted cyber risk experts (cited by 48 percent of respondents) and fraud experts (36 percent), and 36 percent of firms said they have hired former hackers.

Rising impact of digital

In response to today’s low-growth, low-return environment, financial institutions are focusing on new paths to profitability. As a result, risk appetites are increasing, although in a targeted fashion.  More than four in 10 financial services firms (43 percent) said they have a higher risk appetite for developing new products than they had two years ago, and more than one-third (36 percent) have a greater appetite for taking on major digital initiatives. 

“At a time when the regulatory focus has never been keener, financial services firms are taking a hard look at their existing strategies and starting to identify where they want to extend their business to achieve growth,” Culp said. “The willingness to accept greater business risks will also expose financial services firms to emerging risks – including cyber, data privacy, reputational, social media and new conduct risks – requiring risk professionals to play an enhanced role.”

Nearly three-quarters (73 percent) of respondents said that managing emerging digital risks and the increased velocity, variety and volume of data challenge their ability to be effective. Fewer than one in 10 (9 percent) said that consistent and updated data is regularly available to decision makers across the organization.

Increased role of the risk function 

Increasingly, CROs seek to play a more strategic role in their companies. Only 36 percent of capital markets respondents and 29 percent of banks said that, when delivering regulatory change programs, their senior managers go beyond basic regulatory compliance, such as by integrating with ongoing change initiatives.  For firms that go beyond basic compliance, there is much greater coordination on regulatory issues between the risk function and the rest of the business.

At the same time, the majority of financial services firms have some distance to travel before risk management becomes fully aligned with broader strategic planning.  While more than eight in 10 respondents (83 percent) said they believe that risk management has contributed to enabling long-term profitable growth for their company, nearly three-quarters (73 percent) said that gaining the trust of the business is a top challenge to their effectiveness. Fewer than one in five respondents (17 percent) said that their companies have a framework that supports major strategic decision-making with input from risk management.

“CROs can help their institutions become digital leaders by capitalizing on the insights generated from the wealth of data they hold,” Culp said. “While many have said the increase in data has posed a challenge, risk teams can free up time by automating data collection and analysis in order to focus on more strategic management activities. Better data is required by regulation, but it will also help CROs advise their stakeholders on meeting key goals around risk-adjusted profitability and performance.”


A great start to the Australasian BCI Summit in Sydney today. If you are reading this at the Summit please come and find me to say hello. If you are not able to attend the event you can still interact with attendees and the ideas being presented via the Twitter tag

The theme for the conference is intriguing, “Looking to the future, learning from the past” and it will be interesting to see if this realises the potential. Good start thus far!



As so many IT security experts and analysts have preached through the years, small to midsize businesses (SMBs) should be just as concerned with cybersecurity as large enterprises. It seems the warnings are finally sinking in. A recent survey by the Endurance International Group shows that 81 percent of SMBs are currently concerned about cybersecurity and 91 percent think about it “often.”

In a release, Hari Ravichandran, CEO of Endurance International Group, says it’s time for small businesses to take cybersecurity to heart, but perhaps more should be done:



As a business continuity or disaster recovery professional you’ve probably put in a lot of effort setting up your emergency mass notification system. You’ve likely already:

  • Determined the different user types your system will support as well what security/permissions each user type will have.
  • Confirmed how to get your user/stakeholder information into the system...either via upload, integration with another software platform, or via self-registration of your users.
  • Set-up user groups, uploaded important crisis communication related documents.
  • Linked your ENS with the appropriate social media accounts
  • Integrated your ENS with various external notification devices such as digital displays, sirens, and desktop disruption.
  • Developed notification templates.
  • Tested the system, and more.



If disaster, such as a flood or power outage, struck right now, would you be prepared to recover your vital data and applications to continue business operations? Do you have a business continuity plan in place to make sure you’re never left in the dark – unable to get work done?

Learn more about the great work Keith and his team at Procyon Solutions are doing to help prepare businesses in Little Rock for any upcoming disaster.

Keith Jetton from Procyon Solutions knows the importance of having a business continuity plan in place.

“We take a different approach to business continuity than most other IT companies. We’re seeing lots of technology move to the cloud – starting with email, file sharing, and phones, all hosted in the cloud,” he said.



I wrote a post last week about a study commissioned by Dell and Intel that provided some enlightening information about employees’ technology adoption and expectations.

Beyond what was covered in that post, Steve Lalla, a Dell vice president and general manager who contributed the commentary, was also able to address how this type of research helps guide Dell’s strategy, and what’s changed since Dell last conducted this survey in 2011.

The 2014 “Global Evolving Workforce Study” was commissioned by Dell and Intel, and conducted by TNS, a global market research firm. As for how this type of research aids Dell in its strategic planning, Lalla said that Dell launched the initiative to fully understand exactly how technology is shaping the workforce of the future and in turn, help its customers respond to the challenges and opportunities of the evolving workforce. He listed three “actionable insights” for Dell and its customers that came out of the study:



Tuesday, 12 May 2015 00:00

Where the Enterprise Is Cloud-Wise

How does the typical enterprise view the cloud, and will a consensus ever emerge as to how clouds are to be architected and utilized?

Believe it or not, we are still very early in the cloud transition, and the truth of the matter is, we could be a good two to three years away from seeing the cloud firmly established as the dominant form of IT infrastructure. In that time, expect to see a myriad of platforms, architectures, service configurations and other advancements, many of which will fail to gain traction or emerge as hot prospects only to fade over time.

But if you could take a snapshot right now, what would be the dominant themes within the cloud computing movement, and do they have the stuff to stand the test of time?



Can military principles and processes really be applied to corporate crisis management? Jonathan Hemus thinks they can…

By Jonathan Hemus, managing director, Insignia

Managing crises is, hopefully, a rare experience for most organizations. For the armed forces it’s part of their daily lives. Crisis management terms that are bandied around in corporate circles (tactics, strategy, exercising, war-gaming) are well rehearsed techniques and practices deployed by the armed forces to manage life and death situations. But can military principles and processes really be applied to corporate crisis management? With the 'command and control' approach to management in disrepute, it would be easy to assume that what works in the armed forces would backfire in the commercial world.

Look more closely though and the parallels are clear: scenario planning (a military discipline) is a critical part of preparing to manage a crisis. Giving your 'troops' the training they need to work quickly, efficiently and effectively under intense pressure is a prerequisite for crisis management success. Rehearsing your team and plan with crisis simulation exercises in 'peacetime' is the only way of finding out whether it will work for real.



Tuesday, 12 May 2015 00:00

Ten crisis management tips

An unexpected crisis can ruin a hard-won reputation, decimate your bottom line, and put the future of your company in jeopardy. Having a strategic plan in place in case the worst happens is vital insurance for any company , according to Jane Kroese, PR director at KISS PR.

“Some managers are reluctant to undertake crisis planning: crisis is by its nature unpredictable, making it difficult to know where to start. Acknowledging that you could face an emergency is uncomfortable, and it’s not always clear where crisis planning should fit amongst your day to day tasks,” explains Jane.

“There are far too many companies that are not adequately prepared for a crisis. But crossing your fingers and hoping it won’t happen to you isn’t good enough. Even if you’re committed to the highest standards and always implement best practice, a crisis could come from an unexpected place: the actions of a member of staff, a sector-wide emergency or a problem with a supplier or distributor could impact your business too.”

“A crisis can be an opportunity. When we produce crisis strategies, we aim for the company’s reputation to be equal to the status it had before the crisis - if not better. With a strong plan you can not only avoid damage, but come out ahead. No one can control a crisis, but they are most open to positive influence through strong communications in their earliest stages. Having a good plan in place allows you to react quickly and appropriately.”

Here are KISS PR’s ten tips for crisis management:

1. Have a strong communications plan.  This will help maintain good relationships with all your stakeholder groups. These relationships are tested in a crisis, and these are the people you may need to call on for their support. Remember your stakeholders aren’t just your customers: they include your staff, neighbours and journalists.

2. Scan for potential risks and issues. If you have good communication with your stakeholders you can spot an issue when it emerges, and intervene before you have a crisis on your hands. Good issues scanning depends on monitoring developments in your sector, legislative changes, media attitudes and the behaviour of your competitors, and being responsive to your customers’ needs.

3. Identify your key spokespeople.  Ensure that all key spokespeople have been trained in handling crises and dealing with the media. Your spokespeople should be members of senior management who can keep calm under pressure and will be comfortable speaking to journalists at short notice.

4. Have a well co-ordinated crisis team. During a crisis all communications should be co-ordinated by the crisis team: advise your staff to direct external enquiries to them, and not to speak to the media on their own initiative! Appoint alternates for your team, in case someone is off that day or you have a long crisis and need to rotate your personnel. Remember it’s too late to learn the skills you need during the crisis – don’t wait until you have an emergency on your hands.

5. Have your crisis communications plan ready. Each crisis is different, but you can have your media lists, fact sheets and even holding statements prepared in advance. This will give journalists something to work from while you investigate the crisis and ascertain the facts. You want to be in as much control as possible from the start, and a pre-prepared media pack will help. Don’t forget to store copies of all your crisis materials off site in case there’s an emergency at your premises.

6. Regularly update your stakeholders and media throughout the crisis. Be proactive in approaching your media contacts and providing them with information: you want to be seen as the authoritative source of information on the crisis, and you don’t want the public getting their information from other - potentially prejudiced sources.

7. It’s OK to admit you don’t have all the answers yet. Tell people what you’re doing to investigate the crisis and when you expect to have the information they need. Don’t say anything you’re not certain of, or make promises you won’t be able to keep.

8. Act quickly to address any information you know to be wrong. Swift and direct clarification rectifies the situation. It’s important to keep on top of what’s being said about you during a crisis.

9. Online speculation means your crisis activity now needs to be 24/7. The internet is the first place your stakeholders will go when they’re looking for information on the crisis, and they will expect to be able to contact you directly on your social media channels. Resource will need to be directed to responding quickly, accurately and reassuringly to points made and questions asked across all your streams.

10. You need to give thought to how you will rebuild your reputation after a crisis. What would a crisis ‘win’ look like for your company? After the crisis has passed and your investigation has concluded it might become clear your company wasn’t at fault, and it’s to your advantage to communicate this effectively. Ask what you can learn from the crisis to re-position your company.


Building a lean, mean supply chain machine is the dream of many organisations. On the face of it, lean sounds like a good idea. By streamlining and simplifying processes, and by cutting out flab and wastage, enterprises can boost productivity and profitability, and of course end-customer satisfaction. Just the muscle without the adipose layers is the goal. Companies aim for ever fewer suppliers, fewer product touch points and faster operations. Yet there comes a point where a supply chain starts to look more like a skeleton than a living, evolving business organism. It is at this point that the slightest shock to the system can break it. In other words, the fragility of your supply chain becomes a major risk for your business continuity.



Business users aren’t just technology savvy these days. They’re also increasingly data savvy, and that’s lead to a major shift in what business users expect when it comes to accessing and using data, according to data integration veteran Sachin Chawla.

“These guys don’t even exactly know the questions,” Chawla said during an interview with IT Business Edge. “They want to start playing with the data and then the questions will emerge as they do that, and the value will emerge as they do that. So it’s more about exploration than ‘Oh, tell me how much product we’ve sold in this region every month.’”

This represents a significant shift from the traditional approach, in which business users request reports that may take IT months to produce, Chawla said.



Cloud security has always been a sensitive topic. For many years, security was listed as the number-one reason why companies shied away from adopting cloud technologies. Cloud security has improved considerably over the years, but a survey conducted by Perspecsys shows just how far we have to go, especially when it comes to understanding where and how data is protected.

While at RSA, the folks from Perspecsys surveyed more than 125 attendees about data control in the cloud and more than half (57 percent) said they don’t have a complete picture of where their sensitive data is stored. Perhaps more alarming, 48 percent of the respondents said they don’t have a lot of faith in their cloud providers to protect their data. And because of this lack of trust, cloud adoption is slowed.

Maybe we haven’t come that far in cloud security, or at least the perception of cloud security, after all. Although, I have to say, the findings in the Perspecsys survey are a lot more encouraging than the results of a Ponemon Institute study of a year ago that found, according to eSecurity Planet:



(TNS) — Lawmakers and federal officials trying to overhaul the National Flood Insurance Program are considering dismantling a sprawling system that relies on more than 80 separate companies to sell policies, collect premiums and calculate damages after disasters.

The move, in response to allegations that claims were underpaid after superstorm Sandy, would dramatically reshape a government initiative that insures 90,000 homes and businesses on Long Island and 5.2 million nationwide.

Though the federal government underwrites flood insurance, it has long hired private companies including Allstate, Travelers and others to sell and manage policies. Those partnerships have allowed Washington to provide coverage without the staff and infrastructure of an entire insurance company.



Sally Beauty Holdings (SBH) has begun investigating a data breach that may have affected 25,000 customer records.

And as a result, the professional beauty supplies company topped this week's list of IT security newsmakers, followed by Consumer Reports, Tiversa and Ponemon Institute.

What can managed service providers (MSPs) and their customers learn from these IT security newsmakers? Check out this week's list of IT security stories to watch to find out:



(TNS) — In 2008, a 7.9 earthquake left a path of destruction in the Chinese province of Sichuan, leveling whole communities and leaving as many as 88,000 dead.

The chaos and confusion was made worse because the temblor disabled more than 2,000 cellphone towers, leaving huge communication gaps that lasted weeks.

On Friday, Los Angeles became the first city in the nation to approve seismic standards for new cellphone towers, part of an effort to strengthen communications infrastructure in preparation for the next big quake.



Transportation departments spent more than $1 billion since last October plowing highways, salting roads and coping with winter weather, according to a new survey.

The tally of 23 states, conducted by the American Association of State Highway and Transportation Officials (AASHTO), put the total cost at more than $1.13 billion. The full costs are higher, as several snowy states did not provide figures for the survey. 

This the first year that AASHTO conducted the survey. The most recent winter was milder in much of the United States than the one before, but the impact varied by region.

Pennsylvania spent the most of any state in the survey, with expenses of $272 million. The state transportation department estimates it took 2.5 million man hours to respond to the storms.



For SAP, the rise of the Internet of Things (IoT) is not so much about connecting things to the Internet as it is automating business processes.

At the recent Sapphire Now conference, SAP outlined how it will make use of a lightweight implementation of the SAP HANA in-memory computing platform to push both transaction processing and analytics as far out to the edge as possible via a cloud-enabled IoT service running on top of SAP HANA.

But Michael Lynch, global co-lead for IoT at SAP, says that’s really only the first step. The second step is to then begin moving from the realm of predictive analytics to a world where prescriptive analytics enable business processes to be dynamically adjusted in real time. For example, the appearance of a tropical depression off the coast of North America would change flight schedules, which would then trigger the sending of an alert to passengers, and also dispatch a car service to pick up passengers to bring them to the airport at the new time.



(TNS) — The Department of Defense raised the security level Friday at military bases across the United States in response to growing concern that they could be targeted for attack.

Under Force Protection Condition Bravo — the third of five security levels — more guards may be deployed at base entrances, and people and goods entering bases are likely to be subjected to closer scrutiny.

A spokesman for U.S. Northern Command said it's the first time the security level has been raised nationwide since Sept. 11, 2011, the 10th anniversary of the attacks on New York and Washington.



E-commerce business models have many advantages over brick-and-mortar retailers, including lower overhead, more flexibility in product and price testing, and more opportunities to manage inventory at optimal levels based on shopper behavior and current web analytics. However, an e-commerce business can’t escape all the realities of merchants with physical storefronts—including shoplifters.

Here are six tips for preventing virtual shoplifters:



Monday, 11 May 2015 00:00

Hail Claims Add Up During April

We’re reading about the economic and insurance impact of severe thunderstorms in the United States in April 2015, as reported by Aon Benfield’s latest Global Catastrophe Recap report.

Five separate thunderstorm events in central and eastern parts of the U.S. caused expected insured losses of $2 billion, including more than $750 million from one event alone.

What was the $750 million event?

A widespread multi-day severe weather outbreak that hit central and eastern parts of the U.S. from April 7-10, leaving at least 3 dead and dozens injured.



Tech career news this week included taking a fresh look at roles in cybersecurity, imagining what a day without data would be like, new hiring problems in Silicon Valley and more.

Cybersecurity Hiring Hot – and Cool

Hiring in security-related IT positions has been strong for awhile now, and Ben Johnson, chief security strategist with Bit9 + Carbon Black, says demand will continue to be high for several reasons, not the least of which is that mainstream culture is making the job look cool. In “Latest Cybersecurity Crisis: Where’s the Talent?” Johnson shares advice for those who want to break into the area, and those responsible for doing the hiring, including how to leverage existing skill sets and how to redefine roles and team needs.



The data industry is naturally buzzing about the new Tesla Powerwall battery. As a relatively low-cost means to capture and store energy, it makes not only an effective back-up solution but also a means to utilize solar, wind and other renewable sources during long periods of inactivity.

But as with any solution, there are always a few trees in the forest, and with batteries we run the very real risk of simply trading one set of problems for another.

Tesla, of course, is not the first company to develop a high-capacity battery solution, nor is it the first to utilize lithium-ion (Li-ion) as the primary power source. But if initial claims are true, the company has come up with a reliable, easily deployable solution capable of hitting a very reasonable price point of about $350 per kWh, which should make many facilities managers jump for joy. These costs, however, do not include installation, maintenance and other factors, so organizations will need to do some number crunching before signing on the dotted line.



Global insurers’ level of satisfaction with their enterprise risk management (ERM) performance grew by 10 percentage points over the last two years (63% compared to 53%). This was highlighted by a 16-percentage-point increase in Asia Pacific (51% compared to 35%) and less pronounced in North America and Europe (with a seven-point increase), according to Towers Watson’s Eighth Biennial Global Enterprise Risk Management Survey.

According to the survey, 74% of global insurers said their executives and board members view the risk management function of their enterprise as an important strategic partner that adds value to the business. Notably, carriers that share this view are almost twice as likely to say they’re satisfied (73% compared to 38%) with their company’s ERM performance compared to those that believe ERM is merely a provider of risk assurance (18%) or for regulatory compliance (8%).

Insurers’ opinions of their ERM program were determined by factors such as clear links to business goals. In fact, carriers with ERM functions that are well integrated into their business planning noted higher rates of satisfaction (82%) than those without an integrated strategic plan (53%). Similarly, those with a risk appetite framework linked to specific risk limits expressed higher rates of satisfaction (76%) than their peers with no framework in place (50%).



Friday, 08 May 2015 00:00

Where The Cloud Is Heading for MSPs

In a continuously evolving IT environment, it’s important to always remain on the cutting edge. Where possible, it’s even more beneficial to remain a step ahead. In order for managed service providers (MSPs) and their clients to do so, they must be able to accurately forecast where the future of cloud storage and cloud-based file sharing is heading.

In the RightScale 2015 State of The Cloud Report, the enterprise cloud management company found that enterprises are increasingly implementing hybrid cloud strategies that encompass both public and private clouds. However, as discussed in a recent report from ZDNet, does RightScale’s cloud survey actually suggest that hybrid and public clouds are growing at the expense of private clouds?




In 2022, Qatar will host one of the biggest sporting events in the world - the FIFA World Cup. In doing so it will become the first Arab country to host such a prestigious tournament, and perhaps the smallest country ever to do so.

So how does a small desert country with a population of less than 2 million manage such an event? How does Qatar ensure that the immense investment required delivers a sustainable return once the final has been played? That is one of the roles of the Supreme Committee for Delivery and Legacy. The SCDL was set up with the aim of ensuring the "successful delivery of all infrastructure required for Qatar to host an amazing and historic FIFA World Cup that is in line with national development plans and leaves a lasting legacy for Qatar, the Middle East and the world."

National Resilience Capability also stands to benefit from the staging of this major international event. All organizations – private and public – will be inspired to work together, building stronger and more resilient Qatar as a result. Dorothy Crossan is the Head of the National Resilience Capability Programme within the SCDL and she will be discussing 'Business Continuity and Resilience – A National Perspective' at the BCI Middle East conference in May.

During her presentation, Dorothy will highlight the potential role of the private sector in supporting national resilience which is a key building block in delivering a safe and secure event. Organizations exist within a national framework and are affected by potential risks beyond their control, however they are in a position to help mitigate the effects of these risks on their staff and customers, their organization, and consequently the wider community. A shared understanding of risks, built on clear authoritative advice and the promotion of good practice within and between sectors promotes consistency in planning focussed on assessed threats. In this way every organization can contribute to strengthening national resilience, strengthening their own in turn.

Prior to her current position as Head of the National Resilience Capability Programme for Qatar’s Supreme Committee for Delivery and Legacy, Dorothy spent 25 years in the Metropolitan Police in the UK where she gained extensive experience in strategic planning on security matters, working at the National level. In 2011, she developed the London Security Resilience Framework to improve information-sharing, coordination and planning for protective security across the UK capital. She was closely involved in the development of London’s Cross-sector Safety and Security Communications (CSSC) programme, an innovative private sector engagement initiative developed for the London 2012 Olympics, still flourishing in legacy. She is a particular champion for the inclusion of private sector representatives in security exercises.

To learn more about what Dorothy has to say about national resilience, come along to the BCI Middle East Conference. There is a packed programme of activities throughout the two days of the conference so to find out more, or to book your place, click here.

KANSAS CITY, Mo. – With the potential for severe weather across the plains and several Midwestern states the remainder of this week and into the weekend, staff at the U.S. Department of Homeland Security’s Federal Emergency Management Agency’s (FEMA) Region VII office are coordinating with state and local officials in Iowa, Kansas, Missouri, and Nebraska and urge the public to prepare to stay safe.

