Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Industry Hot News

Industry Hot News (6531)

When it comes to cloud security, should you go public or private?

Proponents of each have no trouble marshaling evidence to support their competing claims. But don’t expect this choice to be an easy one. This the equivalent of a bar stool debate that only gets louder as the night gets longer--with no firm answer either way.

It’s a key question that deserves careful consideration. Unfortunately, it’s more likely than not to lead in circles as there are strong cases to be made for both approaches. Here’s where managed services providers can help their clients understand the issue more broadly, steering it toward a strategic conversation that factors in the company’s budgetary resources as well as its own in-house capabilities. Some of the issues to consider include the following:



Hosting workstations in the data center — it’s a topic that deserves a second look. The mobile era is upon us, and with everyone demanding access to resources on the go, how do you mobilize graphically demanding applications in the data center for users that usually have workstations below their desks? While popular wisdom says that hosting graphics-rich applications is hard, thanks to recent advancements in workstation and hypervisor technology the answer may be easier than you think.

In today’s atmosphere of data consolidation and security, it’s important to know that you can store your corporate data in your corporate data center, and still provide users with the access and performance they need. What’s the best option for your organization? Here are a few approaches to consider:



Back in the early 1980s, every household had to have a personal computer – or so we were told. It could balance your checkbook, help the kids with their homework, organize your shopping list, and on and on.

And a few months after making this expensive purchase, many heads of those households looked on in dismay as it sat in the corner of the living room collecting dust.

In many ways, the enterprise is experiencing this same pattern in the cloud. By now, most organizations have bought into the premise that the cloud is cheaper, more flexible and easier to use than legacy infrastructure, but many are starting to realize that, like the PC, the cloud is only valuable if it is used correctly, and for the right reasons.



Thursday, 09 June 2016 00:00

The Future of NAS Data Storage

Some might tell you that NAS could be going away soon. But don’t believe a word of it.

According to International Data Corp. (IDC), file-based data storage continues to be a thriving market. Spending on file-based storage solutions is expected to increase to more than $34.6 billion in 2016. Further, file based storage accounts for two thirds of the total storage capacity shipped each year.

“NAS appliances and NAS software will stick around despite the hype,” said Greg Schulz, an analyst with StorageIO Group. “NAS in its various implementations will continue to thrive, despite being declared dead by the converged, hyperconverged and object crowds, as it is an enabler for those technologies to plug into existing environments.”



Big customers frustrated with the complexity and difficulty of securing their enterprise technology systems are turning to Managed Security Service Providers (MSSPs) in increasing numbers, a new study reveals.

The study of 101 customers with more than 500 employees, “Rethink Your Security Strategy,” was completed on behalf of Masergy Communications by Forrester in May. Results were made public this week during a webinar. The companies polled represent organizations from a variety of industries including financial services, manufacturing, technology and retail.

While half of survey respondents said they already engage an MSSP in some fashion, 28 percent said they are planning on doing so in the next 12 months. For comparison, two-thirds of those with ties to an MSSP say they have been engaged with an outside provider for less than 18 months. Thirty percent, meanwhile, say they have been engaged for only 6-12 months while 8 percent have been working with an MSSPs less than six months.



Careful preparation and planning will help make implementing an emergency notification system go smoothly. After you’ve partnered with AlertMedia, these are the steps you can expect to take with your dedicated Customer Success Representative.

5-Step Checklist for Smooth Implementation

 1. Set Up Your Account Preferences & Configure Company Settings

What You Will Need: An idea of how you plan to use the system—whether it’s primarily for emergency notification (severe weather, office closures, IT outages), operational needs, or other business communications like company announcements.

Overview: Experiences within your emergency notification system can be customized to accommodate your organization’s audience and administration.

With your Customer Success Manager, in your initial onboard session, you’ll walk through and set up all of your company settings, including custom registration processes, notification layouts, templates, and more. Together, you can set up your profile and define your personal admin preferences.



The company has a vision of making its Messenger app the default communication mode for businesses, whether with other businesses or with customers.

Because of the current popularity of Messenger with consumers and therefore customers of many enterprises, Facebook (or its CEO Mark Zuckerberg at least) thinks enterprises themselves will move to Messenger, to avoid losing their customers.

However, while Messenger scores high in the popularity stakes, the story on security and business continuity is rather different.

In particular, the Electronic Frontier Foundation (EFF) gave Messenger a score of just 2 out of a possible 7 for security.



Outsourcing data requirements to a third party for the first time can be nerve-racking. Endless requirements paired with an increased expectation for data performance puts IT in the hot seat. Below is a list of key considerations when deciding whether to build vs. buy, along with some guidance on how to address each.



Control is the most common factor driving organizations to a “build” decision. Enterprises have an intimate familiarity with their unique data requirements and want to retain control of operations, economics, location and design. The right provider, however, should be able to address each of these concerns individually to provide a holistic solution, as well as provide secure access to equipment for approved staff members. Treat your data center decision as an interview process. Come with a list of your top priorities and make sure the provider in question has an answer that sits well with you and meets all of your requirements.



Some of you may remember a time when national security was a question of police officers protecting individuals from crime on the street, or the Army’s defence against international threats. Today, that picture looks very different. If anything, it is more volatile, uncertain and complex than it was in the past because it is now plagued by online security concerns, whether individual privacy whilst browsing online, harmful material to younger internet users or hackers trying to access your internet banking.

With every benefit that technology has brought us – global communication, mobile working and easy money management – comes additional risks to watch out for. We all know what the media, businesses and government have to say about national security and protecting consumers, but what about the consumer’s opinion? We recently commissioned Opinium Research to find out and here’s what we discovered…



The demand for smart city technologies shows little sign of slowing down, which comes as no surprise. Cities are growing in size and population, and the need for digital tools and systems to help manage everything from traffic and public safety to garbage and parking meters continues unabated. Technology spending for the global smart city market is expected to reach $27.5 billion by 2023, according to market research company Navigant Research.

But as urban centers expand their reliance on automated sensors and algorithms that improve productivity, sustainability and engagement, they increase risks of data security breaches, vulnerabilities to invasions of privacy and concerns about software reliability. And as cities rely more on data to drive their decision-making, it raises the concern that technocratic governance could begin to replace the traditional political process that’s more deliberative and citizen-centered.

So far, problems with smart city technology have happened at a slow pace, but some of the incidents have been alarming. A software bug closed down San Francisco’s subway system three years ago, temporarily trapping some riders underground. In 2006, during a labor strike, two Los Angeles traffic engineers were accused of hacking smart traffic light systems that created gridlock that lasted for several days. In 2012, the traffic management system for a major artery in the port city of Haifa, Israel, was also hacked. And two years ago, a researcher at a security firm blogged about how easy it was to hack into Washington, D.C.’s traffic signals, which lacked any security controls.



Wednesday, 08 June 2016 00:00

Cybersecurity Startups Set For Surge

Cybersecurity has become an integral part of the world we live in even if it’s behind the scenes.  Now the topic is even showing up in movies like the Edward Snowden documentary CitizenFour and TV commercials. Ads highlighting product lines such as those of BAE Systems have appeared with the tagline: “It’s not just security. It’s defense.” The need for cybersecurity is immense for both large organizations and the general public.

Venture capital investment in cyberphysical security startups rose 78% to $228 million in 2015, and will rise to S400 million in 2016 as rapid adoption of the Internet of Things (IoT) raises the threat to products such as connected cars, smart homes and future factories, according to Lux Research.

“What we have seen in the past is smaller venture capital investment, but that is set to change,” says Mark Bunger, research director of Lux. Air conditioning system and car manufacturers and construction/building companies will lead the fray, he adds.



(TNS) - The map above Alene Tchourumoff’s desk shows lines that appear, at first, to denote rivers -- they sprawl and branch off, weaving and curving across the state.

Instead, they depict a vast network of railroad tracks.

In her new role as Minnesota’s rail director, Tchourumoff will refer back to the map often as she leads Gov. Mark Dayton’s efforts to improve rail safety, train first responders and track the movements of the rail cars that transport Bakken crude oil and other hazardous freight.



Despite the wealth of experience the enterprise has gained in the cloud over the past decade, there is still a lot of uncertainty when it comes to establishing the right services, architectures and general functionality to produce an optimal data environment.

Part of this lies in the changing attitude toward the cloud. Where once it was seen as primarily a cost-cutting tool, the goal these days is to leverage the cloud’s unique capabilities for more forward-leaning applications and services – to essentially redefine the nature of enterprise architecture for an increasingly mobile, app-centric economy.

To be sure, the uptake of cloud services is on the rise. The latest report from Technavio pegs the compound annual growth of hybrid services at 23.8 percent between now and 2020. The growth spans a range of SaaS, PaaS and IaaS offerings as organizations seek to find more flexible and reliable means of supporting important, if not necessarily critical, business operations. Perhaps most significantly, the largest growth is likely to emerge in the small-to-medium sized enterprise market (SME), which will help level the playing field with their larger brethren in terms of infrastructure scale and global reach.



Wednesday, 08 June 2016 00:00

Is your DR/BC Implementation Functional?

I have been thinking quite a bit about things in my life being usable and functional vs. being “pretty” and just “there.” It’s not that I don’t like or want nice clothes or that I don’t enjoy the colors in the backyard, but what is in my life that is taking up time and effort that really does not push me to be a better person and world citizen? This blog is not about how to improve our lives, but rather, what is in our BC program that is “pretty” or “there” and is not really making our business more resilient or functional?

Here is a DR example. The IT team says they have a DR strategy in place and are able to recover servers. Everything has been tested. But after looking a little closer, it is clear that only the test environment for an application was included, and that not all of the necessary production servers are being replicated to the DR site. The basic functionality will be available, but not the middleware servers or external facing (public) servers. If this were an order entry system, the only way to get information or make changes on self-service would be to call or physically go to the support center. Also, passing information to suppliers would not occur. Orders can be processed, but the actual functionality is severely limited.



Continuity Central interviews Capital Continuity managing director Lee Exall, who gives his views on disaster recovery as a service, how it is a much more versatile tool than often appreciated, and how it is likely to develop.


DRaaS – or disaster recovery as a service to give it its full name – has become very fashionable. In a nutshell, DRaaS is the ability to utilise cloud computing based recovery services from a third party, normally on a subscription-based basis. With the acceptance by the vast majority of organizations that cloud computing is a mainstream technology bringing more benefits than difficulties, so DRaaS has grown in popularity alongside.  Barely a week seems to go by without a new DRaaS service being launched, either by a technology provider itself or by one of a multitude of resellers; and Gartner predicts that ‘by 2018, the number of organizations using disaster recovery as a service will exceed the number of organizations using traditional, syndicated recovery services,’ (1).

As well as growing alongside its enabling cloud computing technology, DRaaS has also grown because of the pressure on organizations to steadily decrease the time that it takes for data and services to be available following an outage. The days of four-hour recovery time objectives being acceptable are gone, driven by rapidly diminishing customer tolerance of downtime. DRaaS reduces recovery times to minutes, something far beyond the capabilities of traditional disaster recovery.

Initially the perceived wisdom was that DRaaS was mainly a service for small organizations but, as the market has developed, this perception has changed, with mature enterprise-class DRaaS solutions successfully in place around the world.



As the volume of data companies generate and need to keep balloons, the top cloud providers have come up with a type of cloud service that may replace at least some portion of the market for traditional backup products and services. Cold storage delivered as a cloud service is changing the way organizations store and deliver vast amounts of information. The big question is whether cold storage can provide for better backup economics.

Amazon Web Services, Google Cloud Platform, and since April also Microsoft Azure now offer cloud cold storage services. Each has a different approach, so how do they stack up against each other?



In preparation for the opening of Hurricane Season 2016, FEMA has developed a new Fact Sheet on wind retrofit projects.  Wind retrofits are enhancements made to strengthen roofs, walls, doors and windows to minimize damage to homes from wind and wind-driven rain caused by high wind events such as hurricanes.  FEMA offers two Hazard Mitigation Assistance (HMA) grants that provide funds for cost-effective wind retrofit projects:  Hazard Mitigation Grant Program (HMGP) and Pre-Disaster Mitigation (PDM).

The Wind Retrofits Fact Sheet provides an overview of wind retrofit projects and the streamlined process for determining the cost effectiveness of wind mitigation projects. The Fact Sheet compliments FEMA's guidance P-804: http://www.fema.gov/media-library/assets/documents/21082" style="color: #1D5782;">Wind Retrofit Guide for Residential Buildings(2010), which provides guidance for selecting and implementing wind retrofit projects for homes in all coastal regions, and FEMA’s http://www.fema.gov/media-library-data/1424368115734-86cfbaeb456f7c1d57a05d3e8e08a4bd/FINAL_WindRetrofit_BCA_JobAid_13FEB15_508complete.pdf" style="color: #1D5782;">Cost Effectiveness Determination for Residential Hurricane Wind Retrofit Measures Funded by FEMA(2015), which provides a simplified pre-calculated benefits methodology for determining cost effectiveness  that can be used instead of the traditional Benefit-Cost Analysis (BCA).

The http://www.fema.gov/media-library/assets/documents/117414" style="color: #1D5782;">Residential Hurricane Wind Retrofits Fact Sheet is available from the FEMA website.

Latest Atlantic hurricane season forecasts are focused on the numbers – how many storms can we expect? and how many of those will be major hurricanes? NOAA, Colorado State University and Tropical Storm Risk cast their predictions here, here and here.

But as the latest storm surge analysis from CoreLogic indicates, it is where a hurricane hits land that is often a more important factor than the number of storms that may occur during the year.




(TNS) - It was here before anyone made a map and called this corner of it the Pacific Northwest.

“To me,” said David McCloskey, waving an aging hand toward tidelands formed millenniums ago, “it’s an energy field.”

McCloskey, a retired sociology and ecology professor who has spent a lifetime exploring the region’s mountain ranges and waterways, was standing here near the southernmost stretch of Puget Sound. He was trying to explain not just the view in front of him, but all of Cascadia, an elusive realm he helped conceive decades ago that stretches from Northern California to the coast of British Columbia, and deep into the imagination.



The “smart city” covers a lot of real estate -- literally and figuratively. It involves myriad systems and subsystems, all with their own standards and other distinguishing characteristics. Some are far more advanced than others. For the expansive version of the smart city concept to work, however, all of these must communicate instantaneously, when necessary.

For instance, say a cardiac patient is being rushed to the emergency room in the least amount of time possible; the street lights must automatically be set to green in the direction the ambulance is going. To do this, however, the traffic and hospital systems must be tightly integrated. That involves two silos of connectivity.

Deep coordination is one of the many challenges that smart cities face. It’s a tall order. RCR Wireless points to five advances that auger well for the future of the smart city. Lower power wide area (LPWA) networks are increasing connectivity; sensors, actuators and switches are coming down in price; and edge computing is growing more sophisticated. Efforts to standardize interfaces and increase interoperability are increasing and data analytics is becoming less expensive.



You might also determine costs, budgets, efficiency, results and so on, to see what sort of return you are getting on your investment.

The weak point is perhaps at the start of all this. Are you sure you are getting the right information? Are any risks or problem areas being covered up, thus flawing your BC planning or management?

