Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Industry Hot News

Industry Hot News (6537)

The Zika virus recently claimed its first victim in the Continental US, taking the life of an as-yet-unidentified pensioner in Salt Lake County, Utah. Although Zika has been around since the 1940s, it is only during the last few years that it has really exploded, and its spread across Americas has been a tremendous cause for concern, particularly with the Rio Olympics coming up.

As with all contagions, one of the most pressing challenges for its containment is understanding where it will spread. Obviously, it is not enough simply to deal with a disease once it has infected an area. Infectious disease physician at Toronto-based St. Michael’s Hospital, Kamran Khan notes that one thing is true of the spread of infectious diseases: ‘If you start to analyze the situation when an outbreak occurs, you’re already too late.’

This is particularly true of Zika, as there is still so little known about the disease. The disease is often symptomless, with just 1 in 4 of those with the disease developing them. The most worrying aspect of the virus is the birth defects it causes, such as abnormally small heads and brain damage. From what we know about the disease so far, it is transmitted by the Aedes aegypti and Aedes albopictus mosquito, neither of which are found in Utah. The majority of cases in America have been travel related, which means finding a pattern to its spread is exceptionally difficult. The only treatment available at the moment is also ‘mosquito management’ - an indiscriminate, costly, and wasteful program of insecticide spraying in areas with a large population of the mosquitos in question, the environmental impact of which is hard to ascertain.


Like energy, growth in data center water consumption in the US has slowed down since about a decade ago.

A recent US government study for the first time made an attempt to quantify water consumption of all data centers in the country. The study focuses primarily on data center energy consumption, but it also uses its electricity consumption estimates to extrapolate the amount of water it takes to power and cool data centers.

Water is one of two major resources data centers consume, and this fact drew a lot of public attention last summer, as the drought in California grew especially acute. While, thanks to this past winter’s El Niño, water levels in the state’s reservoirs are higher than they have been in years, the drought continues, and water consumption by the state’s various industries, including the high-tech industry, continues to be an important issue.



Wednesday, 13 July 2016 00:00

Cognitive Risk Framework for Cybersecurity

Cybersecurity has gotten a great deal of attention these days for two reasons: 1) billions of dollars are being spent in response to a growing threat in cybersecurity and 2) there has been a real lack of meaningful and sustainable success in preventing hackers from stealing data.

Every organization is vulnerable to attack and no matter the amount of money spent hardening the enterprise, threats continue to escalate. This phenomenon is called the Cyber Paradox. The definition of a paradox: “something (such as a situation) that is made up of two opposite things and that seem impossible but is actually true or possible.” How is it that incremental investments in security have not impacted the marginal cost of cyber risk? The answer may surprise you:



Additional complicating factors include the necessary balances between different parts of the chain and the extension of supply chains to include many different external partners.

However, as supply chains are the way many enterprises differentiate themselves from competitors, managers will have to take the bull by the horns and ensure supply chain resilience. But what kind of resilience?

There are different definitions of what resilience in supply chains concerns. One point of view is that a supply chain will break at some time and that building in resilience is about minimising the damage through:

  • Resistance. The impact of a disruption is either avoided or contained. For example, you organise different modes of transport to avoid being blocked by a rail strike (avoiding a general problem) or you reroute all your truck deliveries to contain the impact of major roadworks (containing a specific problem).
  • Recovery. You repair a breakdown or fix a problem, stabilise your supply chain and return to normal or at least steady performance, as soon as possible. For example, having decided to use just one supplier for a certain good or service, if the supplier stops supplying, you scramble to find and bring on board an alternative supplier.



Wednesday, 13 July 2016 00:00

How data corruption works

Modern drives have advanced at an astounding rate in recent years, but despite all these innovations, media corruption still remains an issue in today’s data recovery industry. Before we delve into the deeper issues associated with media corruption, we need to understand what causes corruption and how it can be diagnosed within the context of data recovery.

What is media corruption?

Media corruption can be described as the loss or change of computer data during transmission or retrieval.

What causes media corruption?

Corruption is often caused when the data transfer process is interrupted or disturbed. This can be caused by electronics failure, power surges or internal mechanical problems.



Meeting DOT Compliance and other related Federal requirements in 2016 (and beyond) will continue to be one of the major challenges facing internal risk management teams in the transportation industry.

And as if the transportation industry was not already a business full of more than enough risk factors, this posting will present recent trends very likely to add to that risk list and broadly impact transportation enterprises (e.g. trucking) the rest of 2016 and long into 2017.

There’s no longer much question about whether federal health authorities are serious about cracking down on technology solutions providers that don’t take cybersecurity seriously.

Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) has agreed to pay $650,000 to settle “potential violations” of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), after patient data was stolen from a smartphone.



A funny but expected phenomenon is hitting the nascent 5G market: Providers and vendors are announcing tests, choosing sides and generally building hype long before anyone knows precisely what 5G is.

CNET’s Roger Cheng reported today that Verizon has made what appears to be a broad announcement regarding its path forward on 5G. The company has established radio specifications for 5G with its vendors that put in place “a common blueprint for everyone regarding the network infrastructure, processors and devices.”

The reality is that 5G standards are still in the formative stages. According to Franz Seiser, the vice president of Core Networks and Services at Deutsche Telekom, standards are important, but achieving global standards will also be central to realizing the full potential of the emerging technology: “There is a huge competition but we need to be very careful about not ending up with fragmentation if some [in the industry] are moving too fast and too far. We need global standards,” Seiser explained.



Tuesday, 12 July 2016 00:00

DevOps Done Right, the First Time

The benefits of converting to a DevOps model of IT operations are becoming plainer by the day, but the process of converting today’s management stack to an agile architecture is still mired in confusion.

DevOps alone, of course, will not make you agile, but it is a key enabling technology that allows for much of the continuous development and IT automation that will finally allow organizations to shed the hands-on control of data infrastructure to focus on more productive activities.

In today’s fast-paced economy, DevOs will not only be the preferred means of pushing new services to users, it will be the only way. As Datamation’s Andy Patrizio notes, the six-month or more time lag between request and fulfilment for new services simply will not cut it, particularly now that the cloud has provided a convenient alternative to IT. Under a DevOps model, everyone with a stake in the application – which includes developers, users, infrastructure managers and even the bean counters – gets a seat at the table to determine the scope and nature of the project and its implementation within the data ecosystem. In this way, services not only play a more pivotal role in the business process, but multiple eyes can track their progress to see exactly how they can be made more relevant or powered down if necessary.



There are three things you need in order to turn a technology concept into a viable revenue-generating services business:

  1. The market opportunity. The stars need to be aligned and momentum needs to be in your favor.
  2. The building blocks. The vision to capitalize on enabling technology. The tight-knit plan to get you to where you need to be, and the GTM speed to get there quickly and efficiently.
  3. Execute, automate and scale. In today’s modern era, speed-to-market has never been more important, and scale is critical to long-term business success. Think not only about how you can implement, but how can you automate.



AUSTIN, Texas – Businesses and nonprofit organizations that sustained damage or losses from the May-June storms and floods can apply for a low-interest disaster loan from the U.S. Small Business Administration to help with their recovery.

“SBA disaster loans are the major source of federal disaster recovery aid,” said Federal Coordinating Officer William J. Doran III, who is in charge of FEMA’s operations in Texas. “The interest rates are low—as low as 4 percent for businesses and 2.625 percent for nonprofits for the life of the loan.”

SBA offers two types of disaster loans to businesses, small agricultural cooperatives, aquaculture and most nonprofits, including faith-based ones: physical disaster loans and economic injury disaster loans.

Physical disaster loans are used to repair or replace damaged buildings and business assets. Economic injury disaster loans help small businesses, small agricultural cooperatives, aquaculture businesses and most private nonprofits meet financial obligations they cannot meet because of the disaster.

Business owners may also be eligible to refinance existing liens or mortgages.

SBA low-interest disaster loans for businesses have several advantages:

  • SBA requires no collateral for both physical loans or economic injury loans less than $25,000. SBA requires the borrower to pledge as collateral only what is available, plus satisfactory credit and the ability to repay.
  • Applicants don’t have to wait for insurance settlements to obtain loans.
  • Loans are written for a length of time appropriate to the type of loan, but SBA may make adjustments in the length of the loan to lower the monthly payments. Loan amounts and terms are set by SBA and are based on each applicant’s financial condition.
  • SBA offers mitigation loans to help pay for improvements to reduce potential for future damage. These mitigation funds are available for up to 20 percent of the total amount of disaster damage.
  • SBA never charges an application fee or points for its disaster loans.

By law, SBA business loans cannot exceed $2 million.  If a business is a major employer, SBA may waive the limit.

The deadline to file for a physical damage disaster loan is August 10. The deadline for an economic injury disaster loan is March 11, 2017.

No one is obligated to accept a loan if approved. SBA gives applicants six months to decide whether to accept a loan.

Applicants may apply online using the electronic loan application via SBA’s secure website at DisasterLoan.sba.gov/ela.

Disaster loan information, application forms and a list of counties eligible for assistance are available online at SBA.gov/disaster, from SBA’s Customer Service Center at 800-659-2955 or by emailing DisasterCustomerService@sba.gov. Individuals who are deaf or hard of hearing may call 800-877-8339.

SBA representatives are also available at disaster recovery centers to provide information about disaster loans, the application process or help completing an SBA application. To find the nearest one, go online to the disaster recovery center locator at asd.fema.gov/inter/locator.

Completed applications can be mailed to:
U.S. Small Business Administration
Processing and Disbursement Center
14925 Kingsport Rd.
Fort Worth, TX  76155

# # #

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

No matter what precautionary measures schools take, there are many risks and “fires” that need to be put out on a daily basis. To keep staff and students safe and to protect school assets, a proactive approach to mitigating risk in schools is a necessity. The keys to a successful risk management program include careful, strategic planning while taking all relevant and potential factors into consideration, but how can administrators get started?

By identifying potential risks and applying a process to assess them, schools can focus on their objectives more clearly, including top priorities like student and employee wellbeing. Effective risk management reduces the disruption of a student’s education, damage to a school’s reputation, lost time, stress from managing incidents, and the potential risk of legal intervention in an increasingly litigious world. School administrators can explore these strategies as they strive to enhance their risk management initiatives:



Joint External Evaluation team in Washington DC

The Joint External Evaluation Team joins U.S. Department of Health and Human Services (HHS) and U.S. Department of Agriculture (USDA) colleagues in front of the Humphrey Building, Washington DC, May 2016

A team of evaluators takes an independent look at our systems

The Story Behind the Snapshot

At first glance, this photo taken on a set of concrete steps in Washington, D.C., may look like an ordinary group shot—but it took an extraordinary series of events to make it happen.

The photo shows colleagues from U.S. Department of Health and Human Services (HHS) and U.S. Department of Agriculture (USDA) standing alongside a team of 15 international experts from 13 different countries, known as the Joint External Evaluation Team. The team had been invited by the U.S. government to assess how well the country is prepared to prevent, detect, and respond to major public health threats. The goal was to receive an independent and unbiased evaluation of our capabilities.

We would never have arrived at this moment without these things: a wake-up call, a historic agreement, and a renewed commitment to work together to protect the world’s health.


Leading up to now: A brief timelineInternational Health Regulations: Protecting People Everyday

Near the turn of this century, the emergence of diseases like severe acute respiratory syndrome (SARS) and H5N1 influenza was a big wake-up call and showed the world more clearly than ever that a health threat anywhere is a threat everywhere — what affects one country affects us all.

Eleven years ago, countries came together to sign the International Health Regulations (IHR), a historic agreement which gave the world a new framework for stopping the spread of diseases across borders. The IHR obligates every country to prepare for, and report on, public health events that could have an international impact.

However, five years after the IHR went into effect, nearly 2/3 of countries were still unprepared to handle a public health emergency.

Two years ago, the Global Health Security Agenda (GHSA) gave countries common targets they can work toward to stop infectious disease in its tracks. This led to the need for the Joint External Evaluation Team, an independent group that travels to countries to report on how well public health systems are working to meet global health security goals.

Last October, the Centers for Disease Control and Prevention (CDC) and the Office of the Assistant Secretary for Preparedness and Response (ASPR) began working together to arrange for the team to visit the U.S.

In May, the team’s five-day visit took place. Two days were spent in Washington, D.C., assessing federal response capabilities. The remaining three days were spent at CDC, because the agency works in nearly all of the 19 technical areas included in the evaluation.

On the final day of their visit in Atlanta, the evaluation team shared their preliminary results.

What the team found

They recognized the high level of scientific expertise within CDC and other federal agencies, and the excellent reporting mechanisms managed by the federal government.

They also identified opportunities for improvement in some areas, such as:

  • Combining and utilizing data from multiple surveillance systems, including systems that monitor human, animal, environmental, and plant health
  • Conducting triage and long-term medical follow-up during major radiological disasters
  • Communicating risks quickly and consistently with communities across the country

They specifically recognized the challenges any federal public health system faces, and advised the U.S. to continue improving the understanding of the IHR among different federal and state agencies. Their observations will help drive improvements for programs throughout CDC and the nation.

The U.S. requested this unbiased review of its response capabilities and hopes that the entire world will do the same. Like other countries who have undergone this process, the U.S. will soon share the final report of the Joint External Evaluation with the public.

For More Information

The Business Continuity Institute - Jul 08, 2016 10:33 BST

More than half of UK office workers say their employers have provided no cyber security awareness training leaving organizations vulnerable to malicious intrusion into their IT systems, according to a study by ISACA.

You wouldn't invest in security for your home and then leave the key to the front door under the welcome mat and the alarm code written on a post-it note next to the control panel. Yet this is effectively how some people treat their IT security. For example, The Cyber Security Perceptions study found that 14% of respondents have used an easy-to-guess password to save time, 16% have shared their password with others, 15% have used a USB stick that wasn’t theirs, and 11% skipped the opportunity to use multi-factor authentication because it wasn’t convenient.

The study also revealed that more than one in three respondents (36%) say they could not confidently define a phishing attack - a scam in which someone poses as a reputable organization in email, IM or social media messages in order to solicit information - and one in five (19%) have fallen prey to phishing emails. Additionally, when asked to priortise between a fast internet connection and a secure one, 1 in 3 chose speed.

The Cyber Resilience Report, recently published by the Business Continuity Institute, revealed that two-thirds of organizations experienced a cyber security incident during the previous year and 15% experienced at least 10. This shows that the cyber threat is very real and organizations need to take it seriously, and this begins with educating employees so they know what they can do to help prevent an attack from happening.

It is critically important that we create awareness in cyber security and in multiple roles within an organization,” said Christos Dimitriadis, chair of ISACA’s board of directors. “The human factor is critical when creating cyber security capability, and education based on practical guidance is key to reducing the related business risks.

Consumers are confident - perhaps overly so - in their own abilities to keep their data safe. But these findings show that a gap exists between perception and reality. By failing to educate employees, organizations are leaving themselves more vulnerable to attack,” said Dimitriadis. “Ransomware, for example, is a fast-growing threat and phishing attacks are commonplace. Employees should be taught what these terms mean and the role they play in defending against them. Starting with better education and training in the workplace, we can help to improve safety and security online.

Tuesday, 12 July 2016 00:00

BCI: Brexit - identifying your exposure

The Business Continuity Institute - Jul 06, 2016 16:31 BST

The uncertainty regarding Brexit continues and I have been pretty much glued to the news, watching each twist and turn of the aftermath including this week’s EU summit, the disintegration of the Labour party, and the start of the Conservative leadership election. Being in Scotland, there is the added dimension of Scotland’s place in Europe and Nicola Sturgeon’s overture to EU leaders to try and ensure that Scotland remains within the EU. As I have heard in the news, there is no playbook for Brexit or contingency plan - we live in uncertain times and we do not know how this will end.

From a business continuity or crisis management point of view, Brexit is reinforcing what we have always said. If there is an identified threat, it is a good idea to have a contingency plan. It appears that there isn't one, and nobody has thought about it. Secondly, it is good to have a crisis management team who can manage the incident. Until Labour and the Conservatives sort themselves out, we don’t have a team of people to manage the incident. The chaos and uncertainty we have at the moment is a symptom of not having a team to manage the incident or a plan to work to!

When I wrote last week’s blog (Brexit - the opportunity?) I suggested that you carry out a risk assessment looking at your company’s exposure to Brexit. If you haven’t done already, I suggest you do so. I recommend looking at what is our worst case, best case and most likely case, and then develop appropriate risk mitigation measures.

I think once this is done, you should start to look at your business model, supply chain and your organization’s exposure to Brexit. I think as you look at things in detail, you may find your exposure is deeper than you think.

Some issues you may want to consider:

1. Is your business model dependent on access to the EU common market as it is at the moment? Easyjet is very dependent on the EU Open Skies Agreement and so is thinking of moving its headquarters elsewhere in Europe as the UK may not be part of that agreement in the future. The agreement is also held with the USA, and so it may affect transatlantic carriers such as BA and Virgin.

2. As the UK is a major financial centre, how might changes to the status of UK financial intuitions impact your organization? This may have a knock on impact to your pension funds, investments and the ease of doing business with Europe.

3. How many EU staff does your organization employ? What might be their status if we leave the free movement of people within the EU, might they have to go back to their country of origin? I very much hope this is unlikely, but we should plan for this risk. Secondly perhaps many of them may return, fearing this may happen or feeling unwelcome within the UK, leaving your organization haemorrhaging experienced and skilled staff.

4. Have you mapped your supply chain exposure to Europe? There is the possibility of having to revert to World Trade Organization Tariffs. Does your organization understand what these are and what the impact would be of additional cost on your business model? As there may not be free movement of goods, this could delay delivery of goods or parts to the UK and the delivery of your products to customers within Europe.

5. If you are using IT cloud services or software as a service how might they be affected by Brexit. Might the UK government say that all personal data should be located within the UK as opposed to it being housed within the EU? This could be an opportunity if you can house your company’s personal data anywhere! If data must be housed in the UK this could lead to an increase in price of services as demand will go up and it will take some time to increase supply.

There are so many questions and at the moment very few answers! As a start, I suggest you try to understand your organization’s exposure to Brexit and once this is known, then you can begin to put into place how your organization may deal with the different possible impacts.

Charlie Maclean-Bristol is a Fellow of the Business Continuity Institute, Director at PlanB Consulting and Director of Training at Business Continuity Training.

During my trip to the Enfuse 2016 conference in May, I had a conversation with Paul Shomo, senior technical manager, Strategic Partnerships with Guidance Software. One of the things we talked about was the importance of companies taking a more data-centric approach to information security.

When we think about breaches, Shomo explained, malware and how it breaks through the network is what often comes to mind. To that end, social engineering is the primary tool for injecting malware. Hackers rely on the vulnerabilities of humans and software systems to break through the perimeter quickly, which gives them the ability to move around the network with ease. The malware and the hacker’s infiltration can go on for months without detection, and users have no idea, Shomo added:

Hackers don’t leave a lot of evidence like regular users do, so people don’t think enough about investigating breaches in terms of what users are doing on the network. A lot of times you can’t tell the difference between a hijacked user account that’s controlled externally versus an inside threat.



Cloud computing is the future of services, but most MSPs aren’t sure how to get there or how to get started. Amazon and Microsoft seem like the easy choice, but is the “one-size-fits-all” cloud really the right fit for your business? Commodity cloud has an unprecedented speed of delivery; there is no doubt about that. You swipe your credit card, and--viola--you’re done. But what’s next?

Try asking Amazon for advice, and you’ll start to see your professional service fees stack up high enough to give your accounting department a conniption. For a company that originally sold books online, you’d figure they ‘d be more than happy to help educate their customers on how to be successful. ... Unfortunately, this isn’t the case.

That’s why companies like Rackspace have an entire business around managing other companies’ clouds. But how can the MSP get the same level of service and “fanatical support” without forking over thousands of dollars each month to a middleman (who may be competing for end user business)?



The result of the UK referendum was clear, more than a million people tipped the scales in favour of Leave. There will be at least a two-year period (some say five) before the UK decouples from the EU. It will be a time of profound uncertainty and many are concerned about its effects on cyber-security and data privacy.

Cyber crime

So are we likely to see an uptick in cyber-crime as a result of Brexit? Whatever the outcome of UK negotiations with the EU, this will be a period of change and for hackers change creates opportunities. As Ken Munro at Pen Test Partners says: “Scammers are nothing if not opportunistic, any point of change creates an opportunity for phishing attacks…there is a potential for invoice fraud, scammers can step in.”

Ilia Kolochenko, CEO at High-Tech Bridge based in Geneva has another concern:
“A recession in the economy may cause serious problems in all industries, including cybersecurity. It's not only about potential lack of new investments and corporate income, but also about more aggressive competition on the market.”



Last year, CIO, CSO and PricewaterhouseCoopers released a new Global State of Information Security survey, which polled more than 10,000 executives from 127 countries about IT security. The results were a mixed bag, with security incidents up 38% over 2014 but corresponding budgets rising only 24%.

The survey reflected broad thinking about how companies are trying to defend themselves from hackers as well as employees, the most often cited sources of security compromises. But despite the continued growth in hacks and other security incidents, there were some important signs that security threats aren’t being taken seriously enough at the executive level. For one, the poll found that only 45% of boards participate in overall security strategy.



Friday, 08 July 2016 00:00

Step by step guide to a tape migration

What does a typical tape migration process look like?

There is no standard tape migration project as every project is different. Several factors such as the amount of tapes, the formats used, the associated software and hardware solutions, the specific requirements of the business, etc. all play into the specific needs of the company.

However, it is safe to say that any project should include, at the very least, four major components: consultation, proof of concept, tape processing and project completion.



Thursday, 07 July 2016 00:00

FEMA Warns of Disaster-Related Fraud

(TNS) - As thousands of West Virginians are at their most vulnerable after a 1,000-year flood event, the Federal Emergency Management Agency (FEMA) is warning of scammers who may attempt to cheat flood victims.

A FEMA media release said scammers may pose as inspectors, government officials, volunteers or contractors.

"These people may try to obtain personal information or collect payment for disaster assistance or repairs," the release said.

FEMA offered these tips:



The demand for high performance computing (HPC) is escalating in high compute workloads such as high traffic front-end fleets, MMO gaming, media processing transcoding and High Performance Computing (HPC) applications like seismic analysis for oil and gas, or trading in financial services.

Once reserved for the computational fluid dynamics of transportation vehicle design and seismic processing of the energy industry, HPC now supports high-frequency trading in financial services and enables more effective patient treatment in the healthcare industry.

Demand for HPC is growing faster than many corporate in-house data centers can accommodate, and enterprise IT teams don’t want to sacrifice convenient access to colocation facilities in order to access high density power and cooling solutions.



(Bloomberg) — Amazon’s cloud computing division remains “committed” to opening a London data center by early next year, even after the British public’s vote for the UK to leave the EU.

It will also offer local customers the option of hosting data in Germany or Ireland, a company executive said Thursday.

“Demand for all our services is growing across all Europe. For us it’s business as usual,” Stephen Orban, head of enterprise strategy at Amazon Web Services, said in an interview at a customer conference Thursday in Frankfurt.



(TNS) -- When public safety experts say "this is a good thing," it's usually a lesson worth learning.

Such was the case last week with a string of tornadoes that raked north-Central Illinois, including Pontiac, where seven people were injured.