 “With the threat of severe weather developing, we urge residents to listen to NOAA Weather Radio and local newscasts, monitor digital media feeds for updates and follow the instructions provided by local emergency officials,” said FEMA Region VII Administrator Beth Freeman. “As folks make their weekend plans, this severe weather threat is a reminder everyone needs to remain vigilant as we can’t always anticipate when or where a disaster might strike.”

Make A Plan!
Your family may not be together when a disaster strikes so it is important to plan in advance. For more information on creating your family’s emergency plan, visit http://www.ready.gov/make-a-plan.

Have an Emergency Supply Kit!
To prepare for power outages and the disruption of essential services, FEMA urges families to prepare an emergency supply kit for their homes and cars. For more information, visit http://www.ready.gov/build-a-kit.  When preparing a kit, remember water, medications, and items needed for the well-being of your pets.

Stay Informed!
Pay attention to and follow instructions from local emergency officials.

FEMA App Has Weather Alerts (NEW!)
Download the FEMA app (available in English and Spanish, for Apple, Blackberry and Android) to get severe weather alerts from the National Weather Service, https://www.fema.gov/mobile-app.

Social Media—A great monitoring tool!
Most local emergency managers, state and government agencies, including the National Weather Service, have an active social media presence and use it to provide fast, current and critical information before, during and after emergencies. Consider following the Facebook, Twitter or Instagram handles of your local emergency management office, as well as hospitals, schools and voluntary organizations serving your community.

If you don’t already have one, consider using a social media list to monitor the severe weather threat; how local officials are responding; and what they may ask of you and your family.  @FEMARegion7 on Twitter has created social media lists for Iowa, Kansas, Missouri and Nebraska. Subscribe to your state’s list, www.twitter.com/femaregion7/lists, or use it as a template to create your own. Learn and chat about creating Twitter and Facebook lists using #PrepList.

Tips for Severe Weather Safety!

If you have severe weather in your area, keep these safety tips in mind:

  • Become familiar with the terms used to identify a severe weather hazard and talk to your family about what you will do if a watch or warning is issued. Here are the terms you need to know:

WATCH: Meteorologists are monitoring an area or region for the formation of a specific type of threat (e.g. flooding, severe thunderstorms, or tornados).

WARNING: Specific life and property threatening conditions are occurring and imminent. Take appropriate safety precautions.

  • If there’s a tornado warning, you’ll need to know what to do no matter where you are. Learn more before the storms arrive, http://www.ready.gov/tornadoes.
  • DISTANCE TO SAFE ROOM MATTERS: While community safe rooms offer significant reassurance and protection during a severe weather event, always make the safe and certain choice about where to seek shelter – particularly if there is little time to travel to the location of the community safe room. It is always best to seek shelter in your basement or in the lowest possible structure in your residence if time and warning are limited when severe weather hits.
  • LOCATION MATTERS: Know your surroundings and your structures if you’re planning to attend an event, take vacation, visit family, or if you are staying in a location other than your home like a hotel, campground or cabin. Be sure to familiarize yourself with the facility’s emergency plans including: sirens and warnings, how to shelter in place, and steps to be taken in the event of an evacuation.
  • MOBILE HOMES: Mobile homes, even if tied down, offer little protection from tornadoes and should be abandoned. A mobile home can overturn very easily even if precautions have been taken to tie down the unit. Residents of mobile homes must plan in advance and identify safe shelter in a nearby building.
  • FLOODING: Be aware that flash flooding can occur within minutes and with little notice.  If there is any possibility of a flash flood, move immediately to higher ground.  Do not wait for instructions to move. Do not drive through flood water. When you see flood waters ahead: Turn Around, Don't Drown!
  • SAFETY AFTER THE STORM: Injury may occur when people walk amid disaster debris and enter damaged buildings. Wear sturdy shoes or boots, long sleeves and gloves when handling or walking on or near debris.

    Be aware of possible structural, electrical or gas-leak hazards in or around your home. Contact your local city or county building inspectors for information on structural safety codes and standards and before going back to a property with downed power lines, or the possibility of a gas leak. Do not touch downed power lines or objects in contact with downed lines. Report downed power lines and electrical hazards to the police and the utility company.  They may also offer suggestions on finding a qualified contractor to do work for you. 


Follow FEMA online at www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema.  Find regional updates from FEMA Region VII at www.twitter.com/femaregion7. Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.  The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.



(TNS) — People living in California and the West Coast still face the highest earthquake risk. But a new study says they are not alone.

That report found that close to half of all Americans — nearly 150 million people — are threatened by shaking from earthquakes strong enough to cause damage.

That figure is a sharp jump from the figure in 1994, when the Federal Emergency Management Agency estimated that just 75 million Americans were at risk from earthquakes.

One reason for the sharp increase in exposure to quake damage is population increases in areas prone to earthquakes, especially California, said William Leith, a co-author and USGS senior science advisor for earthquake and geologic hazards.



There is no stopping the evolution of technology, which seemingly occurs at warp speed. One technologically advanced industry that typically is not thought of as such, except when it is critically needed, is the life safety and emergency services industry.

Like others, the industry is pressured to do more with less because of shrinking tax revenues and limited grant program availability over the last decade. Yet public safety agencies are expanding their service offerings and providing better and faster emergency response because the mission matters. In many instances it is advanced technologies that are enabling emergency response entities to meet this challenge.

This is particularly true in the thousands of public safety answering points (PSAPs), which handle the nation’s 911 emergency calls. A PSAP is staffed by telecommunicators, or call-takers, who have been trained to field calls from the public and gather information related to an emergency situation. Telecommunicators also dispatch first responders to the emergency, including law enforcement, fire and emergency medical services (EMS). Dispatch operations entail taking the information received from the 911 call regarding the emergency situation and appropriately coordinating activity among the various first responders. Sometimes PSAPs are organized to segregate the dispatching of emergency services into dedicated groups corresponding to law enforcement, fire and EMS.



Cloud services and the steady increase in cloud-based file sharing shows that cloud services just continue to grow. Indeed, a recent report says enterprise cloud adoption increased by 43 percent in 2014. This is good news for managed service providers (MSPs) looking to onboard new clients and expand their offerings.

Skyhigh Networks, a global cloud security and enablement company, recently released their quarterly Cloud Adoption and Risk Report.  The report presents the state of the cloud industry, based on analysis of actual cloud usage from over 15 million enterprise employees and 350 enterprises. HeraldOnline.com chronicled the report, writing that, “with a full year of usage statistics, this latest edition of the report is the industry’s most comprehensive to date.”

Many of the usage statistics published in the report paint a terrific outlook for the cloud—and for MSPs.



FRANKFORT, KY – Residents and business owners who applied for federal assistance resulting from the severe storms and flooding in April will hear soon from damage inspectors.

People who suffered losses in Bath, Bourbon, Carter, Elliott, Franklin, Jefferson, Lawrence, Madison, Rowan, and Scott counties may be eligible for assistance by registering with the Federal Emergency Management Agency (FEMA).

Following registration, FEMA usually schedules inspections within seven (7) to 10 days. An inspector first examines structural damage to a house or business, then assesses damage to appliances, such as the washer, dryer, refrigerator, and stove. The inspector also gathers information about serious needs, such as lost or damaged clothing. Homeowners should identify all known damages and tell the inspector if they have a septic system or a well.

Property owners need to show proof of ownership and occupancy. Renters need to show proof of occupancy. If insurance papers are available, residents should show them to the inspector.

Inspectors will ask applicants to show identification. At the same time, applicants should ask for identification from everyone identifying themselves as damage inspectors. All inspectors carry official photo identification.

“If an inspector is not wearing an identification card or badge, please make sure you ask to see it,” said Joe M. Girot, FEMA’s Federal Coordinating Officer for Kentucky.

Girot said it is also important to keep in mind that official inspectors do not charge for this service.

Those who have suffered losses as a result of the April storms, but have not yet applied for assistance are encouraged to do so as soon as possible.

The fastest and easiest way to register for assistance is online at www.DisasterAssistance.gov or by calling 1-800-621- 3362 (FEMA) or by web-enabled mobile device at m.fema.gov.  Disaster assistance applicants who have a speech disability or hearing loss and use TTY should call 1-800-462-7585 directly; those who use 711 or Video Relay Service may call 1-800-621-3362. The toll-free telephone numbers will operate from 7 a.m. to 10 p.m. eastern, seven days a week until further notice.


FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s temporary housing assistance and grants for public transportation expenses, medical and dental expenses, and funeral and burial expenses do not require individuals to apply for an SBA loan. However, applicants who receive SBA loan applications must submit them to SBA loan officers to be eligible for assistance that covers personal property, vehicle repair or replacement, and moving and storage expenses.

For more information on Kentucky’s disaster recovery, visit www.fema.gov or http://kyem.ky.gov. On Facebook, go to http://www.facebook.com/KYEmergencyManagement. To receive Twitter updates: http://twitter.com/kyempio or www.twitter.com/femaregion4.

Thursday, 07 May 2015 00:00

The benefits of agentless backup

By Gabriel Gambill, senior systems engineer for EMEA, Quorum

Agentless backup is one of the latest buzzwords in disaster recovery and business continuity, but how much do we really know about it or what it means for organizations using it?

Most people probably know that agents are the small applications installed on a server to perform a particular function. For backup, the agent is installed onto the host server that the system administrator wants to back up. Agentless backup is, as its name suggests, backup without the use of such an agent.

In an effort to distinguish themselves from their rivals, several backup and recovery vendors claim to provide agentless backup. In many instances, however, these vendors inject an agent at the beginning of the process and remove it before the backup finishes in order to achieve application consistency. Strictly speaking, they aren’t providing agentless backup because they are still using an agent in parts of the process.



Phoenix has published the results of a national survey of UK employees on their use of and attitudes towards workplace IT. One of the survey’s key findings highlights UK workers’ widespread use of their own electronic devices for work, posing a potential major threat to business security.

The survey, conducted with workers aged 18 and over, who use IT and electronic devices as part of their day-to-day business, across a wide range of industry sectors, revealed that, while over half (51 percent) primarily use their own devices, an incredible 59 percent of those workers have not used their company IT support to setup their devices. This indicates a significant number of devices being used in the UK economy that may not comply with corporate IT policies or have sufficient security measures in place.

Alistair Blaxill, managing director of Phoenix’s Partner Business, said: “Mobility is one of the most significant driving forces for the IT sector and an increasing number of people want to be fully connected to work all of the time. However, the emergence of BYOD in the workplace is creating a real challenge for IT departments, with workers using their own unmanaged devices to access corporate networks and sensitive data. The findings of our survey underline this trend in the UK and it reinforces the need for businesses to stay on top of how employees access IT and ensure that they are appropriately protected.

“We think the best way to achieve this shift is to look at the ways in which IT departments are interacting with workers. Employees’ attitudes to IT support are changing and they want instant, real-time solutions to their device issues. Our survey tells us that just 23 percent and 32 percent of workers received their IT support either primarily face-to-face or a mix of face-to-face and remotely respectively. Savvy employers are now looking to provide workers with an IT support service that mirrors the personal experience they receive outside of work when resolving issues with their own personal devices.”


Cyber insurance should become as common a purchase for UK businesses as property insurance within the next 10 years, according to the Association of British Insurers (ABI).

Speaking at the ABI’s conference on cyber insurance, Huw Evans, director general at the ABI, said:

"Cyber risk is growing rapidly. At the moment, despite more than 80 percent of large businesses suffering a cyber security breach in a 12 month period, only around 10 per cent have any form of cyber insurance."



Boards are failing to navigate the changing risk landscape effectively, resulting in significant loss of value, according to research from leading players in the business community. As a result, corporate risk leadership needs rethinking and boards should consider appointing an executive voice of risk.

The above is one of the key points made in a new report, ‘Tomorrow’s Risk Leadership: delivering risk resilience and business performance’ which has been written by global business think tank Tomorrow’s Company and launched in collaboration with the Good Governance Forum members, Airmic, CIMA, IHG, Korn Ferry, PwC and Zurich.

The report challenges businesses and business leaders to consider whether the risk leadership in their organizations is sufficient to meet the demands of an increasingly fast-paced and interconnected world. While companies are usually strong at managing their core risks, all too often, the management of risk remains a siloed operation, detached from strategy.

The report’s key recommendation is that organizations consider establishing an executive voice of risk who leads the risk agenda, helps deliver the business model and drives business performance. The risk leader would be at or close to board level and should help boards to be more forward looking, enhance their decision-making capabilities and provide a corporate-wide view of risk.

The risk leader should have a strategic skillset and broad business knowledge to spot early-warning indicators of the genesis of an atypical crisis event and enable a more rounded approach to risk. Only then, according to the report, can a business truly drive resilience within the organization.

The report also says that setting the right risk culture is vital. It recommends taking an integrated approach to risk, defining the appropriate risk appetite for the organization, and creating the supporting culture and behaviours required.

Read the report.

Try this simple test, made possible thanks to the ubiquity of the smartphone and its on-board camera. First, imagine a crisis that would put your organisation in a difficult posture with the public. A generally applicable example is breach of your confidential business data, including your customer records. Now take your smartphone and record a selfie video of you making a supposedly public statement about the incident. Stop the recording and play it back. Give yourself a score for each of the following aspects: clarity of speech, clarity of statements made, credibility, and level of positive appeal to an angry public looking to lynch a suspect. Scores rather lower than you’d like? You’re on the way to discovering the crucial role of the spokesperson in a crisis.



Many computing operations throw off lots of copies: prime offenders include backup, analytics, snapshots, cloning, and test/dev. And not only do you have many copies by many processes, each of these copies is proprietary to its generating application. It is not possible to re-use that data for multiple processes, leaving your storage landscape littered with duplicate data that cannot be leveraged or re-used. Not even cloud users get away scot-free; they are still paying for that storage space and bandwidth, and those copies will be exclusive to the process that created them.

For decades this siloed, crazy quilt environment has been business-as-usual because there was nothing much that people could do about it. Data protection, analytics, and testing systems all generated their own copies of data because they had to: it was the only way any of the processes could work.

This challenging state of affairs spurred Actifio to launch data copy management in 2009. The question they asked was: what if a single product could eliminate duplicate data across multiple processes by providing a single golden copy of that data for all of them? What if a single product could capture data copies from multiple applications, store a single copy of that data, and then virtualize it wherever it was needed by data protection and business applications? 



Even though 65 percent of small to midsize businesses (SMBs) have set up data backups on premise as part of a business continuity (BC) strategy, the time has come to consider more up-to-date options. Carbonite and IDC recently shared the results of their joint 2015 Business Continuity Study, which reveals some remarkable data on the subject.

It seems that SMBs have realized how important the cloud will be to current and future company business. Of the 700 SMBs surveyed, 81 percent are currently considering updating their BC strategies. Within the next year to two years, 72 percent of these businesses expect to boost their investments in BC technologies—which makes sense when you consider that more than 80 percent of these SMBs have had downtime in the past that cost “from $82,000 to $256,000 for a single event,” according to the report.

Mohamad Ali, Cabonite’s CEO, recently told website Talkin’ Cloud more about what SMBs need in a BC solution:



British Gas revealed that it will form a data science team this week, according to the UK site, V3. The reason may serve as a strategic case for establishing data science teams going forward: The company says the team will help more business users delve into and use its Hadoop data lake.

The announcement reflects a subtle shift in focus, from hiring a team to make Big Data feasible to using a team approach to democratize Big Data.

"We're setting up a data science team to assist our business users so they can fish in the lake themselves," Phil Crannage, head of applications development at British Gas, told V3.



The security implications of the Internet of Things (IoT) are mind boggling. In many visions, the IoT is deeply enmeshed in the lives of users—even those who are doing their best to steer clear of it. So, the potential for mischief and malevolent behavior is great.

Bruce Schneier is one of the best known electronic security experts and in a Network World interview with Tim Greene, Schneier didn’t pull any punches on where the industry is on IoT security. In response to a question on the practical steps that can be taken, Schneier did the equivalent of throwing up his hands:

There’s nothing you can do. This is very much like the computer field in the ‘90s. No one’s paying any attention to security, no one’s doing updates, no one knows anything - it’s all really, really bad and it’s going to come crashing down.



The security implications of the Internet of Things (IoT) are mind boggling. In many visions, the IoT is deeply enmeshed in the lives of users—even those who are doing their best to steer clear of it. So, the potential for mischief and malevolent behavior is great.

Bruce Schneier is one of the best known electronic security experts and in a Network World interview with Tim Greene, Schneier didn’t pull any punches on where the industry is on IoT security. In response to a question on the practical steps that can be taken, Schneier did the equivalent of throwing up his hands:

There’s nothing you can do. This is very much like the computer field in the ‘90s. No one’s paying any attention to security, no one’s doing updates, no one knows anything - it’s all really, really bad and it’s going to come crashing down.



To paraphrase the great humorist Mark Twain, rumors of the death of passwords have been greatly exaggerated. While people lament the challenges and problems posed by passwords, they remain a core authentication and security technology.

My colleague Andras Cser and I have been fielding so many client inquiries around passwords that we are undertaking a quantitative, anonymous survey from end user organizations to gauge their current password policies and usage. This online survey asks about your organization’s current password policies and challenge as well as the future role of passwords in your organization. We also are using the survey to gain perspectives on the future of passwords and how other technologies might replace passwords completely.

The survey is completely confidential, but participants who provide contact details will receive a complimentary copy of the report when it’s published later this year.

You can access the survey here:


Recent 2015 audit surveys report some interesting findings about the current role of audit committees. They highlight not only how complex the world of risk management and oversight has become in the corporate world, but also the enormous breadth of responsibilities that the audit committee is expected to bear.

The requirements of internal audit will only continue to expand because, as PwC’s recent “2015 State of the Internal Audit Profession Study” shows, 60 percent of CAEs believe that within the next five years their internal audit function will need to be providing not only value-added services, but also proactive advice for the business.

Additionally, in KPMG’s recent “2015 Global Audit Committee Survey,” 74 percent of audit committee respondents said that more time is required to perform their role. Key areas of the internal auditor’s role that will require more time include:



What would you do if the files you rely on every day were unavailable?


Most of us become accustomed to storing much of the data we use – spreadsheets, forms, slide packs, photos and other documents – on ‘shared files’.  Whether it’s on a corporate “S: drive” or a SharePoint site, information stored on shared facilities is a productive and relatively inexpensive means of saving, retrieving & archiving documents we create, maintain and use.  Shared facilities are an alternative to saving files on our device’s “C: drive” (a Business Continuity no-no!), or on a USB device – both of which create access and security problems.

It is often a common assumption that –following a data center disruption – our SharePoint application or ‘S: drive’ will be restored concurrent with, or slightly following other mission-critical IT systems and applications.  That might be true; then again, it might be days or weeks before the shared files are restored.



According to a new study by Aon Risk Solutions, damage to brand and reputation was cited as the top overall concern facing organizations globally. The Aon Global Risk Management Survey also revealed that, for the first time ever, cyber risk had entered the top ten at number nine.

Aon’s global clients strongly felt that damage to brand and reputation ranked as a top concern across almost all regions and industries. This can be attributed to the growing challenges businesses are facing amongst the other risks found in the top ten, such as cyber risk, but also including business interruption, property damage and failure to innovate.

The eventual inclusion of cyber risk in the top ten is perhaps no surprise as both cyber attack and data breach have routinely featured as top three threats in the Business Continuity Institute’s annual Horizon Scan report. Damage to reputation being at number one and the entry of the cyber risk to the top ten further underscores the increasing importance of cyber risk as it has been regularly linked to brand and reputation issues in the wake of recent data breaches.

Stephen Cross, Chief Innovation Officer, Aon Risk Solutions said “The insights provided by this survey help us understand how risks are changing as the global environment evolves. It’s little surprise to see cyber risk enter the top ten at the same time we are seeing increasing concern about corporate reputation as the two issues are a great example of the interconnectivity of risk.”

Rory Moloney, Chief Executive Officer, Aon Global Risk Consulting, said “While new risks such as cyber have moved to centre stage, established risks like damage to reputation or brand, are taking on new dimensions and complexities. The interconnected nature of these risks reinforces the importance of strategic risk management in every organisation.

Failure to innovate/meet customer needs remained in sixth spot. Respondents in the technology industry indicated that this is the most significant risk to their business. Property damage also re-entered the top 10 global risk list for the first time since 2007, up from 17 in 2013. This risk was ranked highest by hotels and hospitality, non-aviation transportation and real estate. Unprecedented weather events in recent years have bundled this risk with the cause and effect of business interruption, which took the seventh spot on the 2015 list with reported losses down more than 10% from the 2013 survey.

The top 10 risks are:

  1. Damage to reputation/brand
  2. Economic slowdown/slow recovery
  3. Regulatory/legislative changes
  4. Increasing competition
  5. Failure to attract or retain top talent
  6. Failure to innovate/meet customer needs
  7. Business interruption
  8. Third party liability
  9. Cyberrisk (computer crime/hacking/ viruses/malicious codes)
  10. Property damage

(TNS) — In the collapsed village of Sankhu, 12 miles east of Kathmandu, most residents sleep in tents, but ignore police warnings and enter caved-in brick buildings that lean precariously over mounds of rubble. As rescue teams wielded shovels last week to remove the last of 64 dead bodies, nearby residents salvaged bricks, stone blocks and timber to reuse for the eventual and inevitable rebuilding.

“We have to rebuild. As soon as possible,” said Gunkeshari Dangol, 45, standing in the alley next to the three-story brick house constructed by her grandfather. Her 10-year-old grandson lies entombed there until police can safely remove the child’s body.