You might need some help from people who really know what’s going on.

There can be a number of reasons why important information for business continuity planning is omitted. Time pressure, peer or management pressure, ignorance and faulty communications are just some examples.

However, if a situation arises in which somebody notices that safety is threatened or risks are being ignored, it is essential for good business continuity that the person concerned is able to express those dangers without fear of reprisals.



Submit your credentials upon login and what do you get? An All Access Pass. Everything you have access to through your role, rights and relationships connect you to disparate applications and data that you likely don’t need for the task at hand. For many of us, enabling default access to everything that might be useful means that we live our online lives cloaked in excessive access

In order to protect against unintended use and disclosure while meeting compliance objectives, maintaining privacy and securing intellectual property, access to sensitive apps and data must be strictly controlled. Sensitive data is overly exposed while in transit, in use and at rest through excessive access – and, unfortunately, damaging breaches teach this lesson all too often. To compound the problem, access today is primarily safeguarded by the erstwhile login event.



As a UCLA faculty member who works on critical infrastructure cybersecurity, I spend a lot of time thinking about how to secure the complex networks and systems that deliver our energy, water, food, and data. Given the tragic June 1 murder-suicide at UCLA, it’s particularly timely to consider some important security analogies between those systems and physical spaces such as university campuses.

Campuses, like critical infrastructure systems, are complex, have many ingress and egress points, and are highly decentralized and dynamic. Like those systems, campuses are accessed by very large numbers of people—the overwhelming majority of whom are well-intentioned, and a tiny fraction of whom are not. And, both campuses and complex networks require balancing the need for effective security solutions with the need to make sure those solutions don’t impede normal operations.

In light of those similarities, here are some lessons from cybersecurity that can be used to improve on-campus physical security.



Organizations are constantly looking to drive improvements, make savings and increase speed of service. It’s therefore, no surprise that data within companies has become a key driving factor for understanding your organization and making changes. Although big data is often a key theme for businesses, a huge amount of content and knowledge is tied up in document repositories that companies could be inadvertently overlooking.

Through digital transformation, companies are able to harness the huge amounts of data stored in paper files. The first step is to transform these paper sources into digital assets and making sense of the data puzzle. Document and information management solutions are available to help organizations capture the missing pieces of the information puzzle. Effective big data management helps companies locate valuable information in large sets of unstructured data and semi-structured data from a variety of sources, including call detail records, system logs, and social media sites.

Document management improves information flow, opening communication channels and eliminating the need for paperwork. However, the paperless office is only half of the story. The data in those documents needs to be a part of the business processes so that it’s not suffering the same fate as it did in the paper-based world.

In four steps, your organization can make sure it is unlocking the very best from its data gold mine.



(TNS) - Managers and business owners in Rockwall were invited last week to attend the chamber of commerce’s “Disasters and Businesses” presentation.

Disasters and Businesses focused on helping businesses prepare for natural and man-made disasters such as tornadoes, severe storms, contagions or acts of terrorism.

The presentation was funded by a grant from the North Central Texas Council of Governments. The grant is intended to create programs to help businesses plan with government partners to prepare for emergencies.

Joe DeLane, emergency management coordinator for the Rockwall County Sheriff’s Office, led the presentation.

“One of the things I do is I deal with disasters and emergencies,” Delane said. “I’ve been doing that for 35 years and I really see it as a public service. I really have a passion for responding to disasters.”



When NASCIO surveyed its members about IT procurement in 2015, almost 50 percent had negative opinions about the process and 70 percent of vendor partners were moderately to very dissatisfied with state IT procurement processes.

This February NASCIO proposed several actions states could take to improve procurements, including removing unlimited liability clauses in terms and conditions and introducing more flexible terms and conditions. One idea absent from the list is an approach being piloted in California: creating vendor performance scorecards on IT projects for use in future procurements.

In June 2014, the California Department of Technology (CDT) began work on a Contractor Performance Evaluation Scorecard. A workgroup made up of staff from the State Technology Procurement Division within the Technology Department, the Department of General Services, other state departments and volunteer members of the vendor community met several times to provide input and work out the details. Pilot projects are expected to begin this year.



(TNS) - Whether it’s a tornado, thunderstorm or boil water advisory, Boyd County, Ky., Emergency Management wants everyone to be alert.

The agency has launched a new notification system called AlertSense. The system, which is intended to be used for emergency alerts as well as nonemergency incidents, will notify residents via text message, email or voicemail about incidents that may have significant impacts on lives.

It replaces an older system called Nixle.

“With this new system there are more capabilities,” director Tim England said.



(TNS) - Tiffany Nguyen’s nursing class at UCLA on Thursday morning spent part of the session talking about the murder-suicide that left a professor and a former graduate student dead the day before.

After class, Nguyen realized the classroom where that discussion took place likely could be locked only with a key — something that made her somewhat nervous in light of Wednesday’s dramatic alerts telling students and staff to shelter in place.

“We don’t have access to keys,” said the third-year student, who lives in Westwood. “If that were to happen again, I would feel pretty unsafe knowing it’s not something that I would be able to control.”



Monday, 06 June 2016 00:00

Big Data for the Small Enterprise

Big Data is not just for the big enterprise. Organizations of all sizes can leverage the power of large data sets and advanced analytics to derive the kinds of insight needed to fuel next-gen business opportunities.

But creating the big infrastructure needed to support Big Data is no easy task, nor is finding the right way to use it in order to produce the highest level of return. Until now, that is.

In recent weeks, a number of platforms have emerged that aim to remove much of the complexity from Big Data, allowing mid-sized and even small enterprises to get started without a lot of lead time or a major hit to the capital budget.



Crisis Communication Basics

Regina Phelps recently joined forces with Everbridge and recorded a webinar that explores in-depth strategies for improving your disaster and crisis management. Previously in part 1 of this five part series, Regina discussed why timely communication is important in a disaster, as well as some definitions to help get to the root of communication strategies and their effectiveness. If you missed part 1, you can access it here.

In this installment of the series, Regina discusses the basics of crisis communication. Specifically, how to establish and organize a communications team.



Convergence can be great thing: the U.S. states came together to form an entity greater than the sum of its parts.

But convergence can also lead to burdensome creations that accomplish little.

It can be the same with storage hyprconvergence. There may be times when it makes sense to implement hyperconverged infrastructure (HCI), and other times when all it may achieve is to inflate the budget or keep IT occupied with a new architecture.

So when should you introduce it, and in which cases should you avoid it? And if you are embarking on this journey, where should you start?



(TNS) - Central Texas will most likely see heavy rain and flooding this week, and FEMA recommends having an emergency kit in your house or car with at least some basic supplies.

In case you’re scrambling to refresh or build your kit, we compared prices at three Austin-area stores — Wal-Mart, Target and H-E-B — to help you figure out the cheapest and easiest way to gather supplies.

Altogether, Wal-Mart won for price; first-aid kits and gallons of water were particularly inexpensive. Things were easiest to find in H-E-B, where I also spent the least amount of time looking for supplies, even though I went to the always-crowded South Congress-West Oltorf store. H-E-B also came in a solid second on pricing, tying with Wal-Mart for a number of items.



(TNS) - Lake County, Fla., officials are concerned that the public's priority to prepare for hurricanes has diminished in the dozen years since the damaging winds of Hurricane Francis tore through the county.

In the event of a violent storm, government workers, at least, won't be caught flat footed, and they'll try to make sure residents are prepared, too. This week, the day-shift crew of about 85 employees from municipalities and the county gathered at the Lake County Emergency Communications and Operations Center and worked through a mock hurricane scenario.

Hurricane season officially got underway Wednesday.



Part Two of a Conversation with Patrick Dennis, CEO of Guidance Software

Last week, I had the chance to sit down with Patrick Dennis, CEO of Guidance Software, during Enfuse Conference 2016. Earlier this week, I discussed Dennis’s thoughts about the jurisdiction of cybersecurity events. Today, we get his view on how we should approach cybercrime’s law enforcement jurisdiction.

Dennis made the point that if our home or business were burglarized, we would call the police and expect them to show up and conduct an investigation. He then asked, “Who do you call when there is a cybercrime?” I joked that you can’t call Ghostbusters. Dennis chuckled but answered that Ghostbusters might be as effective as our current solution, adding:

We have built a regulatory framework that is ineffective at recognizing, let alone combatting, cybercrime. That puts business leaders and the FBI and the military in a position where they have one arm tied behind their back. If we were this lackadaisical about physical crime, there would be anarchy.



AUSTIN, Texas – Flooding is a familiar and frequent natural disaster in Texas. Heavy rains are a consistent threat across the state, while hurricanes have caused hundreds of millions of dollars in flood damage to Texas homes and businesses in just the past few years.

A flood insurance policy through the National Flood Insurance Program offers Texas residents their best protection against loss. It takes 30 days for a new NFIP policy to go into effect. 

Hurricane season runs June 1 through Nov. 30. Will you have flood insurance in time?

“During hurricane season, Texas residents and businesses are at risk,” said Federal Coordinating Officer William J. Doran III, who is in charge of FEMA’s operations in Texas. “A policy with the NFIP is one of the best ways to supplement federal assistance and protect your home and livelihood.”

Flood damage is not covered under homeowner insurance policies and there is no guarantee that federal disaster assistance will be available when a flood occurs.

Flood insurance is available to homeowners, business owners and renters.  Policies offer up to $250,000 coverage for homeowners, up to $100,000 for personal property and up to $500,000 each for business contents and buildings.

Property owners who already have flood insurance policies are encouraged to check their policy each year, update as necessary and make sure premiums remain paid in full.

For more information or to find an insurance agent near you who sells flood insurance, visit floodsmart.gov, or call the NFIP's toll-free number at 1-888-356-6329 (1-888-FLOOD29). Persons who are deaf, hard of hearing or have a speech disability and use a TTY may call 1-800-427-5593.

Download fema.gov/mobile-app to locate open shelters and disaster recovery centers, receive severe weather alerts, safety tips and much more.

# # #

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Download fema.gov/mobile-app to locate open shelters and disaster recovery centers, receive severe weather alerts, safety tips and much more.

Many of the most important values of object storage are derived from the fact that it leverages the advantages of distributed, scale-out architecture, which expands capacity by simply adding nodes.

The easiest way to think of object storage may be to compare it to the containers we’ve been discussing in this blog series. This will also introduce the first of many advantages of object storage, which is its ability to manage data in context.

The Major Components

File storage consists of data in raw form -- ultimately zeroes and ones arranged to express specific characters or other entities such as pixels.  Block storage organizes the files into fixed-sized blocks for easier management and transport.

Object storage consists of three key components:



We'd like to present  some current and future standards and technical documents related to Data Center sustainability. These are  relevant to Data Center design, construction and operation. Sticking to standards-based environmental regulations, procedures and best practices is good for Data Center business. Especially as companies increasingly ask suppliers Data Center sustainability and efficiency-related questions. Not just to save on costs and energy consumption, but also because they have their own strict targets and image to consider.

Data Center Sustainability Standards and documents: an overview

CENELEC’s EN 50600 series standards define minimum requirements for data centre infrastructures of all shapes and sizes. This covers protection from environmental events and failure and unauthorised access, including internal and external environmental events within the pathways and spaces that house the infrastructure. EN 50600-3-1 deals with measurement, monitoring and metering energy consumption at specified locations. Properly managed, this operational information may help assess Data Center performance using sections from the EN 50600-4 series and its Key Performance Indicators (KPIs). EN 50600-4 series directly handles efficiency such as Power Usage Effectiveness (PUE) and Renewable Energy Factor (REF).



Cloud computing, at its core, is deployed by enterprises looking to increase flexibility, productivity and cost savings over legacy systems. More and more companies that look to outsource IT functions have turned to the cloud--more specifically, cloud infrastructure as a service (IaaS)--to automate and virtualize computing functions. According to a recent cloud computing report, 93 percent of organizations surveyed are running applications or experimenting with IaaS. The value to customers is a positive ROI when choosing a solution to address their IT challenges, while increasing the aforementioned key business objectives. 

A recent infrastructure as a service customer survey conducted by TechValidate, on behalf of NaviSite, aimed to better understand how cloud deployments have made an impact on businesses. The survey provided insight into key IaaS use cases, results and trends from customers in the cloud, including:



"Resilience" is the next evolutionary phase of busines continuity. What is resilience and how does it differ from traditional perspectives on organizational response to disruptive events?

What is Resilience?

Resilience helps businesses take continuity principles out of their silo and integrate business continuity with all disaster recovery and emergency preparedness initiatives for a stronger response to any threat.

Resilience builds upon the concepts of preparedness and recovery by focusing on how businesses can maintain their usual operations in the face of unexpected disasters. Resilience focuses not just on how to get back to business after something goes wrong, but on how businesses can position themselves to protect their brand equity, their resources, and their staff from threats in the first place.



For most organizations, emergency management and alerting is daunting and the logistics are challenging.  Planning for, and incorporating a few best practices can turn a potentially disastrous situation into an inconvenient one.  We’ve put together a list of those practices every organization should implement before a crisis occurs.

The More Modalities the Merrier

“Modalities” are the different devices and communications channels available to notification managers. While it is possible in a widespread disaster some channels might be down or overloaded, sending alerts through as many channels/devices as possible increases the odds your message will get through, as it is highly unlikely all modalities will be unavailable at once.



Friday, 03 June 2016 00:00

What I’ve Learned from Workshifting

Working for a company that is all about making the mobile workstyle achievable certainly has its perks. Being able to work from home or a nearby coffee shop a few days a month is wonderful, but I’ve realized I’m a city girl, trapped in suburban South Florida and it’s time to make my move.

But I love my job! The people I work with are amazing and we work for a great company. It would be tough leaving. Thankfully, the company is Citrix, a leader in workplace mobility software, and my team is extremely supportive – as long as my productivity and quality of work don’t take a dip.

So, how can you work away from the office and still be successful, keep your team and customers happy and still maintain visibility? Pairing research with my own learnings of what works for me, I’ve come up with a few helpful tips:



Data is now an integral part of all of our everyday lives. Whether it is retailers building up a detailed profile of our activities in order to provide more personalised offers or a mobile map tool dynamically finding a new route in order to avoid congestion, the latest technologies gather and analyse information all around us, often in ways we don’t even notice.

In the years to come, the potential for this is only set to grow, as the amount of information we generate increases exponentially. As more people get online and tools such as mobile devices become ubiquitous, this will present companies with a huge new resource they can tap into to learn more about consumers and how they interact with the world around them.

According to research conducted last year by Cisco, more than half the world’s population will be online by 2019 – amounting to nearly four billion people. This will result in around 168 exabytes of data being sent around the globe every month by the end of the decade, from 24 billion connected devices.



Thursday, 02 June 2016 00:00

New Hope for Stopping Ransomware?

Imagine walking into your office and booting up your computer to finish up that important report you’ve been working on. Instead of seeing your usual desktop, however, you’re greeted with a message demanding ransom….or you’ll never see the contents of your computer again. This may sound like the plot of John Grisham book, but it’s a real-live scenario increasingly playing out across the country and around the world. Even worse? This type of malware -- dubbed “ransomware” -- may be coming soon to a computer near you.