"Thank God for today's technology because I think that helped saved a lot of lives," Livingston County Sheriff Tony Childress told The Pantagraph. "Everybody seemed to get warning about this storm and were able to seek safety. This could have been a whole lot worse."

Pontiac Mayor Bob Russell agreed. "When you see all of the damage here, the fact that nobody was hurt more seriously is a miracle."



Pandemic planning seems to be a low profile area at the moment but if you think your organization is safe from a pandemic, think again. Ann Pickren overviews the subject and looks at what to include in your business continuity and disaster recovery plans.


Unlike a regionally defined epidemic, a pandemic is capable of spreading virtually anywhere on the planet. This means that a pandemic may not only impact your staff and operations, but could compromise businesses all along your supply chain, your customer base, remote plants and much more.

Pandemics have come and gone for centuries, with the modern world suffering three major influenza pandemics in the last century (1918, 1957 and 1968). The 1918 influenza pandemic lasted three years, killing more than 50 million people, making it one of the deadliest natural disasters in human history.



The recent suicide bombing in Istanbul and the Paris bombing last November killed and injured innocent bystanders and sent shockwaves around the globe. Such attacks also cause organizations to question international travel out of fear of putting their key executives and employees in harm’s way.

As the risk profile changes in some locations that were once considered safe, it is critical to reassess and more deeply examine company programs to protect business travelers abroad.

First of all, for companies and their insurance advisors, there is no substitute for great advance planning. If a company is contemplating overseas travel and can establish well in advance that there exists a need for key person insurance, the coverage is easier to obtain and more cost effective. The reality is that the heightened awareness around a dangerous trip often results in an insurance need being developed or uncovered with little notice. When this need arises, the underwriting process migrates from the traditional life and disability insurance market to the playing field of high limit or specialized risk underwriters.



Wednesday, 06 July 2016 00:00

FEMA: Beware of Disaster Related Fraud

CHARLESTON, W.va – West Virginians whose homes were damaged in the recent storms and flooding may encounter people attempting to cheat them by posing as inspectors, government officials, volunteers or contractors. These people may try to obtain personal information or collect payment for disaster assistance or repairs.

Please keep in mind that Federal Emergency Management Agency (FEMA) employees DO NOT solicit or accept money from disaster survivors. Many legitimate disaster assistance employees may visit your property such as insurance agents, damage inspectors and West Virginia Division of Homeland Security and Emergency Management (WV DHSEM), FEMA and U.S. Small Business Administration staff.

Here are some tips to remember to safeguard against fraud:

  • Ask to see ID badges. All FEMA representatives will have a laminated photo ID. A FEMA shirt or jacket is not proof of identity. If you are unsure or uncomfortable with anyone you encounter, please contact local law enforcement.

  • Safeguard personal information. Be cautious when giving personal information such as Social Security or bank account numbers to anyone. FEMA will only request an applicant’s bank account numbers during the initial registration process. However FEMA inspectors will require verification of identity.

  • Beware of people going door-to-door. People knocking on doors at damaged homes or phoning homeowners claiming to be building contractors could be con artists, especially if they ask for personal information or solicit money.

  • Federal workers do not solicit or accept money. FEMA and SBA staff never charge applicants for disaster assistance, inspections or help to fill out applications. FEMA inspectors verify damages, but do not involve themselves in any aspect of the repair nor recommend any contractor.

  • FEMA Disaster Survivor Assistance teams may be in your community providing information and assisting people in registering with FEMA or updating their files. The teams coordinate their activities with local emergency managers and make local law enforcement agencies aware of their presence. The teams always consist of at least two people, and may include employees of WV DHSEM as well as FEMA. They will always be wearing FEMA or WV DHSEM shirts and laminated photo IDs. Disaster Survivor Assistance teams never ask for or accept payment for their services.

Always use licensed and bonded contractors and ask for credentials. Use West Virginia contractors if you can. You can verify a West Virginia contractor’s license online at wvlabor.com/newwebsite/Pages/contractor_searchNEW.cfm. Never pay for anything in advance of work being done.

The consumer protection hotline for the Attorney General’s office is 1-800-368-8808.

Consumer Protection & Anti-Trust Division

P.O. Box 1789,

Charleston, WV 25326

Toll-Free: 1-800-368-8808

Phone: 304-558-8986

Fax: 304-558-0184


If you have knowledge of fraud, waste, abuse or allegations of mismanagement involving disaster relief operations, call the FEMA Disaster Fraud Hotline at 866-720-5721.

Disaster survivors in Clay, Fayette, Greenbrier, Kanawha, Monroe, Nicholas, Roane, and Summers counties may be eligible for FEMA’s Individual Assistance program. Survivors in those counties can register for FEMA Individual Assistance online at DisasterAssistance.gov or by calling the FEMA helpline at 800-621-FEMA (3362), which is video relay service accessible. People who are deaf, hard of hearing or who have difficulty speaking may call TTY 800-462-7585. Lines are open 7 a.m. to 10 p.m. local time until further notice.

For more information on West Virginia’s disaster recovery, visit fema.gov/disaster/4273,  twitter.com/FEMA, facebook.com/FEMA and fema.gov/blog.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462- 7585.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

(TNS) -- The Delray Beach, Fla., Police Department wants its residents to know: They're watching.

The department begins construction next week of a control room on the second floor of the police department, where cameras strategically placed throughout the city will feed live images to officers. The goal, as part of a three-phase plan, is to watch the city more closely to prevent and deter crime.

"We're not Big Brother and this is not '1984,' " said Capt. Thomas Mitchell, who heads the investigative unit and is overseeing the technology initiative. "This is a prevention tool."

Several city buildings — such as City Hall and the police department — have been equipped with security cameras for years, but there has never been a central location to view the surveillance footage.



Wednesday, 06 July 2016 00:00

Abdicating Responsibility

Sorry I’ve been quiet on the blog post front but I’ve had a hectic few weeks involved in all kind of interesting conversations and events (even manning the booth at a couple of them), what’s been noticeable at these events is the amount of similar discussions I’ve had with businesses of all sizes, from small to large and all that’s in between and there’s been some interesting areas of commonality.

Over the next few weeks I’d like to share some of those with you. Up first has been something really interesting that has gone right to the top of my list and actually it came to light again this week when in a meeting with one of my favourite CIO’s. For this post let’s call him Bill (can’t share his or his companies name on this occasion), but Bill is a very astute CIO, very well connected, spends time doing all the things that you would expect, what is always interesting is when I bring something to the table he hasn’t thought about before.

Today was one of those rare treats, as I was sharing with him my last few weeks and some of the fascinating chats I’ve had, so what caught Bills interest?



While the long-term impact of Britain’s vote to exit the European Union remains to be seen, the immediate impact is uncertainty, which is rarely a good thing for any market, including the data center market.

Some of the biggest data center providers in Europe saw that immediate impact of uncertainty in their stock performance right after the referendum’s outcome was announced last Thursday. Equinix, Digital Realty Trust, and Interxion stock value dropped immediately, and while US-based Equinix and Digital have since recovered – Digital’s stock was actually trading higher than ever in the afterhours on Wednesday – the Netherlands-based Interxion had yet to regain its pre-referendum level.

As far as Brexit’s possible long-term impacts, among the chief concerns are potential expenses associated with compliance with whatever new regulations the UK establishes if and when its process of severing from the EU is completed, data center customers adjusting their infrastructure location strategies, the status of data center industry workers in the UK who are EU citizens but who do not have British passports, and whether or not British tech and financial-services industries, both of which have historically been a big source of revenue for data center providers and equipment vendors, will continue to see the same level of investment they have seen in the past.



Wednesday, 06 July 2016 00:00

Cyber Criminals attack on Third Parties

When enterprises such as health insurance providers and supermarket chains hold millions of customer names together with social security numbers or credit card details, they become preferred targets for hackers.

One successful attack can garner huge amounts of valuable data, and beats launching millions of attacks at one end-customer per attack (even if that were possible).

The same holds true for businesses, instead of private customers. If you have not asked the following information security questions to your third party service suppliers, now is the time.

Third party suppliers can hold a surprisingly large amount of information about businesses like yours, and about your customers too.



Many of today’s businesses are faced with the challenge of identifying and deploying an IT infrastructure that allows them to maintain control of their applications and data, while still being cost effective and flexible. That’s why many organizations are adopting a hybrid IT model that enables them to move some applications to the cloud, while keeping others in a more controlled setting. There is no one-size-fits-all solution, and the IT environment or combination of environments that is right for your organization will largely depend on your requirements, resources, finances and comfort level.

Cloud Hosting

Businesses are increasingly deploying to cloud environments for a multitude of reasons. The cloud generally offers the fastest time to market, and organizations can rapidly deploy software and technologies without the upfront capital-intensive investment in new infrastructure. Cloud providers typically offer many features that can be purchased a la carte, and it is easy to increase or decrease compute capacity rapidly. Companies are turning to the cloud for everything, from testing and development to hosting of full production applications. In addition to speed of deployment and flexibility, leveraging these environments generally requires less investment in human capital.

Other considerations:

  • Does the cloud environment have the level of redundancy required?
  • Does the cloud environment have the level of security required?
  • Can I select the level of connectivity I need, as well as specific carriers?
  • How much control do I have, and should I deploy a public or private cloud?
  • As I grow my business, at what point does the cloud become too costly?



In today’s digital age, it’s no surprise that many organizations leverage their intranets as a place to house emergency response plans, workplace safety protocol and other important documents. After all, every employee has access to the intranet, which must make it the ideal place to house business-critical planning materials, right? Not exactly.

Today, more than 50 percent of organizations use website announcements, including intranet postings, to communicate with employees during an emergency or crisis situation. However, using your intranet for business-critical communication presents several problems. One of the biggest is that this approach is much more time-intensive than other methods, especially mobile safety apps. And during any emergency—whether a worksite accident, severe weather, IT outage or anything in between—your organization needs to respond as quickly and effectively as possible.

Let’s examine some of the ways that using a mobile app, rather than a company intranet, provides time savings for your safety programs:



In a new Radware survey 84 percent of US and UK information technology executives at companies that had not faced ransom attacks said they would never pay a ransom; however, 43 percent of respondents from companies that had been attacked said that ransoms had been paid. This is one of the findings from Radware’s 2016 Executive Application & Network Security Survey. Radware polled more than 200 IT executives across the US and UK for the study.

The study found that US companies were far more willing to admit that they would pay a ransom. Among US firms who had not been attacked, 23 percent indicated they were prepared to pay a ransom, in contrast to the 9 percent in the UK.

Companies that paid ransoms reported an average of $7,500 in the US and £22,000 in the UK.

“This is a harbinger of the challenging decisions IT executives will face in the security arena,” said Carl Herberger, Radware’s Vice President of Security Solutions. “It’s easy to say you won’t pay a ransom until your system is actually locked down and inaccessible. Organizations that take proactive security measures, however, reduce the chance that they’ll have to make that choice.”

In addition to the responses to ransom attacks, the survey also found that companies see work-from-home arrangements as an increasing risk. The survey found a big jump in changes to telecommuting policies, with 41 percent of respondents saying they have tightened work-from-home security policies in the last two years.



Tuesday, 05 July 2016 00:00

The Importance of Executive Sponsorship

The most commonly cited obstacle to Business Continuity (BC)/Disaster Recovery (DR) program success is a lack of management support, and this is for good reason. New and non-established BC Management (BCM) programs have to overcome serious inertia in order to succeed.

Full-Time Equivalents

Business continuity is not a core competency of most organizations and few employ a full-time team of BCM professionals. According to the 2014 CI/KPMG benchmarking survey, the majority of organizations have between 0 and 2 FTEs dedicated to primary BC/DR functions:



When natural disasters strike, news stories frequently cover damage to homes and consumers, but businesses often experience greater losses, ranging from physical destruction to downtime. A key element for firms to survive in a disaster scenario is the development and deployment of a strong business continuity (BC) plan.

Evolve IP, a cloud services company based in Wayne, Pennsylvania, warns that now is not the time for businesses to become complacent about their business continuity plans because of the historical patterns of two related events: El Nino and La Nina. Both of these conditions occur when the Pacific Ocean and the atmosphere sustain significant temperature changes.

The most recent El Niño season was the worst in two decades, causing billions of dollars in damages and losses. But now comes La Nina. The last significant La Niña was tied to record winter U.S. snowfall, spring flooding across the country, and drought conditions in the south and Midwest. The National Oceanic and Atmospheric Administration (NOAA) says there is a 75 percent chance that La Niña will be in place by the fall and potentially last up to three years. This one could result in larger hurricanes making U.S. landfall; that would have a significant impact on hundreds of thousands of businesses.



(TNS) -- When a glitch in phone company systems left Baltimore without 911 service for over an hour last week, The Baltimore Sun wanted to know how often such outages occur.

Public records made it clear that the outage wasn't unique, but much of the information about problems with 911 is confidential, making it difficult to figure out just how often the emergency phone system is out of action. The secrecy highlights the 911 system's strange role as a critical lifeline to police and fire departments, but one that is almost entirely run by private companies.

The Federal Communications Commission requires phone companies to submit reports about outages that affect a large number of people or that last for a long time. But the agency doesn't release the reports because they could contain proprietary information about how the companies set up their networks. When the Government Accountability Office investigated outages in 2015, it didn't even bother to look at the reports. Investigators wrote in a footnote that they saw no point in reviewing data they couldn't talk about publicly.



Hackers are not only an issue for celebrities with embarrassing photos they don’t want made public. Large corporations are also victims of cybersecurity breaches, and it is an ongoing problem that needs a solution. Trade secrets, internal emails, even unremarkable communications between colleagues can be accessed by criminals and become a major crisis. As recently as May 27, 2016, MySpace passwords were stolen for a price of $2,800, putting the company in a bad light and users at risk.

Cybersecurity breaches can happen at any time to any company. The Security Solutions VP of AT&T, Jason Porter, stated “In 2015, 62 percent of organizations reported having security breaches. Forty-two percent of these businesses said the negative impact on their business was significant. Yet 66 percent of organizations have no effective incident response plan.” Don’t wait until your business is targeted to resolve this problem and protect your valuable data from outside hackers.

The following are tips to help businesses avoid cyber attacks and protect their valuable data:



Even as government agencies slowly move to the cloud, most end users’ organizations are enjoying many benefits of moving to the cloud. To be successful, each must understand the security controls deployed at each cloud provider. They also need to understand what dedicated security devices are defending, data and applications, and each unique architecture (and potential loopholes). Below are just a few factors cloud and applications vendors should consider when helping end users or government agencies when moving to the cloud:



See below for webinar slides from Active Shooters to Office Closures: Effectively Communicating with Your Employees where James Green, Business Continuity Program Manager, PSCU, discussed how his organization communicates with employees during emergencies and daily operational activities.



The Republican National Convention (RNC) is taking place in my hometown, Cleveland, OH, in just a few short weeks. I can feel the energy and excitement everywhere I go. Of course, that energy has been amplified by the fact that the Cavs just brought home the first major sports title in 52 years, but, regardless, the city is buzzing.

Even though most people are excited to see this scale of an event take place in Cleveland – and, let’s be honest, finally have the opportunity to show everyone why the nickname ‘mistake by the lake’ no longer applies – the entire city and nearly all organizations that operate here will be disrupted.

How? Well, access for one thing:



Friday, 01 July 2016 00:00

BCI: Brexit - the opportunity?

The Business Continuity Institute - Jul 01, 2016 10:24 BST

Are business continuity managers internal optimists, and do we really believe that we will be effected by an incident? Do we peddle our profession secretly believing, or hoping, that it will never happen to us and that our plans will never be implemented? This has happened to me. I, until the very last moment, believed that ‘remain’ would prevail and I didn’t need to worry about the vote.

There was recently a section on the 1 o’clock news when a number of pollsters and punters gave their predictions for the vote, and almost all said they believed that remain would win. Even a farmer who had four pigs, two named after remain politicians and two named after the leave campaign, including one called ‘Boar-is’, and raced them every day to predict who would win, said the remain campaign would win as remain pigs won more races. I was so sure Brexit would never happen that I hadn’t even bothered to write a business continuity bulletin on the subject. The people in the BC Training office recycled a Scottish Independence bulletin to cover the subject.

Perhaps I was not the only business continuity person who was of this mind-set. I was at the East Midlands BCI forum on the day of the vote, and there was very little talk of the referendum, perhaps we were all fed up of the agro associated with it, and absolutely no talk of any contingency plans for Brexit.

So what should we be doing, as business continuity people, to deal with this new situation? If, like me, you haven’t prepared for this, then let me share a few thoughts:

A good incident tool is to plan for different scenarios taking into account all the different variables. Will it be the two year exit under Article 50 which will be fast and unpredictable, or will it be a slower negation, which gives us time to prepare? What is our exposure to European trade and how might if effect our staff if they are EU, non UK, citizens? There is also the extra dimension of a further Scottish referendum. As the news people would say, we are in uncharted territory, so I think you have to look at all variables and all possible options.

We should then look at what is our worst case, best case and most likely case, and develop appropriate risk mitigation measures. These should be agreed by top management and the organisation should monitor events as they occur and adjust the mitigation measures as the situation changes.

In all crises or incidents there is always an opportunity and the smart business continuity manager will recognise this. As David Cameron warned, we have now jumped out of the plane and we cannot clamber back into the cockpit, so we must embrace the change and look for the opportunity that this new world brings. Maybe it is also for me to review my business continuity plan, because as we tell everyone else, the incident we don’t want to happen could occur tomorrow!

Charlie Maclean-Bristol is a Fellow of the Business Continuity Institute, Director at PlanB Consulting and Director of Training at Business Continuity Training.

The average cost of a data breach for companies surveyed has grown to $4 million, a 29% increase since 2013, with the per-record costs continuing to rise, according to the 2016 Ponemon Cost of a Data Breach Study, sponsored by IBM. The average cost hit $158 per record, but they are far more costly in highly regulated industries—in healthcare, for example, businesses are looking at $355 each, a full $100 more than in 2013. These incidents have grown in both volume and sophistication, with 64% more security incidents reported in 2015 than in 2014.

Ponemon wrote:

Leveraging an incident response team was the single biggest factor associated with reducing the cost of a data breach–saving companies nearly $400,000 on average (or $16 per record). In fact, response activities like incident forensics, communications, legal expenditures and regulatory mandates account for 59 percent of the cost of a data breach. Part of these high costs may be linked to the fact that 70 percent of U.S. security executives report they don’t have incident response plans in place.

With so much on the line, more and more companies and consumers continue to search for whom to hold accountable for cybersecurity failures, and the message is becoming clearer: executives need to get serious or watch out.



(TNS) - A severe weather event during Burlington Steamboat Days was used Tuesday afternoon as a situational example for Des Moines County to discuss how they would respond in an emergency.

If tornadoes, flooding and power outrages were to occur during a major community event - how would county agencies work together to mitigate the disaster?

The almost 80 business leaders, public officials and safety officers participating in the Federal Emergency Management Agency's training course worked through how their different agencies would respond when faced with infrastructure damage and personal injury across the county.



Symantec makes security software for the enterprise market. They also sell a line of products for the consumer market under their Norton brand. All of their anti-virus products use the same core engine and that engine has been found to have high level and potentially devastating security vulnerabilities. Symantec SYMC +1.18% has patched these vulnerabilities and if you are using a Symantec or Norton anti-virus product you should make sure your software is upgraded right now.

The vulnerabilities in Symantec’s core engine were uncovered by a team at Google's GOOGL +0.27% Project Zero and made public in a blog post by Tavis Ormandy. According to Ormandy

These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.



It might sound like something that lurks in damp soil, but process ROT is actually becoming a widespread problem for many organizations.

Process ROT occurs when established business processes become hampered by redundant, obsolete and trivial (ROT) information. It’s something that’s happening within large numbers of organizations, yet many are not aware that it is occurring, nor are they aware of the potential risk and compliance implications.

ROT becomes a business problem because humans tend to be natural information-hoarders. Throughout organizations, people tend to collect and store large volumes of documents and other materials and are very reluctant to ever delete them.



A series of cyber fraud attacks targeting financial institutions through the SWIFT global messaging system has prompted an industrywide review of IT security measures and has highlighted the rising risk of cyber fraud against financial institutions in Southeast Asia and beyond. SWIFT has responded with a five-part customer security program to reinforce the security of the global banking platform, yet its CEO has warned “there will be more attacks.”

Cyber fraud risk is heightened in developing countries that often lack the technological resources to detect and thwart such attacks, while geopolitical dynamics also play into the risk equation. In light of these factors, Access Asia views Southeast Asia as a region of heightened risk for cyber fraud targeting financial institutions due to socioeconomic conditions, proximity to suspected centers of cyber fraud operations in North Korea and China and the existence of strong transnational criminal networks.

Indeed, one of the most recent cases to come to light involves an attempted attack on Vietnam’s Tien Phong Bank (TP Bank), while the money trail of an $81 million cyber heist from the State Bank of Bangladesh’s account at the New York Federal Reserve in February has been traced to the Philippines. Hong Kong (which lies on the periphery of Southeast Asia) is the reported end of the money trail for a US$2 million cyber theft on an Ecuadorian bank in early 2015, while the Philippines was also the target of an earlier attack in October 2015.




Regina Phelps recently joined forces with Everbridge and recorded a webinar that explores in-depth strategies for improving your disaster and crisis management. Previously in part four of this five part series, Regina discussed what a governance document and a communication matrix are, and what their content should be. If you missed part four, you can access it here

In this installment of the series, Regina discusses communications plans, as well as why and how to build a communications schedule.



(TNS) - The people handling security for the nation’s busiest malls and amusement parks are no longer retired cops. They are a 24-year veteran of the FBI, a former CIA operative and the onetime chief of counterterrorism for Scotland Yard.

The theme-park industry’s annual security bill, already roughly $250 million a year, is expected to grow by more than $100 million over the next few years, according to one consultant. Disneyland, Universal Studios Hollywood and SeaWorld all installed metal detectors outside their gates for the first time in December.

“Lone wolf” shootings, including those at the Pulse nightclub in Orlando, Fla., this month, and in San Bernardino in December, have forced businesses to shoulder more of the cost and responsibility of securing America against terrorism.



Government and technology are far apart as cultures. Government is deliberate. A wise leader does not subject his roads, power grid and economy to whimsy. He plans everything. Technology is experimental. Technology is Leonardo da Vinci taking a half-dozen naps each day. Technology is making things work now and worrying about the consequences later. Government creates lists, policies and protocols to ensure the bathrooms are stocked with the correct number and type of shampoo, towels and soap. Technology doesn’t like taking showers. Technology is Steve Jobs wearing the same thing every day and only eating fruit. Technology wears an unruly beard. Government wears a tie that’s approved by a policy that was written by a committee following six years of research.

But, alongside society, government’s conservative ways are relenting. Once fearful of inviting criticism, a nudge from the economy has left government willing to ask the public for help. And most importantly, the popularization of technology means the public can help and people are empowered by digital tools. The result is that civic tech — the place where government interests intersect with community-minded activists who are ready to donate their time and talents — is the public sector’s fastest-moving innovation inlet.