In Sankhu and throughout Nepal, people are still counting losses. Death tolls may head to 10,000 or more. Six of Kathmandu Valley’s seven UNESCO World Heritage sites, more than 57 other temples and palaces, and hundreds of thousands of houses have been reduced to rubble or have suffered deep wounds. The government has asked international rescue teams to return to their countries, as hope for miracles has faded.



(TNS) -- Within a few hours of the devastating 7.8-magnitude earthquake hitting Nepal last Saturday, Facebook stepped in to help.

Users around the world with Facebook friends in the affected region started getting notifications that their friend was “marked safe.”

Later that afternoon, Facebook CEO Mark Zuckerberg explained why in a post on his timeline.

“When disasters happen, people need to know their loved ones are safe,” he wrote. “It’s moments like this that being able to connect really matters.”

The feature is called “Safety Check,” and it locates Facebook users in the region of a disaster site either by through the city listed on a user’s profile or from where they last used the Internet.



Although all London councils have disaster recovery procedures in place for electoral data, 40 percent have not tested them in the last 12 months, according to freedom of information requests made by disaster recovery specialists Databarracks.

The freedom of information requests were sent to all London Boroughs, the majority of which obliged with details on their business continuity practices, specifically in relation to electoral data.

Managing director of Databarracks, Peter Groucutt, says that 40 percent is an alarmingly high number to have failed to test, especially with the UK General Election taking place on 7th May. “It’s worrying that with the general election just a day away, many local councils have not tested that their procedures actually work in the event of a disaster. As expected, all councils that responded to our request had thorough backup and disaster recovery plans in place – which is excellent – but without testing, they could be proved useless at their time of need," said Mr Groucutt. “We always recommend performing a DR test at least once a year. At any time in the year councils are under scrutiny to keep sensitive data secure and systems running smoothly. So the run-up to a General Election, when the electoral roll is most important, it is vital to ensure your procedures are water-tight.”

Another concerning finding from the freedom of information requests is that the current RTOs (recovery time objectives) and RPOs (recovery point objectives) of many of the boroughs were relatively long.

Groucutt comments: “Most of the councils that did respond to us told us that their recovery time objective for electoral data was 24 hours, with some even as long as 7 days or in one case up to 2 weeks. It was also interesting to see that different councils have very different classifications for how critical the electoral register is. For some it is a ‘Priority 1’ system and requires the fastest recovery possible but for others there is no prioritisation, and for some the register is not included on their continuity list or would only be recovered on a ‘best-effort basis’. We put a lot of faith in IT infrastructure to just work. Imagine if a council thought its RPO was 30 minutes but when it came down to it, it was actually 48 hours? If they haven’t tested their DR capabilities, they really have no idea of how they’d cope should disaster strike at the very time that would cause most damage.”


Wednesday, 06 May 2015 00:00

Balancing IT Risk and Opportunity

For business managers, moving portions of our company’s most valued information assets into the public cloud, while compelling economically, raises a thicket of difficult risk and compliance questions.

·      From a business perspective, considering reputational and other risks, do the economic advantages outweigh the risks?

·      Can anybody in my company really answer:  if we move these processes and data into the cloud, will we still be fully compliant with all of the necessary “legs and regs” we must comply with?  How do we really prove that?

·      Frankly, our IT partners are hardly impartial in the decision; we’re allocating our IT shop’s funds to buy cloud services.  Are their security concerns perhaps a little overblown?



All too often, I run into BCM and DR practitioners that talk about their ‘Awareness’ programs and what they do to get their message of BCM/DR awareness across to the rest of the organization. Let’s face it, we all have an Awareness component to our programs but it’s how the Awareness component is executed that will make the difference.

We tend to build our other components such as BIAs, Crisis Plans, Crisis Teams, Continuity Plans, Technology Recovery Plans and others, before we turn to the Awareness component. We tend to wait until we get to a specific point before we begin to focus on getting the BCM/DR message across. I think differently.

The BCM/DR awareness message starts the moment the practitioner begins their role. It’s up to them to educate and work with others in their organization to get the message out there when they start, not when they get near the end or when it seems there’s enough information to communicate. You can communicate awareness right away; there is no reason to wait in getting the message out there.



Once a month, my co research director and partner in crime, Chris McClean, and I will use our blog to highlight one of the 26 people that collaborate to deliver our team’s research and services and always make Chris and I look really, really good. Each “Analyst Spotlight” includes an informational podcast and an offbeat interview with the analyst. This month’s Analyst Spotlight features our newest analyst, Martin Whitworth. Based in London and bringing experience as a CISO and Head of Security across several industries, Martin will cover the most pressing issues keeping CISOs reaching for another bourbon on the rocks, including security strategy, maturity, skills and staffing, business alignment, and everyone’s favorite pastime, reporting to the board.



An old sports tenet says that you can’t tell the players without a scorecard. It is equally true that you can’t play the game without a playbook. Yet most emergency operations centers are doing just that.

EOCs all share one basic currency — information. At its core, an EOC is an information processing and dissemination mechanism that supports and coordinates operations in the field. So how information is analyzed, processed and acted upon often means the difference between life and death. But there is a systemic problem.

All too often, emergency operations plans and EOC standard operating procedures state that the operations center will establish and maintain situational awareness and disseminate a common operating picture. Unfortunately no one ever tells you how to do that. Why does that matter? Because every single decision EOC responders make depends on accurate, complete and current situational awareness and a common operating picture, otherwise known as SA/COP. But several issues complicate the problem.



Tripwire, Inc., has announced the results of a study conducted by Dimensional Research on improving the cybersecurity literacy of Fortune 500 boards and executives. The study examined corporate executives’ view of cybersecurity risks, as well as measured their confidence and preparedness in the event of a security breach. Study respondents included 200 business executives and 200 IT security professionals at US companies with annual revenues of more than $5 billion.

Key findings include:

  • C-level executives are less confident (68 percent) than non C-level executives (80 percent) that cybersecurity briefings presented to the board accurately represented the urgency and intensity of the cyberthreats targeting their organizations.
  • C-level executives (65 percent) were less confident than non C-level executives and IT executives (87 percent and 78 percent respectively) in the accuracy of the tools their organization uses to present cybersecurity risks to the board.
  • 100 percent of C-level executives and 84 percent of non C-level executives consider themselves ‘cybersecurity literate,’ despite ongoing cyberattacks and high profile breaches.

“The lower level of confidence on the part of C-level executives reflects a sea change in the way that executives handle cybersecurity risks,” said Dwayne Melancon, chief technology officer for Tripwire. “The reality is that an extremely secure business may not operate as well as an extremely innovative business. This means executives and boards have to collaborate on an acceptable risk threshold that may need adjustment as the business grows and changes. The good news is that this study signals that conversations are beginning to happen at all levels of the organization. This is a critical step in changing the culture of business to better manage the ongoing and rapid changes in cybersecurity risks.”

While the results of the Tripwire study indicate an increased preparedness on the part of IT professionals, they expose the uncertainty at the C-level and point toward the need to increase literacy in cybersecurity and its attendant risks in the near-term. Competitive pressures to deploy cost-effective business technologies may affect resource investment calculations for security; these competing business pressures mean that conscientious and comprehensive oversight of cybersecurity risk at the board level is essential.

"I'm not surprised that C-level executives are less confident than their boards or IT executive staff,” said Melancon. “That lack of confidence comes, in large part, from the networking and informal benchmarking that takes place among C-level executives at the peer level. There is a lot of 'comparing notes' that happens between C-level peers. When this happens, you are able to get a more informed view of where you are in your overall cyber risk preparedness. This is in direct contrast to IT professionals who generally have a more insulated view of their own cyber risk, which can lead to a false sense of security. That difference in perspective – internal inputs vs. external inputs — may very well explain the confidence gap this survey highlights.”

To download the whitepaper of this study, please click here.

Cloud deployments such as cloud-based file sharing and cloud storage have been growing at such a rapid rate, they are expected to become the largest percent of IT budgets as early as 2016. The industry is keeping up with this rapid growth by creating standards and guidelines for how cloud service providers and MSPs should operate.

A proposed international standard released earlier this year focuses on data privacy in public clouds – specifically in relation to business-to-business cloud usage – and how customers should maintain control of their personally identifiable information.

The new international standard, designated ISO/IEC 27018 is described by ISO as “an important first step for protecting PII in the cloud. It is built on previous ISO guidance and will continue to evolve along with [cloud service providers] to provide more secure services upon which businesses can grow.”



It hasn’t even been a week since Nepal’s massive earthquake killed thousands and destroyed businesses, homes, roads and hospitals across the country. But already, the United Nations has called for $415 million in aid; more than $50 million has been pledged by 53 countries and foundations for immediate relief. Private donors, foundation and businesses will likely promise millions more.

Outsiders were similarly generous after the earthquake in Haiti, the Indonesian tsunami and Hurricanes Katrina and Sandy. This money is important — it enables emergency response teams like the ones I’ve been on to restore essential services and provide water, shelter and food.

But are these teams spending this money effectively? Are we doing the best we can to reach the most people as quickly as possible? Nobody knows.



WASHINGTON – Wildfires can occur anywhere in the country with the potential to destroy homes, businesses, infrastructure, natural resources, and agriculture. Last year, the United States experienced over 63,000 wildfires that burned more than three million acres. National Wildfire Community Preparedness Day is Saturday, May 2, and people across the nation will dedicate time to making their communities a safer place should a wildfire occur.

Wildfires can start in remote wilderness areas, national parks, or even your backyard.  They can start from natural causes, such as lightning, but most are caused by humans, either accidentally—from cigarettes, campfires, or outdoor burning—or intentionally. 

“When our citizens prepare and adopt the principles of fire-adapted communities, the loss of life and property from wildland fires is greatly reduced,” said United States Fire Administrator Ernest Mitchell.  

Protect your family and community from a wildfire by taking action before one happens.  On National Wildfire Community Preparedness Day, join your friends, family members, faith-based group or youth organization, and volunteer your time to improve your community’s ability to withstand and recover from a wildfire, which also may improve the safety of firefighters.

There are many ways to help protect homes, neighborhoods, businesses, and entire communities:

  • Reduce the amount of flammable materials and brush that can burn around your home or business;
  • Create a fire-free area within the first five feet of your home using non-flammable materials and high moisture-content plantings;
  • Maintain an area that is clear of flammable materials and debris for at least 30 feet on all sides from your home or business; and
  • Move wood piles and propane tanks to at least 30 feet from your home or business.

National Wildfire Community Preparedness Day is part of America’s PrepareAthon! a grassroots campaign for action to get people better prepared for emergencies through group discussions, drills and exercises.  You can take steps to prepare to reduce the devastating effects of any disaster by creating a family communication plan and practicing how you will evacuate and communicate with friends and family members in an emergency. Register your action at www.ready.gov/prepare.

Learn more about National Wildfire Community Preparedness Day. Visit the ready.gov and learn how to prepare for a wildfire.


FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.


The enterprise has been working out its cloud transition strategies for well over two years now, but it seems that many decisions regarding deployment and usage models are still being made blindly.

While it’s true that the lack of real-world production experience makes it difficult to judge how the cloud will function, it nevertheless seems as if the enterprise is ready to trust the cloud with all forms of data even though there is still no clear understanding of the basic characteristics of the technology.

Cost is a prime example. The common perception is that the public cloud is significantly less expensive than private clouds and provides greater scale and flexibility to boot. But a recent analysis by 451 Research suggests that the differences may not be all that dramatic. According to the group’s findings, an OpenStack private cloud distribution will run about eight cents per virtual machine per hour, just slightly better than a commercial platform like VMware or Microsoft. But both come in far less than the $1.70 per application hour that is common on the public cloud, or even the 80 cents per app hour available on Amazon’s Reserved Instances platform.



Eric Pickering is the deputy operations section chief for the New Orleans Office of Homeland Security and Emergency Preparedness. He has spent 12 years in emergency response, including serving as commander of the New Orleans CERT during Hurricane Katrina. He shared with Emergency Management some personal opinions about the responsibility and costs of mitigation and recovery.

Emergency Management: You said recently that emergency management is becoming federalized. How did this happen and what does it mean?

Eric Pickering: Actually it has been more nationalized and less federalized, meaning the states collectively. The world moves much faster than it ever did before, and most of us expect things instantly. That extends to disaster relief as well. We see people who want to help after a disaster and that’s a good thing.



A guest post from researcher Enza Iannopollo.

Upcoming changes to privacy regulation in the EU as well as rising business awareness that effective data privacy means competitive differentiation in the market makes privacy a business priority today. And this is not only relevant for tech giants: protecting both customer and employee privacy is a business priority for companies of all sizes and across industries.

But where do you start? Many companies start by hiring a chief privacy officer. Some have built brand-new privacy teams that manage privacy for the whole firm, while others prefer a decentralized model where responsibilities are shared across teams. What are the pros and cons of each approach? Which organizational structure would better meet the needs of your firm?



A study by research firm IDC carried out on  behalf of Carbonite has revealed that over 80% of small to medium sized businesses (SMBs) have experienced downtime in the past, and that the costs associated with this downtime conservatively range from $82,200 to $256,000 for a single event.

Small businesses are by no means exempt from disruption and the latest Horizon Scan report carried out by the Business Continuity Institute shows that business continuity professionals working for smaller organizations have concerns about the same threats that their counterparts in larger organizations have. What is potentially a greater danger for these SMBs however, is that they often have less capacity to absorb any disruption.

The survey does show that for many SMBs, the threats they face are not going unchallenged. The survey of 700 SMBs worldwide found that 81% of those currently using business continuity solutions are considering improvements to their strategies, while 72% plan to increase investments in business continuity over the next 12 to 24 months.

Small businesses are facing operational challenges stemming from persistent data growth, budgetary constraints and the need to produce more with less which is driving adoption of cloud computing, data analytics and mobility similar to their enterprise counterparts,” said Laura DuBois, Vice President of IDC’s storage practice. “To address these challenges, SMBs have signalled a need and intention to drive material spending on business continuity in the next 12 to 24 months.”

The main driver behind increased investment in business continuity is the threat of downtime which 76% of SMBs surveyed cited as the single biggest reason for purchasing business continuity solutions. The reason for this is clear as the study highlights that the average estimated cost for an hour of downtime for an SMB ranges from $8,220 to $25,600, and typically an unplanned event can last for as long as 24 hours – which could be devastating to a small business.

When it comes to disaster recovery, the stakes are higher for small businesses,” said Mohamed Ali, Carbonite’s President and CEO. “SMBs realize that a business continuity solution can mean the difference between staying in business or losing everything they’ve worked for, and the data shows they are investing accordingly."


How should your clients back up their data? It may seem like a simple question, but the answer many MSPs provide--“a dedicated backup service, of course!”--may or may not be the right solution for every client. In reality, both business-grade file sync and traditional backup services have overlapping functionality when it comes protecting data against permanent loss. Ask your clients the following five questions to determine whether file sync or a dedicated backup solution is a better fit for their needs:



Business users are finding that the self-serve data and integration tools they craved are leading to more confusion and frustration, it seems.

“Last year the buzzwords were data discovery and governed data discovery—everyone wanted to learn as much as possible about those two concepts,” writes Rado Kotorov, vice president of Product Marketing for Information Builders. “Based on the excitement last year, it seemed that data discovery would replace all other styles of BI and analytics. But I found that the excitement over data discovery was replaced at this year’s Gartner summits by confusion and concerns.”

Since Gartner is all about bimodal IT this year — or what the rest of us have called self-service technology — the research firm’s answer to this is “bimodal BI.” The approach basically calls for separating data discovery and analytics from traditional BI reporting.



You could leap onto your desk, wave both fists in the air, and scream ‘Why, why, why?’ You could organise a whip-round in your company and invite colleagues to give generously to ‘help save our business continuity’. You could even just accept the cut. After all, whose budget isn’t being cut nowadays? Tempting as these options may seem, they do however suffer from (at least) one major drawback. They are unlikely to get your business continuity budget reinstated in full afterwards. You need a better plan. One that can see you through a rough period, help you get your budget back to where it should be, and even prevent a cut in the first place. Read on for further details.



DENVER – Thursday, April 30, is America’s PrepareAthon! National Day of Action, a grassroots campaign for action to get families, organizations and whole communities better prepared for emergencies. The campaign offers easy-to-use preparedness guides, checklists, and resources to help individuals prepare for common natural hazards and to take action, including downloading alerts and warnings, holding a drill, or safeguarding critical documents.

Despite the devastation that tornadoes, wildfires, and other natural disasters have caused in recent years, nearly 60 percent of surveyed Americans have not participated in a preparedness drill or exercise at their workplace, school, or home in the past year. The Federal Emergency Management Agency’s (FEMA) Denver-based regional office joins the states of Colorado, Montana, North Dakota, South Dakota, Utah and Wyoming in encouraging the whole community to participate in the America’s PrepareAthon! campaign by performing one of these simple preparedness actions:

  1. Sign up for local text alerts and warnings and download weather apps to your smartphone.
    Stay aware of worsening weather conditions. Visit ready.gov/prepare and download Be Smart: Know Your Alerts and Warnings to learn how to search for local alerts and weather apps relevant for hazards that affect your area.
  2. Gather important documents and keep them in a safe place.
    Have all of your personal, medical, and legal papers in one place, so you can evacuate without worrying about gathering your family’s critical documents at the last minute. Visit ready.gov/prepare and download Be Smart: Protect Your Critical Documents and Valuables for a helpful checklist.
  3. Create an emergency supply kit.
    Bad weather can become dangerous very quickly. Be prepared by creating an emergency supply kit for each member of your family. Visit ready.gov/kit for information on what to include in your kit.
  4. Develop an emergency communication plan for your family.
    It’s possible that your family will be in different locations when a disaster strikes. Come up with a plan so everyone knows how to reach each other and get back together if separated. Visit ready.gov/make-a-plan for communication plan resources.

Every state in FEMA Region VIII has shown support for America’s PrepareAthon! this spring by aligning a variety of preparedness activities with the campaign. The National Weather Service in North Dakota, South Dakota and Wyoming held statewide tornado drills to prepare residents for severe spring and summer weather; nearly one million Utahns participated in earthquake drills during the Great Utah ShakeOut; and communities throughout Colorado and Montana will hold wildfire preparedness events on May 2 for Wildfire Community Preparedness Day, an America’s PrepareAthon! partner event.

For more information about America’s PrepareAthon!, visit ready.gov/prepare. Follow America’s PrepareAthon! on Twitter using the handle @Prepareathon and #PrepareAthon.


Combined with built infrastructure, natural habitats can protect shorelines from threats
Natural "green barriers" help protect this Florida coastline and infrastructure from severe storms and floods. (Credit: NOAA).

Natural "green barriers" help protect this Florida coastline and infrastructure from severe storms and floods. (Credit: NOAA).

The resilience of U.S. coastal communities to storms, flooding, erosion and other threats can be strengthened when they are protected by natural infrastructure such as marshes, reefs, and beaches, or with hybrid approaches, such as a “living shoreline” — a combination of natural habitat and built infrastructure, according to a new NOAA study.

The study, published in Environmental Science and Policy, assesses reports and peer-reviewed studies on the strengths and weaknesses of using built infrastructure, such as seawalls or dikes, natural infrastructure, or approaches which combine both. The study focuses on how these approaches help coastal communities reduce their risk of flooding and erosion, as well as additional benefits, and the tradeoffs when decision makers choose one type over another.

“When making coastal protection decisions, it’s important to recognize that built infrastructure only provides benefits when storms are approaching, but natural and hybrid systems provide additional benefits, including opportunities for fishing and recreation, all the time,” said Ariana Sutton-Grier, Ph.D., the study's lead author, member of the research faculty at University of Maryland and NOAA’s National Ocean Service ecosystem science adviser. “Natural and hybrid systems can also improve water quality, provide habitat for many important species, and mitigate carbon going into our atmosphere.”

Examples of coastal defenses including natural infrastructure, managed realignment, and hybrid approaches. (Credit: NOAA).

Examples of coastal defenses including natural infrastructure, managed realignment, and hybrid approaches. (Credit: NOAA).

Threats like coastal erosion, storms and flooding can reshape the shoreline and threaten coastal property. With approximately 350,000 houses, business, bridges and other structures located within 500 feet of the nation’s shoreline, erosion is a problem many U.S. coastal communities are addressing.

Coastal flooding caused by extreme weather events and sea level rise is of growing global concern. As noted in this study, in 2012 there were 11 weather and climate billion-dollar disaster events across the United States, including superstorm Sandy, causing 377 deaths and more than $110 billion in damages. While only two of those were coastal events, Sandy alone was responsible for nearly sixty percent of the damages, at $65 billion (the other, Hurricane Isaac, caused $3 billion in damage). Nationally, these made 2012 the second costliest year on record for weather disasters. Only 2005, which incurred $160 billion in damages due in part to four devastating coastal hurricanes, saw more.

“Coastal resiliency and disaster risk reduction have become a national priority, and healthy coastal ecosystems play an important role in building resilient communities,” said Holly Bamford, Ph.D., acting assistant secretary of commerce for conservation and management at NOAA, and co-author of the study. “We know that sea levels are rising and that coastal communities are becoming more vulnerable to extreme weather- and climate-related events. Now is the time to invest in protection to secure our coasts, but we need to make those investments wisely and with a full understanding of the costs and benefits of different approaches.”

Coral reefs protect shorelines from currents, waves, and storms. Healthy reefs have rough surfaces and complex structures that slow incoming waves — dissipating much of the force. (Credit: NOAA).