With millions of organizations at the mercy of this new breed of cybercrime, legislators in California are stepping up to take them on with a new ransomware bill known as Senate Bill 1137. Let’s take a closer look at the increasing prevalence of ransomware, along with how this latest legislation aims to take on the problem.



When an emergency strikes, an organization’s crisis communications plan is one of the keys to a streamlined response and a quick return to normalcy. Consider your own company’s plan. Does it allow for fast, decisive action and real-time updates? Can it be activated in 30 minutes or less, a goal achieved by more than 75 percent of organizations? More than anything, does your plan suit the way your company and your employees operate on a day-to-day basis?

Given the range of technology available to today’s businesses, it’s no wonder that many are incorporating mobile communications applications into their crisis planning. Today, 55 percent of organizations report using some form of emergency communication software, which includes mobile apps.

Mobile apps are a good fit for a wide variety of organizations. Regardless of the type of crisis communication plan you have in place, an app will likely offer several important benefits. Here, we take a look at the areas of your communications planning to consider when evaluating a mobile app:



In enterprise circles, a serverless architecture sounds like infrastructure deconstruction to the extreme. How can you do anything without a server to process data?

But marketing hype being what it is, serverless does not actually mean “without servers.” Instead, it refers to an application deployment model in which issues surrounding server configuration and provisioning are no longer handled by the developer.

While the underpinnings of serverless architecture have their origins in PaaS and IaaS frameworks dating back to the early cloud days, the modern movement can be traced to late 2014 when Amazon launched its Lambda service. According to software engineer Alex Casalboni, Lambda offers a means to run code, create backends and do everything else to support an application without delving into capacity management, OS updates, fault tolerance and other tasks related to server management. The key advantage is that it allows you to lease server capacity on a sub-second basis – literally, you pay only for the split second it takes to churn data ­– which not only lowers cloud computing costs but provides a highly robust environment for microservices.



A road sign in Death Valley warning travelers of Caution Extreme Heat Danger

Extreme heat events, or heat waves, are a leading cause of weather-related deaths in the United States. Between 1999 and 2012, extreme heat caused more than 7,400 heat-related deaths in the United States.  Extreme heat increases hospital admissions for heart disease, respiratory disease, and stroke.

CDC’s Climate and Health Program funds 16 states and two cities through the Climate Ready States and Cities Initiative.  Through this initiative, CDC helps states and cities partner with local and national climate scientists to understand potential climate changes in their areas, including extreme heat.  CDC also assists states and cities in developing and using models to predict health impacts, to monitor health effects, and to identify the areas that are most vulnerable to these effects to help ensure that communities are prepared for the health challenges associated with climate change.

Evaluating the effectiveness of different preparedness actions and interventions is an important step in protecting people from extreme heat.  States can use data on heat-related illnesses from the National Environmental Public Health Tracking Network to help make decisions about the best ways to prepare for extreme heat.

Identifying who is at risk

The Minnesota Tracking Program analyzed data on heat-related illnesses and deaths to understand more about the people who are at the most risk during extreme heat events. The analysis revealed two new pieces of information:

  • People between the ages of 15 and 34-years old are at risk during extreme heat–not just people over the age of 65.
  • The rates of extreme-heat-related hospital stays and emergency department visits were higher across the entire state of Minnesotathan in the metropolitan area that includes the seven counties in and around the Twin Cities.

State and local health professionals used the tracking data to develop and update maps showing areas with populations that are at the highest risk for illness or death during heat waves. They are using the maps to identify areas that need additional support and planning to prepare for heat waves.

Taking action and being preparedThermometer reading 100 degrees

The 2006 North American heat wave began in mid-July of that year.  Between July 15 and August 27, 140 people died as a result of extreme heat in California, which had the most severe death toll in the country due to heat.  An additional 515 people were suspected to have died from this period of extreme heat in California.  The heat wave resulted in an estimated $133 million in health-related costs for the state of California.

Heat waves will continue to impact all regions of California, including urban, rural, inland, and coastal areas.  These periods of extreme heat are expected to get longer and to become more frequent over time.  In order to inform preparedness initiatives for the extreme heat, the California Tracking Program conducted a study to determine whether heat alerts accurately predicted the times when people suffered the most heat illness.

The findings from the study provided scientific proof of a link between heat alerts and heat illness.  Decision-makers in San Jose used the results to approve opening cooling centers as part of the city’s heat alert response plan.  Cities and counties nationwide must be prepared in this way to respond to heat alerts and to take preventative actions, such as opening cooling centers where people can gather for life-saving relief from the heat.

The California Tracking Program and the National Weather Service (NWS) are conducting similar studies in other parts of California, including Los Angeles. This information will help cities to make decisions about heat wave preparedness policies and help NWS refine its heat alert system for each region.

Learn more about extreme heat at http://emergency.cdc.gov/disasters/extremeheat

  • Check out this infographic about how to prepare yourself and your loved ones for the next heat wave.
  • Check out the National Environmental Public Health Tracking Network’s Info by Location feature to view data and information on extreme heat for your county.

Ideal data management strategies are different for every organization; everyone has his or her own take on the exact definition of what “information governance” is even supposed to be. Full data management has become a very multifaceted business challenge, and analysis tools seem to promise to offer some assistance. However, analytics can’t fix the absence of strategy.

Myths arise because everyone loves a simple explanation. We’re drawn to them because they offer to (seemingly) to streamline the vast and unwieldy. The more complex a topic, the more likely it is that myths will spread. File analysis and file governance are excellent examples of this. With file share environments being the epicenter for human-generated activity within the business, organizations question how file analysis best fits into the data management strategy. However, with such a broad topic, it’s easy to fall into the occasional trap made by an attractive myth. Here are some of the more common ones.



In conjunction with Business Continuity Awareness Week, an annual event organized by the Business Continuity Institute to raise awareness of the importance of business continuity and resilience, Everbridge invited a panel of BC professionals to discuss how a unified critical communications platform can derive additional value.

Oftentimes, business continuity professionals have the difficult task of proving the value of business continuity in terms of ROI.  The expert panel webinar covered topics such as crisis event management, unplanned IT outages, business communications, information and physical security, data breaches, etc. and how these activities raise the profile of the business continuity team.

Our expert panel members included:



In 2012, the UK Government launched 10 Steps to Cyber Security guidance, and now around two thirds of the FTSE350 are using it. It was simplified and updated in 2015.

As you would expect, the 10 Steps involve people, process, and technology – and include everyone from the board to individual users. Today, I want to discuss how Citrix supports each of the 10 Steps.

Let’s take a look.



NEW YORK – Learning from leaders whose decisions changed lives and careers, who experienced a situation that took them to the brink and back — that’s the purpose of the newly-launched podcast series, “Resilient,” from Deloitte Advisory. The biweekly podcast series explores the story of real-life executives, board members and government officials who led through crises, navigated through disruptions, managed through significant risk events and came back stronger. Each “Resilient” episode is designed to help today’s leaders embrace risk and improve performance by becoming better prepared to manage confidently in this unpredictable world.

 “Clients routinely tell us that they want to hear the stories and experiences of their peers. But more often than not, those stories are kept quiet or only heard by a few,” says Mike Kearney, National Managing Partner for Deloitte & Touche LLP, and leader of Deloitte Advisory strategic risk services. “We lay it all out there for the benefit of the listeners and take them on the executive’s journey. Resilient leaders don’t get knocked down by disaster or disruption, they find ways to navigate through it and come back stronger, and that is what you’ll hear in each episode.”

In the first episode, Deloitte Advisory’s Mike Kearney interviews former Verisign CEO Bill Roper about his experience transitioning from a lead independent director to CEO during a volatile crisis. Roper shares the complexity of the short-term decisions that had to be made and frames the crisis with an eye on the long game as well.



Thursday, 02 June 2016 00:00

Turning a big storage ship

Storage is a funny old part of IT industry and a part of the industry that is going through change much quicker than most.

The rapid move to flash, the need to integrate cloud, issues over management, security and governance all make the storage industry a challenging place for vendors and those architecting and using storage solution alike.

If we add to that a change in how we view our infrastructure, we see technologies that are abstracting much of our infrastructure from end users and developers, we see tech like openstack, Azurestack and even tech like Vmware VVOLS all of which present a single look and feel higher up the technology stack, this move almost sees some parts of the decision making cycle have a view of “we don’t really care about storage.”



Thursday, 02 June 2016 00:00

Outward-Looking Business Continuity

It is easy to indulge in navel-gazing when it comes to business continuity. We examine our business, its components, its requirements, its objectives and the risks that could affect it.

Then we draw up business continuity plans and put them into action. Yet a business only means something if it has customers it can serve.

It is remarkable therefore to see how FINRA (the US Financial Industry Regulatory Authority, Inc.) emphasises the notion of the end-customer when defining requirements for financial firms to create and maintain business continuity plans.

With its Rule 4370 (are there really 4369 rules before this one?!), it specifies that BCP procedures must be designed so that existing obligations to customers can be met.



Thursday, 02 June 2016 00:00

9 Secrets Of Data-Driven Companies

The competitive landscape is shifting rapidly in virtually every industry, fueled by the intelligent application of technology and data. While nearly all companies have more data than they know what to do with, a powerful minority is discovering new ways of leveraging it.

"Everyone is trying to figure out what the best route is, and what value data science can bring to the business," said Vivian Zhang, CTO and founder of the NYC Data Science Academy.

Internal fragmentation is one of the biggest obstacles facing companies as they seek to become data-driven. Data remains trapped under the control of a given department or business unit. The fact often frustrates efforts to use data strategically across the enterprise.



Wednesday, 01 June 2016 00:00

FEMA: Summer Safety

Summer means vacation, outdoor activities, and fun in the sun! It’s a time when families hit the road to visit national parks or distant relatives. The warm months and long days mean that there is plenty of time for baseball games and barbecues. The sultry temperatures practically invite you to take a dip in the pool or ocean.

But don’t let the sunny days and warm nights fool you. Summer also holds significant weather and water hazards. Heat waves can be lengthy and deadly. Lightning deaths are at their peak during the summer. Beach hazards such as rip currents can catch the unprepared. And, it’s the start of hurricane season.

This summer, the http://weather.gov/" target="_blank">National Weather Service (NWS) wants you to be prepared for the following weather and water hazards:

But you’re not powerless in the face of these hazards. With just a few simple steps, you can become weather-ready. Stay safe this summer: Know Your Risk, Take Action and Be a Force of Nature! Reprint from ready.gov for more information.

  1. Know Your Risk

Being prepared means learning about summer weather and water hazards such as hurricanes, heat, lightning, rip currents, air quality, tsunamis and wildfires. Here’s what you need to know:

  • The Atlantic Hurricane Season runs from June 1 through November 30. Hurricane hazards come in many forms, including storm surge, heavy rainfall, inland flooding, high winds, tornadoes, and rip currents.
  • Since 2003, 43 states within the continental United States have come under a tornado watch; 49 states have come under severe thunderstorm watches; and lightning strikes occur in every state.

Heat waves are common across the country during the summer. They are dangerous because the human body cannot cool itself properly when exposed to an extreme combination of heat and humidity.

  1. Take Action

While the weather may be wild, you are not powerless. This summer, prepare for hazards with these simple steps:

There is no safe place outside when lightning is in the area. If you hear thunder, you are likely within striking distance of the storm. Just remember, http://www.lightningsafety.noaa.gov/" target="_blank">When Thunder Roars, Go Indoors.

  1. Be a Force of Nature

Your action can inspire others. Be a Force of Nature and share how you’re working to stay safe from weather and water hazards this summer.

  • Write a post on Facebook. Share with your friends and family the preparedness steps you’re taking to stay safe this summer.
  • Tweet that you’re prepared withhttps://twitter.com/search?q=%23summersafety&src=typd"> #SummerSafety. Tell us what you’re doing to be prepared for summer hazards.

Create a http://www.ready.gov/make-a-plan">Family Communication Plan so that your loved ones know how to get in touch during an emergency. And let your friends know that they should create a plan also.

TNS) - The National Hurricane Center will launch storm surge inundation maps for the first time this summer, predicting where and how deep flooding will hit here and elsewhere.

Two years ago the maps were tested on the Outer Banks. Data from hundreds of hurricane forecast scenarios was fed into a supercomputer.

Hurricanes and tropical storms are measured according to wind speed. The new maps turn attention to flooding. Storm surge threats could be worsening as the ocean level rises and more people build on the coast, said Jamie Rhome, storm surge specialist with the National Hurricane Center.

“People have focused on wind,” Rhome said. “The world is awakening to storm surge.”



(TNS) — Under pressure from Congress to reduce federal dollars spent on emergency aid, the Federal Emergency Management Agency is floating a new proposal that would give states a financial incentive to better prepare for storms, floods, hurricanes and other disasters.

Some state and local officials are pushing back. Many of the 150 public comments filed to the agency express concern that the proposed changes would just shift the financial and administrative burden to local governments already overloaded during disaster situations.

“Disaster assistance administrators at the state and local level are already overburdened, particularly in the aftermath of a major disaster,” the bipartisan National Governors Association said in its comments, calling the current system an already “complex and time-consuming exercise.”



Colocation data centers are hands down the largest consumers of commercial biometric technologies for access control.

So how come every colocation provider I speak to is unhappy with the way biometric solutions scale inside their data centers? The reason is biometric systems are inherently hardware focused and almost always offer no ability to scale, integrate or support at enterprise scale.

For colocation providers, security is not a “keeping the lights on” activity but rather a driving factor in the day-to-day success of business. Biometric solutions are actually a key selling feature of their data centers.



Once it’s done shedding its Enterprise Services business, Hewlett-Packard Enterprise is betting on its bread-and-butter data center hardware business – servers, storage, networking, and software to manage all of the above – to continue driving the bulk of its revenue.

The company, which only recently separated from the former Hewlett-Packard’s printer and PC business, announced earlier this month that Enterprise Services would spin off and merge with Computer Sciences Corp.

In an analysis of recent revenue and profit trends of HPE’s various businesses, The Next Platform’s Timothy Prickett Morgan points out that enterprise technology services are a people-intensive, low-margin business, and says that this is probably the biggest reason CEO Meg Whitman has decided to get out of it.



Today’s corporate environments are filled with leaps and often times hesitations, followed by even larger leaps toward cloud deployment. But about those hesitations: from fears about IT jobs being outsourced to security concerns and questions about the most effective ways to centrally manage a cloud solution, apprehensions can run far and wide.

IT Innovators recently caught up with John Webster, analyst at Evaluator Group, to chat about some of the most common assumptions about the cloud and what factors should instead be top of mind for a more effective cloud deployment.



The potential of radiation risk exposure causing harm in your organization’s workplace may not be the first thought that comes to mind at an ISO  quality management system team meeting…..but, under the new ISO risk-based thinking approach to broaden your scope of understanding risk and its relationship to the context of your organization …perhaps it could be.

To follow this logic further, we begin with the need to better understand radiation.

CenturyLink has committed to improving energy efficiency of its entire US data center portfolio by 25 percent by joining a voluntary US Department of Energy program that promotes investment in more efficient energy use in buildings.