People are collaborating across institutional boundaries. The markets and organizations that support civic tech are growing wiser and better organized. Government is opening its doors and converting opponents into allies. Technology itself is exciting — there are scores of new inventions each day — but the civic tech movement, in its immaturity, leaves untouched even more territory, more potential to realize its simple directive of making the nation’s cities, counties and states better places to live.



Despite the many potential benefits of big data analytics, the unrestrained creation and retention of data has the potential to bury organizations under a mountain of legal, regulatory and operational challenges. According to IDC, by the year 2020, about 1.7 megabytes of new information will be created every second for every human on the planet. Meanwhile, MIT Technology review estimated that only 0.5 percent of all the data we’re creating is ever analyzed. While most organizations would benefit by increasing this percentage, it’s clear that “dark data” – the information organizations collect and store, but fail to use for other purposes – is mostly debris that serves only to increase infrastructure costs and expose organizations to risk and liability, especially when this data flows beyond the firewall.

Organizations of all sizes and types now typically share information via unified communications, including instant messages, social media channels and text messages, and they rely on third-party information vendors to host and manage their data in the cloud. Unfortunately, such activities can expose organizations to the risk of significant fines and reputational damage because today’s evolving legal and regulatory environment makes organizations potentially responsible for information exposed by third parties. In fact, regulations such as SOX and BCBSS 239, along with evolving privacy laws, have now made compliance departments equally responsible with legal departments for the health of their organizations.

The symbiotic relationship is clear: Compliance investigations can quickly become legal issues and vice versa. This is especially true when it comes to data hosted, managed or controlled by third parties. For example, if an employee posts information about an employer on social media sites and that information falsely influences or encourages an action by a consumer that causes damage, the employer can be held liable. In addition, if a retailer receives data from a market research firm that did not follow EU privacy regulations in gathering that data, the retailer can be sanctioned for any use or retention of that data.



Data security and information governance are critical responsibilities of an IT team, especially when it comes to business intelligence (BI) and analytics strategies. But IT’s goals, needs and objectives as it relates to big data usage are at a stark contrast to their business user counterparts, who, thanks to the self-service movement, require agility and open access.

Business users tasked with analyzing big data to help their companies make timely and more meaningful decisions require immediate access to a wide variety of sources, including multi-structured, semi-structured and unstructured repositories. But IT professionals, who are the ones with their feet to the fire when it comes to data governance and protection, would rather make information available on an as-needed basis.

IT’s concerns around data security and governance are perfectly understandable given that much of the data needed for analysis contains unprotected personally identifiable data (e.g., Social Security numbers), sensitive personal data (e.g., medical records) and commercially sensitive data. And recent research by the Association of Corporate Counsel found that a significant number of corporate data breaches (30 percent) are due to employee error. With the insider threat so prominent in organizations across industries, making information widely available to business users can be a frightening concept.



Avanan researchers recently detected a massive ransomware campaign targeting Office 365 users, which was first launched on June 22, 2016.

The attack used phishing emails to distribute the Cerber ransomware, which encrypts users' files and demands a ransom (via both a warning message and an audio file) of 1.24 bitcoins (approximately $790) to decrypt the files.

"This attack seems to be a variation of a virus originally detected on network mail servers back in early March of this year," Avanan chief marketing officer Steven Toole wrote in a blog post examining the attack. "As it respawned into a second life, this time Cerber was widely distributed after its originator was apparently able to easily confirm that the virus was able to bypass the Office 365 built-in security tools through a private Office 365 mail account."



Wednesday, 29 June 2016 00:00

Rising to the Digital Business Challenge

The job of the CIO is more challenging—and more promising—than ever

The convergence of cloud, mobile, big data analytics and IoT has led to a dramatic increase in complexity, disrupted legacy IT infrastructures, and escalated fears over data security. To keep pace with digitally empowered employees, business ecosystems and customers alike, IT leaders are re-thinking the way business is done in today’s digital economy.

The stakes couldn’t be higher. According to MIT Sloan research, organizations that successfully adapt in today’s digital world are 26 percent more profitable than their industry peers, driving new levels of productivity and efficiency.

A few short weeks ago, IT leaders from Exelon, Morgan Stanley and New York Presbyterian shared insights and lessons learned from their decision to say YES to Digital Business on the main stage at Citrix Synergy 2016 with Citrix President and CEO, Kirill Tatarinov. Though they each herald different industry sectors, each company shared some common threads for digital business transformation.



Humans have a tendency to make things more complicated than they really are. To capture the flavor of my sentiment, all you need to do is watch the beginning scenes of “History of the World, Part I” by Mel Brooks (Here) to see how simple life was in the early history of man.

Returning to the serious subject of compliance, there are some who argue that compliance is a lot simpler than professionals and commentators tend to describe. I am an advocate for simplicity as a way to ensure adoption of compliance strategies. Complexity can be a barrier to effective compliance strategies.

For years, companies have segregated audit and compliance functions. Do not get me wrong – audit and compliance serve complementary but different purposes. I understand that.



Wednesday, 29 June 2016 00:00

You can’t kill email

New technology is emerging at ever-increasing speeds, transforming how we communicate, collaborate and manage our day-to-day responsibilities. As soon as we get a strong grasp on the latest workplace technology, an even newer solution surfaces.

This trend is especially evident in communications technology. Among the many recent entries are so-called “email killers,” which aim to replace a form of communication to which all of us have grown accustomed. The makers of these new collaboration tools call email a “legacy” technology — unwarrantedly trying to tarnish its image. But, in fact, all of us rely on email heavily throughout the work week. Contrary to what is often suggested in the press, email usage is still very much on the rise. Users trust it, are familiar with it and leverage it all day, every day, in their business and personal lives.

Radicati’s most recent Email Statistics Report estimates that by 2019, the number of worldwide email users will exceed 2.9 billion — that’s up 10 percent from 2015. Additionally, the number of business emails sent and received per user per day is also projected to increase, suggesting global email will rise 14 percent over the same period.



Wednesday, 29 June 2016 00:00

BC Program Capability – Objective or Not?

We may not want to admit it, but we are a biased species – whether in the positive or negative. I know some beautiful young people who only see their faults and some mature adults who can’t see their faults at all. We become accustomed to the current state. I live in the Phoenix metro area. What friends and family in other parts of the country think is hot is a nice day to me. Temps in the 100s are normal and expected for us in the summer months – we are used to it. Last week it was hot – and not just hot through my Phoenix filter (it was in the 110s, with a high of 117). But, no matter what I am accustomed to, I recognize that a temperature in the 100s is hot, even though those of us in Phoenix look at the low 100s as a cooling trend in June and July.

When it comes to our business continuity programs, we can often get used to the current state and lose our objectivity. When you look at the current state of your business continuity program, are you, your auditors and your management looking at it objectively or with a filter or bias?

Possibly the best tool to use is a set of objective metrics. Identifying and using the proper metrics will assist in keeping the assessment of the BC program in your organization valid. There are commercial tools for doing this – MHA has one that we think is easy and useful (see www.mha-it.com/bcmmetrics). Even basic self-generated spreadsheets can be helpful. The question is, what are the correct metrics to use? Here are a few we think are important.



CHARLESTON, W.v. – As skies clear and the floodwaters recede, responders, volunteers and teams dedicated to assisting West Virginians devastated by flooding have been arriving and making a difference. The West Virginia Voluntary Organizations Active in Disaster (WV VOAD) have been working with state and local emergency managers and officials to coordinate resources through its network of disaster relief agencies. They have been asking kind-hearted individuals seeking ways to help disaster survivors to make a donation to the WV VOAD Disaster Relief Fund or register as a volunteer. Financial donations are the best way to support the effort at this time. Donations will be used to support the disaster related needs of families through a network of voluntary agencies and a statewide disaster relief fund.

Financial donations are accepted and more information can be found at: https://wvvoad.communityos.org.

Volunteers wishing to help more directly with flood response and recovery can register online at www.volunteerwv.org. Volunteer West Virginia has partnered to match volunteers with organizations statewide to assist with response and recovery. When road hazards are clear and needs are identified, a volunteer coordinator will contact registered volunteers to schedule a volunteer shift or overnight deployment.

State and federal officials have announced the opening of a Disaster Recovery Center (DRC) with tentative plans to open more. DRCs are one-stop shops for eligible storm survivors to provide one-on-one, face-to-face help from local, state and non-government organizations. Representatives from the U.S. Small Business Administration (SBA) will also be present to provide information on low-interest loans and help applicants complete disaster loan applications for homeowners, renters and businesses of all sizes.

A DRC has been established at the Kanawha County Crede Warehouse 3300 Pennsylvania Ave. in Charleston, WV 25302. The center will be open seven days a week from 7 a.m. – 7 p.m. Additionally, a Mobile Disaster Recovery Center (MDRC) in Greenbrier County is open from 7 a.m. – 7.p.m until Friday with additional hours to be determined. The center is currently located at 65 West Main St. in White Sulfur Springs, WV 24986.  

However, individuals do not have to visit a Disaster Recovery Center to register for assistance. If you have been affected by flooding and need assistance, visit DisasterAssistance.gov or register with your smartphone at m.fema.gov. For those without access to the internet, FEMA has a toll-free number at 1-800-621-FEMA (3362) or (TTY) 1-800-462-7585 for the deaf or hard of hearing.

To learn more about Disaster Recovery Centers, go to FEMA.gov/disaster-recovery-centers.

FEMA officials have reported that over $290,000 of federal funding has been approved for individuals and households affected by the disaster. 2,600 individual registrations have already been received, 800 of which have already been referred to inspectors. Federal disaster assistance for individuals and families can include money for rental assistance, essential home repairs, personal property loss and other serious disaster-related needs not covered by insurance.

For more information on West Virginia’s disaster recovery, visit fema.gov/disaster/4273, twitter.com/FEMA, facebook.com/FEMA and fema.gov/blog.


Storm and flooding-related debris is eligible for pickup and disposal by the county or municipality if residents place the following types of debris on the public right-of-way in front of their property for pick-up. When placing debris at the roadside, residents should be careful not to cover or impede access to utility meters or mailboxes.

Residents opting for curbside pick-up must separate debris into categories:

  • Vegetative debris (tree limbs, shrubs, etc.)

  • Construction/Demolition debris

  • White goods (appliances, etc.)

  • E-goods (TV’s, electronics)

  • Household hazardous (cleaning solutions, automotive chemicals, etc.)

  • DEBRIS HANDLED BY CONTRACTORS: Some homeowner’s insurance policies may cover debris removal. Residents are reminded that if they choose to hire their own contractor, they should not place that debris on the right-of-way. The cost of debris disposal is typically included in the contractor’s estimates. Homeowners should review their insurance policies to determine if their policy covers debris removal. Under no circumstances will reconstruction debris or demolition debris created by the property owner or the private contractor be pushed to the curb. The property owner, insurance company or contractor is responsible for removing and transporting all demolition and/or reconstruction debris to an approved designated


  • Injuries may occur when people walk amid disaster debris and enter damaged buildings. Wear sturdy shoes or boots, long sleeves and gloves when handling or walking on or near debris.

  • Be aware of possible structural, electrical or gas-leak hazards in or around your home.

    • Contact your local city or county building inspectors for information on structural safety codes and standards and before going back to a property with downed power lines, or the possibility of a gas leak.

    • Do not touch downed power lines or objects in contact with downed lines.

    • Report downed power lines and electrical hazards to the police and the utility company. They may also offer suggestions on finding a qualified contractor to do work for you.

  • If your power is out, safely use a generator or candles.

    • Never use a generator inside a home, basement, shed or garage even if doors and windows are open.

    • Keep generators outside and far away from windows, doors and vents. Read both the label on your generator and the owner's manual and follow the instructions. 

    • If using candles, please use caution. If possible, use flashlights instead. If you must use candles, do not burn them on or near anything that can catch fire.

  • Outside your home or business: Be aware of areas where floodwaters have receded. Roads may have weakened and could collapse under the weight of a car.

  • Use extreme caution when entering buildings; there may be hidden damage, particularly in foundations.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Stay informed of FEMA’s activities online: videos and podcasts are available at fema.gov/medialibrary and youtube.com/fema. Follow us on Twitter at twitter.com/femaregion3.

(TNS) - As the state Division of Homeland Security and Emergency Management revised its death totals from last week’s widespread flooding, West Virginia residents braced for heavy rain produced by thunderstorms that could lead to more flash flooding in hard-hit counties today.

WVDHSEM Director Jimmy Gianato said in a news release that the state Medical Examiner’s Office revised its number of deaths related to the floods down to 23. That total includes 20 confirmed fatalities and 3 people missing.

The revision came after two people thought to have been swept away in a camper in Greenbrier County and had been presumed dead were found alive, according to the news release.



With the recent Ebola epidemic in West Africa reviving interest in the first outbreak of the deadly hemorrhagic fever 40 years ago, scientists led by Dr. Joel Breman of the Fogarty International Center at the National Institutes of Health have released a report highlighting lessons learned from the smaller, more quickly contained 1976 outbreak (link is external).

“Key to diagnosis in 1976 was the relatively quick clinical recognition of a severe, possibly new disease by national authorities.”

Dr. Joel Breman, Fogarty International Center

“Key to diagnosis in 1976 was the relatively quick clinical recognition of a severe, possibly new disease by national authorities,” according to Breman and his co-authors. “International notification and specimen provision occurred within five weeks from onset of the first cases; this did not occur in the 2013-2016 epidemic, when the delay was over three months.”

The report, published in The Journal of Infectious Diseases, identifies an adult male who was hospitalized in late August 1976 at Yambuku Mission Hospital in the Democratic Republic of Congo (DRC) — known as Zaire at the time — as the first Ebola patient. It describes how “several dozen patients…developed a similar febrile hemorrhagic syndrome and died in about one week, as did many of their contacts.”

A month after “patient zero” was hospitalized, blood taken from a Belgian midwife-nun who had contracted the virus was sent to Belgium for analysis. Within days of the nun’s death, the area where the outbreak was occurring was placed under quarantine and Yambuku Hospital was shut down on the advice of Zairean, Belgian and French health officials.

In total, there were 318 cases of Ebola in 1976 and 280 deaths in an outbreak that lasted less than 11 weeks. In the recent West Africa outbreak, there were 11,310 deaths out of nearly 29,000 cases, and the epidemic lasted more than two years—almost 10 times as long as in 1976. The death rate in 1976 — 88 percent — was much higher than in the recent outbreak in Liberia, Guinea and Sierra Leone — around 50 percent.

The report also tries to settle the debate over who “discovered” the Ebola virus in 1976. Local Zairean, Belgian and French doctors and health officials were the first to see and assess patients in Yambuku, while the Institute of Tropical Medicine in Antwerp, Belgium, received the first Ebola specimens and recovered what they called “a Marburg-like virus.” However, it was the Centers for Disease Control and Prevention in the United States that identified and recognized a new, unknown virus that fulfilled the criteria for discovery of a new virus, according to the report.

Researchers give specific credit to Drs. Patricia Webb, James Lange and Karl Johnson, of the CDC’s Special Pathogens Branch.

As for what carried the virus into DRC in the first place, investigators in Zaire determined at the time by questioning community leaders, people recovering from Ebola and the families of 1976 victims about their contact with animals that bats were not the vector. However, in the 40 years since the first Ebola outbreak, fruit bats have been found to be probable reservoirs for filoviruses — the type that causes Ebola — and the Ebola genome and antibodies have been found in bat and rodent species in East and West Africa.

More extensive preparations, including improved screening capabilities, are needed to detect and manage future outbreaks promptly, the scientists recommend. Primary prevention through strengthened prediction models, detection, response, control mechanisms, and international cooperation and coordination are essential for all countries in Africa and elsewhere where Ebola and new and re-emergent pathogens are sure to surface again.

About the Fogarty International Center: the Center addresses global health challenges through innovative and collaborative research and training programs and supports and advances the NIH mission through international partnerships. For more information, visit www.fic.nih.gov

About the National Institutes of Health (NIH): NIH, the nation's medical research agency, includes 27 Institutes and Centers and is a component of the U.S. Department of Health and Human Services. NIH is the primary federal agency conducting and supporting basic, clinical, and translational medical research, and is investigating the causes, treatments, and cures for both common and rare diseases. For more information about NIH and its programs, visit www.nih.gov.

NIH…Turning Discovery Into Health®

The Business Continuity Institute


Faster response times needed to combat cyber threat

The Business Continuity Institute - Jun 29, 2016 11:00 BST

Two thirds of respondents to a global survey by the Business Continuity Institute claimed they had experienced at least one cyber incident during the previous twelve months, and 15% experienced at least ten incidents during the same period. The frequency of these cyber incidents demonstrates why it is important for organizations to have plans in place to mitigate against these kind of threats, or to lessen their impact.

The Cyber Resilience Report, the result of a study conducted by the BCI and sponsored by Crises Control, found there was a wide range of response times for cyber incidents. Almost a third of organizations (31%) stated that they responded within one hour. However, one fifth (19%) take a worrying four hours or more in responding to a cyber event, and almost half (44%) take more than two hours to respond. This has clear implications for the time taken to return to business as usual, and the ultimate cost of the incident to the organization.

Even if organizations wish to respond immediately to a cyber attack, the nature of the attack may render them unable to do so. The research found that phishing and social engineering was the top cause of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months, and 37% hit by spear phishing.

It also found that 45% of companies were hit by a malware attack and 24% by a denial of service. All these forms of attack will, in different ways, render an organization’s own network either contaminated or inoperable. Their website may have been taken down and they may well have to switch off their internet connection until they can secure themselves from further attack.

The research, a study of 369 business continuity and resilience professionals from across the world, also revealed that the costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.

David James-Brown FBCI, Chairman of the BCI, commented: “This piece of research is one of the most timely, insightful and relevant the BCI has ever produced. Cyber attacks tend to target the weakest links of an organisation, and this calls for a greater awareness of ‘cyber crime’. As the cyber threat evolves, it is crucial to stay on top of it, building long-term initiatives and regularly updating recovery plans.

Rickie Sehgal, Chairman of Crises Control, said: “Rapid communication with employees, customers and suppliers is vital for any company in terms of responding effectively to a major business disruption event such as a cyber attack. When your business is at risk, even a one hour delay in responding to an incident can be too long. Taking more than two hours to respond, as almost half of companies do, is just unacceptable.

Tuesday, 28 June 2016 00:00

Agility and Stability

The world is in a time of rapid change resulting from the usual culprits:

  • The integrated economies and labor market have created a “flat world.
  • The Internet has reduced friction in the marketplace
  • The accessibility of data has revolutionized target marketing
  • The low cost of processing, storage, and software environments (e.g., Java, Python, R) has made application development efficient, enabling innovation and disruptive technology.

In the past, building business was associated with stability — creating an organization of lasting value that persisted even through a change of management or some market structure change. Running a business in the face of today’s changes, however, alters the nature of business management.



Yahoo garnered a lot of attention in 2009, when it announced the unusual design of a data center it was building in Lockport, New York. Shaped like a chicken coop, the facility would rely primarily on outside air for cooling, use a flywheel-based energy storage system, and have an annualized PUE (Power Usage Effectiveness) under 1.1, which was better than the average data center PUE Google was reporting at the time.

Now, the patents and patent applications describing the design of the Yahoo Computing Coop data center, also known as the Yahoo Chicken Coop, are for sale. The innovations are part of the trove of thousands of patents and applications the troubled internet giant is hoping to sell. Yahoo expects to make more than $1 billion from the sale, the Wall Street Journal reported, citing anonymous sources.

The trove of patents is only one of the assets Yahoo is selling as it continues to wrestle with shrinking revenue. It has been soliciting bids for many of its assets, including its core internet business, according to news reports, with Verizon Communications and AT&T reportedly being top contenders for its core assets.



Smart risk analysis and planning then helps to avoid gaps and vulnerabilities. This may not be uppermost in the minds of start-ups or established companies.

Often, the priority is given to finding a concept or a position likely to please the market, and then to worry about continuity afterwards. Yet enterprises may find business continuity entering into their life cycles earlier and earlier.

One reason for business continuity to appear sooner instead of later is the predominance of IT in particular in many sectors of business.



Dr. Jim Kennedy explains why managing the cyber risks posed by suppliers and partners is the weak link in many information security plans and looks at how to improve in this area.

Computer, network, and information security is based on three pillars: confidentiality, integrity, and availability. In my business as an information & cyber security, business continuity and disaster recovery consultant, I see every day how various sized and types of companies address and balance these three areas along with business needs. Some very well, some not so well, and some really poorly.

Given all the regulations and standards (HIPAA, SOX, NERC-CIP, FISMA, PIPEDA, ISO 27001/2, NIST 800-XXX and etc.) developed and published over the last five or ten years you would think that US businesses and government should be doing much better in securing their computing systems and network infrastructures. However, based on the seemingly never ending stream of cyber events prominent in the press and trade journals almost every day this does not seem to be the case.



Dee Smith and Associates explores what good communications after an incident looks like, looking at some real-world examples and emphasising the important of being transparent during a crisis.

A crisis can be one of the most stressful and testing events that you will likely have to face during your career. And they can make or break individuals, companies or any such group that is unfortunate enough to be dealt one.

Every organization will experience a crisis of some sort during its existence. Crisis management and how a major incident is handled is one of the most crucial processes for an enterprise. A major incident, which is one with a significant negative business consequence, needs to be handled with a well-defined process which is not currently clearly defined in existing methodologies. If you have done crisis management training, then it's likely that you are well prepared and the steps for managing a crisis are documented in your business continuity plan. If not, at least consider the most important factor in any crisis: communication.



Compliance is a profession that requires multi-tasking – another profound grasp of the obvious. But in the multi-tasking world, some principles and strategies are more important than others.

My colleague and compliance guru Tom Fox has coined the mantra: “document, document and then make sure you document.” My contribution to this same mantra is along the same lines: “If you do not document, then in the eyes of DOJ and the SEC, it did not happen.”

Putting aside these pithy mantras, it is important to take a moment and consider the real implications of compliance documentation. A good place to start is the Hitachi enforcement action from last year.



Imagine a data center network for an e-commerce business that allows for on-demand allocation of bandwidth as a result of high traffic volumes generated by large number of transactions during the holiday shopping season, or a data center network for a financial services company that can intelligently reroute critical transactions around brownouts, error prone links, and network congestion using per-application policy. Finally, imagine a content delivery network (CDN) that can logically segment the physical infrastructure to speed the delivery of web content by separating large and small traffic flows. All of these scenarios require an agile network that can provide some type of explicit forwarding path to the applications while reducing latency.  This is what Segment Routing does. It provides the most optimal path to the applications, which in some cases may not be the shortest path.

As the networking industry continues to stride towards Digitization and simplification of the data center, Cisco continues to innovate and execute on the concept of software defined networks (SDN). Segment Routing is one such innovation, whereby it provides the benefits of SDN but also adds intelligence into the network making it adaptive to the needs of the application itself.



PHILADELPHIA - The Federal Emergency Management Agency (FEMA) is continuing to support response and recovery efforts in West Virginia following the severe storms, flooding, landslides, and mudslides that have been affecting the state and its people. The National Weather Service has indicated that the floodwaters are receding in parts of West Virginia, but more heavy rain is expected in areas already hit hard by flooding. A flash flood watch for 22 counties has been issued until Monday evening. Heavy rains could cause some streams to breach their banks. 