Coral reefs protect shorelines from currents, waves, and storms. Healthy reefs have rough surfaces and complex structures that slow incoming waves — dissipating much of the force. (Credit: NOAA).

The study points out that there is still a need for built approaches in some locations. However, natural or hybrid approaches can be used in many cases.

Some natural ecosystems can maintain themselves, recovering after storm events and reducing the cost of upkeep. Natural habitats such as coral reefs, marshes and dunes can act as buffers for waves, storms and floods. Natural ecosystems also can, in many cases, keep pace with sea level rise, while built infrastructure does not adapt to changing conditions.

“There is a lot of potential innovation with hybrid approaches,” said Katya Wowk, Ph.D., NOAA senior social scientist, and the third co-author of the study. “Hybrid approaches, using both built and natural infrastructure, often provide more cost-effective flood risk reduction options and alternatives for communities when there is not enough space to use natural coastal protection alone.”

Hybrid approaches, such as combining some habitat restoration with openable flood gates or removable flood walls, provide benefits while also providing more storm and erosion protection than natural approaches alone. The study highlights hybrid approaches in the New York City metro area and in Seoul, South Korea, to deal with their monsoon flooding events.

Recently planted rows of American beachgrass will help protect a dune in Sandy Hook, New Jersey. (Credit: NOAA).

Recently planted rows of American beachgrass will help protect a dune in Sandy Hook, New Jersey. (Credit: NOAA).

“One of the challenging aspects is that these approaches are very new, so we are still learning what works best in which situations and under what circumstances,” said Wowk.

The authors suggest that every location where hybrid and natural approaches are being implemented provide opportunities for monitoring so we can learn as much as possible about each approach, including longer-term cost effectiveness.

“There is no ‘one size fits all’ solution when it comes to what is best for a community in providing coastal protection from flooding,” said Bamford. “We all have to work to innovate, test, monitor, and develop a better suite of options that includes more natural and hybrid infrastructure alternatives for providing coastal protection to communities around the world.”

NOAA’s mission is to understand and predict changes in the Earth's environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on FacebookTwitter, Instagram and our other social media channels.


Despite the fact that we often see the terms used simultaneously, there actually are significant differences between business intelligence (BI) and data analytics.

If you’re a bit fuzzy on how they differ, Lillian Pierson recently posted a succinct video post explaining the key difference between business intelligence and data science (the rest of us would call that data analytics or Big Data analytics).

Pierson is the founder of Data Mania, a data science consultancy and education company, as well as author of “Data Science for Dummies” (2015). Previously, she worked as a project engineer consultant and a spatial data scientist. I highly recommend following her on Facebook, which is how I found this video.



The private cloud is the best way to bring enterprise applications and data to a scalable, flexible infrastructure.

The private cloud is a waste of money and will never compare to the public cloud.

With such stark differences of opinion throughout the IT industry, it’s no wonder most enterprises are in a quandary over how much, if anything, to invest in the private cloud.

But as I’ve mentioned in this space numerous times, it does not matter what your peers are doing or what they think. All that really matters is finding solutions to the problems that impede data productivity, and if the best solution happens to be on internal cloud infrastructure, so be it.



State CIOs hope to secure more federal support for cybersecurity efforts, more details about FirstNet and more options for broadband grants as they meet with officials in Washington, D.C., this week.

Multiple state CIOs are meeting with officials from the White House, federal agencies and Congress Wednesday as part of the NASCIO Midyear Conference to focus attention on state-level IT issues and press for policy changes.

At the top of their priority list is more federal help on cybersecurity, where states are struggling both to fund cybersecurity programs and to lure qualified security professionals into the government workforce. CIOs will talk with White House Cybersecurity Coordinator Michael Daniel, federal lawmakers and representatives from the Department of Homeland Security about ideas for strengthening protection for state and local government information systems.

“Cybersecurity is the No. 1 policy issue for our members,” said Mitch Herckis, NASCIO’s director of government affairs. “The threat is growing and it’s difficult to address.”



While at RSA, I had the chance to sit down with Piero DePaoli, senior director, Global Product Marketing, Information Security with Symantec. We talked about Symantec’s 2015 Internet Security Threat Report.

DePaoli’s “elevator pitch” summary of the report was broken down into three main categories: cyber attackers are leapfrogging defenses in ways that companies lack insight to anticipate; attackers are moving faster than defenses; and malware used for mass attacks is increasing.

In the first case, attackers leapfrogging defenses, Symantec found that large companies (defined for this study as having at least 2500 employees) are at a surprisingly high risk for a targeted attack. The study showed that five out of six companies were targeted in 2014, an increase of 40 percent from 2013. Smaller companies are at risk, too, with 60 percent of all targeted attacks hitting companies under 2500 employees.



Healthcare IT can be a profitable niche for MSPs, and it's an area that's grown rapidly since 2013. But it comes with its own set of complexities. Here's one place where MSPs can get help what they need to break into this market.


Recently we had the honor of interviewing visionary David Sims from South Carolina. He is the owner of the renowned website HIPAAforMSPS.com. This site was created to serve MSP’s who are looking to branch off into the Healthcare IT sector, but don’t know how to go about it.

Healthcare IT is an extremely profitable niche for MSPs to enter into because of its exponential growth since 2013. However, with such a lucrative niche comes a colossal obstacle.



Where does the board’s role begin and end regarding risk? A company’s core objective is to create and increase wealth for its shareholders. Collectively, directors provide leadership toward this objective through two primary functions: 1) decision-making and 2) executive management oversight. Decision-making includes approving corporate policy, strategic goals, annual budgets, major expenditures, and the acquisition or disposal of material assets. It also includes evaluating and selecting the Chief Executive Officer (CEO) and approving the company’s risk appetite. Risk appetite is the amount of risk the organization is willing to accept in pursuit of objectives. While it is typically the CEO who recommends a risk appetite to the board, it is the board that should render the ultimate decision on how much risk is appropriate.

The second primary board function involves a fine line regarding the degree of management oversight. Too much, and the board could be micro-managing the company thus infringing on the CEO’s turf. Too little, and the board could lose its pulse on the status of the company’s risk management efforts. Here are five considerations to define a healthy balance between board oversight and management responsibilities pertaining to Enterprise Risk Management (ERM):



(TNS) — When tornadoes like the one that struck Moore last month are imminent, forecasters can often warn residents about them a few days in advance.

But weather researchers at the National Oceanic and Atmospheric Administration’s National Severe Storms Laboratory and elsewhere are working on a new method they hope will allow emergency responders to prepare weeks ahead of time when tornadoes are likely.

Harold Brooks, senior research scientist at the Norman-based laboratory, said scientists could be a few years away from being able to release seasonal forecasts for tornadoes. Rather than predicting individual outbreaks, those forecasts would predict how likely tornadoes were over the course of a few weeks or an entire season, he said.

“The important experiments have been done,” Brooks said.



In the children’s story, “The Three Little Pigs,” the Big Bad Wolf tried a frontal assault by blowing the first two pigs’ houses down. By the end of the story, the pigs had come together, and through the preparation and efforts of the third pig building a house of bricks, taken refuge in the brick house and withstood the Wolf’s attack. In today’s world with a global economy, e-commerce, and utilization of technology to do business, the Big Bad Wolf will not knock on the front door. Instead, the Big Bad Wolf sits at home in its den using a computer to hack the data network and steal customer information, back accounts, social security numbers, and money. A brick house in today’s business environment is a strong and robust cybersecurity program. From direct deposits and online shopping to phishing and identify theft, the benefits and risks from increasing reliance on electronics and technology add another lawyer of compliance that businesses, ownership, management, and industries must not only recognize but immediately integrate and sustain for continued success and survival. This is why cybersecurity programs are necessary and invaluable to any company’s success and survival.

Cybersecurity is no longer a concern for just financial institutions, government agencies, or multi-national conglomerates. Any business involved in utilizing technology and electronics to engage with its customers and enter the business marketplace is subject to attack. Every day thousands of companies big and small and in various market and industry sectors are besieged by cybercriminals. By being proactive, committed, and vested in cybersecurity, a company, regardless of size, market, or industry, can prepare, implement, and sustain best practices, policies, and procedures that will help it defend against cyberattacks. Although not exhaustive, and priorities can change dependent upon risk and exposure, three primary areas a company can start with are active monitoring and assessments, implementation of the U.S. Commerce Department’s National Institute of Standards and Technology (NIST) Cybersecurity (CS) Framework, and employee training.



WASHINGTON – A recent Federal Emergency Management Agency (FEMA) survey found that nearly 60 percent of American adults have not practiced what to do in a disaster by participating in a disaster drill or preparedness exercise at work, school, or home in the past year. Further, only 39 percent of respondents have developed an emergency plan and discussed it with their household. This is despite the fact that 80 percent of Americans live in counties that have been hit with a weather-related disaster since 2007, as reported by the Washington Post. With the number and severity of weather-related disasters on the rise, the America’s PrepareAthon! is an opportunity for individuals, organizations, and communities to take action to prepare for specific hazards through group discussions, drills, and exercises.

“When it comes to preparedness, practice makes perfect,” said FEMA Administrator Craig Fugate. “America’s PrepareAthon! is about taking action now to better prepare yourself, your family, and your community to be ready to respond to these events before they occur.”

America’s PrepareAthon! is a national community-based campaign that provides free, easy-to-use guides, checklists, and resources to get more people to take action to prepare every day. On April 30, individuals, families, workplaces, schools and organizations will come together to practice simple actions to stay safe before, during, and after emergencies relevant to their area. Examples include:

  1. Sign up for local text alerts and warnings and download weather apps to your smartphone.
  2. Develop an emergency communication plan for your family. This will help you be in touch if a disaster strikes and family members are in different locations.
  3. Collect important documents and keep them in a safe place. This will help you evacuate without delay and get back on track after the disaster passes.
  4. Gather emergency supplies. Pack a “go bag” to evacuate quickly and have supplies in the home to be safe without water or power.

Visit the America’s PrepareAthon! website, ready.gov/prepare to take action, be counted and spread the word.

America’s PrepareAthon! was established to provide a comprehensive campaign to build and sustain national preparedness as directed by Presidential Policy Directive-8. The campaign is coordinated by FEMA in collaboration with federal, state, local, tribal, and territorial governments, the private sector, and non-governmental organizations.


(TNS) -- When Jordan Soto’s father called 911 from his cellphone while she was having a medical emergency, the call was routed to a dispatch center 30 miles away.

Soto lived within a quarter-mile from a Santa Barbara, Calif., fire station, but responders didn’t make it to her home in time, and the 24-year-old died from an accidental drug overdose.

“That shouldn’t have happened,” said Assemblyman Das Williams, D-Santa Barbara. “They got there when it was too late.”

A new California Assembly bill calls for a two-year study to improve accuracy in pinpointing locations of 911 calls made from cellphones. AB 510 seeks to explore ways to eliminate unnecessary delays in emergency care for people in need. The bill was unanimously approved this month by one Assembly committee and now heads to another.



Wednesday, 29 April 2015 00:00

25 Reasons for Risk Management Failure

I recently spoke to directors and officers about oversight of risk management by boards of directors. I prepared a list of 25 reasons that risk management failure happens, based on my experience assisting boards, including boards that have failed and boards that cannot afford to fail. Almost all of what follows below is based on real examples. I have never encountered a risk management failure where the board was not at fault, based on what the board said or did, or failed to say or do.

Here are 25 reasons for risk management failure:



Aon Risk Solutions has published its annual list of the key risks as identified by its clients across the globe. For the first time cyber risk has entered the top 10 at number 9 , reinforcing its emergence as a key risk factor. Damage to brand and reputation was cited as the top overall concern facing global organizations, further underscoring the increasing importance of cyber risk as it has been regularly linked to brand and reputation issues in the wake of data breaches.

Aon’s global clients strongly felt that damage to brand and reputation ranked as a top concern across almost all regions and industries. This can be attributed to the growing challenges businesses are facing amongst the risks found in the top 10 list, such as cyber risk, but also including business interruption, property damage and failure to innovate.

The 1400 survey respondents to the Aon Global Risk Management Survey included CEOs, CFOs and Risk Managers providing comparative insight into different perceptions of risk. Typically, financial and economic risks including commodity price risk, economic slowdown and technology failure were seen as damaging at C-suite level with risk managers focused on liability-related risks such as cyber, property damage and third party liability.



NEW ORLEANS—Seventy-nine percent of companies are aligned with their risk management reporting structure, however, only 27% of risk professionals believe that emerging risks will be a company priority in the coming year, according to the 12th annual “Excellence in Risk Management Survey” released here by Marsh and RIMS.

In the last five or six years, “We have seen significant narrowing of the gap, where there is better alignment of what risk managers and risk executives are providing their organization and what their C-suite and management is looking for and needing in this riskier world that we all live in,” said Brian Elowe, a managing director at Marsh and co-author of the report. Findings are based on more than 300 responses to an online survey and a series of focus groups with leading risk executives.



Within the next five years, the number of people connected to the Internet is forecast to rise to over 7 billion. The number of things hooked up to the web is projected to be around 50 billion. While the Internet of Things (IoT) still has to fulfil certain promises, the base is already there. From wearable fitness trackers to office building intrusion detection, the range of items being linked to the web is already wide. The natural and growing reflex is to consider the risk involved and appropriate risk management. But which kind of risk are we talking about?



The close relationship between the Internet of Things (IoT) and Big Data is an intuitive one. The IoT will create a ton of information, which is precisely what Big Data is designed to handle. They really are different sides of the same coin.

Even things that seem to be made for each other don’t go together without a lot of work, however. Outscale technical writer and blogger Will Hayles uses a guest column at Datamation to describe the two intersecting techniques. The biggest companies have the money to hire people to plan well into the future. They are developing an understanding of the nexus of Big Data and the IoT. Other companies must get wise as well, he writes:

While larger enterprises like Coca-Cola, General Electric, and Domino’s Pizza have managed to tap into its value, most businesses will have to wait some time before they can really enjoy the advantages of embedded sensor technology. In the meantime, it’s imperative that those businesses prepare by adopting a big data strategy - and looking into analytics technology.



Tuesday, 28 April 2015 00:00

When the Local Data Center Meets the IoT

Big Data and the Internet of Things (IoT) seem all but unstoppable these days, so the only question that remains is how the data center will evolve to handle such a large and diverse load.

To many, the cloud will become a crucial resource regardless of any lingering doubts over security and availability. There is only so much a single data center can handle, and unless the enterprise plans on going broke buying new hardware, the vast majority of Big Data and IoT storage and processing will have to take place on third-party infrastructure.

This is not necessarily bad news for the current IT vendor community, though, as it will likely lead to a data center building boom. According to IDC, data center capacity among service providers will jump more than seven-fold between now and 2019 as the cloud community seeks to provide the anytime, anywhere, anyhow connectivity and context that are the hallmarks of the IoT. The development of large capacity facilities will be tied to additional compute and storage deployment at the edge, as well as increased use of analytics and intelligent platforms designed to bring the management burdens of such a diverse infrastructure under control.



It occurs to me that as the Internet of Things emerges as a topic of increasing relevance to CIOs, one of the things they’re going to need to be concerned about is standards. As the cloud-to-cloud integration that is necessarily associated with IoT becomes more commonplace, that integration will entail the adoption of certain standards that may or may not be in place at this point. So where is all of this heading?

I had the opportunity to discuss this topic with Shane Dyer, CEO of Arrayent, an IoT  platform provider in Redwood City, Calif. To kick off the discussion, I asked Dyer what role industry associations like the IPSO Alliance, the Cloud Computing Association, and the Cloud Industry Forum are playing in advancing cloud-to-cloud integration, and how effective they’ve been in this regard. He said Arrayent’s customers at this point aren’t asking them to conform to or recommend any cloud-to-cloud integration standard, which tells him that standards organizations working in this area could improve their market education and visibility efforts:



(TNS) — Monday’s predicted sunny skies will make the events of April 27, 2011, seem like a distant memory, but those who are responsible for emergency response services will ever be watchful.

Four years ago Monday, three tornadoes tore through Cullman County, Ala., bringing a day of destruction to communities across the area. The sunrise tornado in the Hanceville area started the disaster. After a lull, an EF-4 tornado came through downtown Cullman and another came into Fairview and other areas of the county.

Immediately following the tornado outbreak, which devastated Tuscaloosa and many other areas of the state, residents began rebuilding, and as Cullman Mayor Max Townson recalls, an economic surge began to take place.



At the Qonnections 2015 Global Partner 2015 conference today, Qlik unveiled an update to its data visualization platform that adds self-service capabilities while at the same time providing simpler access to external data sources.

In addition, Qlik unveiled an implementation of the Qlik Analytics Platform aimed specifically at developers and announced the general availability of multiple services on Qlik Cloud, an implementation of the Qlik platform running on Amazon Web Services (AWS) that is designed to make it easier for end users to share data.

Josh Good, director of product marketing for Qlik, says Qlik Sense 2.0 extends the company’s core QIX Associative Indexing Engine technology in ways that make it simpler to visualize data and create reports, while still giving IT organizations the level of governance needed to meet regulatory requirements.



Planning, training and exercising are supposed to be continuous in the emergency management field. The question is, when are you done? When is good, good enough? At what time do you reach the point of diminishing returns?

For planning, it never seems to end. Once a plan is written, you have to train people to the plan and then exercise it with those people and outsiders too. In both training and exercising, you will find gaps in your plan document. This comes from having more eyeballs on the document, and then the act of exercising the plan will reveal areas that either were not addressed at all or are in need of revision.



Monday, 27 April 2015 00:00

It’s Getting More Dangerous Out There

Today’s threat landscape isn’t getting quieter. In fact, cyber criminals are getting smarter. The “same old same old” just won’t cut it when you’ve got to select an endpoint security solution for use in today’s increasingly toxic threat landscape.

The cold, hard truth is that today’s threat landscape isn’t getting quieter. In fact, cybercriminals are getting smarter. Just consider the three V’s--volume, velocity and variety--that characterize the current endpoint security environment:




(TNS) — The most powerful earthquake to hit Nepal in more than eight decades roared across the impoverished mountain kingdom just before noon Saturday, killing more than 1,800 people, some as far away as India and Bangladesh, and devastating a crowded base camp at Mt. Everest.

Signature buildings collapsed in the ancient Old Katmandu quarter of the capital, including the Dharahara Tower, a 200-foot-tall structure built in 1832. Emergency response officials said at least 60 tourists were buried under rubble while visiting the popular site at the busiest time of day. Other historic buildings in Katmandu Valley’s UNESCO-designated heritage sites were also damaged or destroyed by the magnitude 7.8 temblor, including Patan Durbar Square.

“Responders are trying to dig people out,” said Prajana W. Pradham of the CARE relief agency. “This quake was so big.”

Officials said the death toll was likely to increase dramatically, perhaps to as many as 10,000, as emergency response crews reach more remote areas of the country of 28 million.



Monday, 27 April 2015 00:00

Nobody Puts Big Data in a Corner

It’s easy to type cast analytics. After all, it so easy fits in with BI that we tend to want to think about Big Data as a tool for business analysts, finance and IT leaders. But nobody puts Big Data in a corner, and a recent DC Velocity article shows why.

If you’re unfamiliar with the magazine/website, DC Velocity covers supply chain and logistics, and the piece is actually a republished CSCMP Supply Chain Quarterly journal article. The point of the article is to show how Big Data analytics can be useful to supply chain leaders, but it actually makes the case for why all managers should educate themselves on analytics.

“Without a full understanding of what the field of analytics is about, supply chain managers may be missing out on many opportunities—both for their companies and for themselves,” the article states.



Wireless Emergency Alert (WEA) messages need to be longer, URLs should be included, message order must be changed and more outreach is needed, according to a new study conducted for the U.S. DHS.

The Comprehensive Testing of Imminent Threat Public Messages for Mobile Devices study used focus groups, interviews, post-incident surveys and experiments to thoroughly examine WEA messages. With $980,000 provided by the Commerce Department to DHS’ Science and Technology (S&T) Directorate, the study was conducted by the National Consortium for the Study of Terrorism and Responses to Terrorism (START) at the University of Maryland. The study’s principal investigator, Brooke Fisher Liu, said the empirical-based guidance “can potentially help alert originators improve how they currently craft and disseminate WEAs.” 

Denis Gusty, a program manager with DHS S&T, said he was not surprised by any of the research findings, but hopes stakeholders will read the report and make adjustments where appropriate by putting the information into practice. Suggested changes relative to message length and content are already under consideration by key stakeholders charged with making WEA recommendations to the FCC through the Communications Security, Reliability and Interoperability Council.



Batteries are a common site at most data centers, but while they typically form the heart of emergency backup architectures, there are growing signs that they could emerge as primary, or at least co-primary, power sources as well.

This trend seems to be part and parcel to the steadily increasing use of hydro, solar and other renewables to power the data center, as well as the rise of low-power, modular infrastructure in cloud-facing, hyperscale facilities.

Microsoft, for one, has been experimenting with a number of battery technologies for a while now, ostensibly to lower operating costs of its Azure cloud. In one project, the company has come up with a new lithium ion design called the Local Energy Storage (LES) unit, according to tech journalist Timothy Prickett Morgan. The system features the normal Panasonic cell that powers microservers and other devices, but rather than hang it off the side of the server, Microsoft dropped it into the switched mode power supply in the Open Cloud Server architecture. In this way, power can go directly to existing circuits without additional wiring and components. This also removes the battery from the path between the power source and the motherboard, ultimately reducing the load on bulk capacitors in backup power systems. The batteries cost only a few dollars when purchased in bulk and are estimated to cut operating costs by about a quarter.