The Monroe, Louisiana-based telco has been upgrading its sprawling data center portfolio to improve efficiency since last year, despite the possibility that it may sell some or all of those sites. CenturyLink management has been evaluating numerous alternatives to owning its data centers.

Bill Gast, CenturyLink’s director of global data center energy efficiency, said uncertainty about ownership of the portfolio in the future hasn’t disrupted the current push to improve its efficiency that started last year.



Using the Business Impact Analysis to Understand Relationships Between Resources and the Business

The business impact analysis (BIA) establishes the foundation of an organization’s business continuity program by establishing business continuity requirements. As a result, a significant part of Avalution’s work involves helping organizations design and execute the BIA process. Furthermore, a well-executed BIA can deliver so much more than just a list of recovery time objectives (RTOs) and recovery point objectives (RPOs)!

One of the ways Avalution adds value as part of the BIA process is by illustrating or “mapping” the relationships between products and services, business activities, and resources. By doing so, we can better understand the business use of specific resources and understand how unavailability impacts the business as a whole. This BIA task is extremely valuable when working with business continuity planning stakeholders, such as an application manager, to plan for and mitigate the risks associated with a disruptive incident. Should a disruptive incident occur, this work also enables our clients to quickly understand the implications of the incident, based on resource loss scenarios.



Whichever way you slice it, NOAA’s just-released outlook for the 2016 Atlantic Hurricane Season appears to suggest we’re on track for more hurricane activity than we’ve seen in a while.

NOAA predicts a 70 percent chance of 10 to 16 named storms (winds of 39 mph or higher), of which 4 to 8 could become hurricanes (winds of 74 mph or higher), including 1 to 4 major hurricanes (Category 3, 4 or 5; winds of 111 mph or higher).

It calls for a 45 percent chance of a near-normal season, but there is also a 30 percent chance of an above-normal season. The likelihood of a below-normal season is at 25 percent.



Your emergency notification system should be incredibly user-friendly—and the process to understanding your vendor and how you would partner together should be just as easy.
From demo to implementation, the process should be painless! Here are some tips for you when you’re getting ready to evaluate and implement a new technology.

First, know what your emergency notification vendor should be doing for you:

An emergency notification system empowers organizations to keep their people safe, informed, and connected through relevant, streamlined mass notifications during a critical event. Emergency notification systems automate and deliver messages so you can quickly and easily communicate with, or engage, your audience from anywhere, at any time, using any device. Your emergency notification system should monitor threats for you, establish business resilience, and protect your organization and people.

When evaluating emergency notification systems vendors and to ensure your success, it’s important to get an understanding of what you can expect from your partnership.



We have all seen data visualization grow in stature over the past decade and it is now an essential part of our daily lives.

Newspaper articles that discuss statistics uniformly communicate these through visualizations, sports teams are critiqued through graphs and animations, and in boardrooms, leaders see the data they want through interactive dashboards. But what can actually be done with visualizations? What is the point of them and why have they become so important?

Showing complex data sets in simple ways

The most important element of any data visualization is the ability to show something complex as simply as possible. If you have a dataset with hundreds of different points, trying to see what the correlation is from an excel spreadsheet is going to be almost impossible. The ability to clearly see trends allows decision makers to act quickly.



Your company has likely spent a lot of time, effort, and money keeping its security systems, policies, and practices up to date. Can the same be said of your law firm?

The legal industry isn't exactly known for its technology leadership, which should be of concern, especially from a security perspective. Don't assume that your data is safe, in other words. Be prepared to do your own due diligence.

"Law firms retain a lot of sensitive corporate data that would be extremely valuable to hackers or outside parties. In particular, hackers are interested in corporate legal information, intellectual property from their clients, information on directors and officers of corporate clients, settlement terms, and more," said Jacob Olcott, the former legal adviser to the Senate Commerce Committee, counsel to the House of Representatives Homeland Security committee, and current VP at Bitsight Technologies, in an interview.



Damage to a company’s reputation can come from so many different crises. Consider Chipotle, which is struggling to bounce back from multiple health scares. Or Target, whose customers questioned the security of its payment systems following its devastating data breach. Or Volkswagen, a company that is struggling to maintain its image in the wake of its falsified emissions tests.

Your organization likely has a crisis response plan to help employees get through any number of emergencies. But will your plan also protect your company’s reputation? Here are a few ways to ensure that your organization keeps its good name, even in the face of a crisis:



When you start to evaluate emergency notification system vendors, you’ll need to narrow in on your organization’s specific needs. Which features matter the most? And are they easy to use? As you’re looking for a vendor to best fit your emergency notification requirements, be on the lookout for these seven must-have features that will make your communications easier.



The grass is green. The days are longer. The school year is over, or winding down. It’s the time of year many people begin thinking about summer vacations.

Business continuity professionals are, of course, no exception.

So, how can you, a person responsible for mission critical resiliency plans and emergency notification programs, really relax (at least a little) on your upcoming vacation? Here are a few helpful tips for dealing with your notification process now, before you pack your Speedos and sunscreen.



What is encryption?

Encryption is the process of transforming information (referred to as plaintext) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a “key”. The result of the process is encrypted information. In many contexts, the word encryption also implicitly refers to the reverse process, decryption (e.g. “software for encryption” can typically also perform decryption), to make the encrypted information readable again (i.e. to make it unencrypted).



After Volkswagen admitted designing software that provided false emissions data in order to appear compliant with emissions standards, many questions were raised about the culture of the company. The scandal also highlighted the difficulties in locating risk across an organization.

The resignation of Volkswagen’s CEO further illustrates how difficult it is to run an organization from an ethical perspective.

With a multinational company as large as Volkswagen, it is inherently tough to keep an eye on every single aspect of the business. It is, therefore, impossible that a senior Volkswagen executive could have known everything about the engine emissions testing process.



In our mobile world, our mobile devices play a pretty large role in our lives, right? We go to sleep with our phones by our beds, most of us even use its alarm to wake us up in the morning. And during the day, it’s always within reach.

That means you should be able to use your most valuable emergency preparedness tools—like your emergency notification system—right from your phone.

Why do you need an emergency notification mobile app?

Smart technology and mobile devices allow you to keep your people safe, informed, and connected from anywhere. You should have access to your emergency notification system whether you’re at your desk or on the go, from whichever device is within reach—whether it’s your personal iPhone, your Android that’s just for work, your PC, or your tablet. The right ENS vendor makes your smart phone even smarter when you have the most reliable enterprise monitoring and notification software available in one easy-to-use app.



In speaking with enterprise CIOs and IT managers, I hear a lot of the same stories about successful technology deployments and complicated mistakes. As companies scale, they tend to take separate paths to similar ends, eventually running into the same obstacles and undertakings.

One of the most interesting, but not infrequent, stories I’ve heard comes from enterprises that recently built primary or secondary data centers – without considering that in the modern cloud era, there are no circumstances under which a company should build a data center.

A company telling this story likely bought land and constructed its new data center in a remote part of the country, where real estate and utilities were cheap. It entered a contracted agreement with a single network carrier that served the area. Then, as the organization grew and the company sought to work with new service providers, the team was surprised to learn that its site’s so-called valuable location prevented the data center from accessing certain services, ultimately putting a cap on the company’s growth.



SALEM, Ore. — When Target’s systems were breached in 2015, it was rumored that the cyber side of the house had the information it needed, but didn’t know it was looking at an attack that compromised its clientele's credit card information.

In just the last decade, threat vectors have evolved from the standard “known” perils of the cyber realm to the evolving attacks that change from discovery to detention within systems — and the ever-changing threats are not just a problem for the private sector.

During the Oregon Digital Government Summit held May 24, Bob Pelletier with Palo Alto Networks discussed the issues facing IT teams everywhere and how they could better defend their networks from bad actors.



Object storage delivers an underlying agility that lets a wide variety of users access and utilize data with a wide variety of applications across a wide landscape of locations.

Have you ever met a senior corporate executive who was asking for data?

Not likely. Answers are what most senior execs are seeking. Actionable answers. Answers that can help them more quickly make more highly effective decisions that drive truly impactful action.



Thursday, 26 May 2016 00:00

Safety After a Tornado

So, you and your family have survived a tornado; it’s awesome that you were prepared, and you ended up coming out of it in good shape. Unfortunately, after a tornado, it’s very common for homeowners to see significant property damage. When you’re dealing with structural damage to your home, you need to consider the safety of your family, and what you do after a tornado can be just as important as what you did in preparation for it.

A study done on tornado damage in Marion, Illinois, showed that 50 percent of tornado-related injuries occurred after a storm
had passed. It’s common for injuries to occur during cleanup and post-tornado activities; almost a third of these injuries occurred after a person stepped on a nail. A tornado damages power, gas and electrical lines, and when you combine that with storm debris, it really puts you at risk.



Springtime is a time for flowers, leaves on trees and new grass – a manifestation of nature’s own recycling program – but it also marks the beginning of weather patterns that can create less-inviting scenarios. Between the tornado season, the hurricane season kickoff and what traditionally has been the start of a fire season, springtime lights up a veritable cauldron of natural disasters just waiting to boil over.

That’s why MSPs at this time of year should be talking to their clients about data backup and disaster recovery (BDR) strategies. With those clients who already have a strategy in place, this is a good time to review their plans to assess whether they still meet all of the clients’ requirements.

Are all new users included in the backup process? Are they aware of recovery procedures in the event of a disaster? Have any systems been installed recently that require some kind of upgrade to the BDR?



Unplanned system downtime is the reality that IT departments need to deal with every day.  Some even see downtime as being the worst thing that can happen with their IT systems.  In fact, as almost everything we know has gone through a digital transformation, businesses rely more and more upon IT; therefore an IT issue is a business issue. When critical incidents occur, the business operations can quickly suffer from it:

  • Loss of online revenue for e-retailers
  • Drop off in employee’s productivity in manufacturing
  • Frustrated clinicians, increased patient safety risk and drop of the hospital bed turnover rate in hospitals
  • Impact on brand, company image and patient satisfaction

Not long ago, CloudEndure published a survey that put system downtime, and more specifically the cost of system downtime into perspective.  The online survey was conducted in January of 2016 and responses were collected from 141 IT professionals from around the world who were using or looking to implement disaster recovery.



Turmoil in emerging markets, increased localisation of Internet networks within country borders and financial repression are some of the key risks identified in this year's Swiss Re SONAR report, published recently. Although aimed at the insurance sector the report contains useful information for all enterprise risk managers. The publication is based on the SONAR process, a crowdsourcing tool drawing on Swiss Re's internal risk management expertise to pick up early signals of what lies beyond the horizon.

The report offers insights into emerging risks, those newly developing or evolving risks whose potential impact and scope are not yet sufficiently taken into account. Among these, the report also highlights a ‘crisis of trust’ in institutions, the ‘legal and pricing risks of the sharing economy’ and technology-related topics, such as the rise of ‘precision medicine’ and ‘distributed energy generation’.

"Risk management is not just about managing risks in the present. It is about anticipating future ones to make sure we will be in a position to deal with them," says Patrick Raaflaub, Swiss Re's Group Chief Risk Officer. "These risks may only fully reveal themselves to future generations. That doesn't mean that we shouldn't act today to reduce uncertainty and alleviate their burden."

The identified risks are relevant to life and non-life insurance areas and are presented with the goal of helping industry players prepare for new scenarios by adapting their behaviours, market conduct and product portfolios.

Detecting early signals of looming threats allows for a proactive approach to risk mitigation and is an important step to help society as a whole to become more resilient.

The three top risks with the highest potential impact:

Emerging markets crisis 2.0: turmoil in emerging countries could hinder the market entry and the penetration strategies of global insurance companies and even result in higher underwriting losses, especially in property, personal and commercial lines, for example in the case of riots.

The great monetary experiment: the long-term costs of negative interest rates and unconventional monetary policies are still unknown, yet they might lead to a broader loss of confidence in the monetary system. Short-term benefits are limited as the policies are unlikely to boost economic growth.

Internet fragmentation: firewalls, special software to filter out unwanted information and isolated IT infrastructure detached from global networks: disconnected nets could soon become a reality. Their potential impact includes increased costs and disrupted business models for insurance companies and other businesses operating across borders.

Read the full report

For many organizations, it is a constant challenge to meet the current year goals and objective for the business continuity management program.  There are a plethora of causes and symptoms, including:

  • Exercises continually fail to meet recovery time objective (RTO) targets.
  • The internal and/or external auditors have black notes that have not been fixed.
  • The board, interested parties, customers and other stakeholders are making more demands.
  • The competition now has certified BCM programs and is winning more business.
  • A lack of confidence in consistently meeting contractual and regulatory obligations.
  • A need to expand the BCM program scope, e.g., additional departments, regions, or community responders, etc.

But there is hope.  A set of fresh eyes to perform a gap analysis of your BCM program can highlight non-conformities and provide direction on how to reasonably move forward to meet your goals.



How else have IT departments been doing so much more with so much less? Cloud service providers have done what so many CIOs and IT managers have only dreamed of.

They have packaged virtualisation, automation, replication and innovation together, and put cost reduction in as part of the deal too.

Never before have enterprises and organisations had so much power at their fingertips for so few dollars (well, thousands of dollars). However, there’s just one big drawback.

The drawback isn’t really due to cloud computing. After all, much of cloud computing fulfils its function marvellously well. That includes providing resources for business continuity and disaster recovery, as well as for data archiving.



Thursday, 26 May 2016 00:00

Emerging Risk: the Internet

We think of the Internet as a borderless entity, but that could all change, according to an annual emerging risk report from Swiss Re.

The publication is based on the SONAR process, an internal crowdsourcing tool that collects inputs and feedback from underwriters, client managers, risk experts and others to identify, assess and manage emerging risks.

Increased localization of internet networks within country borders is one of the key emerging risks that industry players should prepare for, the report suggests.



(TNS) - The John F. Kennedy assassination, the 9/11 terrorist attacks and the Berks County hailstorm of May 22, 2014.

Like the where-were-you aspect of two infamous episodes in U.S. history, the savage hailstorm that hit a small piece of the county slightly more than two years ago has become an unforgettable moment in the lives of those who experienced it.

"It just seemed like the whole world was coming apart," said the Rev. Mark Johnson, pastor of Bausman Memorial United Church of Christ in Wyomissing. "When I came out, my Honda Civic was dimpled up like a golf ball."

The memorable storm hit on a Thursday afternoon. Hail reported as the size of golf balls or larger fell from 2:45 to 3:30 p.m., followed by a second hailstorm within an hour.



(TNS) - Federal officials on Monday announced new procedures for flood insurance policy holders to file appeals and internal steps to exert more control over the process following complaints that private contractors underpaid claims after superstorm Sandy.

The changes come amid lawmakers’ and homeowners’ continuing criticism of the way claims and appeals are handled by the FEMA's National Flood Insurance Program and the private insurance companies it contracts with to carry out its work.

“Fundamental changes need to take place in this program,” said Roy E. Wright, the flood insurance program administrator. He said he was rolling out “three elements” that would go into effect later this year in what he called “a long-term process.” Wright said they include:



Wednesday, 25 May 2016 00:00

Symbolic IO Rewrites Rules For Storage

The defiant math of Radiohead's song "2 + 2 = 5" can now be found in an enterprise storage system called IRIS from Symbolic IO. With IRIS, which stands for Intensified RAM Intelligent Server, the whole is greater than the sum of the parts. That turns out to be an advantage because you can allocate less storage space for the parts than they'd require as a single set.