To learn more about what to do before, during and after severe weather, visit www.Ready.gov.

On June 25, 2016, President Obama issued a major disaster declaration for the State of West Virginia. This declaration releases federal funding to help individuals and communities recover from the severe storms, flooding, landslides, and mudslides that occurred June 22, 2016, and continuing. The request makes assistance to individuals and households in Greenbrier, Kanawha, and Nicholas counties. The request also provides emergency protective measures (Category B), including direct federal assistance, under the Public Assistance program for Greenbrier, Kanawha, and Nicholas counties. All of West Virginia is eligible for hazard mitigation grant program (HMGP) funding. 

FEMA’s main priority is to support survivors and communities in West Virginia, and as of Monday morning, over 1,000 total registrations for FEMA Individual Assistance program have been counted as a result of the Preliminary Damage Assessments (PDAs) conducted in the area that began today. PDAs are an information gathering process that measures damages and the impact to communities. 14 PDA teams have arrived to conduct PDAs for both Public Assistance and Individual Assistance.

FEMA is working to provide commodities and support to the State of West Virginia’s distribution efforts. The agency has moved water and food supplies into West Virginia and is turning them over to West Virginia Emergency Management Agency for distribution to impacted communities. In support of the State of West Virginia, FEMA has deployed over 250 staff to the state to assist in response and recovery. An Incident Management Assistance Team (IMAT) has arrived to coordinate directly with the State of West Virginia and support requests for assistance.

The first Disaster Recovery Center is planned to be open soon, where survivors can go to get assistance and information. Details and confirmation will be forthcoming as soon as they are available. To support that effort, the federal agency is working to deploy Disaster Survivor Assistance Teams to impacted areas to canvas shelters and register survivors.

The State of West Virginia, the American Red Cross, FEMA and others are working together to meet any potential housing needs. Region III’s Voluntary Agency Liaison and Disability Integration Specialist has been deployed to work with and support voluntary agencies, communities, and individuals with access and functional needs.

FEMA is encouraging all individuals, households, and businesses both inside and outside of Greenbrier, Kanawha, and Nicholas Counties to document any damages they have. Individuals and business owners who sustained losses in the designated area can begin applying for assistance tomorrow by registering online at www.DisasterAssistance.gov or by calling 1-800-621-FEMA (3362). 

  • Disaster assistance applicants, who have a speech disability or hearing loss and use TTY, should call 1-800-462-7585 directly; for those who use 711 or Video Relay Service (VRS), call 1-800-621-3362.
  • The toll-free telephone numbers will operate from 7 a.m. to 10 p.m. (local time) seven days a week until further notice.


  • Injuries may occur when people walk amid disaster debris and enter damaged buildings. Wear sturdy shoes or boots, long sleeves and gloves when handling or walking on or near debris.
  • Be aware of possible structural, electrical or gas-leak hazards in or around your home.
    • Contact your local city or county building inspectors for information on structural safety codes and standards and before going back to a property with downed power lines, or the possibility of a gas leak.
    • Do not touch downed power lines or objects in contact with downed lines.
    • Report downed power lines and electrical hazards to the police and the utility company. They may also offer suggestions on finding a qualified contractor to do work for you.
  • It’s important for all residents and visitors in flood-prone and low-lying areas to continue to monitor local radio or television stations for updated emergency information and follow the instructions of state and local officials.
  • Don’t put yourself at risk; follow the instructions of local officials – and if told to evacuate, do so immediately.
  • If you encounter flood waters, remember – TURN AROUND, DON’T DROWN.
    • Driving through a flooded area can be extremely hazardous. Almost half of all flash flood deaths happen in vehicles.
    • Do not walk through flood waters. A few inches of water can sweep you off your feet.
    • When in your car, look out for flooding in low lying areas, at bridges, and at highway dips.
    • As little as six inches of water may cause you to lose control of your vehicle.
  • If roads are closed or there is water over a road, do not drive through the water.
    • Be prepared to take detours and adjust your route due to road closures if there is standing water.
  • Ensure you have a flashlight, NOAA Weather Radio, and extra batteries on hand. Use your battery-operated NOAA Weather Radio for updates from local officials.
  • If your power is out, safely use a generator or candles.
    • Never use a generator inside a home, basement, shed or garage even if doors and windows are open.
    • Keep generators outside and far away from windows, doors and vents. Read both the label on your generator and the owner's manual and follow the instructions. 
    • If using candles, please use caution. If possible, use flashlights instead. If you must use candles, do not burn them on or near anything that can catch fire.
  • Outside your home or business: Be aware of areas where floodwaters have receded. Roads may have weakened and could collapse under the weight of a car.
  • Stay out of any building that is surrounded by floodwaters.
  • Use extreme caution when entering buildings; there may be hidden damage, particularly in foundations.
  • Avoid floodwaters; water might be contaminated by oil, gasoline, or raw sewage. Water also might be electrically charged from underground or downed power lines.
  • Avoid moving water and do not attempt to drive through standing water, even if it seems shallow.
  • Avoid non-essential debris removal until the storm has passed.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Stay informed of FEMA’s activities online: videos and podcasts are available at fema.gov/medialibrary and youtube.com/fema. Follow us on Twitter at twitter.com/femaregion3.

A high-profile ransomware attack crippled the Hollywood Presbyterian Medical Center's network earlier this year, an incident that eventually resulted in the hospital paying hackers $17,000 in bitcoin to regain access to their systems.

This proved to be the tip of the iceberg, with more complex ransomware attacks challenging the industry's security. While ransomware is not a new form of malware, 2016 has set the bar for these types of threats, with many hackers now targeting hospitals and local governments more actively than ever.

These attacks have not only left many institutions vulnerable, but have resulted in hackers developing creative new business models, such as ransomware-as-a-service.



(Bloomberg) -- The lasting impact of the U.K.’s vote to break with the European Union won’t be known for years, but the shift has immediate ramifications for the global technology industry. There are a few issues to be particularly mindful of.


Chaos in the global markets is not an environment that makes investors eager to buy shares in an initial public offering. Any technology startup considering an IPO will likely wait to see how the turmoil following the Brexit vote shakes out.

There has already been a dearth of listings this year and the U.K. vote will only extend the lull. The European telecommunications company Telefonica SA is said to be postponing plans to sell shares of its infrastructure unit Telxius and U.K. wireless unit O2.

Impacts have been felt elsewhere in the world, with Line Corp., Japan’s most popular messaging service, planing to delay the setting of a price range for its initial public offering as a result of the Brexit vote.



(TNS) - Most of those passing Culpeper’s Lenn Park Saturday morning had the same question: “What’s with all the people and antennas down there?”

Those people and antennas might just save lives one day and the men and women manning them worked Saturday and Sunday to make sure the Culpeper community will be able to communicate with the outside world even in the wake of the worst natural or man-made disasters.

All across the United States, amateur (ham) radio operators, individually or in groups such as the Culpeper Amateur Radio Association, Saturday set up emergency antennas in unlikely places and began communicating with one another in simulated emergency conditions.



It’s no secret that data centers, the massive but bland, unremarkable-looking buildings housing the powerful engines that pump blood through the arteries of global economy, consume a huge amount of energy. But while our reliance on this infrastructure and its ability to scale capacity grows at a maddening pace, it turns out that on the whole, the data center industry’s ability to improve energy efficiency as it scales is extraordinary.

The demand for data center capacity in the US grew tremendously over the last five years, while total data center energy consumption grew only slightly, according to results of a new study of data center energy use by the US government, released today. This is the first comprehensive analysis of data center energy use in the US in about a decade.

US data centers consumed about 70 billion kilowatt-hours of electricity in 2014, the most recent year examined, representing 2 percent of the country’s total energy consumption, according to the study. That’s equivalent to the amount consumed by about 6.4 million average American homes that year. This is a 4 percent increase in total data center energy consumption from 2010 to 2014, and a huge change from the preceding five years, during which total US data center energy consumption grew by 24 percent, and an even bigger change from the first half of last decade, when their energy consumption grew nearly 90 percent.



What do you want risk management standards, frameworks and guidelines to do for your success? Many people depend on these documents to provide needed guidance. Yet, you have heard the reasons people give for not wanting to deal with risk management standards and frameworks. Perhaps you have even voiced these yourself, at one time or another:

  • Our organization is so unique, no one standard or framework could possibly apply.
  • Standards are the same as regulations—we don’t need more regulations.
  • We know what we are doing—we don’t need any guidance. Those things don’t apply to us anyway.

Whether we like it or not, standards are a part of life and our daily language. We refer to a gold standard as a measure of excellence. There are standard breeds of dogs, horses and even chickens. We have internet standards. And what would we do without standards of care, and food safety standards?



(TNS) - If all goes as planned, this will be an extra-special Fourth of July for Gerry Dees and his family.

Six months ago, Dees, 70, watched as floodwaters inundated his home on Garden Street in Kincaid, a small Christian County community about 30 miles southeast of Springfield, Ill. He was able to salvage some personal items, but the furnace, appliances, furniture and interior of the home were destroyed.

Luckily, Dees has a carpenter friend who volunteered to help him rebuild. They gutted the house and rebuilt it so that it now looks like new. Dees and his wife of 47 years, Luana, hope to move back into their home by July 4.

“I just want one day in the house. After that, God can come and get me,” Gerry Dees said.



(TNS) - Daniel Wurst knows to the penny how much the 2009 basement flooding of the duplex he rents out at 658 Ross Ave. cost him. And the flooding his property experienced on June 2 was much more costly, he said, when he recently urged city officials to solve the problem that sent two feet of raw sewage into its basement.

“Back in the high flood of 2009, I spent $1,845.94,” Wurst told Hamilton, Ohio, City Council last week. “I got a ‘Dear John’ letter, same as this gentleman got over here from the city insurance adjuster. He stated in there, in my copy, it was an ‘act of nature.’”

Wurst was among several property owners who addressed council last week , saying their buildings have been swamped multiple times by raw sewage and expressed frustration that the flooding hadn’t been addressed since a heavy storm in 2009 that cost many of them thousands of dollars.



The Business Continuity Institute - Jun 28, 2016 15:02 BST

Almost half (45%) of firms with cyber insurance are unsure if their policy is up-to-date for covering new cyber social engineering attacks, and only 10% believe it is completely up-to-date. Just 43% of firms with cyber insurance are confident that their policies would pay out for whaling financial transactions. Nearly two-thirds (64%) of firms don’t have any cyber insurance at all.

The research by Mimecast highlighted that the rise of whaling (CEO fraud) has created an attack climate where many insured organizations may not be protected from fraudulent transactions because they fall outside of the coverage scope of when their policies were originally signed. While over half (58%) of organizations have seen an increase in untargeted phishing emails, 65% have seen targeted phishing attacks grow and 67% have seen a spike in whaling attacks, where a cyber criminal dupes employees into making fraudulent transactions on behalf of a CEO or CFO. Additionally, 50% said they have seen social engineering attacks that utilize malicious macros in attachments increase.

With cyber attacks and data breaches being the top two concerns for business continuity professionals, according to the latest Horizon Scan Report published by the Business Continuity Institute, it is important that organizations have plans and processes in place to deal with these types of attacks materialising. If this includes having an insurance policy, then clearly it makes sense that the policy covers what it is intended to.

Cyber insurance uptake is growing quickly but a lack of employee training on the latest email attacks is leaving organizations at great risk of breaking policy terms,” said Steven Malone, director of security product management, Mimecast. “While insurers often pay for clean-up fees after a breach, it is important that organizations check that their policies protect them if an employee is tricked into sending a large amount of money to a fraudulent account. Attacks where employees are tricked into sending personal data or intellectual property are even less likely to be fully covered."

"With the cyber security landscape constantly evolving, cyber insurers will have great difficulty keeping their coverage up-to-date. A comprehensive cyber resilience strategy is only effective alongside regular employee training on the latest threats combined with appropriate technology fail-safes.

(TNS) - Pat Heenan went from electrician to firefighter in a matter of seconds as a tornado slammed down on one of his customers Wednesday night.

“I was at home just before the tornado struck,” he said.

The owner of Heenan Electric had received a call from the manager of the Pontiac Shell station at Illinois 116 and Deerfield Road, just east of Interstate 55.

“She said the lights were flickering and had gone out and they needed help getting them turned on,” he said.

“I was just leaving my front door to go on the service call about the time the tornado struck.”



Big Data-as-a-service provider BlueData embraced the enterprise, NoSQL database provider Couchbase rolled out a new version that bridges the relational and NoSQL gap, Samsung bets big on IoT research in the US, and Dell has sold Statistica to a private equity firm in this week's Big Data Roundup.

Let's start with the news from BlueData. This Santa Clara, California-based company has specialized in enabling big data-as-a-service, letting organizations spin up virtual Hadoop or Spark clusters and providing on-demand access to applications, data, and infrastructure to data scientists and data analysts.

This week BlueData announced that the enterprise edition of its BlueData EPIC software will run on Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform, and other public cloud services.



Well, it’s that time again when I write about personal experience rather than academic doctrine and how the two end up conflicting and sometimes not providing what you want in the end.

Recently, during a few meeting it was discussed that a new process was required for Senior Management reporting purposes and the manager requesting the process provided some guidelines/requirements on what was needed.  Sounds easy enough.

The guidelines were set and when some of the work was started, prototypes of what the reporting would look like were provided to the manager to ensure what was being developed met the set guidelines.  After 2 different prototypes it was confirmed that yes, things were meeting requirements (and were actually exceeding them).  Seems good so far, eh?



Monday, 27 June 2016 00:00

Brexit Creates Turmoil

Britain’s unexpected vote to leave the European Union has left many unanswered questions, some of which may not be resolved for years as Britain and the EU iron out the details of the split. Meanwhile, in the wake of the announcement, oil prices dropped, global stock markets have taken a significant hit, the Euro and the British Pound plunged.

Fitch said today that overall, Britain’s decision is broadly “credit negative” for most U.K. sectors.

During a Eurasia Group conference call this morning, Europe associate Charles Lichfield asserted, “The U.K. has lost relevance to Washington.” In the past, he explained, the United States has worked closely with Britain on many European issues, but will now bolster relations with Germany, Spain and other countries, bypassing Britain.



PHILADELPHIA – FEMA Region III is deploying an Incident Management Assistance Team and Preliminary Damage Assessment (PDA) teams to West Virginia to provide support and guidance on the Federal Disaster Declaration Process and PDAs in response to current flooding and severe weather.  

These teams will participate in joint PDAs with the State of West Virginia, local officials, and the U.S. Small Business Administration (SBA) to assess damages and the impact to communities. PDAs, which are an information gathering process, are the first step in helping a governor determine whether the scope of damage is beyond what the state is capable of handling and if additional assistance is necessary.

Information is jointly compiled and reviewed by the state, at which point, the state may decide that a request for federal assistance is warranted. The PDAs will include Clay, Greenbrier, Kanawha, Nicholas, Pocahontas, Roane, Webster, and other counties.

FEMA Region III and our partners at the West Virginia Department of Homeland Security and Emergency Management (DHSEM) want to encourage individuals and families to take steps to be safe during severe weather and flooding events. If drivers encounter water on roadways, turn around, don’t drown.

Residents in potentially affected areas should continue to monitor local radio or television stations for updated emergency information, and follow the instructions of state, local, and tribal officials. If you are in need of emergency assistance, please dial 9-1-1.

When severe weather hits, the first responders are local emergency and public works personnel, volunteers, humanitarian organizations, and numerous private interest groups. The individuals within these organizations provide emergency assistance to protect the public’s health and safety and services to meet immediate needs. For additional safety information, check with your local officials and media sources through social and traditional media accounts.

To learn more about what to do before, during and after severe weather, visit www.Ready.gov.

FEMA’s support of State and Local response and recovery operations are in direct accordance with the Robert T. Stafford Act. For additional information on flood preparedness, visit www.fema.gov/ or www.dhsem.wv.gov.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Stay informed of FEMA’s activities online: videos and podcasts are available at fema.gov/medialibrary and youtube.com/fema. Follow us on Twitter at twitter.com/femaregion3.

Monday, 27 June 2016 00:00

Cloud is King

I live in the Hill Country outside Austin where one of our local storytellers, Shake Russell, wrote a song for the Texas sesquicentennial in which he proclaims, “Cotton is King.” He subsequently amends it to say, “Cattle is King,” followed by “Oil is King,” before finally settling on “Willie is King.”

I cannot dispute his nod to Saint Willie, but I feel safe updating Shake’s econ lesson to point out that in 2016, even out here in the boonies, Cloud is King

Case in point: My neighbor, who spends more time on a tractor than a smartphone, is using sensors to track body temperatures of his prized Longhorns via the Cloud as they roam across his 100+ acres. He’s not an early adopter or some tech guru; he has never even heard of IoT. He just likes the sensors “because they
attach to the cows’ ears” – a huge improvement over the old way of taking their temperature.



In a constantly connected world, we take for granted the methods for getting data from one place to another. It just happens so fast, seemingly in the blink of an eye. Improvements to the vast number of data transfer protocols IT professionals use to make this magic possible occur every day.

It is safe to say that the HTTP/S duo does much of the heavy lifting for applications on the web. But there is truly an exhaustive menu of protocol choices available, each tailored for a specific use and benefit. Companies can pick which option works best in certain times and conditions and move forward with confidence.

Frequently, though, the best option for file replication and off-site backup isn’t a matter of using the fastest Internet connection or consuming the most bandwidth. Bulk data inbound for the data center can often find a cheaper, more cost-effective ride. And the method takes advantage of a tried-and-true technology that’s been in use for centuries.



(TNS) — Warning sirens were activated in parts of the county during Thursday morning's storm, but some people weren’t sure why since a tornado warning had not been issued.

Each town or city handles the activation of its warning sirens with its own protocol. Anderson, Elwood, Alexandria and Pendleton all have access to activate sirens, while Chesterfield and Lapel do not.

David Eicks, Anderson (Ind.) Board of Works chairman, said the city tends to activate the siren when it receives a severe weather alert from the National Weather Service. He said the city, however, doesn’t activate the siren for every severe thunderstorm warning.



(TNS) - A major flood kept wreaking havoc across West Virginia this morning, as rescuers and residents continued to feel the effects of Thursday’s torrential rains.

At least 20 people have died due to the flooding, including three in Kanawha County.

Late Friday morning, authorities confirmed that the body of a 4-year-old boy, who was swept away by high water in Ravenswood on Thursday, had been recovered. At about the same time, Greenbrier County Sheriff Jan Cahill confirmed two people were killed by the flooding.

Cahill didn’t have details on those deaths, but said he wouldn’t be surprised if more people were killed. Earlier Friday, Greenbrier emergency officials said several people had been reported missing.



(TNS) - Safety compliance at bars, nightclubs and other entertainment venues will be checked in the wake of the Orlando massacre under a Suffolk County, NY., police and town initiative expected to be announced Friday.

Police and officials in the five western Suffolk towns will look for violations of occupancy limits and safety regulations, including blocked exits and potential fire hazards, according to a police news release.

“Overcrowding and limited exit access may lead to be a contributing factor to injury or death of patrons, especially in the event of a fire, active shooter or other emergency,” police said in the news release Thursday night.



Enterprise workloads are moving to the cloud at a steady pace, and there is little doubt that before too long most infrastructure will reside primarily off-premises. But does this mean the local data center is doomed?

In a way, yes, but that doesn’t mean organizations will have zero server and storage capabilities on-premises. Rather, it means that whatever does remain will be much smaller and much less obtrusive than today’s spacious, rack-filled rooms, and it will require less hands-on maintenance and operational expertise.

First, some numbers. According to the Uptime Institute, half of senior enterprise executives now believe the majority of production workloads will reside in the cloud or at colocation facilities by 2020. One of the leading drivers is the need for agility in both developmental and operational capabilities as organizations transition to app-driven, digital-facing business models – something that legacy data centers cannot provide without a series of costly upgrades. At the same time, these forces are leading to increased automation of the data environment, which is more readily available in the cloud than at home.



Britain has been rocked by the EU referendum result and the implications of what it means in the long term are yet to be seen. In the short term we can see that the Pound has crashed to pre-1985 levels, Scotland is likely to leave the UK (taking close to 10% of the country's total GDP with it), estate agents are predicting a 20% drop in house prices across the country and rumours abound of Morgan Stanley already moving 2,000 jobs abroad.

With David Cameron, the British Prime Minister, resigning after calling the referendum in the first place, the country is also facing leadership issues in what seems like an increasingly dark time for the country.

There is considerable anger for those under 50 too (who will be impacted the hardest and for the longest), with voting data showing that the vast majority voted remain whilst the majority over that age voted to leave. In a democratic society, this is simply something that is always necessary, even if it seems unfair on those who will bear the brunt of the decision when they didn't agree to it.

In the face of all of this though, there may be a glimmer of light if the new government is willing to use data effectively to create new deals, protocols and laws.



One of the oldest arguments for moving enterprise applications to the cloud sounds like something an accountant would like: Cloud services, paid for on a monthly basis, are an operational expense, which is better than the capital expense of building or expanding a data center – a big, expensive, and depreciating real estate asset.

The other big argument is cloud services let you pay only for what you use, which is better than investing in a data center whose capacity will probably be underutilized for the bulk of its useful life.

But what if you can have both of those benefits in your own data center? A new partnership between data center UPS maker Active Power and a Geneva-based company Burland Energy was formed to do just that, but only for UPS systems.



PHILADELPHIA – On Thursday, June 23, 2016 the City of Richmond, Virginia unveiled a High Water Mark at Pony Pasture Rapids Park. The marks, also established at Brown’s Island and Great Shiplock Park, show areas where flood water has risen in the past in an effort to raise awareness of flooding and encourage individuals to consider their risk.  

“Whether it is a hurricane or a flood, it only takes one storm to significantly impact our communities,” stated FEMA Region III Regional Administrator MaryAnn Tierney. “The High Water Mark campaign highlights for us that by being prepared for these events, we can reduce their impact on us and make our communities safer for all.”

The High Water Mark Campaign represents a partnership between FEMA’s High Water Mark Campaign program, the Region III office, the Virginia Department of Emergency Management (VDEM), the U.S. Army Corps of Engineers Norfolk District, the Virginia Silver Jackets, and others to encourage flood awareness and steps individuals, families, and communities should take to protect themselves against future flooding events.

“Flooding is the most prevalent natural disaster in Virginia and we know that many are under-insured against floods,” said VDEM State Coordinator Dr. Jeffrey Stern. “Our goal is to increase preparedness in flood-prone communities. These signs are a constant reminder that major flooding can occur in the Commonwealth and should prompt individuals and businesses to take action, obtain flood insurance and prepare.”

The High Water Mark Campaign is a part of the National Flood Insurance Program (NFIP) which seeks to increase local communities’ awareness of flooding and flood risks. In addition to signs marking historic flood levels, the campaign seeks to promote continued education and awareness of flooding and to encourage communities to take steps to mitigate their risks. FloodSmart.gov has information on risk and insurance options to help individuals make the best decision for them and their families.

FEMA and VDEM encourage individuals, families and communities to prepare for disasters and take steps to protect themselves from hazards such as floods. More information on the High Water Mark Campaign may be found at http://www.fema.gov/high-water-mark-initiative.