We are in the midst of experiencing one of the most monumental shifts in the information technology age to date—an evolution from self-managed IT to IT as a service. With a public cloud services market estimated by Gartner to exceed $244 billion by 2017, service providers looking to capitalize on this tremendous opportunity must be focused on rapid time to market and deliver exceptional managed services to their customers.

However, like most of us, service providers of all types and sizes are being challenged to do more with less, to enable faster R&D cycles, and to accelerate customer acquisition growth while reducing overall spend. It is for these reasons that many MSPs have been looking to leverage VMware’s as-a-service offerings: When it makes sense for their business, partners can opt to buy--as a complement to what they’ve built--ready-to-run infrastructure and desktop services, and focus on delivering managed services on top.



Friday, 24 April 2015 00:00

Managing Cyber Risk in Health Care

When Anthem, the second largest insurance provider in the United States, revealed recently that its records had been compromised by hackers — resulting in the possible leaking of personal data of more than 80 million present and former customers — the incident became a much-needed wake-up call for the health care industry.

Unfortunately, Anthem is not the first company to experience a major data breach in the past 18 months. In 2014 alone, customer data, credit card information and intellectual property were stolen from Target, Home Depot, JPMorgan Chase, Sony Pictures and many others.  What recent history has taught us is that hackers are becoming more sophisticated, attacks are becoming more malicious and no industry or organization is invulnerable.

The public has moved on from asking, “How did this happen?” to asking, “Why does this keep happening?” The attention on privacy rights coupled with the growing costs of major data breaches are elevating the issue of managing the digital enterprise to the board level.



By Gary Hinson and Dejan Kosutic

Most business continuity experts from an IT background are primarily, if not exclusively, concerned with establishing the ability to recover failed IT services after a serious incident or disaster. While disaster recovery is a necessary part of business continuity, this article promotes the strategic business value of resilience: a more proactive and holistic approach for preparing not only IT services, but also other business processes before an incident in order that an organization will survive incidents that would otherwise have taken it down, and so keep the business operating in some form during and following an incident. 


According to the BSI Standard 100-4 (2009), “Business continuity management consists of a planned and organized procedure for sustainably increasing the resilience of (time-)critical business processes of an organization, reacting appropriately to events resulting in damages, and enabling the resumption of business activities as quickly as possible. The goal of business continuity management is to ensure that important business processes are only interrupted temporarily or not interrupted at all, even in critical situations, and to ensure the economic existence of the organization even after incurring serious damage.”

Is business continuity important enough to invest time, effort, and money into achieving it? Given that the alternative implies accepting the risk that the business will quite likely fold in a crisis, few in management would seriously argue against business continuity, but that still leaves the questions of how much to invest, and how to invest wisely. These are strategic issues: business continuity is a strategic concern.



As an emergency manager, one of the easiest questions to answer is: Why do we do what we do? Thoughts of preventing loss of life and protecting property for our families, neighbors and all members of our community and nation quickly spring to mind. A frequent follow-on question can be more complex: That sounds important, how do you make sure you get it done right?

As we answer this next question, we may recall the problems we solved: the time we found a flaw in our response plan that we quickly fixed, or the moments in the Emergency Operations Center when we relied on our team and our training to make the right decisions. Indeed, it is our ability to problem-solve effectively that keeps emergency management so dynamic. Whether we work in preparedness, mitigation, response or recovery, as we identify solutions to address the worst-of-the-worst that could happen (or has happened) to our communities, we act as agents of dynamic change.

This dynamism goes all the way to our core, as even our foundational structure and methodology have evolved significantly since the turn of the century. In recent years we have redefined our relationship with homeland security; we have learned our place under one National Incident Management System; the list could go on. This ongoing evolution, empowered by our willingness to identify our weaknesses and strengthen them, is a core reason why our community is so strong.



(TNS) — Nearly half of all Americans — 150 million people — are threatened by possibly damaging shaking from earthquakes, scientists said Wednesday at a meeting of the Seismological Society of America.

That figure, from all 50 states and Puerto Rico, is a sharp jump from the figure in 1994, when the Federal Emergency Management Agency estimated just 75 million Americans in 39 states were at risk from earthquakes.

The authors of the study, which included the U.S. Geological Survey, said the sharp increase in exposure to quake damage was largely because of population increases in areas prone to earthquakes, particularly California, said William Leith, a coauthor and senior science advisor for earthquake and geologic hazards at the U.S. Geological Survey.



(TNS)Using some of its strongest language to date, the Oklahoma Geological Survey said Tuesday the state's ongoing earthquake swarm is "very unlikely to represent a naturally occurring process."

The state survey said the suspected source of triggered earthquakes is the use of wastewater disposal wells that dump large amounts of water produced along with oil production.

"The observed seismicity of greatest concentration, namely in central and north-central Oklahoma, can be observed to follow the oil and gas plays characterized by large amounts of produced water," the report stated. "Seismicity rates are observed to increase after a time-delay as injection volumes increase within these plays. In north central and north-central Oklahoma, this time-delay can be weeks to a year or more."



If you are familiar with IT security testing for organisations, you have probably heard of the concept of a kill chain. This is a route by which an attacker can achieve a given goal (steal data or sabotage an IT installation, for instance). Kill chains as their name suggests are composed of several links or stages through which an attacker moves to home in on the target result. As efficiency as well as effectiveness is part of business continuity, why reinvent the wheel? The kill chain could provide insights here as well.



Thursday, 23 April 2015 00:00

Drones Should Be On Everybody’s Radar

One of the questions that underlie much of what is discussed in the telecommunications and IT world is whether the end game is a world of unemployed people. When will IBM Watson and other cognitive computing platforms evolve to the point that they make analysts unnecessary? When will robots become so sophisticated that all the nurses and home health care givers will be out of work? When will drones replace the neighborhood ice cream truck?

These are important questions, but ones that are not strictly limited to the IT/telecom realm. After all, engineers make the weapons. Politicians, legislators and administrators decide how to use them.



An ‘alternate workspace’ (either at your own locations, or contracted through a 3rd party provider) can be a vital component of a viable Business Continuity strategy; but only if the strategy works as intended.

An earlier article discussed Alternate Site Logistics – transportation, access and accommodations.  But you’ll also need to make sure to build technical access into every BCP which may rely on an alternate site strategy.

Let’s assume in that hypothetical Alternate Workspace strategy the designated employees arrive safely and are granted access to their alternate workspace.



It ought to go without saying that a volunteer firefighter isn’t going to perpetrate a sex crime or rob a house when he’s supposed to be dousing the flames. Apparently it isn’t that obvious.

Last year New York Gov. Andrew Cuomo signed a law requiring background checks to ensure volunteer firefighters weren’t carrying sex offense convictions. It’s up to individual fire companies to decide whether a prospective volunteer is fit to serve, in spite of a past sex offense, but everyone gets screened.

In Rush County, Ind., volunteers for Community Emergency Response Teams (CERTs) must submit to an even broader check, one that encompasses all past criminal history.



(TNS) — If a hurricane is closing in on your neighborhood, the National Weather Service wants you to know what you will likely face.

So it is creating an interactive map on its homepage to tell you how your home in any particular storm could be affected by strong winds, torrential rains, storm surge or flooding.

"It communicates the local threat of each hurricane hazard," Pablo Santos, meteorologist in charge of the weather service's Miami office, said Tuesday. "It's meant to be realistic in terms of what to prepare for."

While the goal is to have it up and running by the June 1 start of hurricane season, Santos said it is still "under construction" and may not be available until the heart of the season in mid-August, or possibly even next year.



Wednesday, 22 April 2015 00:00

The global cost of supply chain disruption

Rapid economic growth in emerging economies, labour disruptions, political instability and a disease outbreak in West Africa led to a rise in business losses in 2014 according to the latest Global Supply Chain Intelligence report from BSI Supply Chain Solutions. Globally over $23 billion was lost to cargo theft in 2014 from a variety of supply chain threats, while the four most economically damaging natural disasters caused a collective $32.8 billion of damage. Within Europe, trade interruption due to an array of strikes throughout the continent caused $1.5 billion of direct losses to business.

The scale of the problem was demonstrated in the Business Continuity Institute’s most recent Supply Chain Resilience report which revealed that over three quarters (76%) of respondents to a survey had experienced a supply chain disruption during the previous year and almost a quarter (23.6%) had reported cumulative losses in excess of €1 million during that time.

David Horlock, Managing Director, BSI APAC commented: “Companies are facing an increasingly wide range of challenges to their supply chain, from human rights issues to natural disasters. Such complexity creates black holes of risk for organizations, both directly affecting the bottom line but perhaps more seriously, hidden supply chain risk, damaging a company’s hard-earned reputation.”

Port congestion and strikes continued to severely affect business continuity across Asia Pacific, the west coast of the United States and Germany throughout 2014. Limited container storage space resulted in cargo discharge times of up to a week, increasing operational costs for companies shipping through Hong Kong by nearly $1 million per month. General strikes across Belgium caused $1billion of direct losses to business, while airline strikes in France and Germany cost $300 million and $198 million respectively.

While the report highlights cargo theft as a growing risk, it is still outweighed by the economic impact of natural disasters. 2014’s top four natural disasters caused a collective $32.8 billion of damage to businesses, with flooding across Pakistan and India making up a third of this figure. Three quarters (75%) of the top exporters across the Asia-Pacific region are rated high or severe for natural disaster risk.


This week, I’m attending the 2015 RSA Conference where I’ve had the chance to mingle with security professionals and other security writers, as well as get to sit in on some interesting sessions. I was invited to attend a panel discussion hosted by Nok Nok Labs. The panel included Nok Nok’s CEO Philip Dunkelberger; Jon Oltsik, a security analyst at Enterprise Strategy Group; Rhonda MacLean, a former CISO with a number of companies including Bank of America and Boeing; and Giles Watkins, a partner in the cybersecurity practice at KPMG.

The discussion—with quite a bit of audience participation, I should add—revolved around the opening question posed by Oltsik: Why is it taking so long for industry to embrace security?



The words “rip and replace” are among the most feared in the IT lexicon—right up there with “denial of service” and “The CIO wants you in his office right now.”

But now that the enterprise is contemplating a data environment that will propel business into the 21st Century, some organizations are giving serious consideration to wholesale replacement of aging infrastructure. In an increasingly interconnected world, it has not gone unnoticed that many emerging markets are already building forward-leaning data environments atop gleaming new hardware platforms.

Indeed, says EuroCloud co-founder Phil Wainewright, those who don’t embrace some level of rip-and-replace will find themselves outclassed by rivals who do. When the pace of change is moving at hyperspeed, delay is the enemy—it not only limits your ability to compete, it makes the inevitable change that much harder as new systems and software become integrated with the old.



For the city of Long Beach, Calif., the challenge of emergency management is clear: A small number of people are making too many 911 calls for medical assistance.

It’s a problem Long Beach and cities across the nation struggle with as a minority of callers and care facilities — also known as “911 super-users” — congest phone lines and stretch emergency resources. Financially, it's a problem for providers, governments and even the callers themselves. Yet more pressing is the impact on first responders, where a minute's delay could determine life or death.

To deal with the problem, Long Beach officials partnered with the civic tech group Code for America to create AddressIQ, a Web app that combines fire, police and business licensing data to reduce calls from 911 super-users. The tool connects addresses to both the number and type of emergency dispatches. The information enables emergency workers to collaborate on high-usage locations and assist callers through education, social outreach, or — in worst cases — enforcement measures.



(TNS) — The woman won't look away from the dark huddle of uniforms standing behind a yellow police tape barrier that flaps back and forth in an occasional breeze. There, on the other side of this South Los Angeles parking lot, her brother is lying, still.

Two men in suits approach her. Their expressions signal bad news. Their words confirm it: Earlier in the night, her brother was shot in the head and killed.

Barbara de Lima, a grandmotherly figure with curly white hair, stands beside the family as they talk to the detectives. When a family member begins to cry, de Lima gives her a water bottle along with soothing words of comfort. The woman falls onto her, and de Lima cradles her head on her shoulder, calling her "honey."



Mapping tool visualizes anticipated flood effects, aiding preparation for coastal storms

April 21, 2015

Charleston, South Carolina, was found to be one of the top ten U.S. cities in increased nuisance flooding, according to a June 2014 NOAA report. The Coastal Flood Exposure Mapper enables users to visualize these flood impacts and others in order to craft better resilience plans.". (Image: NOAA).

Charleston, South Carolina, was found to be one of the top ten U.S. cities in increased nuisance flooding, according to a June 2014 NOAA report. The Coastal Flood Exposure Mapper enables users to visualize these flood impacts and others in order to craft better resilience plans.". (Image: NOAA)

A NOAA flood exposure risk mapping tool that was developed in New York, New Jersey, Delaware and Pennsylvania has now been expanded to cover coastal areas along the entire U.S. East Coast and Gulf of Mexico. The Coastal Flood Exposure Mapper, a deliverable of President Obama’s Climate Action Plan, provides users with maps, data, and information to assess risks and vulnerabilities related to coastal flooding and hazards.

According to the 2010 U.S. Census Bureau population count, 39 percent of the U.S. population lives in counties subject to significant coastal flooding.

“Coastal populations are increasing, as is the potential for flood events,” said Jeffrey L. Payne, Ph.D., acting director of NOAA’s Office for Coastal Management. “Anything we can do to make people aware of their community’s vulnerability puts that community in a better position to act to save lives and property.”

With this NOAA tool, users select their location and the flood scenario of their choosing: Federal Emergency Management Agency flood designations, shallow coastal flooding associated with high tides, or flooding associated with sea level rise or storm surge. Flood maps are then overlaid with any of three exposure maps to show how floodwaters might impact area assets. All maps can be saved, printed, and shared.

  • The societal exposure map provides information on population density, poverty, the elderly, employees, and projected population growth. Communities can use this information for community planning and to determine how floodwaters might affect vulnerable or concentrated populations.

  • Roads, bridges, water, and sewer systems can be damaged by coastal flooding. Communities can use the mapper to assess infrastructure vulnerabilities and associated environmental and economic issues to determine what steps are needed to protect these assets.

  • The ecosystem exposure map provides data and information about natural areas and open spaces—including their proximity to development — to help communities identify which areas can be conserved for future flood protection benefits. Pollution sources are also identified to show where natural resources could be affected during a flood.

Coastal communities around the country are becoming more vulnerable to severe events and water inundation,” said Holly Bamford, Ph.D., acting assistant secretary of commerce for conservation and management. “According to the 2010 U.S. Census, the population of coastal communities is going to rise by 8 percent by 2020. Increased vulnerability plus increased population means communities are going to need accurate, reliable, and timely information to prepare for the future. Equipping our communities with information, products, services, and tools, like the Coastal Flood Exposure Mapper, allows them to become more resilient.”

This map tool was developed by the NOAA Office for Coastal Management.

NOAA’s mission is to understand and predict changes in the Earth's environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on FacebookTwitter, Instagram and our other social media channels.

Target (TGT) last week said it would pay MasterCard (MA) issuers up to $19 million pre-tax in alternative recovery payments related to the retailer's Dec. 2013 data breach. And as a result, Target and MasterCard top this week's list of IT security newsmakers, followed by the Data Security and Breach Notification Act of 2015, HSBC (HSBC) and Verizon (VZ).

What can managed service providers (MSPs) and their customers learn from these IT security newsmakers? Check out this week's list of IT security stories to watch to find out:




At the BCI Middle East Conference in May, to be held at the Oryx Rotana in Doha, Qatar, the Business Continuity Institute Qatar Forum will launch its Qatar Business Continuity Management Guideline. The guideline was a collaborative effort of a small Working Committee representing various organizations in Qatar, and the members are also active participants in the recently established BCI Qatar Forum. In developing the guideline, the BCI Qatar Forum was supported by the Directorate of laboratories and standardization within Qatar's Ministry of Environment.

This new guideline is designed to help all types of organizations operating in Qatar, whether business, charity or government, and regardless of sector, size, location or activity, to be better-prepared and more confident to handle business disruptions of any type.

Incidents take many forms, ranging from large-scale natural disasters or acts of terror to single technology-related failures, or utility services interruptions. Most incidents are small but some can have a significant impact on an organization, multiple organizations, or on the State of Qatar as a whole. This therefore makes business continuity management relevant at all times and at all levels. Complex inter-dependencies between organizations also make it important to ensure business continuity across the whole value chain, from receipt of goods and services from suppliers to delivery of products and services to customers, and to ensure there is an effective BCM information exchange with a range of stakeholders.

Based on the various international Standards in business continuity, and in particular ISO 22301, the guideline describes how to set up, implement and manage an effective Business Continuity Management System. The Guideline also provides guidance on interpreting ISO 22301 requirements, as well as local examples and templates to adapt and use.

"There is an increasing global awareness that organizations in the public and private sectors must know how to prepare for and respond to unexpected and disruptive events, to ensure business continuity and maintain their operations and the Qatar BCM Guideline will help all organizations in Qatar achieve this" said Abdullatif Ali Al-Yafei, Chairman of the Qatar BCM Guideline Working Committee.”


Social media gaffes know no corporate hierarchy.  With more and more execs using and being encouraged to use Social Media, the instant and public ramification of a gaffe, blunder, or exploit the stakes keep rising.  These can result in much more than embarrassment for the perpetrator and their company.  Ramifications and fallout can include spreading malware, mishandling the PII of high profile individuals, violating federal regulations, or triggering the scrutiny of regulatory bodies.

In February, Twitter CFO Anthony Noto’s account was hacked and some 698 spammy tweets were sent out from his account over an eight-minute period.



As information, computing and data communications technologies evolve, business demand for data centre / center services grows simultaneously. That demand is split into two parts; public cloud, where computing is available on demand and delivered from data centres owned and operated by large US-based corporations, and commercial data centres. It’s vital that companies understand which method will prove most beneficial for their business.

As the hybrid cloud model’s popularity grows, so does the trend of businesses moving from in-house to a combination of external colocation and on-demand public cloud services. The flexibility of public cloud means choosing a provider is simple and if the cloud service provider does not meet business needs, moving is equally simple. This is not the case with colocation, where the choice of an external data centre requires care, thought and research. With this in mind, there are five key points companies should consider when looking for a safe, secure and reliable data centre to host their own critical equipment:



When you do a test, you aim to pass it but when designing exercises, it’s best to fail them so you learn the maximum amount—especially what is wrong…

Testing business continuity plans is vital because, clearly, that’s the only way to ensure that a business continuity plan works in reality as well as on paper. However, as Peter Frielinghaus, Senior Advisor at ContinuitySA points out, validating the business continuity plan is itself a process more than an event: “That’s why the ISO 22301 standard requires exercising and testing of business continuity procedures to ensure they meet your objectives and are reliable,” says Mr. Frielinghaus. “To my mind, the exercising is where the most value lies because it helps the organization assess where it is and where it needs to improve, whereas a test simply delivers a pass or fail.”

“When you do a test, you aim to pass it but when designing exercises, it’s best to fail them so you learn the maximum amount — especially what is wrong.”

Exercises allow organizations to rehearse plans, verify information in plans and train all relevant personnel, including their deputies,
Frielinghaus notes. He goes on to say that aside from being robust, exercises need to be carefully constructed to be realistic in regard to likely threats and a company’s business.

“To give an extreme example, doing an exercise focused on tsunamic damage for a company that is based inland would reduce buy-in from employees,” he says. “It’s also good advice to begin gradually with fairly simple exercises, building up in complexity as the teams become more proficient and your sense of the organization’s actual level of business continuity maturity becomes more exact.”

Following this approach will enable the organization to confirm whether its business continuity capability reflects its scale and complexity; that its business continuity plan works; and that its business continuity management programme meets its policy objectives. Perhaps most important of all, Frielinghaus says, an ongoing programme of exercises would ensure that the organization’s business continuity capability is continually being improved.

As a guide, Frielinghaus says that over a 12-month cycle, the exercises should test whether the equipment required by the plan works, that procedures and plans are correct and dovetail with each other, and that procedures are manageable. In addition, the exercises should be designed to reveal whether the required recovery time objective for business process can be met, and whether the personnel involved have the skills, authority and experience needed.

Key elements for the success of any exercise are that every participant undertakes to document his or her experience and recommendations for review, and that problems are highlighted.

“Remember that the exercise is testing the plan and not the participants, and that it is not testing what caused the disruption in the first place, or the measures put in place to mitigate risks,” Frielinghaus concludes. “It’s particularly important to remember that an exercise is not a test, and thus that it’s preferable to fail in order to learn as much as possible.”


The UK Government’s Centre for the Protection of National Infrastructure (CPNI) has published a new document which gives advice on handling supply chain vulnerabilities.

‘Mitigating Security Risk in the National Infrastructure Supply Chain a Good Practice Guide For Employers’ recommends that organizations should view supply chain security risk as being an extension of existing arrangements to mitigate security risk within the organization itself. To achieve this a supply chain security risk mitigation implementation plan is required which includes:

  • Comprehensive mapping of all tiers of the upstream and downstream supply chains to the level of individual contracts.
  • Risk scoring each contract to link in to the organization’s existing security risk assessment.
  • Due diligence/accreditation/assurance of suppliers (and potential suppliers) and the adoption, through contracts, of proportionate and appropriate measures to mitigate risk.
  • Audit arrangements and compliance monitoring.
  • Contract exit arrangements.

Read the document (PDF).

A cyber attack could cost a business its investor backing, according to new research by KPMG. A survey of global institutional investors found that 79 percent of investors would be discouraged from investing in a business that has been hacked. The research surveyed 133 global institutional investors with USD$3+ trillion under management.