The four-year-old company, founded by CEO Brian Ignomirello, who served as CTO of HP, claims it has found a way to store data in substantially reduced form and to retrieve it without any loss in random access memory (RAM). Symbolic IO's technology, which the company says is the first computational-defined storage product, thus amounts to magic, in the sense that "any sufficiently advanced technology is indistinguishable from magic," as author Arthur C. Clarke put it.

Indeed, Symbolic IO describes its storage system in magical terms when it refers to IRIS "'materializing' and 'dematerializing' data in real-time."



The State of Virginia Department of Motor Vehicles lost access to its IT systems for hours this past Saturday as a result of a data center outage that disrupted network access for more than 60 state agencies.

Caused by a faulty network switch, the outage was resolved about five hours after it started, Richmond Times-Dispatch reported. The data center is owned and operated by Northrop Grumman, which resolved the issue by replacing a faulty part with one from a test environment that was running in the facility.

The switch failure “caused a widespread outage of inbound and outbound communications traffic through the information technology infrastructure for executive branch agencies,” Marcella Williamson, spokesperson for the state’s IT agency, told the Times-Dispatch.



In the middle of a critical event, it’s easy to forget who needs a notification and where they’re located. When time is of the essence, using groups can streamline the notification process allowing you to notify your users more efficiently. When you have a next-generation emergency notification system like AlertMedia, groups can simplify that process.

Groups are a collection of people that you can quickly and easily send a message to from your emergency notification system. Users can be grouped together based on common traits such as the user’s location, departments, their function, etc. – the possibilities are endless. Here are a few group must-haves you will want to incorporate with your emergency notification system:



FMCSR stands for Federal Motor Carrier Safety Regulations.

While companies are subject to many compliance related requirements, it can still be argued that not all compliance requirements are viewed to be equally important to the operations of a company.  FMCSR and its requirements can often fall into that “of less importance” category.

This posting assumes that Federal Motor Carrier Safety Regulations is a requirement where training is all too often incomplete and in some cases not performed at all ….even knowing that all training must be documented and available on request for internal or external audits.

Even worse — When nothing happens, no accidents, and no one performs a thorough audit, everything can often be perceived to be “OK”.  As a result, many companies are falsely lulled into believing they are in compliance when they are not.

Wednesday, 25 May 2016 00:00

The Cost of Compliance

FINRA released advance warning of their 2016 priorities for broker-dealers with its latest Regulatory and Examinations Priorities Letter earlier this year, highlighting data quality and governance as primary areas of concern. But many firms are forgoing the investments needed to upgrade their compliance programs – even as regulators and data issues increase year over year. Is your firm’s passive ignorance a sure path to more fines this year?

The amount of data being created and stored by broker-dealers has increased over the past few years, and data is being stored in multiple and unstructured formats across a multitude of different systems. This has led to siloed processes and sloppy reporting – and FINRA has noticed, firmly outlining the top areas of concern in the new letter:



(TNS) - Tropical storm and hurricane season kicks off June 1, so it's not too early to get ready.

That was the message federal, state and local emergency planners delivered last week during Hurricane Preparedness Week.

The message is simple: Be prepared.

This year's season, from June 1 through Nov. 30, could be more active than those the past couple of years, experts say.



(TNS) - A lone gunman is in the building, multiple people have been injured and the suspect is armed with semi-automatic handguns and extra ammunition. It’s up to law enforcement and emergency responders to evacuate the injured and subdue the gunman – all at the same time.

That’s the scenario that played out at UC Merced on Saturday morning as multiple Merced County law enforcement and emergency response agencies trained together on protocol and response for violent incidents.

About 50 role-players acted as student witnesses and victims while paramedics and firefighters teamed up with police officers and deputies.



All-flash storage systems are about to spark a renaissance within the data center. Until very recently, the higher costs of all-flash storage has prevented the technology from being adopted across a majority of data center workloads. However, the recent introduction of high-density flash will certainly change this situation, as the ability to mix high density with traditional flash in a real-time auto-tiering manner will dramatically reduce the cost of flash, enabling its broader use for all workloads across the data center.

Flash is still uncharted territory for many data center executives. As the use of all-flash becomes more common, it will be more important than ever to know how to assess key performance parameters and assess any cost challenges encountered along the way.



Crises don’t discriminate. Whether they are economic, geopolitical, technological or environmental, you can expect to have to deal with a major one soon. And how well you minimize the impact of that crisis is the difference between achieving your business objectives, and completely missing them, disappointing your customers, employees, partners, and shareholders in the process. Lucky for you (if you believe in luck and not the probability of chance events), Forrester’s risk experts have updated The Governance, Risk, And Compliance Playbook For 2016. I also recently finished a series of reports on the state of business continuity (which I have creatively named part 1, part 2, and part 3) to give you a jump start on your GRC efforts. Below, I’ve highlighted some of our most recent and exciting GRC research:



Ransomware has become such a prevalent threat that the Los Angeles Times suggested in a March 8 article that “2016 is shaping up as the year of ransomware.”

Recent ransomware victims, the paper reported, included the Los Angeles County Department of Health Services and Hollywood Presbyterian Medical Center, which paid $17,000 to regain access to a communications system that attackers had shut down.

Ransomware is ingeniously simple to execute and, as such, an effective method for cybercriminals to monetize malware attacks. Ransomware uses malware variants with names like “Locky” and “CryptoWall” to encrypt files in victims’ systems. The malware typically is delivered through phishing emails.



Published: Tuesday, 24 May 2016 07:55


The Business Continuity Institute’s Middle East business continuity and resilience Awards took place on Monday 23rd May 2016 in Abu Dhabi.

The winners were:

Continuity and Resilience Newcomer 2016
Pauline Kolset CBCI, Administration Manager, Risk Management, Jumeirah Group

Continuity and Resilience Consultant 2016
Tom Keegan FBCI, Enterprise Resilience Leader, Control Risks

Continuity and Resilience Professional (private Sector) 2016
Abdullah Alrebdi AMBCI, Business Continuity Senior Analyst, Saudi Stock Exchange (Tadawul)

Continuity and Resilience Professional (Public Sector) 2016
Mahmoud Abu Farha MBCI, Head of Business Continuity Management, Palestine Monetary Authority

Continuity and Resilience Team 2016
Roads and Transport Authority Crisis Management Team

Continuity and Resilience Provider (Service/Product) 2016
Deloitte and Touche, Resiliency and Continuity Services (RCS)

Continuity and Resilience Innovation 2016
Estmrarya Academy ‘Learn and be more Resilient’ 

Most Effective Recovery 2016
Commercial International Bank - Egypt

Industry Personality 2016
Fatima Azeem AMBCI, Executive Officer in Business Continuity, National Emergency Crisis & Disaster Management Authority

More details.

Data breaches are now a fact of life. Regardless of the size of your business, or the sector you operate in, sooner or later you should expect to come under attack by hackers.

In the past couple of years, there’s been a steady stream of high-profile attacks on companies around the world, from retailers to banks and healthcare providers. And if smaller firms think they will be overlooked by hackers in the belief they are not a valuable target, they are mistaken.



Let’s be honest: PCI DSS compliance is viewed as a pain in the neck.  It is seen by management in many companies as a big fire drill to check the compliance box, but without real business value.  They see the scramble to test, remediate and report to achieve compliance, but they often cannot connect it to improvements in their actual security posture.  The lack of perceived value is the result of the prevalent “compliant but not secure” mode of operation.

The fire drill typically includes the following scenario: A large company with tens or hundreds of legacy systems, some of which store its most valuable information, is tasked with complying with PCI DSS requirements and validating compliance in quarterly tests and annual audits. The systems are siloed, owned by different line-of-business and application owners, sometimes with their own IT and security experts.  Each application and associated infrastructure needs to be tested, scanned or otherwise validated to be in compliance.  To minimize potentially negative impact on business critical applications, testing and scanning needs to be coordinated and scheduled with application owners.  Results need to be communicated to those same owners and coordinated with IT administrators to apply the fix.  After the fix is finally applied, the scans and tests need to be repeated to verify the exposure no longer exists.  All of this information exchanging hands starts out in vulnerability scanning and governance, risk management and compliance tools, but most often ends up in spreadsheets and emails.  Multiply those spreadsheets and emails by the number of components and stakeholders, and it is easy to see why the process overtakes the intended objective of cardholder data protection.



Market research firm IDC forecasts a 50% increase in revenues from the sale of big data and business analytics software, hardware, and services between 2015 and 2019. Services will account for the biggest chunk of revenue, with banking and manufacturing-led industries poised to spend the most.

Data is the driving force underlying market disrupters such as ride-sharing service Uber. Data and analytic projects dominated the top of InformationWeek's Elite 100 list in 2016. So it's no surprise that IDC's most recent forecast for the big data and business analytics market shows significant revenue growth for the next five years.

IDC predicts revenue from the sales of big data and business analytics applications, tools, and services will increase more than 50%, from nearly $122 billion in 2015 to more than $187 billion in 2019. The analyst firm estimates revenue by technology, industry, and geography in its Worldwide Semiannual Big Data and Analytics Spending Guide.



As mobility has enabled us to work anywhere, the spaces we occupy are now material to the productivity and outcomes we achieve. Quite simply, these spaces and their attributes have an effect on how we work.

Collaborative, activity-based work has become the new default workstyle. It not only embraces the concepts of increased consumerization and mobility, but also the human need to work closely with others.

There is a growing delta, however, between the experiences that we achieve when we collaborate remotely using tools, like GoToMeeting or Skype for Business, and the experiences we have when collaborating physically, in meeting or conference rooms.



The value proposition of the public cloud is pretty clear. Indeed, there are few companies today that aren’t taking advantage of it in some way. The benefits of a private cloud can be a bit more challenging to define.

Jim Rapoza, editorial director and senior analyst at the Aberdeen Group, has seen the innovative ways in which many companies have effectively implemented a private cloud. Here, he shares some of its use cases, and recommends what companies should focus on when building one.

According to Rapoza, one of the main reasons to implement a private cloud is to gain better management over your virtualized infrastructure and be able to better provide services to end users and the business.



Monday, 23 May 2016 00:00

Here Come the Memory Wars

The enterprise has seen many a storage war over the decades, or perhaps it’s more accurate to say many battles of a single storage war. The latest of these pitted the rival cloud providers in a contest to see who could deliver more capacity at the lowest cost.

But even as this phase is winding down, a new one is emerging for the heart and soul of Big Data and IoT data preservation. And the field of battle is no longer on the drive level but in memory subsystems, which are proving to be a lot more versatile than their traditional roles as high-speed cache and random access devices would suggest.

The big breakthrough came earlier this week when IBM announced major improvements to its phase-change memory (PCM) technology that boosts performance way past Flash technologies on a number of key parameters while maintaining relative price parity. According to a paper presented to the IEEE International Memory Workshop in Paris, the company says it can now reliably store three bits per cell in a standard 64k-cell array that has been pre-cycled more than a million times and maintained at temperatures as high as 167°F. This provides a write endurance that is a thousand times better than Flash while at the same time maintaining random access and write-in-place capabilities that Flash does not have. The company plans to implement the technology as a cluster-level and data center solution, pairing it with low-latency networking for data-intensive applications. (Disclosure: I provide web content services for IBM.)



Global companies have been embracing socially responsible spending projects to build stronger relationships with local communities. The idea makes a lot of sense and real projects can result in real benefits.

As with any significant source of money, there are risks. Major global companies have been caught in some embarrassing situations, some of which can have real legal and reputational consequences.

Think of the irony of these situations – in an attempt to promote the goodwill of the company in emerging markets, companies spend large amounts of money, only to find out later that foreign leaders have lined their pockets with the funds to the detriment of the locally intended beneficiaries.



Monday, 23 May 2016 00:00

‘It Happened to Us’

This spring will mark the fifth anniversary of the devastating tornado that struck Joplin, Mo., on Sunday, May 22, 2011. The tornado killed 161 people and caused nearly $3 billion in damage. Keith Stammer was the Joplin/Jasper County director of Emergency Management and is today. He talked recently about the recovery and lessons learned in Joplin.

This year marks the fifth anniversary of the 2011 tornado. How has the recovery gone?

Recovery is going pretty well; everything is cleaned up. We got that done in short order. The problem here is coming back with housing. Joplin has more rentals than it has homeownership, so we have a lot of low- and moderate-income people who need places to stay. If you’ve ever done that, particularly with state and federal tax credits, it takes a while.
We were warned that this would take some time, but I was hoping it wouldn’t take as long as they thought. That being said, we’ve gained back what little of the population we lost. We actually have a few more residents than we had prior to the tornado, and unemployment is running under 5 percent. The other big thing that helped Joplin was that we basically live off sales tax and not off property tax, and the sales tax did not go down in terms of revenue. In fact, it went up because everyone wanted to rebuild. So that helped us from a financial standpoint in terms of not losing anything.



Monday, 23 May 2016 00:00

6 Barriers To IoT Data Flow

The Internet of Things (IoT) is gaining momentum across industries as organizations strive to compete using data. Gartner estimates by 2020, 25 billion connected "things" will be in use. Whether it's weather monitors out in the field or wearables, companies are getting insights that were previously not possible and achieving new levels of automation. The question is whether the devices are enterprise ready.

"Enterprises adopting IoT devices have to support enterprise standards with authentication, encryption, and protocols," said Andy Beier, director of engineering at BI software vendor Domo, in an interview. "The greatest barrier to IoT data flow is that these devices are not created with an enterprise standard, making it more difficult for companies to benefit."

Even when IoT devices are built for enterprise use, there's no guarantee they'll work together. In smart commercial buildings, for example, different manufacturers are working to get their devices to communicate via APIs or an orchestration platform, but the process isn't necessarily plug-and-play or any-to-any simple yet.



Last month I talked about cybercrime as big business and how crime rings take advantage of point of sale (PoS) technology to collect and sell the data they gather. I’d like to build on that conversation, using a new study from Hewlett Packard Enterprise (HPE) that takes an in-depth look at the underlying economy driving cybercrime.

I had the opportunity to talk to HPE researchers involved with this report, and they told me that cybercriminals operate their business in much the same way that any other small business person does. They seek out people who are skilled in different areas – not just computer programmers, but also, say, those with good financial chops or a talent for marketing. They recruit and vet potential employees. The biggest differences between their business operation and yours are that theirs is involved in illegal activities and it is all done anonymously. That’s right – these folks operate under their online alias so you probably will never know anyone’s true identity. It’s a business model that is based primarily on trust and reputation within the Dark Web.

Why should you care about these cybercriminal business ventures? They are your competitors, according to Kerry Matre, senior manager, Security Portfolio Marketing with HPE. Maybe they aren’t going head-to-head with you in a specific industry, but they are looking at how you use technology and the type of data you collect in the course of everyday business, and they are coming up with ways on how to target attacks against that data.