Visit Ready.gov and www.vaemergency.gov for information on flooding and other hazards as well as preparedness information.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia. Stay informed of FEMA’s activities online: videos and podcasts are available at fema.gov/medialibrary and youtube.com/fema. Follow us on Twitter at twitter.com/femaregion3.

PHILADELPHIAResidents of the City of Baltimore, Maryland have received a reduction in their flood insurance premiums through implementation of floodplain management measures encouraged by the National Flood Insurance Program (NFIP).

The Federal Emergency Management Agency (FEMA) oversees the NFIP, which administers a program called the Community Rating System (CRS). The CRS is a voluntary incentive program that recognizes and encourages community floodplain management activities that exceed minimum NFIP requirements. The program includes 10 different class rating levels based on the number and type of activities voluntarily initiated by the participating community. Each level corresponds to a percentage discount on National Flood Insurance policy premiums within the municipality.

“The CRS program provides a strong incentive for communities to take flood risk reduction into their own hands,” stated FEMA Region III Regional Administrator MaryAnn Tierney. “Mitigation actions that reduce the impact of future floods on communities are to be championed, and the City of Baltimore has taken strong steps in this direction.”

As a member of the CRS, the City of Baltimore is within an elite group of 14 Maryland communities that have received this recognition. With the continued steps taken by the City of Baltimore to protect its citizens and increase its resiliency, it has entered the Community Rating System program as a Class 5 participant. The Class 5 rating qualifies eligible National Flood Insurance Program policy holders in floodprone areas an average of $213 savings on their annual premium. In total, entry into the program accounts for a total savings of over $400,000 annually for citizens of Baltimore.

Under the CRS, local officials are asked to meet three goals: (1) reduce flood losses; (2) facilitate accurate insurance rating; and (3) promote the awareness of flood insurance. Communities can earn a CRS rating by submitting an application explaining the projects they have in place or development. Once the information is verified and approved, FEMA provides flood insurance premium discounts through the NFIP. The amount of a property owner's policy discount is based on the community’s CRS rating.

For each class that a community moves up to, it provides its residents with an additional 5% reduction in their flood insurance premiums up to the 45% reduction that a Class 1 community receives. As a Class 5 community, the City of Baltimore enables its residents to receive a 25% reduction on eligible flood insurance premiums.

For information about flood insurance, property owners should contact their insurance agent, visit floodsmart.gov, or call the NFIP's toll-free information line at 800-427-4661. To learn more about the CRS, visit floodsmart.gov/floodsmart/pages/crs/community_rating_system.jsp.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Stay informed of FEMA’s activities online: videos and podcasts are available at fema.gov/medialibrary and youtube.com/fema. Follow us on Twitter at twitter.com/femaregion3.

If you look at recent earnings reports by the biggest data center providers, you’ll get the impression that the industry is booming.

And it is. Enterprises are moving more workloads either to the cloud or to commercial colocation facilities, and data center providers are benefiting from both. As more companies use cloud services, cloud providers are racing to lease as much data center capacity as they can get their hands on, resulting in a boom for the big data center providers who can’t build new facilities fast enough to satisfy all the demand.

The sound of champagne corks popping after earnings reports by the biggest players in the market, however, can mask the fact that in general, the amount of new data centers being built for lease by one or multiple tenants in the US has been declining.



Friday, 24 June 2016 00:00

Lightning Strikes, Insurance Responds

Next time you’re home when a heavy thunderstorm rolls in, take a moment to think about how damaging lightning losses can be and how insurance helps.

In fact, insurers paid out $790 million in lightning claims last year to nearly 100,000 policyholders, according to a new analysis by the Insurance Information Institute (I.I.I.) and State Farm.

Damage caused by lightning, such as fire, is covered by standard homeowners policies and some policies provide coverage for power surges that are the direct result of a lightning strike.



Why choose SSD?

For starters, you get faster access to your data and your operating system performs quicker.  The many benefits of using a solid state disk (SSD) both privately and within a company are huge. It’s no wonder that in the last years the sales for traditional hard disk drives (HDDs) have fallen drastically, while SSD sales continue to rise. Some experts estimate that HDD unit sales will decrease from around 475 million in 2012 to 409 million in 2017, while SSDs will increase during the same period from 31 million to 227 million units.

More SSDs are being sold or already built-into notebooks, laptops, tablets and other mobile devices. But SSDs can also be found in desktops and even servers or other high-end storage devices.  Even so, a recent report states that SSDs won’t overtake HDDs any time soon because the latter are still much cheaper than SSDs when comparing disk space. It’s also worth noting that by the end of last year, only 15% of all new notebooks had SSDs built-in.

Due to their higher price tag, SSDs are mainly bought and used for high-end devices where speed is critical. This could be the case of a premium notebook which needs to deliver the latest quotes from the financial market in just a few seconds or perhaps of servers where big data is constantly processed or stored for high frequency trading.



The official announcement of the result of the United Kingdom’s referendum about whether the UK should leave or remain in the EU has been declared and voters have decided to leave. The implications for businesses are unclear and this page will be continually updated with information to assist business continuity and risk managers steer through these turbulent waters.

On Twitter follow the hashtag #businessbrexit



Reusing data center heat instead of simply expelling it isn’t a new idea, but few have been able to do it effectively. The most frequently cited reason for that is that servers produce low-grade heat, meaning the heat energy is difficult to extract and move somewhere where it can be put to use.

One reason the heat is low-grade is because it usually comes in the form of hot air, and air is by far not the most effective heat-transfer medium. Replace air with a liquid medium, and the problem of low-grade heat dissipates.

That’s exactly what a company called LiquidCool Solutions is proposing. Its data center cooling technology submerges server electronics in dielectric fluid, and recent tests at a US Department of Energy laboratory have shown that not only is the technology extremely efficient at cooling servers but it can also be used effectively to heat water for typical building uses, such as handwashing.



Friday, 24 June 2016 00:00

DNS Security Too Often Ignored

This week, Apple released a crucial security patch for its AirPort routers. As PC World noted:

… the flaw is a memory corruption issue stemming from DNS (Domain Name System) data parsing that could lead to arbitrary code execution.

I don’t write much about DNS security, and maybe I should. A couple of recent studies show how vital it is and how much a DNS-related security incident can cost you.



How IT Alerting Can Save Your Business Money

A large US hospitality holding company had a serious dilemma. It held more than 6,300 hotels, representing more than 500,000 rooms, in more than 35 countries and territories.  If an IT outage occurred, impacting this system, the business faced revenue losses that could total over approximately $27,000 per every minute of downtime. The company had a 24/7 IT monitoring team for critical business systems such as the hotel chain’s reservation system, but every time an outage occurred, it would take 20-30 minutes to get the right IT experts on a conference bridge together to begin resolving the issue. 

Thankfully, the holding company found Everbridge, and its IT Alerting solution

“Within 15 days of starting with Everbridge, we had the tool set up and were ready to roll it out without any additional help. It’s that intuitive.”



Adding small amounts of flash as cache or dedicated storage is certainly a good way to accelerate a key application or two, but enterprises are increasingly adopting shared all-flash arrays to increase performance for every primary workload in the data center.

Flash is now competitively priced. All-flash array operations are simpler than when managing mixed storage, and the performance acceleration across-the-board produces visible business impact.

However, recent Taneja Group field research on all-flash data center adoption shows that successfully replacing traditional primary storage architectures with all-flash in the enterprise data center boils down to ensuring two key things: flash-specific storage engineering and mature enterprise-class storage features.



(TNS) - Southern California’s smaller cities and large businesses must take the threat of a crippling earthquake far more seriously than they have been, a committee of business, public policy and utility leaders said Thursday, saying action is needed to “prevent the inevitable disaster from becoming a catastrophe.”

Despite strides made by the city of Los Angeles to focus on earthquake safety, Southern California still faces significant threats that haven’t been resolved.

One of the most ominous is the looming threat on the edge of Southern California’s sprawling metropolis — the Cajon Pass. It’s a narrow mountain pass where the San Andreas fault — California’s longest and one of its most dangerous — intersects with combustible natural gas and petroleum pipelines, electrical transmission lines, train tracks and Interstate 15 north of San Bernardino.



Friday, 24 June 2016 00:00

Building a Future-Proof Data Center

Digital disruption and pervasive innovation are redefining the way CIOs address the dynamics of today’s data center. Now more than ever they require solutions that address constant change within existing compute models as well as enable the build-out of a “future-ready” IT environment that engages solutions that drive and power the adoption of emerging technologies and hyperscale cloud solutions.

The modern era of computing requires CIOs to take a more flexible approach to building a data center that can handle the demands and workloads of today’s compute environment – all while allowing them to continue to address the priorities of their business and technology strategy.

Embracing a compute-centric strategy that synthesizes traditional and new IT builds a clear path to future-proofing the data center that delivers power and flexibility via a common platform. By taking a compute centric approach to empowering the data center, CIO’s can extend existing and new IT applications and architecture that run a spectrum of applications and workloads for any size data center, when and where needed.



Growing cloud, social media, and enterprise companies too often place revenue growth at severe risk due to legacy IT infrastructure constraints.

Today’s explosion of data, applications, and business needs requires quick, flexible scaling of data center footprints – including data halls, cages, or entire
data centers.

Scale at Hyper-Speed

CyrusOne delivers large-scale, flexible data center solutions in record-breaking speed, eliminating the risks of unpredictable IT capacity planning.



Companies continue to struggle to hire people skilled in cloud computing--and not because potential hires are holding out for jumbo sized paychecks. Simply put, there just aren’t enough qualified candidates.

The competition for talent has never been more fierce, with businesses snapping up cloud professionals as soon as they can find them. Indeed, roughly 75% of organizations already use public cloud services, and the numbers will likely continue to increase in the future. Meanwhile, the corresponding growth in the number of hybrid cloud installations also continues to accelerate.

Universities just aren’t cranking out graduates fast enough. The U.S. creates 120,000 new jobs that require computer science degrees each year. But the educational system produces only 49,000 related degrees. That leaves an annual deficit of 71,000 degrees and a growing number of unfilled IT jobs.



Friday, 24 June 2016 00:00

Building Your Big Data Foundations

Whenever a company starts out in their data journey, most face the same broad issues. This is regardless of what kind of data they are collecting, what their business goals are and which industry they work in - each will follow broadly the same route to their goal.

The problem is that many don't know what this map is, as it seems like it is constantly changing as new technologies and techniques are brought to market. However, the truth is that there are four foundations that every company needs to look at when creating their data program.



First, it helps to compare your own preparations with those of another entity.

Secondly, if the other enterprise in question is one of your strategic suppliers, it is essential to know that your organisation is also protected, thanks to the measures taken by the supplier for its own uninterrupted business operations.

Here, for instance, are the BC position statements of two well-known technology companies. They might surprise you.



The buzzwords 'big data' have been in the IT news world for a while now, and as the phenomenon of big data has begun to grow, so has its incorporation in big business. However, big data is not just limited to big businesses – small businesses can benefit from the incorporation of big data into their networks as well. However, knowing you need a big data infrastructure and actually building one are two different things. There are a few ways companies of any size – small, medium, and large – can incorporate big data into their business model.

Collecting Your Data

Think of data how it looks when it arrives at your door. Data includes everything about your company, from sales records to marketing lists. You may actually not need to add any more data to what you already have, but the problem is collecting and sourcing the data in a manner that you can use.

Sourcing your data can mean a lot of things, but at the very least, it is going to involve a deeper infrastructure investment. You will need to broaden your social media channels, add forms and prompts to your website to collect more client and customer information, and apps that generate user statistics. Depending on your technical expertise, you may be able to set up the majority of this infrastructure yourself, but if you're trying to build your brand and business, this might be a better task left to an expert, regardless of the cost.

Those who are well-versed in small IT networks, however, could easily set up an infrastructure like this with very little outside help. If you are just in the process of building and registering your company, it's best to leave tasks like these completely up to the experts. Use specialized services to set up your company for a reasonable fee, and leave the computing to other experts.



Governance Documents and Communications Matrices 

Regina Phelps recently joined forces with Everbridge and recorded a webinar that explores in-depth strategies for improving your disaster and crisis management. Previously in part 3 of this five part series, Regina discussed the 3 main responsibilities of a communications team. If you missed part 3, you can access it here

In this installment of the series, Regina discusses what a governance document and a communication matrix are, and what their content should be.



Wednesday, 22 June 2016 00:00

US Wildfire Activity

AUSTIN, Texas – Reporting damage to a county emergency management agency or getting help from the American Red Cross is not the same as registering for federal disaster assistance with FEMA.

Many Texas residents affected by the May storms and flooding may have reported damage to their local, state or volunteer agencies. They may have even registered for assistance with those agencies. But that doesn’t mean they’ve applied for federal help.

Survivors can only be considered for federal help if they register with FEMA for each storm that results in a major disaster declaration. While FEMA, the Texas Division of Emergency Management and volunteer agencies often work together, their missions, programs and funding are not the same.

The disaster declaration on June 11 put in place several sources of federal funding for survivors of the May storms in 12 counties. Those counties are Austin, Brazoria, Brazos, Fort Bend, Grimes, Hidalgo, Hood, Montgomery, San Jacinto, Travis, Waller and Washington.

Disaster survivors may register for assistance the following ways:

  • online at www.DisasterAssistance.gov
  • phone 800-621-3362 (FEMA). Applicants who use 711 or Video Relay Service may also call 800-621-3362. Persons who are deaf, hard of hearing or have a speech disability and use a TTY may call 800-462-7585. The toll-free numbers are open from 7 a.m. to 10 p.m., seven days a week. Multilingual operators are available.

  • at a disaster recovery center. To find the nearest one, go to the Disaster Recovery Center Locator at asd.fema.gov/inter/locator.

FEMA grants do not have to be repaid. FEMA assistance is nontaxable and will not affect eligibility for Social Security, Medicaid or other federal benefits.

Survivors should register even if they have insurance. FEMA cannot duplicate insurance payments, but underinsured applicants may receive help after their claims been settled.

For more information on the Texas recovery, visit the disaster webpage for the May storms at http://www.fema.gov/disaster/4272; or visit the Texas Division of Emergency Management website at txdps.state.tx.us/dem. Follow us on Twitter @femaregion6.

# # #

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Download fema.gov/mobile-app to locate open shelters and disaster recovery centers, receive severe weather alerts, safety tips and much more.

When it comes to cloud computing options, enterprise IT departments often focus on Infrastructure-as-a-Service (IaaS) or Platform-as-a-Service (PaaS). That's because, in my experience, IT professionals at large organizations think of Software-as-a-Service (SaaS) as something primarily catering to small- and medium-size organizations.

But SaaS indeed can, and does, offer plenty of potential for enterprise customers, as evidenced by the 10 startups we're exploring here. Our list includes SaaS applications for traditional organizational challenges, such as supply-chain, payroll, sales, recruiting, and company-wide collaboration.

If your company develops software or sells products or services online, you, too, will find SaaS startups to help you offload many IT tasks, including creating development platforms and running payment fraud protection. In addition, several startups on our list take on the latest and most complex IT services, such as the Internet of Things (IoT), big data analytics, and monitoring inter-cloud networks and applications.



Wednesday, 22 June 2016 00:00

Are you set for the data traffic explosion?

Over the last few years, the amount of information pinging back and forth between devices around the world has skyrocketed. Given that almost all of us now have powerful connected computing gadgets in our pocket at all times, this is hardly surprising, but as even more people get equipped with devices like smartphones, it’s clear the transformation is far from finished.

In fact, data traffic growth is set to get even faster over the next few years. According to a new forecast for Cisco, traffic is set to almost triple by 2020, driven by the introduction of around ten billion connected devices over the next five years.



Cloud Security must remain the top objective when organizations consider moving their data over to a cloud computing platform.  While cloud computing offers businesses many benefits, an organization choosing to place its intellectual property along with its customer information and corresponding emails into a cloud computing environment will also have to come to the realization that that data will be subject to other serious vulnerabilities and threats.

This article would like to focus on raising an awareness to those threats and at the same time propose some steps that an organization can take to ensure and better manage the information they decide to place in a cloud computing environment.

Wednesday, 22 June 2016 00:00

Con Men, Criminals, and Compliance

What does it take (or not take) to be a con artist and/or a white collar criminal? Do not kid yourself — white collar criminals can be “dangerous,” in that they usually suffer from significant personality disorders. Many are narcissists and sociopaths and are constantly engaging in manipulation, financial schemes, and inflicting harm to victims.

We all the know the legendary white collar scandals – Lay and Skilling at Enron; Bernie Ebbers at WorldCom; Jack Abramoff; Bernie Madoff. The list goes on and on with infamous criminals.

The term “Con Man” has been coined through the years to describe individuals who can convince an innocent person to invest in fraudulent schemes or manipulate people to trust the con artist.



Wednesday, 22 June 2016 00:00

How Secure is your Facility?

On a walk with my toddler grandson the other day we waved to everyone (and every animal, including the birds) we came across. Like many young children, he is oblivious to the dangers of taking a walk around the neighborhood. He will take off across the street, run up to any dog or person, run out in the street when he sees a vehicle. I feel bad pulling him back, making sure all is safe as he looks up at me questioning, “Why are you taking this joy away?” As the adult, wanting to keep him safe, it is necessary for me to restrict some of his actions to ensure he stays safe. Now, I do let him fall, play in the dirt, walk through the water and plants. What is life without some dirt and scars? But it is my job to make sure he is not seriously harmed (along with making sure he has ice cream for breakfast).

For most of us, we go about our lives like my grandson, not worrying about our safety (other than the normal precautions we take each day, like looking both ways when crossing the street and making sure we don’t run into the person texting while walking). What a blessing that is. So how does this relate to the title of this blog?

Most of us recognize the various security precautions or technologies present at our place of business, such as badges to gain access to the building, access restricted by need to some areas, parking barriers, security guards at entrances, sign in sheets, etc.

In a recent blog we discussed weapons and facilities. That includes some items that are pertinent to consider here.



Few areas within a business have benefited from the Internet of Things (IoT) as much as the supply chain. The advent of tracking and tracing technology through the supply chain gave products a voice for the first time, explains Michael Lucas, chairman of i3 Brands, and this technology advancement provided a revolutionary level of transparency that hugely benefited industries and manufacturers, and ultimately consumers.

“The onset of IoT has simply enabled another improved mechanism for collecting all the micro-pieces of data that occur along the product journey,” Lucas continues. “Beyond simply speaking in ‘one word answers,’ IoT-enabled products are able to speak in full sentences, which allows for continuous diagnostic reporting. This creates unprecedented levels of visibility, allowing manufacturers to become proactive in their approach to the supply chain.”

With this increased visibility to receive, analyze and respond to real-time data, supply chain managers are able to optimize their inventory stock and to reduce their costs. However, the devices and technologies, many of them mobile, that make the supply chain more efficient come with security risks if they aren’t properly secured with enterprise-grade hardware and software.



We are excited to announce that Everbridge was recently named one of the Best Places to Work in Los Angeles by the Los Angeles Business Journal and Best Companies Group. The awards program honors the best employers in Los Angeles, benefiting the county’s economy, workforce and businesses. This most recent accolade is just another shining example of the pride and satisfaction employees feel is encapsulated in the Everbridge culture, making it both an exciting and rewarding place to work.

The companies included on the Los Angeles Business Journal’s 2016 Best Places to Work list are primarily determined by employee surveys that measure the employee experience. Workplace policies, practices, philosophy, systems and demographics are also taken into consideration during the selection process.



Raging across the country, threatening businesses and residences alike, wildfires are a reality, burning a reported 1.9 million acres in the U.S. so far this year. West of Santa Barbara, firefighters have battled an intense fire for almost a week. Wildfires are also burning in Arizona and New Mexico. In Canada, the Fort McMurray blaze burned for weeks and scorched some 2,400 square miles of land—more than 1.4 million acres. In five of the past 10 years, in fact, wildfires have ranked among the top 20 worldwide loss events.



CHICAGO – With a threatening Wednesday forecast for most of the Great Lakes Region that includes severe storms, heavy rains, strong winds and the possibility of tornadoes, the U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA) Region V encourages everyone to get prepared.

“Summer has begun, and with it, the heightened risk of severe storms,” said FEMA Region V Administrator Andrew Velasquez III. “Now is the time to make sure your family knows what to do to stay safe, and verify your mobile phone is enabled to receive Wireless Emergency Alerts to warn you of extreme weather and other emergencies in your area.”

Individuals should follow the instructions of state and local officials and listen to local radio or TV stations for updated emergency information related to this storm system. Purchasing a weather radio for your home is another way to ensure that you receive critical warning information. If a warning is issued, get indoors, and move to the center of an interior room on the lowest level (closet, interior hallway) away from corners, windows, doors, and outside walls.

Find valuable tips to help you prepare for severe storms at http://www.ready.gov/severe-weather and download the free FEMA app, available for your Android, Apple or Blackberry device. Visit the site or download the app today so you have the information you need to prepare for severe weather.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at twitter.com/femaregion5, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

CHICAGO – It’s too easy to think we’re invincible when it comes to lightning storms—going outside, staying in the pool, or continuing a softball game as thunder sounds in the distance are not safe activities when lightning and thunder are in the area. Instead, move indoors when thunder roars—such a simple step could save more than 400 people from getting struck by lightning every year.

In recognition of Lightning Safety Awareness Week, June 19 – 25, 2016, FEMA is encouraging everyone to get storm safety smart:

  • There is no safe place outdoors when thunderstorms are in the area. Get indoors and avoid contact with corded phones, electrical equipment, plumbing, and windows and doors.
  •  Water is an excellent conductor of electricity – so get out of and away from water!  
  • Electricity always seeks the shortest path to its destination. Avoid tall, isolated trees or other tall objects in a lightning storm.
  • When camping, set up in a valley, ravine or other low area. Tents and open-sided shelters don’t provide protection from the dangers of lightning. If there isn’t a substantial building nearby, take shelter in your vehicle.
  • Wait 30 minutes after the last lightning or thunder before going back outside.
  • Anyone struck by lightning will need immediate medical attention. Call 911 and remember: lightning victims do not carry an electrical charge and are safe to touch.  

During Lightning Safety Awareness Week, FEMA Region 5 will be hosting a social media engagement campaign in collaboration with the National Weather Service in Chicago—get involved by following FEMA online at twitter.com/femaregion5 and www.facebook.com/fema. You can also find more valuable lightning safety tips by visiting www.ready.gov/thunderstorms-lightning and www.lightningsafety.noaa.gov. Consider also downloading the free FEMA app, available for your Android, Apple or Blackberry device, so you have the information at your fingertips to prepare for severe weather.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at twitter.com/femaregion5, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

Today’s world is a very different one to that of just 30 years ago. Where we previously used to be terrified of the idea of one of the superpowers using atomic bombs, today we are scared of somebody hacking our computer systems and destroying our infrastructures. It is a very real fear and one that, unlike atomic bombs, has been regularly unleashed on people.

However, we are not just sitting ducks in the face of this increasing threat and, behind the scenes, work is constantly being done to increase the protection that companies and individuals have from nefarious hackers. One of the most powerful tools they have in this constantly evolving battle is in the use of data.