The survey also found that investors believe less than half of the boards of the companies that they currently invest in have adequate skills to manage cyber risk. Furthermore, they believe that 43 percent of board members have unacceptable skills and knowledge to manage innovation and risk in the digital world. This sentiment was mirrored in a recent KPMG survey of FTSE 350 businesses which found that 39 percent of boards and management agreed they were severely lacking in their understanding of this area.

Malcolm Marshall, global head of KPMG’s cyber security practice, comments:

“Investors see data breaches as a threat to a company’s material value and feel discouraged in investing in a business that has had its sensitive information compromised.”

“Following a number of high profile breaches, we are seeing global investors waking up to the issue of cyber security. The ripple effect of this has seen investor appetite for cyber businesses increase, with the survey revealing that 86 percent of investors see it as a growth area.

“There is an expectation from investors for businesses to increase their cyber capabilities from top to bottom, including the board. In a world where breaches are common, is reasonable to expect boards to have prepared themselves. My personal experience of working with organizations that have been breached is that businesses that are generally well run and understand risk, are better prepared for future risks. A serious breach brings the competence and team work of senior executives and the board into sharp focus. What we are seeing is companies struggling to demonstrate that they are taking cyber risk seriously to their existing and potential investor base. The inability to demonstrate that a business is doing so could make it a less attractive investment proposition.

“A good start would be for boards to elevate cyber higher up on the agenda and invest more time towards it. Our survey reveals that 86 percent of investors want to see an increase on the time boards spend on cyber compared to last year.”

Malcolm Marshall suggests that boards need to consider the following to be cyber secure:

  • Board directors need to understand and approach cyber security as a business risk issue, not just a problem for IT.
  • Directors need to understand the legal implications of cyber risks as they relate to their company’s specific circumstances.
  • Boards should have sufficient cyber security expertise, and discussions about cyber risk management should be given regular and adequate time on the boardroom agenda.
  • Directors should set the expectation that management will establish a firm wide cyber risk management framework that has adequate scope for staffing and budget.
  • Discussions of cyber risk should include identification of which risks to avoid, accept, mitigate, or transfer, as well as specific plans associated with each approach.


The Ebola crisis, also a pandemic because of cases in different countries, has hit the nation of Sierra Leone the hardest. National and international health teams have worked round the clock to contain the disease and prevent new outbreaks. Pharmaceuticals companies have ramped up efforts to develop new vaccines. Sierra Leone counts almost 12,000 people infected with the increases in both city and travelling populations major contributing factors. Recently, the Ebola response team in Sierra Leone tried a new tactic that was in stark contrast with previous measures. The tactic could be summed up in one word – Don’t!



Tuesday, 21 April 2015 00:00

Six Ways MSPs Can Mitigate Shadow IT

The growing prevalence of ‘shadow IT’ is not expected to slow down this year. Having emerged over the last year or so, this threat will continue to be of concern for managed service providers (MSPs) that are looking to protect cloud data and maintain integrity in cloud-based file sharing.  In order to do, we discuss six steps for improving cloud security against shadow IT.

Shadow IT, as described to TechRadar by Perry Gale, VP of workflow at Nintex, “concerns the unauthorized use of hardware and software that is not supported by an organization’s central IT department. In many cases, the IT department has not approved the technology or doesn’t even know that employees are using it.”



(TNS) — What’s gone wrong with the weather?

Ever since California began drying out four years ago, Noah Diffenbaugh and his crew of earth scientists at Stanford University have been working on that question. They’re on a mission, like detectives breaking down a psychological profile of a bad guy — only this hunt is done with calculators and computer models.

Their bad guy is the drought, one of the worst in California’s recorded history. And one of the most mysterious.

What’s most clearly known is this: A huge dome of stagnant air has spent much of the past four winters parked off the West Coast, driving the storm path far north of California. In years past, it would periodically slide south, letting in rain to the lowlands and snow to the mountains. Now, it hardly budges.

That’s where Diffenbaugh takes up the hunt. What has changed? Why did it change? And is that change permanent?



So when was the last time you found what you wanted in a document without having to dig through pages and pages of information? Do you find that so much of what is in the document doesn’t really need to be there? Is it irrelevant? Is it fluff material just so the volume of the document looks good? In many cases it turns out the document is basically built on the foundation of quantity over quality. That means most of the document – the stuff yo don’t need – is just fluff. Are your Business Continuity Plans (BCP) like that? I beat they are.

From document to document, there is repeated information that also has its own document to strat with. As an example, I recently came across a set of BCP plans with a client that held allot of the same Emergency Response information contained within the Emergency Response Plan itself. Why? It was fluff to the BCP – which was labeled a Business Recovery Plan (BRP) – and repeated information from other areas too. What’s the point?




In what is recognition of the high profile nature of the BCI Middle East Conference, His Excellency the Minister of Energy and Industry in Qatar – Dr Mohammed Bin Saleh Al-Sada – will open the conference and provide the welcome address.

Disruptive incidents can take many forms, whether it is a natural disaster or an IT failure, and it is essential that organizations have plans in place that make them able to respond to a disruption so that operations can continue. The growth of the Business Continuity Institute in the Middle East highlights that there is an increasing awareness in the region of the need for effective business continuity and the importance that the profession has in ensuring resiliency. His Excellency Dr Al-Sada's attendance at the BCI Middle East Conference demonstrates that this is a view also held at the highest level of government.

In confirming his intention to speak at the conference, H.E. Dr Al-Sada noted that: “The aim and objectives of the conference for providing a forum for sharing knowledge is timely and welcome to facilitate successful delivery of the goals incorporated in the Qatar National Vision 2030.”

H.E. Dr Al-Sada was appointed Minister of Energy and Industry 2011 having held the role of Minister of State for Energy & Industrial Affairs since 2007. In 2011 he was also named Managing Director and Chairman of the Board of Qatar Petroleum and has over 30 years of experience of service with the company having managed various corporate departments. He is also currently chairman at several companies including RasGas, Qatargas, Qatar Chemical Company, Qatar International Petroleum Marketing Company, Qatar Petroleum International and ASTAD Project Management, Industries Qatar, and Gulf International Services. He is also Vice-Chairman of the Board at Qatar Steel Company.

H.E. Dr Al-Sada is an active member of the Qatari community and has served as a member of several distinguished committees and organizations, including the Permanent Constitution Preparation Committee, and the National Committee for Human Rights. He is currently the Chairman of the Joint Advisory Board, Texas A & M University in Qatar, the Joint Overseas Board, College of the North Atlantic – Qatar, and a Member of the Board of Directors, Supreme Education Council.

A graduate from Qatar University with a Bachelor of Science degree in marine science and geology H.E. Dr Al-Sada also holds a PhD from the University of Manchester Institute of Science and Technology.

The BCI Middle East Conference will take place at the Oryx Rotana in Doha, Qatar on the 11th and 12th May and the theme is sustaining value through business continuity. A packed programme is already in place consisting of local and international speakers who will discuss a wide range of topics and enable delegates to explore global challenges while considering regional solutions. For further information on the conference or to book your place, visit www.thebci.org.



I was reminded today of him much the world has changed in my working life.

I am travelling in the USA and staying overnight at Monument Valley. The picture is taken from the porch of the cabin I am staying in.

I have no cell phone coverage, there is no TV in the cabin, but they do have WiFi and made sure they pointed out the password I would need to access.

Many aspects of life and society are changing. We need to be part of that wave of change – otherwise we get left behind.

That is why I am asking for your help. I need your help to complete a survey. The survey is seeking to understand “What Business Continuity might look like in 2020“.



The Commerce Department’s first Chief Data Officer has worked with open data about as long as it’s been around — which isn’t actually that long, if you think about it. Ian Kalin’s resume shows he started working with open data in 2012 as a Presidential Innovation Fellow for the U.S. Department of Energy.

Since then, he briefly (2 months) worked as an Adecco contractor with Google, followed by not quite two years as the director of opened data at Socrata, which helps businesses leverage open data. Previously, he worked about five years with supply chain data. I’m sure his time as a Navy counter-terrorism officer and his numerous other acclaims didn’t hurt either. His background is a good fit for what the Commerce Department needs as it pushes forward with open data. He also has spent his career as a leader, so he’s fully qualified for that “chief” part.

Still, I admit I was surprised simply because of what’s missing: A strong IT background. Somehow I expected a CDO would have some traditional tech experience, such as a DBA or a programmer.



Monday, 20 April 2015 00:00

Private Cloud Activity Picks Up Steam

It’s no surprise that the cloud is emerging as the dominant form of enterprise information technology as the decade unfolds, but exactly how this is playing out deserves a closer look.

According to IDC, the total revenues for cloud infrastructure – servers, storage and networking – topped $8 billion in the fourth quarter of 2014, a 14.4 percent gain over the same period a year ago and roughly 30 percent of the total IT spend. The growth was most pronounced in the private cloud segment, which exceeded 18.3 percent to hit $2.9 billion, compared to the public cloud which grew 12.3 percent to $5 billion. For the full year, total cloud spending grew 18.7 percent to $26.4 billion while private cloud came in at 20.7 percent growth to $10 billion and public cloud surged 17.5 percent to $16.4 billion.

What does all this mean? After a slow start, private cloud momentum is clearly on the upswing even as the bulk of cloud infrastructure remains in the public sphere. Going forward, I would expect continued spending on private infrastructure and then rapid uptake of hybrid solutions as the enterprise industry seeks to integrate its external resources with scale-out public platforms.



Municipal open data has a new way to map itself.

Open data visualization startup Appallicious has announced plans to use its technology to map all varieties of open and internal data for cities.

The expanded features are part of a major refresh to the San Francisco company’s Disaster Assessment and Assistance Dashboard (DAAD) that maps local emergency and recovery resources in real-time. Through the dashboard, endorsed by FEMA, citizens can request assistance, first responders can update first aid locations, and local businesses can advertise recovery services – a significant boon to recuperating economies. Other features entail alerts, real-time incident reports, searchable and filtered resource management, and the ability to geo locate emergency tweets under specific hashtag categories.



One of the security industry reports most-cited in sales calls, vendor pitches and marketing collateral is at it again this year, with more ammunition for managed service providers selling security services. This year's Verizon Data Breach Investigation Report (DBIR) shows yet again how much opportunity there is in the MSP market for building out security practices and baking in added security value into general IT services.

An examination of statistics from real-world breaches investigated by Verizon's (VZ) forensics team, the DBIR most startlingly shows that in 60 percent of investigated incidents the attackers were able to compromise a target organization within minutes. Meanwhile, though many breach victims will publicly claim great sophistication in attacks involved with their particular breach, the truth is that the vast majority of the 80,000 incidents analyzed in the DBIR this year are attributable to just nine attack patterns.



(TNS) — The measles outbreak that started in Disneyland and reached beyond U.S. borders, sparking a national debate on the merits of vaccinations, could be declared over Friday if no new cases are reported, state health officials said.

Since December, 134 confirmed measles cases have been reported by California residents. The latest was on March 2, according to the California Department of Public Health’s weekly update released last week.

Officials said 40 of those cases were confirmed to be Disneyland visitors and another 30 were people who came in close contact with a patient in their own home.

Nearly a dozen became infected in community areas like hospital emergency rooms. Experts don’t know where another 50 patients became infected but confirmed they were stricken with the same strain of the virus connected to the Disneyland outbreak.



Theoretically MSPs have always been in a position to collect massive amounts of data that would enable them to add business value to the services they deliver. The problem is that the gap between that theory and the ability to actually deliver those insights has been nothing short of massive.

Now comes along HiveManager Next Generation, a cloud management service for wireless networks from Aerohive Networks that makes use of Hadoop to give MSPs access to a “data lake” that can be easily access primarily using REST application programming interfaces.



Friday, 17 April 2015 00:00

The Most Important Risk Management Task

A title of a column on the most important task of risk management is certain to get some mail. Here is what I think it is:

The most important task of risk management is providing insights and decision-making options to senior management and the board on a significant, pervasive risk or opportunity that they didn’t have previously, giving the organization a competitive advantage of acting timely before it’s too late.

While some may disagree with my point of view, I am confident most will agree that the potential for disruptive change in the marketplace makes the above task very important.



Friday, 17 April 2015 00:00

Survey looks at top emerging UK risks

Cyber risk; the prolonging of the Ebola pandemic; and more regulatory and legislative changes are the top three priority risks for UK insurers in 2015, according to an ORIC International and Institute of Risk Management (IRM) joint survey.

The survey not only identified the top emerging risks but looked at both common and innovative emerging risk practices. It asked for the views of ORIC International members, who make up over 70 percent of the UK insurance market, as well as IRM insurance professional members.

Emerging risk was defined by those surveyed as newly developing risks with potential to cause significant business impact that may not yet be sufficiently understood.



NIST has announced the release of NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations.

Federal agencies are concerned about the risks associated with information and communications technology (ICT) products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the ICT supply chain.

Special Publication 800-161 provides guidance to federal agencies on identifying, assessing, and mitigating ICT supply chain risks at all levels of their organizations; as well as integrating ICT supply chain risk management (SCRM) into federal agency risk management activities by applying a multi-tiered, SCRM-specific approach, including guidance on assessing supply chain risk and applying mitigation activities. It also builds on existing practices from multiple disciplines and is intended to increase the ability of organizations to strategically manage ICT supply chain risks over the entire life cycle of systems, products, and services.

Read the document (PDF).

Ian J. Kalin, the new chief data officer for the Commerce Department, certainly seems to understand that data is the new oil. That makes sense, given his roots at a small energy startup company and his work with the U.S. Energy Data Initiative. Surely, if anyone can understand the value of data as fuel, it would be Kalin.

So when TechRepublic contributor Alex Howard asked him to compare an “infinitely replicable digital commodity” to a natural resource like oil, you’d expect nuance. His answer doesn’t disappoint:



(TNS) — If a hurricane were to prompt an evacuation in Georgia, Florida or South Carolina, emergency management officials want to make sure they are well acquainted with their colleagues in bordering states prior to starting the process.

“We want to make sure we are not exchanging business cards in the middle of a disaster,” said Clint Perkins, State Operations Center director for the Georgia Emergency Management Agency. “We want to reach out across state lines.”

He invited more than 50 emergency management personnel, state police officers and department of transportation officials from Florida, Georgia and South Carolina to the Golden Isles Career Academy on Tuesday and Wednesday for a two-day meeting to discuss state-to-state mutual aid in the event of an evacuation. It was the first such meeting since 2006 and a meeting Perkins said should happen more often.



Thursday, 16 April 2015 00:00

Cyberattacks Targeting Big Companies Up 40%

Five out of six companies with more than 2,500 employees were targeted in cyberattacks in 2014, representing a 40% increase last year, according to Symantec’s annual Internet Security Threat Report. But by no means does that imply big businesses are the primary target: 60% of all targeted attacks struck small- and medium-sized organizations.

The spear-fishing and fraudulent email scams deployed in these hacks have also become more effective. Overall, 14% less email was used to infiltrate an organization’s network, yet 2014 saw a 13% increase in attackers as the cause of a data breach, and the total number of breaches rose from 253 in 2013 to 312 in 2014. This notable increase in precision is a clear indication that companies are not updating their defenses to match current threats.

Fortifying against cyberbreach continues to demand even more concerted effort as malicious actors grow more sophisticated, introducing more and better malware to their campaigns. “While advanced targeted attacks may grab the headlines, non-targeted attacks still make up a majority of malware, which increased by 26% in 2014,” Symantec reported. More than 317 million new pieces of malware were created last year, meaning almost a million new threats were released daily.



With all the attention focused on California’s water woes, an observer might conclude that the Golden State’s drought is the exception. It isn’t. Forty states expect to see water shortages in at least some areas in the next decade, according to a government watchdog agency.

In a 2013 survey by the Government Accountability Office (GAO), state water managers from around the country said they expect freshwater shortages to continue into the next decade, even under what they described as “average” conditions. If those conditions change—whether because of rapid population growth, unusually low snowfall or rainfall, or accelerated economic growth—the situation could worsen.

“As far as other states, if they haven’t seen it in the past, it’s something they will see in the future,” said Ben Chou, a water policy analyst in the Los Angeles office of the Natural Resources Defense Council, an environmental group.



(TNS) — The Federal Emergency Management Agency has reimbursed Hawaii County more than $1.6 million in costs incurred while preparing for the lava threat from Kilauea Volcano, but county officials are still hoping for another $10 million — and counting.

Although the threat appears over, county officials believe their lava-related costs will tally at least $15 million, and they're hoping FEMA will continue to reimburse 75 percent of it.

Among the county's big-ticket items were three roads that were rebuilt at a total cost of $14.3 million to provide residents of the Lower Puna District with an escape route should lava cross Highway 130, the main road in and out.

FEMA already has paid $1.1 million of the county's $2.1 million cost to rebuild Railroad Avenue. The money went to the state, which will distribute it to the county.



(TNS) — In the aftermath of last year’s lethal Oso landslide, the state Legislature has unanimously authorized an expanded state program to map slide-prone slopes and other geologic hazards. Equally important, the state would make that information more accessible to policymakers and the public.

But that laudable move won’t mean much unless lawmakers take the next step and pony up the money to pay for the program.

The funds would pay for increased risk identification and analysis using lidar, an aerial scanning technique that can reveal previously hidden geologic hazards. So far, it has been used to map less than a quarter of the state.



Thursday, 16 April 2015 00:00

Too Few Aware of Opioid Risk

I.I.I. chief actuary Jim Lynch brings us some surprising numbers on America’s addiction to opioids:

Americans are grossly misinformed about the dangers of opioid drugs, according to a recent survey by the National Safety Council (NSC).

Opioids are commonly prescribed painkillers like Vicodin, OxyContin and Percocet. The drugs are meant to mimic the nervous system actions of heroin and morphine and all too often lead to similar levels of addiction and suffering. More than 170,000 Americans have died from opioid overdoses this century, nearly triple the number of U.S. military deaths in Vietnam (see my earlier post).

I wrote about the epidemic in Contingencies magazine, focusing on the toll the drugs have taken in the workers compensation system.



Most companies have a plan for disaster recovery of IT, real estate, and data – but what happens when you must respond to allegations of a violation of customer trust or compliance?  Does your organization know:

  • What steps to take?
  • Who needs to be involved in the decisions?
  • When to notify the board?
  • Who will conduct the investigation?
  • How transparent you will be with shareholders? Employees? The media?

While the facts of the incident will vary, the need to respond quickly― and thoughtfully―is a given. To make that response effective, an organization must understand the key steps it needs to take after a serious compliance breach and the most important issues it must consider. Only then, can compliance officers and others charged with compliance responsibilities create an effective, executable plan for recovering from major ethics and compliance lapses, breaches, and disasters.



As we brace for another season of tornadoes, hurricanes, forest fires, earthquakes and floods, all businesses should be asking, “Is our data protected should disaster strike?” Or more simply, “What happens if we lose our data?”

Sadly, despite the fact that significant portions of the country are at risk for severe weather and other natural disasters, not all businesses are thinking pragmatically about catastrophic data loss and downtime, which can lead to staggering financial losses and impact productivity, reputation, regulatory compliance, and ultimately the bottom line.

According to a global data protection study released in December, enterprises are losing as much as $1.7 trillion annually through data loss and unplanned downtime. Data loss is up 400% since 2012, and two-thirds of the 3,300 organizations surveyed had experienced data loss in the last 12 months. Researchers found that although a high percentage of organizations had disaster recovery plans in place, surprisingly few had implemented data protection practices and fewer than half employed remote, cloud-based data protection. Seventy-one percent of organizations were not fully confident in their ability to recover after a disruption.



The hype cycle is such a common facet of IT technology that it’s become almost a sport to predict where on the satisfaction chart a particular development finds itself at any given moment.

The cloud has been riding the hype for nearly a decade now, and during that time numerous pundits have proclaimed various levels of enthusiasm and disillusionment within the enterprise community. Lately, however, the talk has shifted from the cloud itself to certain categories within the cloud, each of which seem to be following their own hype cycles.

NTT Communications’ recent Cloud Reality Check holds that IT executives are expressing deeper frustration with the public cloud, saying their deployments so far are failing to live up to the promises made when SLAs were signed. According to Len Padilla, VP of product strategy at NTT, a big part of the problem is the idea that the cloud provides a better way to support legacy applications and data rather than cloud-native functions. Once data executives realize that issues like compliance, security and availability are best handled through local infrastructure, disappointment sets in.



Structured data is still king, but that may be in part because many organizations simply aren’t even trying to manage unstructured data, a just-released report by Dell reveals.

Dell commissioned Unisphere Research to query those who manage data at North American companies. The survey’s 300 respondents were primarily DBAs, with more than 60 percent coming from large organizations. The results are covered in “The Real World of the Database Administrator,” which Dell made available as a free download today.

Despite the press over Hadoop and unstructured data, DBAs say structured data is still the focus for most DBAs. More than two-thirds reported that structured data represented at least 75 percent of the data being managed. When it came to unstructured data, which can include everything from text such as email and social media content to machine logs, less than 12 percent said they believe the data’s growth rate exceeds 50 percent annually.

But that may be in part because many organizations simply aren’t keeping tabs on unstructured data. One-third of those surveyed said their organizations do not actively manage unstructured data or know how fast unstructured data is growing within their organizations.



iPhone, Target, Home Depot; with each security breach we hear of, alarms are going off in the minds of business owners who have their data in the cloud or are considering working with an MSP. Cloud-based file sharing comes with a unique set of IT security challenges and it’s more important than ever for you to prepare a comprehensive strategy for protecting data and make sure your clients know you are addressing every issue.