How well do you know the cloud?  What are the roles and responsibilities of the companies that provide cloud services? What part does the state or local government IT organization play when it comes to cloud technology?

These questions and others were at the center of a panel discussion at the Florida Digital Government Summit held May 12 in Tallahassee. During the 90-minute session, Florida’s Chief Technology Officer Eric Larson and two private-sector representatives weighed in on the four most important considerations and steps that need to be made before diving headlong into cloud migration.


The battle over ad blockers has never been fiercer: Their popularity with consumers is skyrocketing across the globe. Ad blockers offer a better online experience and have become easier to use. But consumers like them as a way to protect their privacy and their data from being misused. Firms increasingly think that their best bet is to block the blockers. But a recent study has shown that this strategy is just a losing game, as it has contributed to the deep decline in traffic figures. And the problem doesn’t end there; the EU recently made its voice heard by saying that blocking ad blockers is a practice that breaches EU privacy rules.

But what about your customers? If you use ad blockers, just think of the last time you wanted to check out an article online but were asked to uninstall your ad blocker first or, possibly worse, to fill in your details to “freely” enjoy your read.



The secret to effective mass notifications lies in the simplicity of sending the notification, and streamlining all the activity into one seamless experience, so you can get to the core of what matters most: communicating an important message and monitoring the well-being of your people.

Every day, AlertMedia customers send notifications connecting their audiences in different locations all over the world. Two-way mass communications is quickly creating a connected audience—no matter the size.

An easy-to-use mass notification system that keeps the process of sending a notification simple, while facilitating activity that’s easy to access, manage, and measure, makes our emergency notification software smart and efficient.



(TNS) - First responders geared up Wednesday as they held active shooter training at St. John's College where they simulated a gunman killing and wounding people inside the school's library.

The fake incident played out like this: A lone shooter with a book bag entered the library where he killed and wounded several people. He moved about the first floor and up to the second floor where he stood his ground in a back room.

The exercise was the second active shooter training done at St. John's since 2010. This year was different as emergency medical staff were outfitted with Kevlar vests and helmets as they followed police into the building after floors were cleared.



(TNS) - Marion County emergency officials say that each time they speak to community groups, they become more concerned about inexperience and complacency as hurricane season approaches.

It has been nearly 12 years since Marion County has been hit by a hurricane. In 2004, two storms — Frances and Jeanne — battered 3,000 homes and caused $30 million in damages across the area. And those were tropical storms, only packing 45 mph winds when they toppled trees across the area.

Since that time, there has been a hurricane drought. In fact, it has been more than a decade since Florida has been hit by a hurricane — the longest no-hurricane streak on record.



(TNS) - Drone footage from Twin Falls County Sheriff’s Department reveals the scene that unfolded at Henningsen Cold Storage Wednesday morning.

To the casual observer, it would appear as the site of a gruesome accident — paramedics and firefighters respond to victims on the ground near an overturned school bus, a railroad car and multiple crashed cars.

The scene was a drill — a test of the county’s resources and response, but in an emergency scenario with unknown chemicals involved, the value of drone technology becomes apparent.



In the wake of the damaging Alberta fires, there has been a lot of attention paid to what role climate change plays in wildfires. Yet 2016 is also a powerful El Niño year, which has created ideal conditions for the extraordinary fires in Alberta.

So what climate phenomena could have led to the persistent warm, dry conditions and the extreme fire events?

I have analyzed weather trend data and found that higher temperatures and lower precipitation created the conditions for the extensive fires. It is by looking at exactly when those warmer months occur that we can begin to sort out the role of El Niño versus climate change.



Communications at the Time of a Disaster

It is well known that business continuity and crisis communication plans are vital to minimizing losses during an emergency. 80% of companies that experience a major disaster and don’t have any form of contingency planning go into liquidation within 18 months. Yet only 55% of employers have a crisis communication plan in place.

Of course, simply having a crisis communication plan in place isn’t enough to ensure the safety of your employees and your company’s future. Only 60% of employers think that if a disaster were to effect their workplace, their employees would actually know what to do. Be confident that your employees are prepared for the worst by understanding how to optimize and efficiently execute your crisis communication and response plans, thanks to helpful advice from emergency management and business continuity expert Regina Phelps.



Having mold in your commercial establishment is risky business. A fast-moving health hazard, it can run rampant throughout your space in as little as 48 hours, scattering allergens and irritants as it spreads. What should you do if you suspect that you have a mold issue? Contact SERVPRO of Asheville East. Our mold remediation specialists are highly skilled professionals who are trained in the standards and best practices set by the Institute of Inspection Cleaning and Restoration Certification. You can be confident that they have the expertise and equipment to handle your mold problem efficiently so that you can get back to business.


If a leaky roof, window or plumbing system allows water to flow into your business, mold damage is likely to follow. When you call SERVPRO of Asheville West about a mold problem, we’ll start by completing a thorough inspection of your commercial property, searching for both signs of mold and the hidden water sources that allow it to flourish. We use a variety of technologies to scour your commercial property, which allows us find mold in places that are in plain view and in concealed areas where it might otherwise be missed.



On any given day, most of us rely on the cloud to store, upload, and retrieve various types of data – work files, songs, pictures, videos, apps, etc. It’s a proven, reliable service that we’ve grown accustomed to working with – maybe even taken it for granted.

We’ve discussed the pros (and cons) of cloud computing before – reliability, affordability, and accessibility – but have you ever wondered, even with multiple levels of protections and policies in place, how data goes missing?



New technology, increased regulations and a heightened focus on culture are changing the role of the compliance officer in the capital markets, especially with a new shift toward accountability on compliance teams.

Compliance officer liability is becoming a highly debated, hot topic in the capital markets. SEC executives have made statements in the past about compliance officers being held more “accountable for conduct that…is the responsibility of the adviser itself.”

With this newfound spotlight on CCO accountability, technology, regulations and culture are primary focuses for compliance officers, increasing pressure and responsibility.



(TNS) - Military engineers at Robins think they have developed a way to save lives in an active-shooter situation.

Five Robins airmen and one from Maxwell Air Force Base in Alabama worked for six months to develop a gunshot alarm that sounds an alert when shots are being fired. The Air Force currently is testing the device to determine whether is could be used at bases.

They entered the system into a contest sponsored by the U.S. State Department that sought technological solutions to issues of security and diplomacy. The Robins-led team was among six teams picked from more than 500 entries to present its system at a State Department conference in March. The team won an award for having the most economically feasible entry.



(TNS) - Allegan County Central Dispatch looks to spend as much as $10 million on a new radio system over the next year.

The local 911 network fielded just shy of 53,000 phone calls last year split between law enforcement, fire services and emergency medical services. The current system was installed in 2001 and is due for a replacement, according to county officials.

“It’s at the end of its life,” Dispatch Director Jeremy Ludwig said.

A new system would replace equipment on local radio towers, in the dispatch offices and on the officers and emergency personnel all throughout the county. Ten law-enforcement agencies rely on Allegan County Central Dispatch, as well as 20 fire departments and five EMS agencies.

In 2015, the center handled 37,500 calls relating to law enforcement, 4,900 for fire services and 10,200 for EMS.



The Business Continuity Institute - May 19, 2016 16:57 BST

The theme for Business Continuity Awareness Week is return on investment and the discussion has mainly focussed on the investment in business continuity processes, but what about the investment in those people working in the industry? Does this provide any return? It certainly does for the individual according to the latest research by the Business Continuity Institute, which examined the salaries of business continuity professionals from across the world, and made comparisons between different demographics or factors.

The key finding from the Global Salary Benchmarking Report was that BCI certified members, those who have achieved one of the world’s leading credentials in business continuity, earned more than their non-certified colleagues by up to 30%. In Europe the figure was 30%, while in Australasia and North America it was 18%. This helps demonstrate the value of investing in your career, as ultimately those with the appropriate certifications receive greater remuneration.

The findings of the report also indicated a gender pay gap, with female business continuity professionals in Europe being paid a staggering 37% less than their male counterparts, while those in North America received 19% less. Of course there may be a number of variables that contribute to this, but the fact remains that there is a significant salary imbalance between men and women.

Patrick Alcantara DBCI, Senior Research Associate at the BCI and author of the report, commented: “The report identifies that business continuity professionals must consider the investment in their own career. By attaining the credentials relevant to their role, and investing in their education, they can improve their career prospects and reap the benefits when it comes to remuneration.

It must be noted as well that significant variations still exist between salaries for men and women. This is something that the business continuity community can help change consistent with the principle that equal work deserves equal pay.

In addition to the Global Report, the BCI has also produced reports for several countries and regions across the world, and these can be found using the links below.

Asia | Australasia | Australia | Europe | North America | United Kingdom | United States

Considering the number of threats that organizations face today, it may be surprising to learn that the majority of companies are not prepared for a business-affecting emergency. Unfortunately, it’s true: The Disaster Recovery Preparedness Council found that nearly three quarters of organizations worldwide aren’t properly protecting their data and systems.

The potential consequences of not having a business continuity management program are extremely grave. Consider the many risks that your company faces: network outages, natural disasters, active shooter events, data breaches and more. However, if your organization doesn’t take business continuity seriously, you’re facing even greater risks, including the following:



(TNS) - With one expert calling Zika the “the virus from hell,” health officials warned state lawmakers about the spread of the Zika virus across the state and offered their insights on possible response measures in case of an outbreak.

John Hellerstedt, commissioner for the Department of State Health Services, warned that the virus is expected to begin spreading as prime mosquito season nears.

“We don’t know when and we don’t know at what level that will occur,” Hellerstedt said.

In response to the growing number of Zika cases in Texas in recent months, Tuesday afternoon lawmakers met to discuss what is being done in the state to prevent an outbreak of the virus.



Thursday, 19 May 2016 00:00

Building Scale into the Private Cloud

If all things were equal between the private and public cloud, few enterprises would migrate their workloads to public infrastructure. All things are not equal, however, so IT executives are constantly weighing the security and availability concerns of the public cloud with higher capital costs and lack of scale on the private side.

But while public providers have made a lot of noise touting their improved encryption and service reliability, an equally strong movement is brewing to make private cloud infrastructure more scalable, easier to deploy and less expensive.

The private cloud requires private infrastructure, of course, so deploying resources at scale remains a key challenge. (Yes, hosted is an option, too, but I’m talking about true in-house private clouds.) This is why emerging platform providers like Tintri are pushing the envelope when it comes to deploying hefty resource architectures without crushing the budget. The company’s new VMstore T5000 All-Flash Series appliance supports upwards of 160,000 virtual machines and can be outfitted with SaaS-based predictive analytics and other tools to enable advanced capacity and performance models to suit Apache Spark, ElasticSearch and other Big Data engines. And as is the company’s modus operandi, the system scales at the VM level rather than the LUN level to enable greater flexibility when matching resources to workloads.



Thursday, 19 May 2016 00:00

Global Warming of Data

Eric Bassier is Senior Director of Datacenter Solutions at Quantum.

It already reached 90 degrees in Seattle this year. In April. I’m not complaining – yet – but I’m definitely a believer that global warming is happening and that we need to make some changes to address it. But this article isn’t about climate change – it’s about data. Specifically, it’s about the growth of unstructured data and the gloomy fate ahead if we continue to deny the problem and ignore the warning signs. Sound familiar?

It’s hard to argue with the evidence of unstructured data growth. Estimates and studies vary, but the general consensus is that there will be 40-50 zettabytes of data by the year 2020, and 80-90 percent of that will be unstructured.



Thursday, 19 May 2016 00:00

Joplin Study Spawns Code Recommendations

Though building codes for schools and a range of other structures provide for protection of winds up to 115 mph, that’s not nearly enough to protect against a strong tornado like an EF4, an EF5 or even an EF3. In fact, building codes don’t even mention tornadoes unless discussing a safe room or shelter.

That has to change, and building codes and standards need to acknowledge tornadoes and the difference between straight speeds and the variables of wind presented by tornadoes. That is one of the 16 recommendations that resulted from a National Institute of Standards and Technology (NIST) study of the May 2011 tornado that killed 161 and damaged more than 7,500 structures in Joplin, Mo.

The tornado was the deadliest since the first records were kept in 1951, hence the study to determine what factors contributed most to the death and destruction. The NIST team, led by Marc Levitan, looked at four key factors that contributed: storm characteristics; building performance; human behavior; and emergency communication.



We’re used to hearing that security is the biggest bugaboo holding back greater migration to the cloud. Internet security concerns are said to be so acute that it’s widely accepted as an axiomatic truth.

But it’s time to revise that argument.

Digital security still rates as an important issue in any discussion about whether to migrate an enterprise’s data to the cloud. But enterprises have warmed up to cloud computing to the point where their biggest challenge now is actually finding enough people who have the necessary technical backgrounds to keep their cloud systems up and running.



The Business Continuity Institute - May 18, 2016 09:58 BST

What is the return on investment of business continuity? How do you justify to top management any investment in business continuity? It's a tough question. If a disruption does occur, then clearly having a business continuity plan will demonstrate significant value, as it will help you manage through the disruption. But what if a disruption hasn’t occurred? How do you justify the expense to someone who thinks of it purely as an overhead?

This is the theme for Business Continuity Awareness Week, and to help demonstrate the value that business continuity has to the organization, the Business Continuity Institute has published a new paper that highlights some of the added benefits. Combining a mixture of research and case studies, ‘Business continuity delivers return on investment’ explores some of the main returns including:

  • Business continuity helps organizations obtain lower premiums for business interruption and supply chain insurance.
  • Business continuity enables organizations to realise increased efficiencies which may translate to decreased business costs, avoiding costly overlaps and duplication of work as well as streamlining preparation efforts related to compliance.
  • Business continuity facilitates contract negotiations with customers and suppliers, increasing transparency and raising governance standards.

The paper makes it clear that business continuity significantly contributes towards optimising organizational performance. Indeed, it is not just an overhead, it is an investment for a better organization.

Click here to download Business continuity delivers return on investment.

The Business Continuity Institute - May 18, 2016 12:45 BST

Mobile, social, cognitive and the Internet of Things—technologies like these are reshaping business, improving client engagement and making employees more productive, flexible, and responsive. Our growing reliance on 24/7 availability also puts us more at risk every day and increases the impacts of an outage. In this always-on, connected world, 'recovery' is no longer acceptable. We now have to think in terms of operational resiliency – which requires continuous availability – or always-on.

A few years ago, there was room for a delay in IT recovery. Businesses could operate and perform functions manually for a short period of time. With more integrated, complex systems relying solely on accurate and available electronic processes and data to perform well, that luxury has rapidly dissolved. Without systems and applications up and running, day-to-day business processes cannot be performed with growing impact to businesses across all sectors:

  • Significant Revenue Loss - A retailer’s website goes down and thousands of customers move their loyalty and ongoing purchasing to a competitor.
  • Health and Human Safety - A healthcare provider cannot access the Electronic Medical Records data required to treat a patient.
  • Regulatory Compliance - A bank is hit with a cyber attack and customer records are compromised.

The State of Disaster Recovery hasn't kept up

Today, business continuity/disaster recovery professionals are faced with increased challenges to maintain continuous availability of critical business processes - complex technologies, more interdependencies across critical systems and cyber attacks to name a few - all increasing your day-to-day business risk. At the same time, businesses are under high pressure to return ROI, improve spending on day-to-day business operations, customer services, and IT innovations, making the business case for 'disaster recovery' investment more difficult than ever.