One of the most progressive industries in this regard is banking and financial services, where a huge amount of money combined with a high number of transactions has meant that it is the perfect environment for data analytics to have a big impact. It is, unfortunately, something desperately needed as we have seen significant increases in the amount of card fraud. In the UK, online banking fraud increased 26% between 2013 and 2014, for instance. In a country of only 63 million people, there were 53,192 cases of online banking fraud where people incurred loss of money. The numbers in the US are even more shocking, with the country responsible of 47% of all credit card fraud despite accounting for only 24% of total card transactions (http://www.creditcards.com/credit-card-news/credit-card-security-id-theft-fraud-statistics-1276.php).



Wednesday, 22 June 2016 00:00

The Cloud: Still a Work in Progress

It seems that when it comes to the enterprise and the cloud, it’s all over but the shouting. Organizations around the world have integrated cloud infrastructure into their overall data footprints in a major way, and at this point there is no chance of undoing it all.

But this doesn’t mean the cloud is putting all data operations on easy street. Indeed, just as local data infrastructure did in the past, the cloud will fuel its own endless cycle of upgrades and revisions as users come to demand new levels of performance and flexibility at every turn.

As eWeek reported last month, the cloud currently supports about 28 percent of the worldwide compute and storage load, and that portion is expected to increase to 58 percent over the next decade. And perhaps most telling, a good 83 percent of respondents to a recent Tata Communications survey said they have received benefits from cloud computing that they did not expect at the outset, including higher productivity and faster data access.



(TNS) -  Gov. Rick Scott’s unprecedented request for a federal emergency declaration after the mass shooting in Orlando has been rejected by the Obama administration.

In a letter to Scott Monday, Federal Emergency Management Agency Administrator W. Craig Fugate said the emergency declaration was the wrong course of action for Florida to take as it tries to recoup the costs associated with the response to and investigation of the massacre that left 49 dead plus the shooter.

“Because your request did not demonstrate how the emergency response associated with this situation is beyond the capability of the state and affected local governments or identify any direct federal assistance needed to save lives or protect property, an emergency declaration is not appropriate for this incident,” Fugate wrote.



As cybersecurity risks have increased world-wide, both the SEC and the NFA have dictated that hedge funds and private equity funds have a plan to assess, manage and address risks and incidents. The security threat to private funds is real for all types of funds, big and small, complex and simple. However, cybersecurity planning for this group must be individualized to a great extent due to the wide range of IT configurations that exist. This article will discuss the required elements of cybersecurity planning as they relate to a variety of typical private funds, including hedge funds and private equity funds.



The roll call of high profile companies whose reputation is still recovering following a crises over recent years includes several who took on greater damage because of the inadequacy of their response to the initial problem.

Think BP and the then CEO’s infamous observation that he “would like his life back”.

Or Target’s attempts to wish away a major data leak that compromised its customers’ bank accounts.

Or Sony’s stalled understanding that media coverage of the toxic content of the stolen emails made it the villain not the victim in the eyes’ of the public.



The cloud has revolutionized the way we build IT systems within enterprises. Indeed, enterprise IT’s goal since the inception of cloud computing has been to replicate the power of cloud computing within their own data centers.

The trouble is that cloud computing systems were built net-new, which meant they could start from scratch and thus be more innovative with the use of cloud-based resources using the most modern technology and approaches available. Enterprises don’t have the same luxury. Decades of enterprise hardware and software purchases exist at different levels of maturation, and those structures must also support mission-critical systems in operations.

However, things are changing. New technology now provides enterprises with the public cloud experience, which includes:



The incredible amount of energy needed to power data centers is well documented. Globally, data center energy use accounts for three percent of all electricity consumed, a figure that will continue to grow in the coming years. While fueling one of the backbones of our economy, this incredible power usage has resulted in staggering electricity bills and large amounts of pollution associated with producing that energy. To help combat this, utility companies in recent years have been offering incentive programs to data center owners and operators who are willing to make their facilities more energy efficient.

While these incentives are incredibly beneficial to data centers, I’ve found many operators hesitant to take advantage of the opportunity for a variety of reasons, including not being sure where to start, fear of unknown project costs, and confusion on the different types of incentives that are available. These concerns are all very understandable, and I can share some knowledge to help clear up the confusion that surrounds utility incentive programs.



The company IT Security perimeter no longer exists, now that mobile and cloud computing are so prevalent. The availability of files and information to employees in the office, on site, on the road or at home is high.

But then so are the IT security risks that go with such availability, unless appropriate measures are taken.

Those measures cannot be the same as the traditional firewall solutions, because so much computing activity now takes place outside such firewalls.

The security paradigm has to be turned inside out. Instead of trying to keep all data within one big fence, each piece of data must travel with its own protection.



How do you ensure that the time and money spent on business continuity is yielding the desired results? Karen Humphris, senior advisory manager at ContinuitySA, looks at the subject and provides a checklist of 12 critical BCM success factors.

As business continuity management (BCM) becomes more important as a way to mitigate risk and create peace of mind, ensuring the money and time spent on BCM yields the desired results is critical. Organizations need to be certain that the BCM programme they have in place is realistic, and that it will work. One of the best ways of answering these questions is to measure how mature the BCM plan and capability actually is.

Measuring, as we all know, is the first and vital step to managing anything.



Tuesday, 21 June 2016 00:00

The Unsuspecting BYOD User

Many companies have adopted a BYOD program, recognizing the productivity benefits that can deliver. In addition, more and more companies require BYOD users to use a device passcode to prevent company data from falling into the wrong hands if the device is lost or stolen.

However, much like desktop security threats, the risk of data loss from malware and vulnerabilities must also be considered as part of a mobile security program.

Users, unfortunately, are mostly unaware that they can easily get a malware infection by visiting a compromised website and downloading a malicious app. Once on the device, the app can then access confidential data on the device as well as access the corporate network.  Contrary to popular belief, iOS devices are just as susceptible to malware as Android devices, and Skycure has identified that any business with over 200 iOS devices has at least one malware infection.



Business resilience is your organization’s ability to adapt and adequately respond to events—no matter how critical the situation—that affect your business internally or externally with little impact to your operations, people, and structure. Your business’s ability to be resilient and prepared relies on careful, corresponding planning related to both business continuity and disaster recovery, and at the forefront of prevention and strong response is access to monitoring your business and your people.

Maintaining a resilient business with regular operations before, during, and after an unexpected event requires emergency notification software that, like business resilience and disaster recovery planning, takes a holistic approach. In order to build a resilient business, you must be able to rely on your emergency notification software to monitor everything around you—potential threats, your people, your business, your communications. You need the full picture of what is exactly going on at all times.

AlertMedia keeps the pulse of your business – monitoring what your organization cares about most.



There are some very important risks in your construction fleet that you may be overlooking. Independent contractors can introduce risks and your employees using their personal vehicles could pose other hidden exposure to your business. These are two top issues to be aware of, and here are some suggestions for mitigating them.

Independent Contractors

If you hire independent contractors, you could be sued for their actions in relation to a vehicle accident that they cause while working for you.

To reduce this exposure, ensure that each of your independent contractors has a valid auto liability insurance policy. Make sure the policy is in force throughout the duration of their contract with you. Additionally, be sure that their insurance carrier is financially stable. You can verify the insurance carrier’s financial strength at www.ambest.com.



AUSTIN, Texas – Two important deadlines are ahead for Texans who are considering a loan through the U.S. Small Business Administration for recovery from the April storms and flooding.

Most survivors who registered with FEMA for disaster assistance were contacted by the SBA with information on the agency’s loan-interest disaster loans, as well as instructions on how to complete the loan application.

The deadline to submit the application for physical damage is June 24, 2016.  The deadline for businesses to submit a loan application for economic injury is Jan. 25, 2017.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property, offering low-interest disaster assistance loans to businesses of all sizes, private nonprofit organizations, homeowners and renters.

Survivors may apply online using the electronic loan application via SBA’s secure website at disasterloan.sba.gov/ela.

Disaster loan information and application forms are also available from SBA’s customer service center by calling 800-659-2955 or emailing disastercustomerservice@sba.gov. Individuals who are deaf or hard‑of‑hearing may call 800-877-8339. For more disaster assistance information or to download applications, visit sba.gov/disaster.

Completed applications should be mailed to:

U.S. Small Business Administration
Processing and Disbursement Center
14925 Kingsport Rd.
Fort Worth, TX  76155

SBA loan applications should be submitted even as disaster survivors await an insurance settlement. The loan balance is reduced by the settlement. SBA loans may also be available for losses not covered by insurance.

Both FEMA and the SBA encourage Texans who suffered damage or loss from the April storms and were provided a loan application to complete the application.  There is no obligation to take a loan if offered. If approved, and a survivor does not accept the loan, it may make them ineligible for additional federal assistance.

  • Homeowners may borrow up to $200,000 from SBA to repair or replace their primary residence.

  • Homeowners and renters may borrow up to $40,000 to repair or replace personal property.

  • Businesses may borrow up to $2 million for any combination of property damage or economic injury. SBA offers low-interest working capital loans—called Economic Injury Disaster Loans—to small businesses and most private nonprofit organizations of all sizes.

# # #

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

If you are heading up an application develop team or are running an IT organization and you are looking at your developers initial steps to developing cloud native applications, I want to share some experienced insights gained from PaaS customers.  For me it is a view of the path many of you may be heading down applying some best practices that can optimize Dev and Ops together.

Apprenda, one of our ACI ecosystem partners, and Cisco recently hosted a series of presentations, we called PaaS Days, about the Application-Centric Enterprise to share how private PaaS and policy driven automation together can address real-world problems such as application time-to-market, datacenter security and corporate compliance.   I want to share some insights I gained there about different application strategies for cloud. Depending on the company’s cloud maturity level and whether the management is centralized or not, the application strategy can take on a project oriented or an organization level scope.



(TNS) - A good 40 inches of rain has pelted Montgomery County this year - well ahead of the typical pace and too much at times for the usually tranquil streams in this rapidly growing area.

So regional leaders are embarking on a nearly $1 million study to improve and expand the early flood warning capabilities for the county.

Under the plan, the San Jacinto River Authority also would analyze water flows and explore ways to reduce the likelihood of flooding, such as scooping out parts of streams that can cause bottlenecks.

The authority, which manages surface water in the river basin, is teaming with Montgomery County and the city of Conroe. The entities are asking the Texas Water Development Board to cover half the costs.



At a time when some venture capitalists are holding back, one firm is moving forward. There is a very real need for new technologies in cybersecurity. For example, the attack on Office of Personnel Management last year– which affected at least 21.5 million Americans — had apparently been going on for some time, undetected. The new model is to identify the intruder in the network in real time, observe them, and then suppress that intruder’s activities. This requires active intelligence and a whole new way of thinking about cybersecurity.

“From an architectural perspective we are investing in cybersecurity technologies that are synergistic in one simple goal which is intrusion suppression,” said Tom Kellerman, CEO of Strategic Cybersecurity Ventures (SCV). “We are not investing in capabilities that are perimeter based that are focused on keeping the adversary out at all time. We are focused on capabilities that can force the adversary to be resource constrained, decrease the amount of time they are on a network, and inhibit their ability to exfiltrate your intellectual property or financial data out,” he said.

Kellerman, formerly with Trend Micro, and his two partners — Ann Barron-DiCamillo (CTO), formerly the director of US-CERT, and Hank Thomas (COO), formerly with the NSA and Booz Allen’s cyber intelligence and indigence response practice – each know what they want. Collectively they have fifty years of active experience in cybersecurity.



Why is nearly half an organization’s data loss due to insiders? A Fasoo and Ponemon Institute study found that it could be because the vast majority of IT security professionals (72 percent) aren’t confident in their ability to manage or control employee access to sensitive files. Even more worrisome is that these same professionals don’t know where those sensitive files are and have no visibility into what employees are accessing or sharing without authorization. Bill Blake, president of Fasoo, addressed this discovery:

What should be concerning to C-level executives and corporate boards is that most organizations have no idea where mission-critical information is located on the corporate network, who has access and what they are doing with that information. Organizations must be vigilant in applying and enforcing security policies as well as knowing where the organization's most valuable information is located at all times.


Monday, 20 June 2016 00:00

BCI: The changing resilience landscape

The Business Continuity Institute - Jun 20, 2016 17:03 BST

At the DRJ Spring World Conference in Orlando earlier this year, the BCI 20/20 Think Tank US Group hosted a session titled 'BCI 20/20 - The future of the continuity industry'. The discussion that followed covered a wide range of issues which illustrated the changing resilience landscape that business continuity professionals face today. The outcome of this was a new discussion paper on the role of business continuity professionals in the changing global threat environment.

The notion of a changing threat environment was supported by a high level discussion on the Business Continuity Institute's latest Horizon Scan Report, also at DRJ Spring World, which considered the changing risk landscape and how it is no longer just the traditional threats like natural or man-made disasters that are being disruptive to our organizations. However, knowing the risks an organization faces enables business continuity professionals to focus on what happens next.

One of the conclusions from the paper was that "only a business continuity professional with a strong understanding of the business, its products/services and customer expectations can contribute meaningfully to responding to risks".

Download your free copy of the role of business continuity professionals in the changing global threat environment today in order to develop your understanding of the changing resilience landscape.

Monday, 20 June 2016 00:00

Containers: Not Just for Food

In all seriousness: in the world of IT, what exactly are containers, anyway? For those of you who are not very familiar with where containers come from and why you’re hearing so much about them right now, this post is for you.

You have an operating system (OS).

You have some applications (apps) running on your OS. 

In most cases, these are packaged together as a “virtual machine.”

And then, virtualization happens. Hypervisors happen — and you can have multiple copies of a virtual machine running on a hypervisor. In many cases, organizations are running lots of instances of the exact same virtual machine on a hypervisor.



While a great number of industries have rushed to digitally engage consumers, the financial sector has lagged behind. Online banking platforms are built on top of an infrastructure that is still heavily reliant on paper and human interaction, leaving it prone to loss, error and social engineering techniques.

These administrative costs prevent our financial system from scaling up and reaching the next billion users, a demographic that has no problem purchasing a smartphone but is still excluded from global banking due to exorbitant compliance costs and identification requirements that don’t match people’s realities.

Cyberattacks also threaten to exclude even more people from banking, as they raise the compliance and insurance costs of opening and maintaining bank accounts.



Monday, 20 June 2016 00:00

The Car Salesman to the Mechanic

So I made the big brave move into a cyber security specific role....

The rationale behind this was simple. Far too often in my world of business continuity did I encounter some CTO who was trying to pull the wool over my eyes when discussing IT risk. They would throw out a few technical terms I’d never heard of and I had no choice but to assume they knew what they were talking about. This needed to change so I decided to throw myself into IT and see what all the fuss was about.

Prior to making the move I genuinely thought my experience of delivering disaster recovery and work are recovery projects meant that I had a pretty good grounding on the subject. However, looking back I'd have to say I was definitely ignorant to what I didn't know. It occurred to me that in recent years I was the car salesmen to the mechanic. But as a security professional did I really need to fully understand the likes of networks, environments and infrastructure?



Monday, 20 June 2016 00:00

Ransomware: The News Is Always Bad

A study by Booz Allen Hamilton says that Supervisory Control and Data Acquisition (SCADA) systems, which manage critical infrastructure, are becoming targets of ransomware.

The report is full of bad news for industrial control system (ICS) operators. Attacks are increasing: The Department of Homeland Security (DHS) responded to 295 incidents last year, which was a 15 percent increase over 2014. The arc in the evolution of cybercrime is always toward less expensive, more sophisticated and more accessible exploits. The study, which was reported upon at Dark Reading, shows that the tendency continues:

Among the several emerging challenges for owners of industrial control systems identified in the report are ransomware and the emergence of SCADA access as a service. Booz Allen Hamilton defines SCADA access services as entities that specialize in finding zero-day flaws in industrial control networks, developing exploits for them and then selling that as a service to those interested in gaining unauthorized access to third-party ICS networks.



Jun 17, 2016 17:13 BST

​Small businesses unfairly carrying the cost of cyber crime

Small businesses are unfairly carrying the cost of cyber crime in an increasingly vulnerable digital economy, according to a new report by the Federation of Small Businesses, with firms collectively attacked seven million times per year, costing the UK economy an estimated £5.26 billion.

Cyber Resilience: How to protect small firms in the digital economy notes that, despite the vast majority of small firms (93%) taking steps to protect their business from digital threats, two thirds (66%) have been a victim of cyber crime in the last two years. Over that period, those affected have been victims on four occasions on average, costing each business almost £3000 in total.

Almost all (99%) of the UK’s 5.4 million small firms rate the internet as being highly important to their business, with two in three (66%) offering, or planning to offer, goods and services online. Without intervention, the growing sophistication of cyber attacks could stifle small business growth and in the worst cases close them down.

Mike Cherry, FSB National Chairman, said: “The digital economy is vital to small businesses - presenting a huge opportunity to reach new markets and customers - but these benefits are matched by the risk of opportunities for criminals to attack businesses. Small firms take their cyber security responsibility very seriously but often they are the least able to bear the cost of doing so. Smaller businesses have limited resources, time and expertise to deal with ever-evolving and increasing digital attacks.”

The Business Continuity Institute’s latest Horizon Scan Report showed that small businesses are no different to larger organizations when it comes to determining the greatest threat they face – in both cases it was cyber attack and data breach.

The FSB report also found room for small firms to improve security. Currently just a quarter of smaller businesses (24%) have a strict password policy, 4% have a written plan of what to do if attacked online, and just 2% have a recognised security standard such as ISO27001 or the Government’s Cyber Essentials scheme.

(TNS) - If you see something, say something.

It is a dictum for terrorizing times, and as the carnage mounts, law enforcement is more urgently pressing the public to turn tipster.

But what, exactly, does something mean?

That depends.

"If I have a friend who all of a sudden starts going to the masjid [mosque] five times a day, is that a sign of radicalization - or of admirable devotion?" said Quasier Abdullah, assistant imam at Quba Institute, a school and mosque in West Philadelphia.



(TNS) - It only took about five minutes of violent winds, but Wednesday evening’s strong storm put the fear of Mother Nature into some of Lindenwald’s (Ohio)  residents.

“It was intense. It was scary,” said Molly Marcotte, who lives down the street from where some of the worst damage happened. She and husband Randy Marcotte heard sounds of trees snapping and transformers blowing, but they say they never heard the sound of storm sirens until after the winds died down.

“Mother Nature’s a beast,” Molly Marcotte said. Their porch swing was pinned against a window, but somehow didn’t break the glass.



AUSTIN, Texas – As storms and flooding wreak havoc across Texas, FEMA officials are warning of another danger: scam artists and unscrupulous contractors out to fleece communities and survivors struggling to recover from disaster.

Be aware of these most common post-disaster scams:

Housing inspectors: If home damage is visible from the street, an owner/applicant may be vulnerable to those who pose as housing inspectors and claim to represent FEMA or the U.S. Small Business Administration.

  • Ask for identification. Federal and state representatives carry photo ID. A FEMA or SBA shirt or jacket is not proof of affiliation with the government.

  • FEMA inspectors never ask for banking or other personal information. < >EMA housing inspectors verify damage but do not hire or endorse specific contractors to fix homes or recommend repairs. They do not determine eligibility for assistance.

  • Use licensed local contractors backed by reliable references; recovery experts recommend getting a written estimate from at least three contractors, including the cost of labor and materials; and read the fine print.

  • Demand that contractors carry general liability insurance and workers’ compensation. If he or she is not insured, you may be liable for accidents that occur on your property.

  • Avoid paying more than half the costs upfront. Doing so offers little incentive for the contractor to return to complete repairs.

Pleas for post-disaster donations: Con artists play on the sympathies of disaster survivors, knowing that people want to help others in need. Disaster aid solicitations may arrive by phone, email, letter or face-to-face visits. Verify charitable solicitations:

  • Ask for the charity’s exact name, street address, phone number and web address, then phone the charity to confirm that the person asking for funds is an employee or volunteer.

  • Don’t pay with cash. Pay with a check made out to the charity in case funds must be stopped later.

  • Request a receipt. Legitimate nonprofit agencies routinely provide receipts for tax purposes.

Offers of state or federal aid: Beware of anyone claiming to be from FEMA or the state and asking for a Social Security number, bank account number or other sensitive information. Scammers may solicit by phone or in person, promising to speed up the insurance, disaster assistance or building permit process. Others promise a disaster grant and ask for large cash deposits or advance payments. Here’s how to protect yourself:

  • Federal and state workers do not solicit or accept money. FEMA and SBA staff never charge applicants for disaster assistance, inspections or help in filling out applications. If you have any doubts, do not give out information and file a report with the police.

If you suspect fraud, call the FEMA Disaster Fraud Hotline at 866-720-5721. If you are a victim of a home repair or price-gouging scam, call the Office of the Texas Attorney General at 800-252-8011. For information regarding disaster-related fraud and how to protect yourself, visit texasattorneygeneral.gov/cpd/disaster-scams.

For more information on the Texas recovery, visit the disaster webpage for the May storms at fema.gov/disaster/4272; or visit the Texas Division of Emergency Management website at txdps.state.tx.us/dem. Follow us on Twitter @femaregion6.

Download fema.gov/mobile-app to locate open shelters and disaster recovery centers, receive severe weather alerts, safety tips and much more.

# # #

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Download fema.gov/mobile-app to locate open shelters and disaster recovery centers, receive severe weather alerts, safety tips and much more.

(TNS) - A biennial test shows that emergency officials — including some in Northwest Missouri — are ready to work together in the event of a disaster at a southeast Nebraska nuclear power plant.

That was the assessment of federal officials, who spoke during a Thursday morning briefing at the Nebraska Public Power District’s emergency operations center in Auburn, Nebraska.

The test, conducted Tuesday, is intended to probe how well agencies, other organizations and the utility itself would react to a crisis involving the Cooper Nuclear Station — positioned along the Missouri River three miles south of Brownville, Nebraska. NPPD owns and operates the plant, and representatives also attended Thursday’s briefing.



Tiered storage is the process of assigning progressively less-expensive storage categories to progressively less-valuable data. It’s up to IT to classify storage tiers using a matrix of performance, price (Capex and Opex), storage capacity and data services. Classifying data priority is not entirely up to IT. Within the same storage system, automated tiering functions will classify data by features like I/O patterns and move it accordingly within the storage system’s internal storage tiers.

However, IT will need to assign data priority by business need in order to migrate data effectively throughout the storage infrastructure, ultimately landing in highly cost-effective cold storage. Different companies will assign different data priorities according to their business and compliance needs.

Aging is the most common metadata for demoting data to less expensive storage, but other factors may affect the outcome. For example, IT may progressively demote aging data and eventually add it to cold storage on tape or cloud. But some aging data may reside long-term on SATA on-premises storage because it is subject to regular information audits.



While hurricanes are notoriously unpredictable, scientific advancements allow unprecedented insight into what to expect as a storm season approaches. The bad news? 2016 is anticipated to be a doozy, according to a just-released report from The Weather Company. Let’s take a closer look at what weather experts say lies ahead, along with tips for overcoming this less-than-sunny outlook.

Putting the Hurricanes in Hurricane Season

What’s headed our way, according to The Weather Company forecast? Approximately 14 named storms, eight hurricanes, and three major (Category 3 or stronger) hurricanes will comprise the 2016 Atlantic hurricane season.