Your clients are right to be concerned about their data security. The consequences of not employing an effective strategy for sensitive data management can be severe and may take businesses years to recover from. As their MSP, your job is to make sure business owners know if you acknowledge these issues while planning your cloud strategy, making the move to cloud sharing can greatly increase your data security.



(TNS) — As Mark McBride stood with tears in his eyes amid the rubble of Plaza Towers Elementary School, he vowed to do anything he could to protect the state’s schoolchildren.

With emergency workers everywhere, McBride, a legislator from Moore, knew that children were trapped inside the remains of the school — living or dead — after a direct hit from the massive tornado on May 20, 2013.

Within a day, he and colleague Jon Echols, a representative from Oklahoma City, had launched the nonpartisan Shelter Oklahoma Schools. Their non-partisan, multimillion-dollar effort aimed to help schools throughout the state bear the enormous cost of building storm shelters or safe rooms.



Build? Buy? Host? It’s not a new debate for managed service providers (MSPs) and IT service providers. MSPmentor research has found most providers have opted out of running their own data centers, with the exception of very large service providers. What’s more, many MSPs say if they were starting over today they’d start as a born-in-the-cloud company.

For another perspective on this question, MSPmentor recently caught up with executives from Venyu, a company known for its data centers, but also a provider of cloud computing, managed hosting, and other services. And guess what? They pretty much agree with what we’ve found. Here’s what they told us.




The strategic markets of Philippines, China, Japan and Bangladesh are home to over half of the 100 cities most exposed to natural hazards, highlighting the potential risks to foreign business, supply chains and economic output in Asia from extreme weather events and seismic disasters, according to new research from global risk analytics company, Verisk Maplecroft.

The 5th annual Natural Hazards Risk Atlas (NHRA) assesses the natural hazard exposure of over 1,300 cities, selected for their importance as significant economic and population centres in the coming decade. Of the 100 cities with the greatest exposure to natural hazards, 21 are located in the Philippines, 16 in China, 11 in Japan and 8 in Bangladesh. The analysis considers the combined risk posed by tropical storms and cyclones, floods, earthquakes, tsunamis, severe storms, extra-tropical cyclones, wildfires, storm surges, volcanoes and landslides.

According to Verisk Maplecroft, natural hazards constitute one of the most severe disrupters of business and supply chain continuity, and also threaten economic output and growth in some of the world’s key cities, especially for those located in the emerging markets. Although adverse weather dropped from 4th to 7th place in the Business Continuity Institute's latest Horizon Scan report, it is still considered to be a concern by over half (52%) of the business continuity professionals who responded to a survey. Meanwhile, earthquake/tsunami is considered a concern by nearly a quarter (22%).

“As typhoon Haiyan in the Philippines and the tsunami in Japan showed us, natural hazard events can have far-reaching and long-lasting impacts on supply chains, business and economies,” states Dr Richard Hewston, Principal Environmental Analyst at Verisk Maplecroft. “Understanding how, where and why those risks manifest is an imperative in managing potential shocks.”

Natural hazard risk is compounded in the Philippines by poor institutional and societal capacity to manage, respond and recover from natural hazards events. In addition to assessing exposure, the Natural Hazards Risk Atlas also evaluates a country’s ability to manage and mitigate the impacts of natural hazard events, through the Socio-economic Resilience Index. While Japan, which ranks 178th out 198 countries for resilience, is classified as ‘low risk,’ the Philippines (80th), is considered ‘high risk’, in part due to entrenched corruption and high levels of poverty.

“With foreign investment continuing to flow into countries highly exposed to natural hazards, those which are unable to demonstrate robust resilience may lose an element of their competitiveness,” adds Hewston. “Company decision-making over sourcing locations or market entry is increasingly influenced by issues such as strength of infrastructure and institutional robustness.”


Wednesday, 15 April 2015 00:00

Value Is Elusive, Even To Agilists

Agile practitioners are often proud — and justifiably so — that when people are seriously adhering to the principles and practices, they keep the focus on value. They usually do a better job on average, I would argue from both first-hand experience and a fair amount of research, than the adherents of Waterfall methods. That’s not the same as saying that there’s room for improvement.

Value is a slippery concept. What’s valuable to you isn’t necessarily valuable to me. That statement extends to user stories, in which the “so that…” clause differs, depending on the persona identified in the “As a…” section that precedes it. We’re supposed to write stories that have some value for that persona, no matter how minimal it might be, but we often don’t show significant value until we’ve finished all the stories organized into an epic, theme, sprint, or release. (The attraction of creating an expense report, for example, is significantly less until you can update it when needed, too.) We prioritize the backlog from highest to lowest value stories for a variety of reasons, such as ensuring that if we run out of time before a planned release, we cut the lowest-value stories, which are coming conveniently last in the list. However, we know that life isn’t as simple as a single queue of neatly sequenced work items. Which is more valuable, the ability of a salesperson on the road to enter sales activity easily, or the report that tells the sales manager about the current state of the pipeline?



WASHINGTON, D.C. – Today, the Federal Emergency Management Agency (FEMA) launched a new feature to its free app that will enable users to receive weather alerts from the National Weather Service for up to five locations across the nation. This new feature allows users to receive alerts on severe weather happening anywhere they select in the country, even if the phone is not located in the area, making it easy to follow severe weather that may be threatening family and friends.

“Emergency responders and disaster survivors are increasingly turning to mobile devices to prepare for, respond to and recover from disasters,” said Craig Fugate, FEMA administrator. “This new feature empowers individuals to assist and support family and friends before, during, and after a severe weather event.”

“Every minute counts when severe weather threatens and mobile apps are an essential way to immediately receive the life-saving warnings provided by NOAA’s National Weather Service,” said Kathryn Sullivan, Ph.D., NOAA administrator.  “These alerts are another tool in our toolbox as we work to build a ‘Weather Ready Nation’ – a nation that’s ready, responsive, and resilient to extreme weather events.”

According to a recent survey by Pew Research, 40 percent of Americans have used their smartphone to look up government services or information. Additionally, a majority of smartphone owners use their devices to keep up to date with breaking news, and to be informed about what is happening in their community.

The new weather alert feature adds to the app’s existing features to help Americans through emergencies. In addition to this upgrade, the app also provides a customizable checklist of emergency supplies, maps of open shelters and Disaster Recovery Centers, and tips on how to survive natural and manmade disasters. The FEMA app also offers a “Disaster Reporter” feature, where users can upload and share photos of disaster damage.

Some other key features of the app include:

  • Safety Tips: Tips on how to stay safe before, during, and after over 20 types of hazards, including floods, hurricanes, tornadoes and earthquakes
  • Disaster Reporter: Users can upload and share photos of damage and recovery efforts
  • Maps of Disaster Resources: Users can locate and receive driving directions to open shelters and disaster recovery centers
  • Apply for Assistance: The app provides easy access to apply for federal disaster assistance
  • Information in Spanish: The app defaults to Spanish-language content for smartphones that have Spanish set as their default language

The latest version of the FEMA app is available for free in the App Store for Apple devices and Google Play for Android devices.  Users who already have the app downloaded on their device should download the latest update for the weather alerts feature to take effect. The new weather alerts feature in the FEMA app does not replace Wireless Emergency Alerts (WEA) function available on many new smartphones. WEAs have a special tone and vibration and are sent for emergencies such as extreme weather, AMBER alerts, or Presidential Alerts.

To learn more about the FEMA app, visit: The FEMA App: Helping Your Family Weather the Storm.

Graphic with a brief summary of a few features in the FEMA app.A brief summary of a few features in the FEMA app.


FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.


The global data load is about to surge as Big Data and the Internet of Things threaten to turn every device on the planet into an information source. While it is easy to see the promise that such an environment can offer, is the enterprise turning a blind eye to some of the consequences?

The obvious one is the sheer load that we are contemplating and whether it is possible to build the infrastructure to support it. By some estimates, the global load is due to rise from today’s output of about 4 zettabytes per year to more than 44 zettabytes by 2020. That’s not the total amount of data under management, mind you, but the amount the world will generate in a single year. Compare this to the average annual growth of the data center market, currently estimated at about 11 percent per year, and it is clear trouble is brewing down the line.

The most immediate implication of the surging data load is where to store it all. As Seagate Technology’s Mark Whitby noted to Tech Radar recently, even the most optimistic estimates of storage capacity generation over the next few years would leave us about six ZB short by 2020, which is twice the data output of 2013. New technologies are showing promise in high-density storage – resistive random access memory (RRAM) and heat-assisted magnetic recording (HAMR), to name a few – but it is questionable whether they will be ready for production environments in time for the data deluge.



Wednesday, 15 April 2015 00:00

Key to Surviving a Tsunami? Fast Walking

(TNS) — A new analysis shows more than 100,000 people are at risk from a tsunami on the Northwest coast — but the outlook isn’t uniformly grim.

In many communities, residents should be able to make it to high ground in time simply by walking at a brisk pace.

Tsunami surges are expected to slam into some parts of the coast within 15 to 30 minutes of an earthquake on the Cascadia Subduction Zone, the offshore fault where two tectonic plates collide.

Published Monday in the Proceedings of the National Academy of Sciences, the analysis takes the most comprehensive look yet at the threat along the 700-mile-long coast of Washington, Oregon and Northern California — and finds surprising variability.



Wednesday, 15 April 2015 00:00

100 Year Event Losses vs. Insurer Estimates

A major hurricane or earthquake hitting a densely populated metropolitan area like Miami or Los Angeles will leave insurers facing losses that far exceed their estimated 100 year probable maximum loss (PML) due to highly concentrated property values, a new report suggests.

In its analysis, Karen Clark & Company (KCC) notes that the PMLs that the insurance industry has been using to manage risk and rating agencies and regulators have been using to monitor solvency can give a false sense of security.

For example, it says the 100 year hurricane making a direct hit on downtown Miami will cause over $250 billion insured losses today, twice the estimated 100 year PML.



There is an old joke in sales that things would be great if it wasn’t for the customers. Of course, it is the customers that buy and that keep salespeople in a job. More generally, people accomplish tasks, do projects, have ideas and help to run businesses. Business continuity is inextricably bound up with people. They may be unpredictable as individuals, but display rather more predictable behaviour when grouped together. Predictive analytics has already been growing as a method of forecasting market conditions, economic trends and environmental developments. Increasingly, these techniques are also being applied in cases where people have a direct impact on business continuity.



(TNS) — Add this to your smartphone’s many functions: In the near future it could help save lives by warning that a powerful, distant earthquake is about to shake the ground.

Earthquake scientists are proposing that “crowdsourcing” hundreds or even thousands of volunteers with their highly sensitive mobile phones could create a seismic early warning system to alert users of oncoming seismic shocks.

Seismologists in Menlo Park and UC Berkeley are testing the phones and foresee them as particularly useful in developing regions, like Southeast Asia and parts of Africa, that are prone to large and often devastating earthquakes but where more sophisticated warning systems don’t exist.



What could be worse than stealing millions of personal records in a large data breach?

How about destructive cyberattacks against our vital infrastructure companies that run dams, power plants, transportation systems and other critical infrastructures around the globe?

Sadly, such cyberattacks are becoming much more common and causing more harm than previously reported.

A new, first-of-its-kind report was released just this week which reveals astonishing survey results from more than 500 security chiefs spread across 26 member countries in the Organization of American States (OAS). The official report was created in collaboration between OAS and Trend Micro, and you can get a copy of the full report at this website.

Here are some of the findings that I found very surprising – even somewhat shocking:



One of the more promising vertical markets for cloud adoption is healthcare. With the Health Insurance Portability and Accountability Act (HIPAA) regulations being updated to incorporate the modern information technology landscape, the demand for managed service providers (MSPs) to help secure the industry’s data storage and cloud-based file sharing will continue to grow.

A recent story from FierceGovernmentIT cited Joe Klosky, senior technical advisor at the U.S. Food and Drug Administration (FDA), who suggested that managing health data moving from system to system is “critical.”  FierceGovernmentIT also reported the complex mission government officials are experiencing as “the rapid growth of health data is helping federal agencies better chart the quality of care being provided and other nationwide trends, but it’s also presenting some privacy and security challenges.”



Statement issued after the 5th meeting of the IHR Emergency Committee regarding the Ebola outbreak in West Africa.

The fifth meeting of the Emergency Committee convened by the WHO Director-General under the International Health Regulations (IHR) 2005 regarding the Ebola virus disease outbreak in West Africa was conducted with members and advisors of the Emergency Committee on Thursday, 9 April 2015.

The main issues considered were: ‘does the event continue to constitute a Public Health Emergency of International Concern’ and, if so, ‘should the current temporary recommendations be extended, revised, and/or new temporary recommendations issued.’

The Committee reviewed developments since the previous meeting on 20th January 2015, including the current epidemiological situation. The Committee noted that as a result of further improvements in EVD prevention and control activities across West Africa, including in the area of contact tracing, the overall risk of international spread appears to have further reduced since January with a decline in case incidence and geographic distribution in Liberia, Sierra Leone and Guinea. These three IHR States Parties provided updates and assessment of the Ebola outbreak, in terms of the epidemiological situation and the status and performance of exit screening and contact tracing.

The Committee recognized the progress achieved by all three countries and emphasized that there was no place for complacency, the primary goal remaining the interruption of transmission as rapidly as possible. The Committee reinforced the importance of community engagement in ‘getting to zero’. The Committee expressed its continued concern about the recent infection of health care workers and reaffirmed the importance of ensuring the rigourous application of appropriate infection prevention and control measures.

The Committee discussed the issue of probable sexual transmission of EVD, particularly the recent case who is likely to have been infected following sexual contact involving an Ebola survivor some months after his recovery. The Committee welcomed the ongoing programme of research underway in this area and urged its acceleration as a priority.

The Committee discussed the issue of inappropriate health measures that go beyond those in the temporary recommendations issued to date. The Committee was very concerned that additional health measures, such as quarantine of returning travellers, refusal of entry, cancellation of flights and border closures significantly interfere with international travel and transport and negatively impact both the response and recovery efforts. Although some countries are reported to have recently rescinded these additional health measures, and some regional airlines have resumed flights to affected countries, about 40 countries are still implementing additional measures and a number of airlines have not resumed flights to these countries.

The Committee concluded that the event continues to constitute a Public Health Emergency of International Concern and recommended that all previous temporary recommendations should be extended.

Source: World Health Organization

BATS Global Markets (BATS), a leading operator of exchanges and services for financial markets globally, has published details of a successful test of its business continuity processes.

As part of the test BATS took its company headquarters completely offline and operated from its Kansas City-area disaster recovery site instead. All of the 110 employees based at BATS’ global headquarters either reported to the DR site and conducted their daily routines from the secure and remote location or worked remotely. The BATS offices in the New York area, Chicago, London and Singapore continued normal operations.

In addition to the twice-yearly BCP test, BATS also tests its local Kansas City DR site each month. For one full day monthly since 2008, the company’s Operations, Technology, Regulatory and Surveillance teams in Kansas City have operated from the local DR site, with the primary headquarters remaining online.

BATS also maintains a DR site in Chicago that serves as a backup for its exchange technology infrastructure that is located in Secaucus, N.J.


For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers?

Recently, the head of the National Security Agency provided a rare hint of what some U.S. officials think might be a technical solution. Why not, suggested Adm. Michael S. Rogers, require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it?

“I don’t want a back door,” Rogers, the director of the nation’s top electronic spy agency, said during a speech at Princeton University, using a tech industry term for covert measures to bypass device security. “I want a front door. And I want the front door to have multiple locks. Big locks.”



The demands placed upon Business Continuity (BC), Risk Management (RM), and Disaster Recovery (DR) professionals are increasing every day. As a result, organizations need to reassess their approach Business Continuity Management (BCM). If they don’t, they’ll get left behind, affected by continued adherence to outdated methods. The convergence of the BC and RM disciplines are ongoing.

Emerging regulations, frameworks, and standards place greater emphasis on risk management. As decision makers accept this evolution, Business Continuity increasingly becomes a subset of Risk Management. How the process is implemented—the value it brings a risk-based model—determines whether or not the process is sound.



It might surprise you to learn that the vast majority of Big Data analytics takes place within on-premises infrastructure.

This makes the most logical sense, in fact, because despite what you hear about the rise of the cloud, most Big Data loads reside in the enterprise data center in the form of both structured and unstructured historical data. To lower costs, organizations are placing their analytics capabilities as close to that data as possible.

But this is likely to change relatively quickly.

According to Wikibon, spending on Big Data hit $27.3 billion last year and is expected to top $35 billion in 2015, which is impressive for a phenomenon that didn’t even have a formal name until about three years ago. The cloud, however, holds only about $1.3 billion of the market, dwarfed even by the “professional services” (read, consultants) category, which draws about $10.4 billion.



(TNS) — Henri might have to wait.

Colorado State University researchers are predicting a below average 2015 Atlantic hurricane season, with seven named storms, leaving Henri, the possible eighth named storm, out of the alphabetical running.

Of the seven storms, three are expected to become hurricanes and one is forecast to reach major hurricane strength with winds of 111 mph or more, researchers reported in their annual forecast released Thursday.

The report comes with a caution: "It just takes that one storm to make it an active season," said Phil Klotzbach, the lead author of the report put out by CSU's Tropical Meteorology Project since 1984.



Monday, 13 April 2015 00:00

Active Wildfire Season Likely

Nearly 37 percent of the United States and more than 98 percent of the state of California is in some form of drought, according to the latest U.S. Drought Monitor.

Its weekly update shows that more than 44 percent of California is now in a state of exceptional drought, with little relief in sight.



Monday, 13 April 2015 00:00

5 Laws of IT Security

There are five laws of IT security.

1. There is no such thing as perfect security: Systems designed by humans are vulnerable to humans. Bugs exist. Mistakes are made. The things that make your computers useful--that is, communication, calculation and code execution--also make them exploitable. Information security is the management of risk. A good infosec design starts with a risk profile, and then matches solutions to the likely threat.




Norway, Switzerland, Netherlands and Ireland are considered the countries most resilient to supply chain disruption according to the 2015 FM Global Resilience Index. Australia has dropped out of the top 10 this year, moving from 4th place in 2014 to 14th place this year, one place behind New Zealand. Venezuela, meanwhile, is rooted to the foot of the index, but Guyana and Bolivia both rose out of the bottom 10, owing to significant improvements in commitment to natural hazard risk management in the region.

The FM Global Resilience Index highlights the risks that come with operating in various countries and quantifies all the vulnerabilities these countries have in a definitive ranking of supply chain resilience around the world.

Supply chain disruption is a major cause for concern among business continuity professionals with the Business Continuity Institute’s latest Horizon Scan report revealing that it is the fifth in the list of potential threats to organizations compared to 16th place the year before. This is no surprise as three quarters (76%) of respondents to the BCI’s latest Supply Chain Resilience survey claimed they had experienced at least one supply chain disruption during the previous year.

Ireland keeps its place in the top 10, moving up one place to 4th in the rankings, reflecting both its low exposure to natural hazards and the fruits of its austerity and fiscal regimes. For the third year running, the United Kingdom has held on to its 20th place. Its ranking reflects its resistance to oil shocks as its consumption of oil relative to GDP is comparatively low. The UK scores well on other key drivers such as perceptions of its control of corruption and the quality of local suppliers, but there is scope for improvement in risk quality, particularly as it relates to fire risk management. In addition, the risk of terrorism continues to threaten supply chain security.

The United States and China are each segmented into three separate regions because the geographic spread of these countries produces significantly disparate exposures to natural hazards. Region 3 of the US, which includes most of the central part of the country, ranks 10th. Region 1, encompassing much of the East Coast, ranks 16th and Region 2, primarily the West Coast, ranks 21st. China’s three regions rank 63rd (Region 3), 64th (Region 1), and 69th (Region 2). Beyond natural disaster risk, China's other challenges range from poor accountability and transparency, high levels of perceived corruption and growing security concerns to problems in its financial sector, especially with regard to the fragile position of its banks.

“Business leaders who don’t evaluate countries and supply chain resilience can suffer long-term consequences,” said Bret Ahnell, executive vice president, operations, FM Global. “If your supply chain fails, it can be difficult or impossible to get your market share, revenue and reputation back. The FM Global Resilience Index is designed to help business leaders stay in business by making informed decisions about where to place and maintain global supplier facilities.”

The top 10 countries, those most resilient to supply chain disruption, according to the report were:

1. Norway
2. Switzerland
3. Netherlands
4. Ireland
5. Luxembourg
6. Germany
7. Qatar
8. Canada
9. Finland
10. United States (central region)

The bottom 10 countries, those considered least resilient to supply chain disruption, were:

121. Tajikistan
122. Egypt
123. Pakistan
124. Jamaica
125. Honduras
126. Dominican Republic
127. Nicaragua
128. Mauritania
129. Kyrgyz Republic
130. Venezuela

The Index is compiled annually for FM Global by analytics and advisory firm Oxford Metrica. The Index is generated by combining three core factors of business resilience to supply chain disruption: economics, risk quality and qualities of the supply chain itself. The drivers of these factors include GDP per capita, political risk, vulnerability to oil shortages and price shocks, exposure to natural hazards, quality of natural hazard risk management, fire risk, control of corruption and the quality of infrastructure and local suppliers.


In 2014, the Federal Bureau of Investigation sent a private notice to healthcare organizations regarding the industry’s preparedness to fight cyber intrusions. The notice stated healthcare organizations are “not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely.”[1] Until recently, privacy and information security has not been a significant focus of the healthcare industry. That is changing. In 2013, it was estimated that North American healthcare organizations were expected to spend $34.5 billion in 2014 on information technology.[2] While there are numerous privacy and security risks in the healthcare space, two key areas for 2015 are enforcement by the Office for Civil Rights (OCR) through audits and investigations and the increase of bring-your-own-device workplaces.