Time for a new paradigm - Time to shift your thinking to operational resiliency

According to Gartner, operational resilience is a set of techniques that allow people, processes and informational systems to adapt to changing patterns. It is the ability to alter operations in the face of changing business conditions. Operationally resilient enterprises have the organizational competencies to ramp up or slow down operations in a way that provides a competitive edge and enables quick and local process modification.

The shift to operational resiliency requires a more holistic view of business continuity, across all levels of the business. With more complex, integrated technologies driving business operations, it requires that resiliency be built in to the day to day operations of your business - in such a way that also provides the 'recovery' elements in the event of a disruption built into the standard business process.

Three keys to operational resiliency

Operational resiliency means having an end to end resiliency program that is embedded into the enterprise, can significantly absorb risks while you innovate and reinvent the way you do business. For operational resiliency, your business must have:

  • Rapid access to data and compute capacity
  • Automated workflows and responses, moving from paper-based to automated incident recovery
  • Communications capabilities across all channels – the first line of defense to any incident is seamless, realtime communications

I don’t have to tell you that the role of BC/DR professionals is rapidly evolving – and it is an exciting time for us to create lasting and significant impact to business. To remain relevant, you must shift your thinking to operational resiliency and achieving this means exploring new technologies that build resiliency in to every level of your business. Join my webinar on the 20th May as we explore how new operational resiliency capabilities can deliver new value to your business to support both daily interruptions to business process as well as preparing you for disaster outages.

Margaret Mills is an Associate Partner at IBM Resiliency Services

The changing scope and scale of disasters, both natural and technological, have altered the ways in which disaster management and financing are addressed and the roles of private-sector organizations specifically. Businesses and nonprofit organizations are increasingly central to the process, offering critical support in immediate disaster response but also contributing necessary redevelopment funding that supports community recovery. Although these new expectations position the private sector as a key leader in community resilience, these responsibilities have not been fully met with established guidance or clear metrics for how and when these organizations should participate in disaster recovery and financing.

This perspective examines key issues confronting the private sector in disaster recovery financing, what roles private-sector entities have played, and where there has been successful integration or leadership of these organizations. The perspective also briefly explores challenges that the private sector faces, with particular attention to issues of information use and application, coordination in response and recovery, and timing of funding. Given continued data gaps in this field, the authors offer opportunities for research and policy analysis.



Wednesday, 18 May 2016 00:00

Contemplating … value vs ROI

Sometimes, often actually, I get worried about the BC industry’s habit to try and redefine commonly understood business terms to mean something different.

Take ROI as an example.

It stand for “Return on Investment”. You can read about it on Wikipedia and there would be little to surprise business folks in that article.

Simply it is a measure of revenue, gain or net profit that flows from an investment. It is used as a tool to choose between different investment options.



(TNS) - When Ryan Blythe leased space for his glassblowing shop in Seattle’s Georgetown neighborhood, he saw a rugged industrial setting that could double as an elegant gallery.

When Seattle building officials looked at his permit application, they saw something else: the most dangerous type of structure to be in during an earthquake.

The Julius Horton building, built in 1914, is like many of its vintage. Its brick walls aren’t bolted to the floors and ceilings. It has withstood past quakes, but they have been mild compared to what seismologists expect: A magnitude 9.0 monster that hits with 2,000 times the power of Seattle’s last major earthquake, toppling walls, dropping ceilings and sending bricks flying with deadly effect.



Wednesday, 18 May 2016 00:00

FEMA: Hurricane Season Approaches

PHILADELPHIA - As the 2016 Atlantic hurricane season approaches, FEMA Region III continues to proactively work with its state, local, and federal partners to increase preparedness, coordinate response and recovery capabilities, and empower individuals to take an active role in preparing themselves, their families, and their communities.

The Atlantic hurricane season starts on June 1, 2016 and lasts until November 30; the greatest potential for storm activity is the months of August and September. A great time to begin planning for hurricane season is Hurricane Preparedness Week, designated May 15 – May 21, 2016.

Everyone should take time to ensure that their family, household, and workplace is properly prepared for a potential hurricane or tropical storm. “It only takes one storm to severely impact a community and disrupt our way of life,” stated FEMA Region III Regional Administrator MaryAnn Tierney. “We encourage everyone to prepare and plan for hurricanes and to be informed of what their risk may be.” It takes all of us, as individuals, families, communities, organizations, and as members of the whole community, to prepare for hurricanes and the potential hazards associated with them.

Residents should interact with their local emergency officials and stay informed of their risk and the potential dangers of a hurricane or tropical storm. By engaging with your local officials, citizens gain valuable insight, lend input, and develop relationships for planning and communications before a storm. 

FEMA recommends that everyone have enough supplies to last for several days. Emergency supply kits should include essential items like bottled water, a battery-powered radio, flashlight, batteries, medicines, toiletries, non-perishable food items, manual can opener, and first aid supplies.

When planning, think about the potential needs of everyone in the household during an emergency. If your household includes pets, a person with a disability, an infant, or a senior citizen, be sure to take the necessary steps to assist and make them comfortable during an emergency, in addition to having any necessary documents or medications on hand.

For more preparedness information, visit fema.gov, ready.gov, and nhc.noaa.gov.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Stay informed of FEMA’s activities online: videos and podcasts are available at fema.gov/medialibrary and youtube.com/fema. Follow us on Twitter at twitter.com/femaregion3.

Business Continuity Awareness Week is upon us and this year the core focus is on a topic close to my heart – Return on Investment. This is a very important area that can be easily overlooked or lost in the activity of running your day to day business continuity or resiliency program. Having clearly defined value drivers for your program outside of the normal areas of RoI can not only help you drive awareness, but also help you gain buy in from other business units.

So how does this relate to using a mass notification platform? Put simply – give your notification system a day job. That day job can be a natural fit like the time sensitive and critical nature of IT alerting, or something less obvious – some examples of these may be:



(TNS) - Wichita County officials met with local members of the American Radio Relay League (ARRL) and Texas Amateur Radio Emergency Service (TARES) to hash out some regulations about control of radio networks during emergency weather situations.

County Judge Woody Gossom said ARRL regional members decided to realign the system to have SKYWARN be the parent network of a controlled network rather than a closed one.

Local ARRL member Charlie Byars said in a previous article that a repeater is normally open to all ham radios, but is closed to unauthorized users during severe weather events. He explained that they would take a emergency report, such as a tornado sighting, and refer the information to the National Weather Service.



Wednesday, 18 May 2016 00:00

Plan the Test, Test the Plan

If your organization has an Emergency Notification Service (ENS) in place, it’s already taken an important step toward communicating faster and more effectively in critical situations. But, if the solution is not routinely “touched,” or better yet, tested, you could still be at risk in an actual emergency. Consider the following recommendations from Send Word Now to create a full and repeatable test cycle, ensuring your alerting readiness.

Set a regular testing schedule and stick with it – It’s important to test your ENS on a regular basis. Test your system frequently with a small group of administrators or other participants. Conduct widespread exercises at regular intervals throughout the year to ensure recipient familiarity with notifications and procedures. As a BC professional, you’ll appreciate the peace of mind that comes from knowing your solution is working and your people know what to do.



Moving security operations away from your security team? This may sound counterintuitive, but it’s something that we see happening more and more. Nimmy Reichenberg explains why this is happening and highlights the advantages of the approach.

Escalating security requirements, the growing risks of breaches and outages, and the shortage of skilled and experienced security staff is forcing businesses to find new ways to make more efficient use of their security specialists. As a result, organizations are directing their security teams to focus on protecting the network from external and internal threats, and increasingly handing over operational tasks to other areas of IT.

I see this as a positive development. However, for this transition to be successful, there are certain processes and conditions that need to be in place first.



Wednesday, 18 May 2016 00:00

HDD vs SSD – which lasts longer?

Many comparisons can be made between a Hard Disk Drive (HDD) and a Solid State Drive (SSD); cost, speed, data storage capacity – there’s no end of areas to consider. However in this post, we’ll be looking specifically at the durability of HDDs and SSDs to assess if there is any difference in life expectancy between the two data storage types.

Physical failures

It’s important to firstly note that any life expectancy figures for HDDs and SSDs alike cannot be 100% guaranteed. These estimates assume manufacturer’s recommended environmental conditions and do not take into consideration extremes of temperature, humidity and physical mishandling. In fact, out of almost 2000 devices surveyed between January and March 2016, at least 30% had sustained some form of physical damage to cause the media to stop working and/or cause data loss.



(TNS) - In a training exercise, the Frederick County Health Department practiced distributing medication to the public last week in a scenario in which thousands may have been exposed to aerosolized anthrax.

According to Barbara Rosvold, director of public health preparedness at the county health department, the drill went smoothly.

The practice scenario involved a widespread release of anthrax through the air, though the department did not specify a pretend source for the release.

In the scenario, the anthrax was detected by a sensor in Washington, D.C., necessitating an emergency action plan in the surrounding areas, Rosvold said.



The Business Continuity Institute - May 18, 2016 17:04 BST

The figures are well rehearsed:

  • 80% of businesses affected by a major incident close within 18 months
  • 90% of businesses that lose data from a disaster are forced to shut within 2 years

And yet it’s somehow unsurprising to find that few SMEs consider business continuity a priority.

Why do businesses avoid crucial planning?

The reasons aren’t hard to find. Apart from total disaster junkies no one particularly likes to think about crises and for most SMEs just surviving is a daily struggle. Keeping all the plates spinning in the air requires 100% attention, who is going to slice out even 1% just to consider a bunch of scary ‘what if’ scenarios?

But perhaps someone senior in your organisation feels the extra effort should be made – perhaps that person is you. What then? Well if potential crisis scenarios are scary then so is the prospect of dealing with business impact analyses, risk assessments and the whole task of writing a business continuity plan. Even the jargon is intimidating particularly for someone with little or no business continuity experience or training.

Large companies employ business continuity specialists, many have a whole dedicated department or can afford to employ outside contractors to help with writing and testing plans. Not an option for most SMEs.

In addition, resilience implies at least some form of contingency - for example a recovery site - and how many businesses can afford duplication when the boss is always trying to find ways to cut costs, not increase them.

The financial case for business continuity

The tried, tested and not always successful counter argument goes like this. If it seems like a lot of time, effort and expenditure to adopt business continuity practices, the cost of these will be as nothing compared to the cost of enduring a catastrophe and its aftermath without a plan.

It can be a persuasive argument, but so can: “Yes I agree, but right now we don’t have time for that, because just in case you haven’t noticed we’ve got 300 orders to get out, Acme Suppliers have just told me they can’t deliver until Thursday, and the wage bill needs to be met at the end of the month.” That can be a pretty persuasive argument too with the result that resilience gets kicked into the long grass.

But here’s the cruel paradox. Big businesses can often withstand a crisis; they have the money, the expertise and plans in place to deal with disruption. SMEs are far more vulnerable and business disruption, even for just a few days, can be terminal given their limited resources and manpower.

Business continuity and business as usual

So what can SMEs do to become more resilient? If the money and effort to produce and test a business continuity plan is either too much to ask or more realistically just not going to happen then what about building business continuity into business as usual? It might also lead to a more efficient workplace.

Instead of writing a BC plan, what about documenting workplace procedures, suppliers, inventories, equipment maintenance along with contact details for staff and external stakeholders? And talking of external stakeholders what about developing key stakeholder templates? Why is this person/company important to us, what services do they provide or what services do we provide them? Add contact details and names and you have a useful document that can be beneficial anytime, not just in an emergency.

Moving things forward

Inventories should include all the equipment your firm needs to get the job done and that even applies to very small businesses that operate from peoples’ homes. If you make a list of all your personal items for insurance purposes, you will likely do the same for computers and other business equipment. Have this list available so if the equipment is lost (perhaps your office is flooded) you know exactly what you need to get back up and running. Keeping that list current will also mean your list of insured items is easily updated.

Personnel changes can cause problems for small firms where far fewer people are available to fill gaps or be promoted. Staff training time will likely be limited so why not document office procedures and job descriptions including roles and responsibilities? Then if crisis strikes and key employees are not available – perhaps they are ill or on holiday – you at least have a clear indication as to what their jobs entail should other staff have to fill the vacancy or new staff are hired on a temporary or permanent basis. Once again you are streamlining office efficiency and will have information in place that will help during an emergency.

What about office security? A couple of years ago UK civil servants seemed to leave laptops on trains and in restaurants with bewildering regularity. That trend seems to have diminished but often a very light touch is displayed when it comes to information security. Once again your office document should include all the encryption and protection protocols your staff are expected to follow.

The same goes for IT back up, particularly now when even smart phones carry huge amounts of sensitive work related content. In many cases procedures for protection and storage have not kept pace with available technology. Make sure yours are up to date and documented.

Small steps with big impact

Writing a document setting out work procedures and job descriptions should not be intimidating for those involved in business. There need be no scary and little understood jargon and will not cost a fortune to produce – just the time taken by those tasked with it’s implementation. The one caveat is that this is a live document and will need constant updating - so someone will have to grasp that nettle and make sure it is reviewed on a monthly basis. If it’s well written in the first place that shouldn’t take too long.

Resilience can seem like a giant step for many small businesses, but good office management should be achievable by any dynamic and well-intentioned SME. Document it and you may not have a full blown BC plan but you’ll have the next best thing, which may well help your business run more efficiently in normal times and might just save your bacon in a crisis – now that’s what I call a return on time invested.

jim.preen@crisis-solutions.com" style="color:#3d9bbc">Jim Preen is a Senior Consultant at Crisis Solutions

The Business Continuity Institute - May 17, 2016 10:43 BST

Resilience professionals around the world… you are a victim of your own success! If your business is resilient (whether by effective planning or pure luck!) you will find that it becomes increasingly difficult to capture the imagination (and attention) of your boardroom.

“It’s just a shame we haven’t had a big incident recently isn’t it?”

Working in what is often considered as a loss centre is tough…I can’t count how many times I have heard that sympathetic statement from senior management when resilience isn’t getting the attention it deserves. Although I remember all too well being flavour of the month during floods, IT failures and employee walkouts. My mobile and inbox were buzzing from virtually all levels of the organisation.

Following those incidents, I would often refer back to them to reinforce the message of resilience and maintain our leadership buy in (usually until about a year later by which point the next hot topic or initiative is in full force). The business memory is incredibly short term in my opinion. You can spot the changes as they happen. The glazed look from the management during briefing sessions, the unattended meetings, and the un-responded emails. Keeping the business on board with resilience activities in peace time is for me one of my long-standing challenges. How do we go about demonstrating value and benefit?

I’ve experienced (and adopted) a few different ways when trying to promote value. Over the years I have tried to combine them all to produce a ‘resilience reporting dashboard’ which at the very least makes it a good start. However, it still feels to me like it needs to evolve to the next level. I’ve explained each approach individually below to show you how I arrived at my recent attempts.