If this sounds like a lot, that’s because it is: The 30-year historical average consists of 12 named storms, six hurricanes, and three major hurricanes. The Weather Company’s most recent outlook also outpaces predictions from earlier this spring, including one from Colorado State University (CSU) which anticipated 13 named storms, six hurricanes, and two major hurricanes.



Only a few years ago, business continuity was considered the gold standard of crisis response: If an organization was able to continue operation following an emergency situation, it was considered well-prepared for potential threats. However, today many organizations aim to go beyond business continuity to achieve operational resilience—to not only come back from a crisis, but to continue day-to-day operation with minimal changes to the business.

Resiliency refers to the capacity for a company to thrive, despite the inevitable challenges that it will face over time. IBM has defined operational resilience as “the ability of an organization’s business operations to rapidly adapt and respond to internal or external dynamic changes—[including] opportunities, demands, disruptions or threats—and continue operations with limited impact to the business.” This includes crises such as severe weather, unplanned IT outages, violent incidents, public relations gaffes and everything in between.

Many organizations are not effectively prepared for potential crises. And when one does hit, they struggle to get back up and running. In a 2014 survey, nearly 25 percent of organizations lost critical applications or files for multiple days following a crisis, and 20 percent of companies reported post-incident losses ranging from $50,000 to $5 million. This is not true operational resiliency.



When employees leave a company and take sensitive data with them, intentionally or not, the repercussions can be massive. In February of this year, an employee leaving the FDIC exposed 44,000 FDIC customers’ personal information when she downloaded the data to her personal storage device. Later the same month, a former employee of UK regulator Ofcom offered his new employer as much as six years of sensitive data provided to the regulator by television companies.

A recent survey of 400 employees by Veriato, a provider of employee monitoring software, found that a third of respondents believe they own or share ownership of the corporate data they work on;  more than half feel it's acceptable to take corporate data with them when they leave a job.

"The potential damage from even one employee taking confidential and proprietary customer data, software code or login credentials with them to a new job, especially with a competitor, is astronomical," Veriato COO Mike Tierney said at the time.

So what should companies do to prevent such potentially serious damage?



The Business Continuity Institute - Jun 20, 2016 10:23 BST

There has never been a more fascinating debate than that of the United Kingdom’s potential exit from the European Union, but what impact does this have on business continuity and the business community within the UK?

A lot of business continuity professionals compensate for the tangible disruptive events but how many have prepared for such an intangible event as the UK leaving the EU. If ever an event has highlighted the importance of business continuity within the Boardroom, then this is it.

In the ongoing programme of business continuity planning, business continuity professionals will recognise the significance of Brexit while conducting a strategic business impact analysis. The acronym PESTELO analyses the external factors which highlights the weaknesses and threats for an organisation under the political, economic, social, technological, environmental, legal and organizational components.

Brexit maximises the utilisation of PESTELO. It will define your organization’s beta Factor and how well prepared your organization is for this potential exit. It is the responsibility of the business continuity professional to reduce this beta factor by identifying the risks to critical processes and minimising the impact an exit will have.

Numerous political leaders within the EU and further afield have highlighted their scepticism and the potential pitfalls of the UK’s withdrawal. However the debate within UK industry and the discipline of business continuity is inextricably linked because the continuance of a business or industry may be dependent upon this result.

The UK fishing industry has suffered with EU regulation and might be more pleased with the exit. The threat of London being removed as the financial centre of Europe to Paris, Frankfurt or Dublin has been commonly discussed. The threat of global terror has reached unsurpassed levels. MI5 officers have publicly stated that it would make better sense if Britain remained in the EU. A dilution of coordinated efforts undermines the effect of intelligence. On the other hand, some experts within MI6 say that a departure would improve the nation’s security. The two leading security agencies with differing views probably sums up this conundrum.

Numerous economists have suggested that Britain is putting monetarily more into the EU than it is getting back. This may be the quantitative position but from a qualitative point of view the total return on its investment have economists’ opinions varying greatly. For example, the EU aggregation of bulk power has negotiated tariff agreements with China and the USA, so how would the UK fair as a standalone entity? The fact is that if the UK does decide to exit no one knows what the implications are and the debate will continue right up until the final hour. The UK’s debate surrounding the exit is maybe better positioned not necessarily as a risk but as an uncertainty. The critique of scenario analysis (or in the case of Brexit maybe better referred to as ‘alternative worlds’) will allow pessimistic, optimistic and likely outcomes however due to this uncertainty simulation analysis maybe better utilised in this example as numerous variables could be the determining factor in an organisations success or failure.

For business continuity professionals the systemic risk posed by Brexit means that each organization within the UK faces this uncertainty as well as its own unsystemic challenges. If you are an importing business, you are already feeling the loss in the drop of the pound. The multi-disciplined business continuity professional should be advocating to diversify their organization’s portfolio by aligning their thoughts with their procurement departments to maybe look for indigenous suppliers or alternative vehicles for obtaining these goods and services.

If you are an exporting business your pound has become more highly valuable. The business continuity professional should be advocating the maximax policy.

If the UK decides to remain within the EU our public services could be under further scrutiny with more countries joining the EU. The business continuity professional has to deal with the current status quo and possibly this immigration influx. Can our public services deal with this continuing growth?

The business continuity professional is now compelled to horizon scan not only the tangible factors but also the potential black swans such as Brexit in the future.

Whatever the UK decides to do, the business continuity professional will be facing challenges.

Padraig McGoldrick AMBCI is the Vice President of Corporate Services for First Derivatives

The Business Continuity Institute - Jun 17, 2016 17:13 BST


Small businesses are unfairly carrying the cost of cyber crime in an increasingly vulnerable digital economy, according to a new report by the Federation of Small Businesses, with firms collectively attacked seven million times per year, costing the UK economy an estimated £5.26 billion.

Cyber Resilience: How to protect small firms in the digital economy notes that, despite the vast majority of small firms (93%) taking steps to protect their business from digital threats, two thirds (66%) have been a victim of cyber crime in the last two years. Over that period, those affected have been victims on four occasions on average, costing each business almost £3000 in total. 

Almost all (99%) of the UK’s 5.4 million small firms rate the internet as being highly important to their business, with two in three (66%) offering, or planning to offer, goods and services online. Without intervention, the growing sophistication of cyber attacks could stifle small business growth and in the worst cases close them down.

Mike Cherry, FSB National Chairman, said: “The digital economy is vital to small businesses - presenting a huge opportunity to reach new markets and customers - but these benefits are matched by the risk of opportunities for criminals to attack businesses. Small firms take their cyber security responsibility very seriously but often they are the least able to bear the cost of doing so. Smaller businesses have limited resources, time and expertise to deal with ever-evolving and increasing digital attacks.”

The Business Continuity Institute’s latest Horizon Scan Report showed that small businesses are no different to larger organizations when it comes to determining the greatest threat they face – in both cases it was cyber attack and data breach.

The FSB report also found room for small firms to improve security. Currently just a quarter of smaller businesses (24%) have a strict password policy, 4% have a written plan of what to do if attacked online, and just 2% have a recognised security standard such as ISO27001 or the Government’s Cyber Essentials scheme.

The Business Continuity Institute - Jun 17, 2016 09:31 BST

Companies that have predefined Business Continuity Management (BCM) processes in place are able to find and contain data breaches more quickly, discovering breaches 52 days earlier and containing them 36 days faster than companies without BCM. This is according to a study sponsored by IBM and conducted by the Ponemon Institute.

This is of significant importance as the study revealed that the average cost of a data breach for companies has grown to $4 million, representing a 29% increase since 2013, at least among those companies surveyed as part of research.

The Cost of Data Breach Study found the longer it takes to detect and contain a data breach, the more costly it becomes to resolve. While breaches that were identified in less than 100 days cost companies an average of $3.23 million, breaches that were found after the 100 day mark cost over $1 million more on average ($4.38 million). The average time to identify a breach in the study was estimated at 201 days, and the average time to contain a breach was estimated at 70 days.

Cyber security incidents continue to grow in both volume and sophistication, with 64% more security incidents reported in 2015 than in 2014. As these threats become more complex, the cost continues to rise. In fact, the study found that companies lose $158 per compromised record. Breaches in highly regulated industries were even more costly, with healthcare reaching $355 per record – a full $100 more than in 2013.

Business continuity professionals are well aware of the threat the cyber world poses to their organizations, as identified in the Business Continuity Institute's latest Horizon Scan Report. In this report cyber attack and data breach were ranked as the top two threats with the vast majority of respondents to a global survey (85% and 80% respectively) expressing concern about the prospect of them materialising.

"The amount of time, effort and costs that companies face in the wake of a data breach can be devastating, and unfortunately most companies still don't have a plan in place to deal with this process efficiently," said Ted Julian, Vice President, Resilient an IBM Company. "While the risk is inevitable, having a coordinated and automated incident response plan, as well as access to the right resources and skills, can make or break how much a company is impacted by a security event."

DriveScale, the Silicon Valley data center technology startup founded by a group of Sun and Cisco veterans who were behind some of the two iconic companies’ core data center product lines, such as Sun’s x86 servers and Cisco’s Nexus Switches and Unified Computing System (Cisco UCS), has built a scale-out IT solution geared specifically for Big Data applications. The company, which recently came out of stealth and announced a $15 million funding round, is addressing a growing need in the data center and has a founding team whose technological abilities are undeniable, but its current product is only on its first generation and still has a ways to go before it is proven out in the market.

Let’s back up a little and discuss why a scale-out solution for Big Data is important. Creating virtual controllers which enable some kind of software-defined platform aren’t anything new. In storage, we’ve seen this with Atlantis USX and VMware vSAN; in networking, it’s Cisco ACI, Big Switch, and VMware NSX. The vast majority of these technologies however are designed for traditional workloads, such as virtual desktop infrastructure, databases, application virtualization, web portals, and so on.

What about managing one of the fastest-growing aspects of IT today? What about controlling a new critical source of business value? What about creating a virtual controller for Big Data management?



Remember the economic meltdown (almost) of eight years ago? Two buzzwords came to the fore at that time. One was “systemic risk”, the risk that applies to an entire sector or domain; in this case, the global economy. The other one was “too big to fail” (TBTF) or TICTF referring to any entity that could by its own failure cause systemic failure. Thus, American investment bank Lehman Brothers was “too big to fail”.

However, fail it did, triggering a financial crisis worldwide. However, rather than TBTF, another measure known as TICTF may be a smarter way of understanding which measures for resilience you should be taking.

Interestingly, TICTF (Too Interconnected to Fail) was also the measure preferred by the US government in many cases, when deciding whom to help financially.

The impact of a “TICTF” enterprise is measured in terms of the products and services supplied by that enterprise, plus all other activities that depend on that enterprise, plus the exposure of the enterprise to other systemic risk.



The compliance profession faces many challenges. Some are more important than others. When it comes to evaluating performance, or measuring compliance programs, the profession has a steep uphill climb.

Unfortunately, measuring compliance programs and defining what an “effective” program is an issue that requires extensive research and analysis. Justice Potter Stewart’s famous words defining “obscenity” – “I know it when I see it,” just will not work when it comes to effective compliance programs.

The US Sentencing Commission has provided required elements of an “effective” compliance program; the Department of Justice has advanced the dialogue with its own approach and definition, as set forth in the FCPA Guidance and recently in the FCPA Pilot Program.



In the film Limitless, the main character Eddie finds himself able to learn and analyze information at a superhuman rate. He temporarily has the ability to instantly and meaningfully cross-correlate all of the previously forgotten experiences from his past (1) and assess multiple scenarios in the future. He does this simply by taking a pill.

I don’t have a pill for you, and I’m not going to claim any product can make you Limitless. However, I will say Cisco Tetration Analytics comes closer than anything in the industry to delivering similar capabilities!



At Citrix Synergy this year, ExtraHop won the Best of Show award for our ransomware detection solution.

Giving the reasons for the win, panel judge Brian Madden said, “You could literally put the product in, push GO, and get the benefits instantaneously.”

We were honored by the recognition and thrilled that the judging panel interviewed some of customers and heard firsthand how they were using the ExtraHop ransomware detection solution.



(Bloomberg) — Cyber-security firm Kaspersky Lab says it has uncovered an online marketplace where criminals from all over the world sell access to more than 70,000 hacked corporate and government servers for as little as $6 each.

Kaspersky discovered the forum after a tip from a European internet service provider. The market, called xDedic, is operated by hackers, who are probably Russian speaking, that have ditched their traditional business model of just selling passwords and have graduated instead to earning a commission from each transaction on their black market.

“It’s a marketplace similar to EBay where people can trade information about cracked servers,” said Costin Raiu, head of global research at Kaspersky Lab. “The forum owners verify the quality of the hacked data and charge a commission of 5 percent for transactions.”



(TNS) - The Baltimore 911 system crashed for at least an hour Tuesday night, leaving police and firefighters unable to receive calls to the emergency phone line, the city's Office of Emergency Management and firefighters announced.

The system went down around 8:20 p.m., city officials said. Mayor Stephanie Rawlings-Blake announced around 10:15 p.m. that it was restored.

The crash was suspected to be caused by a problem with Verizon, said Robert Maloney, director of the Mayor's Office of Emergency Management.



(TNS) - The Newton, Iowa, Police Department in partnership with the Jasper County Sheriff’s Office to launch the “If You See Something, Say Something” campaign throughout Jasper County.

The U.S. Department of Homeland Security’s campaign aims to raise public awareness of the indicators of terrorism and terrorism-related crime activity.

“This program came about as a result of our want and need to partner with the community at a deeper level and encourage them to report any type of suspicious activity,” Newton Police Chief Rob Burdess said.

The main focus of the national campaign is terrorist and terrorist activity, but Burdess sees the local program as a way to empower citizens to report any suspicious activity regardless of the severity.



AUSTIN, Texas – Texans who suffered damage or loss from the May flooding and were referred to the U.S. Small Business Administration may lose income-based FEMA grants if they don’t complete and submit the SBA loan application.

Other Needs Assistance grants may cover uninsured losses for furniture, appliances and other personal property, even vehicles. Survivors will not be considered for this type of assistance unless they complete and return the SBA loan application.

Applicants from Austin, Brazoria, Brazos, Fort Bend, Grimes, Hidalgo, Hood, Montgomery, San Jacinto, Travis, Waller and Washington counties should complete the application, even if they don’t want a loan.

“The SBA loan application is used to review an applicant’s eligibility for additional assistance,” said Federal Coordinating Officer William J. Doran III, who is in charge of FEMA’s operations in Texas. “For that reason, complete the application even if you don’t plan to accept the loan.”

Some types of Other Needs Assistance—medical, dental and funeral expenses—are not SBA dependent, and completing the loan application is not required. However, it is always recommended by recovery experts. The application is not required for survivors seeking temporary rental assistance.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property, offering low-interest disaster assistance loans to businesses of all sizes, private nonprofit organizations, homeowners and renters.

Survivors may apply online using the electronic loan application via SBA’s secure website at disasterloan.sba.gov/ela.

Disaster loan information and application forms are also available from SBA’s customer service center by calling 800-659-2955 or emailing disastercustomerservice@sba.gov. Individuals who are deaf or hard‑of‑hearing may call 800-877-8339. For more disaster assistance information or to download applications, visit sba.gov/disaster.

Completed applications should be mailed to: U.S. Small Business Administration, Processing and Disbursement Center, 14925 Kingsport Rd., Fort Worth, TX  76155.

SBA loan applications can be submitted even as disaster survivors await an insurance settlement. The loan balance will be reduced by the settlement. SBA loans may also be available for losses not covered by insurance.

  • Homeowners may borrow up to $200,000 from SBA to repair or replace their primary residence.

  • Homeowners and renters may borrow up to $40,000 to repair or replace personal property.

  • Businesses may borrow up to $2 million for any combination of property damage or economic injury. SBA offers low-interest working capital loans—calledEconomic Injury Disaster Loans—to small businesses and most private nonprofit organizations of all sizes.

For more information on the Texas recovery, visit the disaster webpage for the May storms at fema.gov/disaster/4272; or visit the Texas Division of Emergency Management website at txdps.state.tx.us/dem. Follow us on Twitter @femaregion6.

Download fema.gov/mobile-app to locate open shelters and disaster recovery centers, receive severe weather alerts, safety tips and much more.

# # #

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Download fema.gov/mobile-app to locate open shelters and disaster recovery centers, receive severe weather alerts, safety tips and much more.

In today’s world with everyone constantly on the go and the need to rely on our phones for work-related activities, it’s essential to provide mobile app accessibility to both the administrator and the audience you’re communicating with. You never know when a critical event will strike, but by having access to an emergency notification app to reach and interact with your people gives you the ability to keep your business and people safe.

Emergency notification app for administrators:

AlertMedia’s emergency notification app enables admins to send and receive important notifications on the go from your smartphone—Android, iPhone, tablet, and more. Getting the message out to your audience fast requires only a few simple taps to create and send a notification.

With the app, you can receive alerts that monitor your organization’s safety, respond to events and incoming messages quickly, and resolve time-sensitive situations. It securely stores and retrieves messages and past notifications, so you can keep the pulse of the business and your people informed.



The Business Continuity Institute - Jun 16, 2016 11:11 BST

Small businesses are leaving themselves open to potential threats with only 20% considering cyber security as a top business priority. This is according to new research by Barclaycard, which also found that 10% had never invested in improving the security of their website, putting them at risk from cyber crime.

The study also revealed that almost half (48%) had been hit by at least one cyber attack in the past year, with 10% experiencing more than four attacks. Almost one in five (16%) admit they were only prompted to review their cyber security when they were hit by an attack.

The latest Horizon Scan Report published by the Business Continuity Institute revealed that small businesses are no different to larger organizations when it comes to the main threats they face. In both cases the top threats were cyber attack and data breach.

Barclaycard's research found the majority (54%) of SMEs are concerned they could be at risk from an attack, but many lack the knowledge and expertise on how to better protect their business online. Only one in eight (13%) claim to be confident they understand enough about cyber crime to protect their business, and just one in six (15%) are very confident they have adequate measures in place.

Paul Clarke, Product Director at Barclaycard, said: “Businesses of all sizes face a constant and growing threat from cyber crime. As our research shows, many small businesses are failing take the necessary precautions, either because they don’t know how to protect themselves or, more worryingly, because they don’t think they need to. Cyber security is not a one-off investment that can then be forgotten about, especially as criminals are becoming increasingly sophisticated in the way they target businesses.”

Wednesday, 15 June 2016 00:00

What Does MAM-First Mean to You?

With more and more employees carrying smart devices, it’s natural for them to want to be able to use them for work. Bring-your-own-device (BYOD) programs and policies empower people to choose the best device to get their work done. Allowing employees to use their own mobile devices can also help businesses reduce hardware and service costs.

But corporate IT has a responsibility to protect corporate information wherever it resides. This includes employee-owned mobile devices.

The key is to find the right balance between corporate responsibility to keep enterprise data secure, and the employees’ expectations for a great user experience as well as the security and privacy of their own information.



Wednesday, 15 June 2016 00:00

How Much Water Do Apple Data Centers Use?

Apple will fund construction of a wastewater treatment facility in Prineville, Oregon, where its data center campus is the single biggest consumer of water, Oregon Live reported.

Data centers use enormous amounts of water to cool IT equipment they house, and reducing water use by data center cooling systems has been growing in importance. Numerous data center operators have been designing their cooling systems in a way that enables them to use recycled municipal water.

The issue of data center water usage gained more attention last year as a result of the drought in California, which is continuing despite a relatively wet winter season.



The Internet of Things (IoT) is no longer happening in a galaxy far, far away. It’s happening right here, right now. It may be in your pocket, on your wrist, in your clothes – heck, it might even be helping you drive your car.

In fact, IoT is moving so fast, we’re actually on the third wave , according to a panel of experts who weighed in on the topic during a recent episode of Internet of Things with Game-Changers, presented by SAP. However, a nagging question arises when it comes to this third IoT wave: What’s going to happen to all the data that’s being collected?

Coping with IoT reality

Gray Scott, futurist and founder/CEO of Seriouswonder.com believes questions remain around IoT data collection because technology is moving faster than we can cope with.



Enterprises commonly use bots to reduce customer service costs and improve responsiveness to customer requests. Many of the bots in use lack any real intelligence, although the landscape is changing rapidly with the help of artificial intelligence (AI) and machine learning. Major industry players, including Amazon, Facebook, Google, and Microsoft, are all jumping on the bot bandwagon.

"You can now plug AI, machine learning, and technology resources into your bots without owning that part off the technology stack," said Felix Rios, technology and innovation manager of the market research unit at managed analytics solution provider Ugam Solutions, in an interview. "[Meanwhile], as a society, we are becoming more comfortable with the concept of talking to machines. We also increasingly favor chatting over calling someone. All in all, it seems like the perfect storm for [an] explosion of bots to happen."

So, what does the rise of the bots really mean for your business?



Wednesday, 15 June 2016 00:00

A Rush to Compliance: Patience is a Virtue

Compliance officers are, by definition, goal driven. They are high achievers and expect to succeed. So what. You may say – we all know that.

Compliance officers are not the most patient group of people. They want to see change, improvement and action. Patience is not in their blood, nor is it their middle name(s).

Unless a CCO is directed by the board or the CEO to improve a compliance program rapidly or the company is staring down the barrel of a government investigation, there are two important reasons for a CCO to move deliberately and with care.



COLUMBUS, OHIO — A funny thing happened when Chattanooga, Tenn., set out to create the fastest municipal broadband service in the country: Telecommunications firms got angry and sued the city. Four times.

That was many years ago, but cities in Ohio have found out more recently that when a government entity wants to set up a high-speed network, dealing with telecommunications firms is still a tricky business.

“Access rights and all that, those we can overcome because we have the right of way, we have permits, we can do all kinds of things,” recalled Moez Chaabouni, former deputy chief information officer for the city of Columbus, Ohio, at a roundtable discussion at the 2016 Intelligent Community Forum Summit on June 14. “Probably the biggest hurdle we faced was organizations like AT&T, Verizon, Sprint. And I only mention these guys because they’re great at what they do, but they were incredibly opposed to us putting up anything in the downtown area, or anywhere for that matter, that was going to compete with their business.”



When buying or selling an MSP, varying circumstances may be involved.

Conditions may require that an MSP streamline its operations, liquidate assets due to a force majeure or transfer ownership due to some unforeseen occurrence. They may also signal that it’s time to expand into a new geography, seize a one-time opportunity or enter a new market adjacency.

Regardless of the underlying motivations, giving more value to your IT services’ entity or MSP business requires you to consider many different variables, including your accounting models or applications; tools or custom software; trademarks, patents, and/or other assets that increase the value of your company and thus make it more enticing to a prospective buyer, not to mention current clients.

Here are some things to consider:



BATON ROUGE, La. — Community members, volunteers and all levels of government continue developing solutions to move recovery forward following the severe storms and floods that occurred March 8 through April 8.

The collaboration includes neighbors, friends and family helping one another, identifying places to mobilize volunteers, and providing resources so disaster survivors can move back home. Governments are also collaborating to make communities better, stronger and safer so they will have enhanced protection from future disasters.

Here are some of the ways survivors, communities, volunteers and all levels of government have pulled together to address recovery challenges in the 90 days since the March 13 presidential disaster declaration.