Friday, 10 April 2015 00:00

The Heartbleed Anniversary

Has an entire year actually passed since the Heartbleed vulnerability was discovered? It seems like only yesterday that my social media news feeds were in pure panic mode. Chicken Little, the sky is falling! Or, in this case, the Internet is broken and our privacy is gone and everything we ever posted is going to be stolen!

The mass hysteria was unlike anything I’ve witnessed before or since in regards to IT security, and I’d be willing to bet if I asked 10 people about Heartbleed today, at least eight of them would have no memory of it. They’ve moved along to the next crisis, real or imagined.

So Heartbleed might be out of mind, but it isn’t out of our networks. And that’s the problem. A year later, 74 percent of Global 2000 companies are still vulnerable, according to a new study by Venafi. In August, a similar survey found that 76 percent of Global 2000 companies hadn’t fully addressed Heartbleed. I’m not a math whiz, but a 2 percent improvement over an eight-month period doesn’t sound positive. Plus, this just includes the 2,000 biggest companies in the world. I have my doubts that if large corporations are still struggling with Heartbleed, smaller companies are doing any better.



(TNS) — Mine rescue entered the 21st century Wednesday with the successful test of a suite of technologies that will keep rescue teams in constant communication with the emergency command center, state and federal officials said.

“We think we're ready to rock and roll with the systems we've built,” said Joe Main, the assistant labor secretary in charge of the federal Mine Safety and Health Administration.

The MSHA, the Department of Environmental Protection, Consol Energy and the Homer City-based Special Medical Response Team ran a simulated emergency at Consol's Harvey Mine in West Finley to test the system.



(TNS) — A Belfast-based epidemiologist and family physician who investigated infectious disease outbreaks for the Centers for Disease Control and Prevention said Monday that public hysteria and paranoia are not the answer when such crises emerge.

A case in point was the recent furor over Ebola. Maine made international headlines when Kaci Hickox, a nurse who until recently lived in Fort Kent, was quarantined after returning from treating Ebola patients in West Africa despite having no symptoms of the disease.

As Dr. Peter Millard sees it, there is a better way.

“We’re going to have epidemics. Epidemics are always going to be with us. We’re going to have a bad epidemic eventually and if we don’t pull together and use science as a basis for our response, we’re going to be in big trouble,” Millard said Monday evening during a lecture in Husson University’s Kominsky Auditorium.



A new survey out this week offers good evidence as to why so many businesses today bungle their response to security compromises and breach discoveries.

The study of 170 businesses conducted by the Security for Business Innovation Council (SBIC) and RSA, The Security Division of EMC (EMC), shows the majority of businesses lack incident response plans and have no capabilities to correlate security-related  data from IT infrastructure, can't properly analyze live network forensic  and have no way to take advantage of industry-wide threat intelligence.

"Organizations are struggling to gain visibility into operational risk across the business," said Dave Martin, chief trust officer for RSA. "While many organizations may feel they have a good handle on their security, it is still rarely tied in to a larger operational risk strategy, which limits their visibility into their actual risk profile."



Emergency preparedness exercise scheduled for the Three Mile Island Nuclear Power Plant

PHILADELPHIA – The Federal Emergency Management Agency (FEMA) will evaluate a Biennial Radiological Emergency Preparedness Exercise at the Three Mile Island Nuclear Power Plant.  The exercise will occur during the week of April 13, 2015 to assess the ability of the Commonwealth of Pennsylvania to respond to an emergency at the nuclear facility.

“These drills are held every other year to evaluate government’s ability to protect public health and safety,” said MaryAnn Tierney, Regional Administrator for FEMA Region III.  “We will assess state and local emergency response capabilities within the 10-mile Emergency Planning Zone as well as the adjacent support jurisdictions within the Commonwealth of Pennsylvania.”

Within 90 days, FEMA will send its evaluation to the Nuclear Regulatory Commission (NRC) for use in licensing decisions.  The final report will be available to the public approximately 120 days after the exercise.

FEMA will present preliminary findings of the exercise in a public meeting at 11:00 a.m. on Friday, April 17, 2015 at the Hilton Garden Inn, 3943 Tecport Drive, Harrisburg, PA. Scheduled speakers include representatives from FEMA, NRC, and the Commonwealth of Pennsylvania.  

At the public meeting, FEMA may request that questions or comments be submitted in writing for review and response.  Written comments may also be submitted after the meeting by emailing This email address is being protected from spambots. You need JavaScript enabled to view it. or by mail to:

MaryAnn TierneyRegional AdministratorFEMA Region III615 Chestnut Street, 6th FloorPhiladelphia, PA 19106

FEMA created the Radiological Emergency Preparedness (REP) Program to (1) ensure the health and safety of citizens living around commercial nuclear power plants would be adequately protected in the event of a nuclear power plant accident and (2) inform and educate the public about radiological emergency preparedness.

REP Program responsibilities cover only “offsite” activities, that is, state and local government emergency planning and preparedness activities that take place beyond the nuclear power plant boundaries. Onsite activities continue to be the responsibility of the NRC.

Additional information on FEMA’s REP Program is available online at FEMA.gov/Radiological-Emergency-Preparedness-Program.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Pennsylvania and West Pennsylvania.  Stay informed of FEMA’s activities online: videos and podcasts are available at fema.gov/medialibrary and youtube.com/fema. Follow us on Twitter at twitter.com/femaregion3.


Even in today’s wired world, many organizations require access to original documents to deliver goods or services.  If yours is one of them, how you maintain continuity of access to those documents should be part of your Business Continuity Planning.

Original Documents

Even though we like to think we live in a paperless age, most of us don’t.  In paper-intense industries, access to original documentation may have both financial and regulatory implications. In many other businesses, those ‘original documents’ are fleeting: checks, authorizations, forms and others that are acted upon then discarded.  They are necessary only until converted or input.

Think of original documents as “paper data”.  Even with documents of only temporary importance, their loss (or loss of access to them) may be vital to the performance of our most critical functions or processes.  Why do we put emphasis on Recovery Point Objectives (RPO)?  Because we understand losing electronic data may imperil our business.  There is little difference with “paper data” waiting for conversion to electronic data.  If it’s gone (because of physical destruction) or elusive (because we can’t get postal deliveries, or we’ve been forced out of our office) we can’t fully function.



DENTON, Texas – People living in parts of Arkansas, Louisiana, New Mexico, Oklahoma and Texas are urged to get ready now for potential severe weather that could strike over the next few days in the form of possible severe thunderstorms, hail, strong winds, flash flooding, tornadoes and wildfires.

The Federal Emergency Management Agency’s (FEMA) Region 6 office continues to monitor the situation and stands ready to support state and local partners as needed and requested in any affected areas.

“We encourage people to keep listening to their local and state officials for updated instructions and information. The safety of people is the first priority,” said FEMA Region 6 Administrator Tony Robinson. “We encourage people to have an individual or family emergency plan in place, practice that plan and put together an emergency kit.”

If you have severe weather in your area, you will likely want to become familiar with the terms used to identify a severe weather hazard including:

  • Watch: Meteorologists are monitoring an area or region for the formation of a specific type of threat (e.g. flooding, severe thunderstorms, or tornadoes); and
  • Warning: Specific life and property threatening conditions are occurring and imminent. Take appropriate safety precautions.

More tools and resources are available online to help you prepare for, respond to and recover from any type of disaster. Visit www.Ready.gov or the Spanish language site www.Listo.gov.


Risk is part of nearly every aspect of business. The daily practices for nearly every employee involve some mitigation of certain risks to keep the business moving forward.

Within many enterprises, risk management involves a person or team of individuals who attempt to consider future scenarios and extract possible business risks from them in order to identify areas of liability and possibilities for improvement and success—this is especially important in the area of project management

In the latest edition of the book, “Risk Management: Concepts and Guidance,” author Carl Pritchard, a certified expert in the project management field, identifies systems that project management professionals (PMPs) can apply to manage risks within ongoing projects. Pritchard then explains how to use these systems in the daily work of project management in accordance with the most recent Project Management Body of Knowledge (PMBOK).



ERMS had a great quarter! With an increased demand we have been busy. Busy training new customers and helping them implement their new system. Just how busy? VERY! Our quarterly sales results were almost 50% above target.

Some of our newest customers include: Canadian Red Cross, Desjardin, Intact Insurance, Simon Fraser University, Worker’s Compensation Board of Manitoba (WCB), British Columbia Emergency Management (EMBC), the City of Cambridge, Canadian Federal Government (Shared Services), Independence Bank, Jewish General Hospital, and many more.

Why the increased demand? We believe it’s because more and more organization are starting to understand the value and benefits of emergency and crisis mass communication solutions. Our new, and existing customers, benefit in many ways when they implement an emergency mass notification system (EMNS). Some of those benefits include:



Your client calls in a panic. Something’s gone wrong with a server, and the Web store is down. You get there fast, run to the server and determine that it has suffered a hard drive failure. You collect your thoughts, think carefully about the procedure for restoring this piece of equipment quickly, but you draw a blank. The clock is ticking. Downtime is piling up, and your client’s face is reddening with anger because she’s not sure you know what you’re doing. You don’t tell her, but you’re not sure you know, either.

This is the last situation you want to find yourself in. As your client’s frustration mounts, her patience thins, her wallet empties, and her trust in you erodes. There’s only one thing that can stop this from happening, and it goes beyond having a backup and recovery plan. You need to make sure your plans work effectively, and you can only do this by testing them. Remember, you’re not just testing a backup, you’re testing your own ability to recover so you don’t end up testing your client’s patience.

In order to make backup and recovery testing effective, there are some questions you will want to ask yourself. The following should help you gather information you need to create a testing strategy that’s a regular part of your process. This way, when the time comes you’re not just “kind of sure” you can recover—you’re absolutely positive.



For extended analysis of regional temperature and precipitation patterns,as well as extreme events, please see our full report that will be released on April 10th.

Significant U.S. Climate Events for March 2015
Significant climate events for March 2015

March was 12th warmest on record for the Contiguous United States

First quarter 2015: Record warmth in the West and cold in the Northeast, dire drought conditions in the West

The March contiguous U.S. average temperature was 45.4°F, 3.9°F above the 20th century average — the warmest March since 2012. Near-record warmth spanned the Great Plains to the West Coast and parts of the Southeast, while the Northeast was cooler than average. The March Lower 48 precipitation total was 2.08 inches, 0.43 inch below average, tying as the 19th driest March on record. Below-average precipitation was widespread across the northern tier states and the Southeast, with above-average precipitation in the Southern Plains and Ohio Valley.

This analysis of U.S. temperature and precipitation is based on data back to January 1895, resulting in 121 years of data.


Winter 2015 Statewide Temperature Ranks Map
Winter 2015 Statewide Precipitation Ranks Map
March 2015 Statewide Temperature (top)
and Precipitation (bottom) ranks
  • Fifteen states across the Southeast, Northern Plains, and West had a March temperature that was much above average, while five states in the Northeast had a March temperature that was much below average. No state was record warm or cold.
  • Below-average precipitation was observed along both the East and West Coasts, connected by drier-than-average states across the northern tier. Twelve states had a March precipitation total that was much below average. Above-average precipitation accumulated from the Southern Plains into the Ohio Valley; Arkansas and Texas were both much wetter than average. No state was record dry or wet.
  • According to the March 31st U.S. Drought Monitor report, 36.8 percent of the contiguous U.S. was in drought, up from 31.9 percent at the beginning of March. Drought conditions worsened across parts of the Central Rockies as well as the Central and Northern Plains and the Upper Midwest where spring drought could impact the upcoming growing season. Drought remained entrenched in the West, where mountain snowpack was record low for many locations in the Cascade and Sierra Nevada Mountains. Abnormally dry conditions developed in parts of the Southeast and Northeast. Drought improved in the Southern Plains and the Mid- to Lower-Mississippi River Valley.

U.S. climate highlights: Year-to-date (January-March)

January-March 2015 Statewide Temperature Ranks Map
January-March 2015 Statewide Precipitation Ranks Map
March 2015 Statewide Temperature (top)
and Precipitation (bottom) ranks
    • The year-to-date contiguous U.S. average temperature was 37.2°F, 2.0°F above the 20th century average, and the 24th warmest January-March on record. Record warmth engulfed much of the West, where seven states were record warm, and an additional five states, including Alaska, had temperatures that were much above average. California's year-to-date temperature of 53.0°F was 7.5°F above average and bested the previous record set just last year by 1.8°F.
    • Below-average January-March temperatures were observed across the South, the Midwest, and Northeast where 16 states had a much cooler-than-average January-March period. New York and Vermont were both record cold for the year-to-date. The New York year-to-date temperature was 16.9°F, 6.8°F below average, dropping below the previous record of 17.4°F set in 1912. The Vermont January-March temperature was 13.3°F, 6.4°F below average, tying the same period in 1923.
    • The year-to-date contiguous U.S. precipitation total was 5.66 inches, 1.30 inches below the 20th century average, and the seventh driest January-March on record. This was the driest first three months of a year since 1988. Below-average precipitation was observed across the West and much of the northern half of the nation. Twelve states had much below average precipitation during the first three months of 2015. South Dakota had its driest January-March on record with a precipitation total of 0.85 inch, 1.21 inches below average. Above-average precipitation was observed across the Southern Rockies and Plains.
    • The U.S. Climate Extremes Index (USCEI) for the year-to-date was nine percent above average and the 11th highest value on record. The warm West and cold East temperature pattern during January-March contributed to the much above average USCEI, with the components that measure both warm and cold daytime and nighttime temperatures being much above average. The USCEI is an index that tracks extremes (falling in the upper or lower 10 percent of the record) in temperature, precipitation, and drought across the contiguous U.S.

Note: NOAA's National Centers for Environmental Information (NCEI) is the merger of the National Climatic Data Center, National Geophysical Data Center, and National Oceanographic Data Center as approved in the Consolidated and Further Continuing Appropriations Act, 2015, Public Law 113-235. From the depths of the ocean to the surface of the sun and from million-year-old sediment records to near real-time satellite images, NCEI is the Nation's leading authority for environmental information and data. For more information go to http://www.ncdc.noaa.gov/news/coming-soon-national-centers-environmental-information

For extended analysis of regional temperature and precipitation patterns, as well as extreme events, please see our full report that will be released on April 10th.


(TNS) — Gov. Mary Fallin expressed disappointment on Monday that federal assistance was denied to help individuals and businesses in Tulsa and Cleveland counties that were hit by March tornadoes. On April 1, the governor asked for a major disaster declaration for the state based on damages by tornadoes, straight-line winds and flooding March 25-26 in Cleveland and Tulsa counties.

Tornadoes resulted in four deaths with 26 people suffering injuries that required treatment at area hospitals, according to a state press release.

Damage assessments estimated that 1,047 homes and businesses were damaged in the tornadoes, severe storms, straight-line winds and flooding that occurred March 25.



While I mostly talk to company, agency or organization leaders about crisis communication and reputation management, sometimes the reputation in question belongs to an individual.  You don’t have to be a celebrity to have potential for reputation disaster.  Individuals whose name is attached to the business or profession they are in, in other words where their name is also a brand, are particularly susceptible. Search engines and the long memory of the internet make the problem so much greater. Yesterday’s newspaper is already in the garbage and yesterday’s TV report is already in the ether along with all past reports, but on the Internet they are retained presumably for ever, and always accessible at the touch of a Google button.

A recent conversation reminded me of how the Internet has changed reputation management and how it therefore changes the response. The really big question when dealing with media coverage of bad news about a brand (personal, corporate or otherwise) is whether or not to respond, and if so, how far and wide to push the response. The basic rule is: don’t make it worse. You can make it worse by bringing the bad reports to the attention of others who might otherwise have missed the 11 pm news. Maybe it will all just go away. Or, not.



Thursday, 09 April 2015 00:00

A SaaS Ecosystem Overview for MSPs

When Datto acquired Backupify last year, we did so because we knew the technology landscape was shifting for MSPs. Data on-premise isn’t going away, but it isn’t the only place data exists. As more data is moved to the cloud, and to SaaS apps in particular, we realized that to build a Total Data Protection platform we needed expertise in SaaS data protection.  

As a result of the acquisition, Datto now has more than 2 million Google Apps end users protected, and is scheduled to launch an Microsoft Office 365 backup at our partner conference in June. Building these products required us to get deeply embedded in both the Microsoft and Google ecosystems. We now know both companies well, know their key partners, and know the technical road maps of both organizations. So for those MSPs who may be considering whether to invest time in one of these products, here is our view from the trenches about the things you should consider.



group of people and PrepareAthon logo

Are you and your family prepared to face a disaster? What about your neighborhood?  Do you know your neighbors’ emergency plan or how you can help each other during an emergency? April kicks-off America’s PrepareAthon!—a nationwide campaign to increase emergency preparedness and community resilience.  Throughout the month local, state, and federal groups will take the pledge to help improve their preparedness.  All of these activities will lead up to PrepareAthon’s national day of action on April 30, 2015.

So what can you do?

You don’t have to be an expert in emergency preparedness, or the leader of a large community group to take part in America’s PrepareAthon! Learn more about what you can do in your neighborhood or community to become more personally prepared and help build your community’s resilience.

In your Neighborhood.

group of youth with medical supplies practicing first aid.

Youth volunteers performing an emergency response exercise.

If you haven’t taken the time to talk to your neighbors about emergency preparedness, or even just met them, take the PrepareAthon! pledge and make a plan to include your neighbors in your emergency planning. Often the first people on scene after a disaster are not first responders (EMS, police, firefighter, etc.), but rather the people who are closest to where the emergency took place. When a disaster occurs in your community you will most likely have to rely on those around you, especially if the scale of the disaster makes it hard for first responder to get to the scene.

Do not wait for a disaster to occur to meet your neighbors or learn about your community’s preparedness plans. Reach out to people in your  neighborhood and discuss their emergency plans. If you have any medical or physical needs, such as limited mobility or dependence on medication or medical devices, talk to your neighbors about the assistance you may need in a disaster. Likewise, find out about the unique needs of those who live around you. Reach out to elderly neighbors and offer your assistance from shoveling snow to checking on them during a heat wave. No matter what the disaster or emergency, forming relationships with those around you can help improve resilience after a disaster occurs.

In your Community.

Beyond your neighborhood, getting involved in community preparedness groups and emergency response exercises can help improve your own personal preparedness and also your community’s ability to respond to emergencies and natural disasters. Strong community resilience requires people to come together and participate in planning and training before a disaster occurs. A good place to start when looking to become more involved in your community’s preparedness is with groups focused on emergency preparedness, such as your local Community Emergency Response Team (CERT), Medical Reserve Corps, or American Red Cross chapter. You may also consider getting a community group you are already involved in talking about emergency preparedness. Faith-based organizations, schools, or even your workplace are good places to start a conversation about emergency preparedness.

Take the Pledge.

Whether it is meeting your neighbors, joining a local emergency preparedness group, or starting an emergency preparedness initiative within one of your community organizations, make sure to register your efforts with America’s PrepareAthon! Help move your individual community and our entire nation closer to being prepared for any emergency or disaster that comes our way.


Planning Meetings: The Risk Management Plan

This new edition of "Risk Management: Concepts and Guidance" supplies a look at risk in light of current information, yet remains grounded in the history of risk practice. Taking a holistic approach, it examines risk as a blend of environmental, programmatic, and situational concerns. Supplying comprehensive coverage of risk management tools, practices, and protocols, the book presents powerful techniques that can enhance organizational risk identification, assessment, and management—all within the project and program environments.

Updated to reflect the Project Management Institute’s "A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Fifth Edition," this edition is an ideal resource for those seeking Project Management Professional and Risk Management Professional certification.



(TNS) -- A downed power transmission line in southern Maryland caused a momentary loss of power that led to "widespread outages" in the nation's capital Tuesday afternoon, according to officials.

Previously, District of Columbia emergency management officials had said a reported explosion at a southern Maryland power plant may have been the cause.

A large number of outages were reported throughout the district about 1 p.m., including at the White House, Capitol and State Department headquarters.

According to Sean Kelly, a spokesman for Potomac Electric Power Co., just before 1 p.m., there was a momentary dip in voltage caused by a downed transmission line at a substation in southern Maryland, which is connected to a power plant there.



With the expansion of large multinational corporations into developing countries such as Russia, Brazil, India, Mexico and China, a proliferation of global regulatory enforcement actions, including anti-bribery and anti-corruption, has risen. Recently, HP Russia paid more than $108 million in fines for Foreign Corrupt Practices Act (FCPA) violations that occurred when its subsidiaries in three different countries, Russia, Poland and Mexico, made improper payments to government officials to obtain or retain lucrative public contracts.

Executives, including general counsel, compliance and risk officers, are smart to plan in advance for potential regulatory investigations. The disclosure, or production, of information that might be relevant to the allegations from the requesting regulatory bodies–part of the electronic discovery in the legal realm–is complex, costly and time-consuming in today’s world of information. It involves the identification, acquisition and review of information and communications from a myriad of sources, including day-to-day operations, financials, communications with foreign and government officials, employees and third party representatives, system data reporting, travel and entertainment expenditures, payment data, chat messaging, social media posts, and the like. All of this information is subject to scrutiny by legal counsel and the requesting regulatory body to determine whether there was any wrongdoing.

When some information is in one or more foreign languages, the document review process can become significantly more unwieldy and inefficient. Understanding and implementing best practices is critical for making the process easier.