Nearly 40,000 survivors applied for help under the Individual Assistance (IA) program in the 36 eligible parishes during the 90 day registration period. The registration period has closed but help remains just a phone call away. By calling the FEMA helpline you can:    

  • Ask questions about FEMA determination letters.
  • Learn how to appeal FEMA’s determination. All applicants have the right to appeal.
  • Inquire about the status of a registration.
  • Provide change of address, telephone and bank account numbers and insurance information to avoid disaster assistance processing delays.
  • Receive information about FEMA home inspections.
  • Get other questions answered about federal disaster assistance.

Call the helpline at 800-621-3362 or TTY 800-462-7585. Those who use 711/VRS can call 800-621-3362. Lines are open 7 a.m. to 10 p.m. seven days a week until further notice. Llame a la línea de ayuda 800-621-3362 ó (TTY) 800-462-7585. Aquellos que usan 711 o el Servicio de Retransmisión de Video (VRS) pueden llamar al 800-621-3362. Las líneas telefónicas operan de 7:00 a.m. a 10:00 p.m. siete días a la semana hasta nuevo aviso.

To date, survivors have received nearly $380 million in federal disaster assistance through a variety of sources.

  • Approximately $69 million in grants has been approved for a place to stay for homeowners and renters whose residences were uninhabitable and to make essential repairs for homes to be safe, sanitary and secure.
  • About $19 million in grants has gone to homeowners and renters to repair and replace certain household items and for burial, medical and dental expenses.
  • Homeowners, renters and businesses have received more than $95 million in low-interest disaster loans from the U.S. Small Business Administration to repair, rebuild and replace damaged property and contents. Disaster loans cover losses not fully compensated by insurance or other sources.
  • National Flood Insurance Program policyholders have received approximately $196 million in claims to repair and rebuild flood-damaged property.

Moving back home marks significant recovery progress for survivors and their communities. Many survivors have successfully taken this step because of the volunteers from Louisiana and across the country who have donated their time and skills.

Voluntary, faith and community-based groups are coordinating with their local, state and federal recovery partners to identify survivors in need and ensure resources are there to help. This coordination has resulted in mucking out properties, making repairs and donating essential items like furniture and appliances so survivors can get back home.

If you want to donate your time and skills you can contact Volunteer Louisiana online at www.volunteerlouisiana.gov or email enauck@crt.la.gov and be put in touch with a voluntary group in need. Volunteer Louisiana is a state-run organization.

Local, parish and state government infrastructure and certain private nonprofit organizations in 37 parishes are progressing in their recovery with the help of FEMA’s Public Assistance (PA) program. So far the program has obligated approximately $2.3 million.

The program is relieving burdens on local governments and the state by reimbursing 75 percent of eligible costs to restore essential services like roads, bridges, utilities, schools and hospitals. Many services will be restored more resilient than they were before the disaster.

The program also assists with removing the debris that blemishes communities. Many repair and rebuilding projects have been able to start on properties of towns and parishes because disaster-related clutter has been cleared.

Disaster recovery officials have interacted with survivors in several different ways and many remain on the ground in Louisiana to assist with recovery.

  • Governor’s Office of Homeland Security and Emergency Preparedness (GOHSEP) and FEMA specialists have held 14 applicant briefings to provide a general overview of the Public Assistance program to local leaders.
  • State and federal Public Assistance specialists have held more than 250 kickoff meetings to discuss with parish representatives and certain nonprofits what projects may be available and to answer questions.
  • FEMA specialists have attended approximately 60 community organization events in Louisiana to discuss and answer questions about federal disaster assistance.
  • Nearly 21,000 survivors visited 44 disaster recovery centers (DRCs) where they met face to face with federal, state, local and volunteer representatives. The first centers opened less than a week after the presidential disaster declaration. The last ones closed June 10.
  • More than 35,000 FEMA housing inspections have been completed.
  • More than 70,000 survivors spoke with FEMA disaster survivor assistance specialists. These are FEMA staff who canvass affected communities to encourage survivors to register for help, provide recovery information and listen to their concerns and resulted in more than 4,000 field registrations for federal disaster assistance.
  • Free consultations on building hazard-resistant homes were given to nearly 7,000 survivors at DRCs and more than 5,000 at Louisiana home improvements stores.

A team of state and federal disaster recovery specialists are identifying additional funding sources and strategies to restore, redevelop, revitalize and better prepare affected communities. They are working with local and parish governments, community leaders and the private sector to overcome long-term recovery challenges by pooling resources, providing technical assistance and identifying recovery funding sources.

Recovery partners continue coordinating to get survivors back home, advance the recovery of affected communities and make Louisiana more resilient.

The relationship between small- and medium-sized businesses and cloud computing is deep and rich. We look into the details with Anurag Agrawal, the founder and CEO of Techaisle, who sees use cases that are growing and evolving. They are also different depending on whether the larger or smaller sector of the SMB category is being considered.

IT Business Edge: What does the emergence of the cloud mean for small- and medium-sized businesses?

Agrawal: For small and medium-sized businesses, cloud is both an IT priority and an IT reality. In fact, it has become not only the essential IT infrastructure but also the essential business infrastructure as it addresses real-world issues. Techaisle’s survey of 848 SMBs [small- and medium-sized businesses] in the United States not only found a strong link between cloud and IT – it also found a strong link between cloud, IT and business success.



We spend hours developing plans and strategies – preparing for possible emergency events that we hope will never happen. Many of our colleagues, and let’s be honest, even some of our management team, believe this planning is of little value. They feel that we only need the documentation to “check the box” for an audit. The implied desire is to get it done as quickly and with as little use of resources as possible. We may fall into the trap of being influenced by those feelings, generating what seems like good documentation that, when looking deeper and more objectively, is really just a lot of words that may not be usable.

For this week’s blog, the functional item we are considering is communication. We all know that during an emergency event communication will be critical, and we understand the basic groups and type of information we must communicate. Though the items below may seem obvious, many do not take the time to ensure that the appropriate planning is in place – it is assumed that everything will work when needed.



Big Data implementations are invariably built around Hadoop, Apache Spark and other open source solutions. And since these constructs must integrate into the broader enterprise data ecosystem at some point, is it possible that open source will come to rule the data center as a matter of course?

The idea might not be as outlandish as it sounds. As business models across multiple industries come to rely on the insights gleaned from predictive analytics and broadly federated data infrastructure, proprietary systems may emerge as more a help than a hindrance. And while open systems tend to require quite a bit of in-house knowledge for both provisioning and management functions, many of these tasks are likely to be automated in the coming decade, providing for more user- and enterprise-friendly environments.



CyrusOne has acquired a big parcel of land in Northern Virginia, the biggest and most coveted data center market in the US, the company announced Tuesday. The parcel gives the data center provider room to expand in a key region where it is currently at capacity.

The Northern Virginia data center market is continuing to snowball. It is a high-demand data center location because of the big cluster of data centers and network infrastructure that are already there.

Companies that have data centers there want to continue expanding there, and ones that don’t want to access the rich ecosystem that’s grown in Northern Virginia over the years.



It’s 2016, yet IT experts are still challenged with how to effectively and efficiently cool their data center. The cooling process accounts for 40 percent of all power consumed by data centers, so this question is a top priority for operators. Ensuring optimal cooling in a data center not only lowers operational expenditure, but it reduces the strain on equipment cooling mechanisms, extending the lifespan of the hardware; and freeing up power for IT equipment, increasing equipment uptime. The decision to invest in cooling infrastructure is easy, however, choosing the method with which you regulate temperature within the data center can be more challenging.

Cooling and efficiency strategies are constantly evolving, with companies like Microsoft going so far as to drop a self-contained data center into the ocean. However, you do not need to plunge your equipment into the sea or move to the Arctic to keep yours cool. Hot-aisle containment (HAC) and cold-aisle containment (CAC) are the primary methods used by leading businesses to reduce energy and optimize equipment performance within the data center. This proven and highly effective methodology of cooling has emerged as a new best practice within the industry.



Wednesday, 15 June 2016 00:00

Risk Landscape: Coverage Trends to Watch

Being aware of your company’s new and changing risks is critical for sound risk management. As the year progresses, we have identified growing risks facing companies, and their directors and officers, that are likely to impact policyholders. These risks include cybersecurity, Telephone Consumer Protection Act (TCPA) lawsuits, drones, wage and hour lawsuits and food recalls. The risks and issues to watch out for are expanded below:


Cyberattacks against businesses doubled in 2015 and are expected to continue to increase as attackers become even more sophisticated. Watch out for:

Phishing scams and social engineering fraud. In social engineering scams, hackers utilize phishing, purporting to be legitimate employees or third parties try to trick businesses into wiring funds or allow access to their systems. Although many businesses have crime insurance that covers “computer systems fraud,” ambiguous provisions or liability limits may restrict coverage. Some courts have held that fraud coverage applies only when intrusions are unauthorized, but not when an unwitting employee falls prey to an online scam.

Data breaches. Companies should also be conscious about their coverage for data breaches, which increasingly present significant exposures. Insurers often contest whether data breaches constitute “publication” of private information, and, if so, whether an insurer’s duty to defend applies. This is particularly important as the storage of consumer data is a lynchpin of many businesses’ operations and marketing.
Businesses need to ensure that their commercial insurance policies adequately cover their business risks and consider purchasing dedicated cyber policies.



CSR is something that companies today are taking more and more seriously. It is no longer just a way to get better press from journalists, it is a fully fledged strategy to effectively run a company, creating a sustainable and pleasant environment for both employees and customers.

Traditionally we have seen that this has revolved around charity work, sustainable business practices, environmental efforts, and supply chain management. However, in recent years, it has become a question of transparency. Essentially, if we can't see what a company is doing, it cannot be trusted. Data has had a big impact on this, allowing people to see how a company is operating without bias.

However, it is not only in the use of data to show good CSR, but increasingly their use of data is part of good CSR.



Tuesday, 14 June 2016 00:00

How to Architect a Data Lake

“How do you architect a lake?”

If the question sounds like the opening line of a joke, the answer would clearly come as: “You don’t. You can only discover one.”

Whether it is data warehouses or marts, data lakes, or reservoirs, the IT industry has a penchant for metaphor. The subliminal images conjured in the human mind by the above terms are, in my opinion, of critical importance in guiding thinking about the fundamental meanings and architectures of these constructs. Thus, a data warehouse is a large, cavernous, but well-organized location for gathering and storing data prior to its final use and a place where consumers are less than welcome for fear of being knocked down by a forklift truck. A data mart, on the other hand, creates an image of something between your friendly corner store and Walmart.



Five Pitfalls of DirectAccess You Can Fix With NetScaler

DirectAccess is a feature of Windows that allows a PC to automatically connect to the corporate network whenever it detects an Internet connection. It’s been around for years, but has recently gained increased attention from organisations deploying Surface™ Pro or other Windows 10 hybrid devices.

DirectAccess is “free” … assuming your Microsoft licence agreement permits unlimited deployment of  Windows servers, and the cost of underlying server infrastructure or ongoing management and security of server instances hits someone else’s budget. This makes it very easy for server administrators to stand up a DirectAccess pilot during a Windows 10 or Surface™ Pro rollout without the constraints of seeking budget approval and similar formalities.



Tuesday, 14 June 2016 00:00

A Lean Approach to Business Continuity

Often, techniques that are invented in one domain can be of use in another one too. If you’ve spent your working in life so far in business continuity, you may not have seen much of the lean approach that is frequently used in manufacturing.

The lean approach in general is one of continuous improvement with the aim of eliminating activities that add no value.

Over time, other sectors such as IT, banking and insurance have also started to adopt lean approaches. Here’s a glimpse of what “lean” might do to help business continuity.

Taking a lead from manufacturing, lean models define a number of different types of waste. In the examples below, parallels can be made with business continuity planning and management.



Tuesday, 14 June 2016 00:00

How does RAID storage work: RAID levels

In our last article we explained the basic idea of RAID, as well as the most commonly used terms when talking about this type of storage. In this second part, we’ll take a look at what RAID levels are and explore how some of the traditional level configurations work. We’ll also find out what challenges RAID storage can bring if data recovery services are required. Let’s take a look!

RAID storage levels

First, let’s delve into the three key concepts in RAID: mirroring, the copying of data to more than one disk; striping, the splitting of data across more than one disk; and error correction, where redundant data is stored to allow problems to be detected and possibly fixed (known as fault tolerance). Different RAID setups use one or more of these techniques, depending on the system requirements.



Cloud software solutions permeate all aspects of your customer accounts, from where they store information to how they communicate, purchase supplies and manage their sales efforts. IT Service Management (ITSM) is no exception. Analysts predict that cloud service management will grow at an impressive 27.8% rate over the next five years. So, what is driving this shift to cloud ITSM, and, more importantly, is it time for you to consider heading into the cloud to deliver your ITSM services? 

The massive growth of cloud service management is being driven by today’s mid-market CIOs, who continue to place the transition to cloud solutions as their No. 1 priority. These CIOs see the potential to reduce costs, simplify implementation projects and maximize IT productivity by leveraging cloud solutions, and cloud ITSM is no exception.

Here are the top 3 reasons why you should offer ITSM from the cloud:



If we agree on the fact that a major IT issue is a business issue, then every minute in which a computer application is unavailable hurts the business; loss of revenue, drop of employee productivity, patient safety at risk, brand damage or just a big mess.

Companies have done a good job over the past years at automating issue detection with APM and NPM tools, and at automating ticket creation with ITSM solutions listed above.



You’ve probably heard the old saw that goes, “There’s an easy way to do something, and there’s a hard way.”

When it comes to energy consumption in the data center, the saying is technically correct, although there is a caveat: The hard way is not necessarily wrong and the easy way is not necessarily the lazy way out. Instead, there is room for both major overhauls to data infrastructure, like CDIM and converged systems, and small moves, like turning out the lights and raising the thermostat.

In fact, says Energy Manager Today’s Carl Weinschenk (also an IT Business Edge contributor), even the easy way can add up considerably over time. One of the newest trends making the rounds is to paint data equipment white, which, according to DAMAC’s Dave Johnson, requires less lighting to make units visible to IT techs and, consequently, less heat from those light sources. As well, creating as little as an inch-and-a-half of space behind devices in the rack can vastly improve air-flow and simplify cabling.



How often do you find a user who has a session freeze because a process is consuming too much CPU power, and there is no way to troubleshoot the problem easily? If only you could review CPU usage trends from the last month, you could plan better for the new delivery groups that you’re provisioning.

With the latest release of Citrix Director as part of Citrix Cloud you can get insight into the CPU and memory usage on your apps and desktops, enabling you to better prepare for CPU and memory consumption.



Tuesday, 14 June 2016 00:00

Crisis Management Team Mobilization

For business continuity, the Crisis Management Team (CMT) is charged with the responsibility of managing responses to disruptive events. The CMT includes senior management (with the authority to manage active crisis events) and is responsible for:

  • Gathering facts and analyzing conditions regarding a crisis
  • Making decisions during a crisis
  • Allocating internal resources
  • Obtaining needed external resources

For a CMT to be effective, members must be able to 1) assemble rapidly (possibly virtually) when a crisis event is identified and 2) communicate in real time to make decisions regarding proper response initiatives.



Tuesday, 14 June 2016 00:00

How Do You Identify Your Key Risks?

I was at New York University last week for an International Center for Enterprise Preparedness (InterCEP) forum on urgent threats, which included roughly 75 participants from government, the corporate sector, and a small number of us from academia as well.  Following several presentations that set the stage, our host orchestrated a “lightening round” in which each of us introduced ourselves and identified key risks we were working on.  By the time it was my turn there had been at least thirty speakers who identified risks that we would all put at the top of our lists, and the challenge for the rest of us was to keep on identifying critical risks without simply repeating risks identified by previous speakers.  As we went around the room, I drafted several versions of my top risks, which looked something like this:

  • cyber –emerging threats and actual breaches
  • weather/climate change –impacts on economic recovery & critical infrastructure
  • income disparity –the cause and effect of many other threats
  • disenfranchised populations
  • domestic  terrorism—from militia groups to home grown Islamic terrorists
  • infectious disease – not just Zika or Ebola, but highly resistant new strains of viruses
  • quality of political discourse –it has never been lower or so factionalized
  • technology and law enforcement—from militarization of police, to surveillance via dashboard and body cameras

In the end, I didn’t use any parts of the list in the lightning round, but ended up characterizing the top risks I was working on under the broad category of conduct risk and culture.



Business Continuity Awareness Week 2016 is now over and the BCI would love to hear your feedback so it can improve on its current services, and help inform the planning process for BCAW2017. If you haven't already then please take the short survey which can be found here: https://www.surveymonkey.co.uk/r/bcaw2016

One of the paradoxes of storage management is that while the sheer volume of data that needs to be managed continues to grow, utilization rates of traditional magnetic storage systems have never been that high. One of the reasons for this is that virtual machines lay claim to a lot of storage space they are actually not using.

Formation Data Systems has added a Virtual Storage Recapture (VSR) capability to its FormationOne Dynamic Storage Platform that enables IT organizations to identify and redeploy storage stranded in a virtual server or hyperconverged system.

Formation Data Systems CEO Mark Lewis says FormationOne is a software-defined storage offering that can be used to make storage appear as a file, block or object system. The result, says Lewis, is a more efficient use of storage in a world where existing legacy and modern applications often need to access the same data.



A mobile-ready campus promotes innovative and flexible learning—and provides a competitive advantage. Students are increasingly using mobile technology during the college search process. Once enrolled, today’s college students don’t just request access to campus services on their mobile devices — they demand it.

In the K-12 arena, a study found that more than half of parents believe schools should make more use of mobile devices in education. And according to EdTech, “[mobile] technology allows educators to move away from traditional lectures and focus more on individualized and project-based learning through the use of cloud applications (Google Apps for Education, for example) and online content.”



The enterprise seems pretty set on the hybrid cloud as the preferred architecture for scale-out virtual infrastructure.

This is not a slam dunk, however, because while hybrids do provide high degrees of flexibility and control over the data environment, they also introduce greater complexity and thornier integration challenges than all-public and all-private solutions. But since we are talking about software-defined infrastructure, the hope is that sophisticated operating systems and middleware solutions will mask much of this complexity, leaving the enterprise free to engage in higher-level efforts to enhance the value of data.

So far, so good. But the next step is determining what kind of management system is appropriate for the enterprise business model. What sorts of tools are needed? Where should it reside? Should it be proprietary or open source? And how can any one system be expected to corral not only the multitude of vendor solutions in the legacy data center, but everything in the cloud as well?



(TNS) - Friday’s 5.2 magnitude earthquake that hit the desert southeast of Los Angeles, Calif., was centered along the San Jacinto fault, which is one of the region’s most active and potentially dangerous fault lines.

The fault runs through populated areas including San Bernardino, Colton, Moreno Valley, Redlands, Loma Linda, Hemet and San Jacinto, as well as near Riverside, Rialto and Fontana. The epicenter of Friday’s quake was in a more isolated area near Borrego Springs.

Experts have been warning for some time that the San Jacinto fault – while less well known than the San Andreas – poses a major threat to the region.



(TNS) - The first students to race up the stairs at Ocosta Elementary School’s new gym and tsunami refuge were so excited, it took teachers a while to corral them into orderly lines on the rooftop.

“It’s really cool to finally see kids up here,” Paula Akerlund said, as the third-graders jostled and joked and tried to peer over the tall parapet on a sunny spring afternoon.

Akerlund is superintendent of the Ocosta School District, headquartered near Westport in Washington state a scant half-mile from the Pacific Ocean. On Saturday, she will preside over a dedication ceremony for what — on the outside — looks pretty much like any modern school complex.



In today’s corporate structure, many workers telecommute full time, or at least have the ability do so in certain circumstances. Most of our customers use “Work from Home” (WFH) as a recovery strategy for their loss scenarios. In a lot of cases, this can be a great approach, but it should never be your ONLY strategy. In many instances, there are simply too many variables to have WFH be a reliable plan on its own.

Consider the following examples:



At least $7 billion—that’s how much global disasters and severe weather are expected to cost insurers and reinsurers in May.

Aon Benfield’s latest Global Catastrophe Recap Report notes that the Fort McMurray wildfire in Alberta, Canada, will become the costliest disaster in the country’s history.

Insured losses—including physical damage and business interruption—are expected to be in excess of $3.1 billion, while total economic losses will be well into the billions of dollars.



Friday, 10 June 2016 00:00

How does RAID storage work: key terms

Redundant Array of Independent (originally Inexpensive) Disks (RAID) is a term used for computer data storage systems that spread and/or replicate data across multiple drives. RAID technology has revolutionised enterprise data storage and was designed with two key goals: to increased data reliability and increased I/O (input/output) performance.

Unfortunately though, RAID storage isn’t a perfect technology and as a result data loss can still occur when using these systems. In this post we’ll explore how RAID levels work and how data can be stored (and lost!) with this type of storage.



The IT security market is very crowded. Along with death and taxes, this is a truth we can pin down irrefutably. London has just played host to its annual InfoSec event and the Olympia conference centre was crammed with over a hundred firms all claiming to offer ‘a new approach to threat intelligence’ and so on. As repetitively deflating as some of these claims are, a few trends are emerging.

Every year there’s a new IT security theme. We’ve had Cyberecrime-as-a-Service, we’ve had ransomware and we’ve had Advanced Persistent Threats (APTs)… this year it’s watching the attack surface and seeing malicious payloads being delivered by cybercriminals to analyse the crime and improve security – we could call it ‘live-hack-attack-analysis’, or something like that.

On the other side of Europe, Helsinki Finland headquartered F-Secure (whose cheif reseach officer Mikko Hyppönen also presented at InfoSec) is reflecting this trend for live reactive analysis. The firm’s technology proposition combines decoy sensors, threat intelligence and a 24/7 monitoring team to produce what it claims to be a more holistic approach to security. Hmm, it still doesn’t sound markedly differentiated from any other vendor does it?



Cogeco Peer1’s data center in Atlanta experienced a partial power outage Thursday afternoon, affecting some of the customers in the facility.

The data center outage started around 1:30 pm local time, company spokesperson, Shawna Gee, said. The company posted regular updates on its Twitter feed during the outage, and in a tweet around 6:30 pm Eastern reported that full power had been restored to the facility.

“There was a disruption in power to the facility,” Gee said. “It was partially affecting certain areas of the facility.”



3 Responsibilities of a Communications Team

Regina Phelps recently joined forces with Everbridge and recorded a webinar that explores in-depth strategies for improving your disaster and crisis management. Previously in part 2 of this five part series, Regina discussed the basics of crisis communication and how to establish and organize a communications team. If you missed part 2, you can access it here.

In this installment of the series, Regina discusses the 3 main responsibilities of a communications team.



In the first segment of our four-part blog on workplace violence, we detailed the financial cost to Virginia Tech following the campus massacre which killed 32 people and wounded 17 others in 2007. What we didn’t mention? The determination by a state panel following the shooting that had an alert been issued earlier or classes canceled following the first two shootings, the death toll might have been contained. Not only that, but the messages the school did send failed to convey the full extent of the situation as it unfolded, according to the report.

The takeaway for organizations facing the reality that an act of violence might occur within their workplaces? Communication counts. It’s fitting, therefore, that in this blog we’re focusing on the vital role communication plays as part of an emergency action plan.