1. The output approach

I assume like many of my peers I have this typical default approach / bad habit which often tends to focus on the overall work undertaken and the ‘effort’ involved. I would regularly report the following to leadership:

  • Number of desktop exercises undertaken
  • Number of call tree cascade tests
  • Number of work area recovery tests
  • Number of crisis management simulation events

More often than not there would be a huge amount of engagement time, document reviews, planning workshops and subsequent output for each and every one of those bullet points, literally hundreds of hours of work. However, what does that really tell the leadership? It would appear to be very little in my opinion.

2. The risk approach

I then took a slightly different approach, deciding to focus on key risk indicators (KRIs). I would regularly report to leadership and rather than highlight effort I would flag if something wasn’t done and comment on the risk of not doing it. For example:

  • Percentage of desktop exercises undertaken against monthly target
  • Percentage of call tree cascade tests undertaken against monthly target

I suppose really all I was doing here is just the opposite of activity reporting and with a monthly target installed. It is useful insofar as highlighting what hasn’t been done but it really doesn’t go any further in explaining to the business the real value.

3. The speed and efficiency approach

In another organisation I’ve tried to focus on performance to help demonstrate value (more specifically incident management with this one). I would report monthly into a senior management team on things like

  • Increasing speed of response
  • Reducing the time taken to close an incident
  • Reducing time taken to establish root cause
  • Reducing time taken to implement corrective actions
  • The leadership did seem to like this method because they like tend to like anything done fast at the best of times, however it still doesn’t necessarily capture much value.


Unfortunately, the concept of value is frequently linked to, and mistaken for ROI (return on investment). This is a widely used business term in which a calculation is made based on the overall expenditure of a product/service/system against its potential or actual financial yield. However, resilience activities are an overhead or at the very most an unofficial insurance policy. But what if it never happens? It’s just a shame you haven’t had a recent incident eh?

Ultimately anyone can report on output, efficiency and risk if you combine the above methods and you can find someone willing who is half decent at PowerPoint and Excel. However, capturing ‘value’ is an extremely difficult thing to achieve. The term itself is subjective and will often depend on your sector, the organisations risk appetite, your C-suite sponsors background and interest among many other different factors. I personally haven’t arrived at the next level but I’d be ready and willing to thrash out a few ideas with anyone who wanted to!

US data center REITs reported record leasing for the year’s first quarter, attributing their success primarily to a digital land grab by public cloud giants, who are racing to expand capacity.

The biggest data center providers are now operating in uncharted waters. The rising tide of public cloud deployments, combined with the paradigm shift in enterprise IT toward hybrid architectures, which combine cloud services with colocation, has created a perfect storm of demand for providers.

According to Equinix CEO Steve Smith on his Q1 earnings call, “Interconnection-oriented architectures represent a fundamental shift away from centralized, legacy enterprise IT models to distributed and dynamic models.”



RIDGELAND, Miss. — Disaster survivors in Mississippi who apply for assistance with the Federal Emergency Management Agency and are referred to the U.S. Small Business Administration are advised to submit an SBA loan application to ensure that the disaster recovery process continues.

If you are a homeowner or renter and SBA determines you cannot afford a loan, you may be considered for FEMA’s other needs assistance program, which provides grants for disaster-related medical and dental care, funeral costs and vehicle repairs. Survivors may also be eligible for assistance from other organizations.

There is no requirement to take out a loan if one is offered from SBA.

Next to insurance, SBA is the primary source of funds for real estate property repairs and replacing lost contents following a disaster. Renters and homeowners alike may borrow up to $40,000 to repair or replace clothing, furniture, cars or appliances damaged or destroyed in the disaster. Homeowners may be eligible for low-interest loans up to $200,000 for primary residence structural repairs or rebuilding.

May 24, 2016, is the last day survivors can register with FEMA and apply for SBA disaster loans for physical damage.

Loan applications may be submitted online at https://disasterloan.sba.gov/ela/ or mailed to:

U.S. Small Business Administration

Processing and Disbursement Center

14925 Kingsport Rd.

Ft. Worth, TX 76155-2243

For additional information, contact the SBA Disaster Assistance Customer Service Center at 800-659-2955 or TTY 800-877-8339, email DisasterCustomerService@sba.gov or visit sba.gov/disaster.

Survivors with questions regarding the FEMA application or appeal process, or who need to register for assistance, can go online to DisasterAssistance.gov or call 800-621-3362 (voice, 711 or relay service). (TTY users should call 800-462-7585.) The toll-free lines are open 7 a.m. to

10 p.m. seven days a week. Multilingual operators are available.

For more information on Mississippi disaster recovery, visit www.fema.gov/disaster/4268 and www.msema.org.


FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-3362 (voice, 711 or video relay service). TTY users can call 800-462-7585.

The U.S. Small Business Administration is the federal government’s primary source of money to help business of all sizes, private non-profit organizations, homeowners and renters rebuild and recover after a disaster. SBA low interest disaster loans repair and replace property losses not fully compensated by insurance and do not duplicate benefits of other agencies or organizations.

To remain competitive in an increasingly competitive world, it is important to continually seek opportunities to boost operational efficiency, reduce expenses and improve the bottom line. Within every corner of business, improving efficiency is a never-ending journey.

As a significant capital investment, data centers are often under the microscope when it comes to improving performance. Within the industry, there is little doubt that data centers need to run as efficiently as possible to avoid tying up valuable (and often, unnecessary) company resources. In our business, we talk to data center managers every day and hear from them about their successes and frustrations when it comes to improving data center efficiency. It is evident from these conversations that there are five key areas where improvements can be made. Most importantly, these areas don’t require a lot of internal bandwidth but if done right, will go a long way towards an optimized data center.



We now live in a data-driven world, where everything we do creates data or is based on decisions informed by data.

From the way we use the heating in our homes, through to the information pilots flying planes across the world can receive, it is omnipresent in almost everything we do. Despite this, the changes have been minimal for many in terms of their daily lives.

In the business world though, the use of data has had a huge impact, revolutionizing several industries and changing the face of many others. Below, we look at three of those that have had been impacted the most.



Data center design and construction has been pushing through a number of barriers lately, a product of virtualized infrastructure and the prevalence of high-speed connectivity to remote areas of the globe.

But as increased reliance on cloud computing leads to greater deployment of hyperscale infrastructure, it is hard to see how some of the more far-out designs will make a significant impact on the broader data ecosystem going forward.

Microsoft made a big “splash” (sorry) earlier this year when it deployed a submersible data center at Cal Poly Pier in the San Luis Obispo (California) Bay. The 10x7 foot capsule weighed about 38,000 pounds, according to the local Tribune newspaper, and had relatively modest computing capabilities, roughly equivalent to 300 desktops.



Late last year, Gemalto released a report that found that the health care industry leads the way in data breaches. As Healthcare IT News reported then:

The key finding is perhaps that the healthcare industry had 34 percent of its total records breached, amounting to 84 million data records compromised, the highest rate of any industry. Government accounted for the second highest rate of breaches at 77.2 million records lost, or 31.4 percent.

I bring up last year’s numbers because a new report from Ponemon Institute shows the seriousness of cybersecurity failures in the health care industry. According to the study, an overwhelming number of health care organizations  – 89 percent – admit they were the victim of a data breach, and half of those attacks are caused by cybercriminals, an increase of 5 percent from last year’s report. The other half are from the usual suspects – employee mistakes, stolen or lost devices, and third-party issues.

Also, we’re seeing that the health care organizations continue to struggle with security issues even after they’ve been breached: Seventy-nine percent of organizations claim they have been breached twice and nearly half said there have been multiple breaches.



State Offers Ideal Environment for Data Centers

Texas continues to be one of the best states in the country for business. With the lowest per capita tax rates in the nation, cutting-edge infrastructure, excellent schools, and a skilled workforce, many corporations are relocating to Texas. Importantly, the unemployment rate in Texas was 4.4 percent for February 2016 and has been at or below the national rate for 110 consecutive months.

Texas’ transportation infrastructure enables easy movement of commercial goods. The state hosts 26 commercial airports, 46 freight railroads, 11 interstate highways, and 624 miles of coastline with 16 ports of call.



have never let my schooling interfere with my education – Mark Twain (unverified).

Everything has its limit–iron ore cannot be educated into gold. – Mark Twain (verified)

Board members believe they know what they need to know. That is why they were asked to serve on the board. Unfortunately, like many issues today, confidence does not mean competency.

Corporate boards are increasing their focus on compliance issues. Unless a board member has prior experience in the field, the board has to be trained on compliance and has to “learn” how to oversee and monitor compliance issues. As I use the term “board,” the focus is on the specific board committee responsible for oversight of the compliance function.

The Chief Compliance Officer has an important role in this process. The CCO has to recognize the importance of the “teaching” moment. Every piece of compliance information has to be subject to a test – “what is the importance of this information” to oversight and monitoring of a company’s compliance program.



The second, slightly subtler but possibly more important, is that employees working with their favourite devices tend to be more productive. On the other hand, mobile security issues may keep IT managers awake at night.

What might help them to sleep better is to consider that a psychological element of BYOD might be helping to improve security, instead of hindering it.

People who use their own, personal devices for work are less likely to do something ill-considered on those devices than on a device issued by their employer, according to a recent survey. After years of employers beseeching employees to treat company property “as if it were your own”, BYOD has employees doing just that, at least for computing devices.



Plummeting oil prices, natural catastrophes and political disruption in a borderless business environment are some of the threats to the resilience of countries that can impact supply chains, according to the 2016 FM Global Resilience Index, which aggregates data to help companies identify their key supply chain risks. The Index ranked the resilience of 130 countries to supply chain disruption based on drivers in three categories: economic, risk quality and supply chain factors.

This year’s top-rated country, Switzerland, traded places with Norway—a reflection of Norway’s drop in oil revenue at a time of falling crude oil prices. Rounding out the top 10 in the Index, in descending order, are Ireland, Germany, Luxembourg, the Netherlands, the central United States, Canada, Australia and Denmark.

The lowest-ranked country in 2016 is Venezuela (ranked 130) for the second year in a row. It is followed in ascending order by the Dominican Republic, Kyrgyz Republic, Nicaragua, Mauritania, Ukraine, Egypt, Algeria, Jamaica and Honduras.



The Business Continuity Institute - May 14, 2016 14:32 BST

What’s the ROI on that?” is one of the most common questions management ask when evaluating business programmes and projects. When it comes to business continuity programmes, the answer is often “Well, there’s not really any ROI unless you experience a major disaster, and we haven’t experienced one yet.

Because of this perceived lack of immediate value, budgets often get diverted away from business continuity to other projects that produce more tangible results. In fact, 49% of businesses don’t even have a comprehensive business continuity plan, leaving their entire company at risk because of the lack of an obvious ROI.

But what you may not realize is that your business continuity programme is almost guaranteed to produce ROI for the following two key reasons.

Disasters are increasing in frequency

Research from ITS reveals that floods and severe storms – such as Desmond and Katie – are increasing in frequency and have the potential to cost billions of pounds in damage. Even seemingly mundane incidents such as burst pipes have also proven disruptive to UK businesses. In July 2015, for example, a burst pipe cut power to the Royal Berkshire Hospital and caused flooding, resulting in the A&E closing to all but critical patients.

Investing in the forward planning required to cope with these incidents can save valuable time, protect the organisation’s revenue and preserve its customer base. Advance planning also gives you time to test the solutions you’ve invested in to help keep your business moving forward.

Today many businesses believe 'set it and forget it' disaster recovery as a service (DRaaS) solutions provide enough protection from disasters. However, simply moving data off-site isn’t enough to protect your IT infrastructure. To avoid wasting money on a product that doesn’t work in the face of a disaster, it’s important to work with your DRaaS provider to test the solution and have a plan for coping with power outages and other consequences of a disaster.

Business continuity planning improves your day-to-day operations

While having a business continuity programme can help you protect your revenue after a man-made or natural disaster, you don’t have to experience a disaster to reap the benefits.

The foundation of a profitable business continuity programme is the business impact analysis (BIA). During this process, you’ll assess and prioritize critical business processes, employee roles and technology. As you take a closer look at the inner workings of your business, you’re likely to discover new opportunities for cost savings or even revenue generation. If you work with a consultant who can provide an objective business continuity assessment, you’re likely to find areas for improvement within your company.

Here are just a few ways business continuity planning can help you realize ROI on a day-to-day basis:

  • Identify and phase out archaic processes, such as those involving paper-based workflows and manual data entry.
  • Shorten project and revenue cycles by eliminating unnecessary touchpoints in critical processes.
  • Decrease vendor investments by identifying products and services that can be bundled, thus reducing the number of vendors you work with.

As you can see, having a business continuity programme in place helps you protect your revenue in case you’re affected by a disaster (and the odds of being affected by one are increasing as disasters become more frequent). But business continuity planning isn’t just about preparing for disasters. An effective plan can help you make your processes more efficient, reduce revenue cycles and streamline vendor management.

You’ve been warned: skimping on your BC/DR budget might not save you the money you think it will.

Matt Kingswood is the UK Head of ITS

Monday, 16 May 2016 00:00

BCI: More than money

The Business Continuity Institute - May 15, 2016 14:22 BST

If you could imagine, a rubber ducky inside a plastic paddling pool full of water, in an emergency control centre made during the cold war. This image might not automatically trigger thoughts of a professional business continuity exercise, however that’s exactly what it was. As a local authority our approach to business continuity is a little different; 1) because we have a statutory duty to do it and 2) because we don’t tend to focus on money and profit in the same way a private company would – but that’s not to say that we don’t still get a return on our BC investments.

Back to the rubber ducky, this scenario was part of an exercise we ran with our internal museums service to test what they would do if some of their artefacts were water damaged. (Don’t worry we didn’t actually use any real artefacts… they wouldn’t let us). It helped test practices and procedures, but most importantly it highlighted to those staff playing the importance of their BC plans for the company as a whole, and ultimately their livelihoods.

Often when people think about business continuity they tend to think about saving big bucks and less about the costs which are not monetary based. There is a phrase that habitually goes around the BC community that £1 spent on preparedness will save £8 on response, and whilst I don’t doubt that is true, often it is hard to find out whether or not that is the case.

Using the example above there was very little in regards to investment (a borrowed child’s paddling pool and a few buckets of water), however the return on investment could very well be priceless as most of the artefacts in the museum are irreplaceable. Knowing what to do, who to call and how to achieve their plans is crucial in any response and goes to show that BC really does add more value that can be recorded on a ledger.

Livelihoods is something which often doesn’t get mentioned as prominently, we focus on getting the business back up and running, but don’t appreciate that if that doesn’t occur people will lose their jobs, their houses and their ability to cope with financial pressures. During our duty officer roles here at the local authority, we come across a wide range of emergencies that often dip into the realms of business continuity.

How can you put a price on a life? More importantly how would you quantify what you have invested versus the cost of a life. I suppose the answer is that you can’t (granted that might not be what the budget holders out there want to hear). Fire emergencies have been topical across the West Midlands recently with a number of major scrap yard fires. We’ve worked closely with our fire service colleagues to help produce robust and dovetailing BC plans to help ensure that their potentially life-saving services can be maintained during disruptive events and that we can provide wider support if needed. Without the investment of time, money and expertise these plans wouldn’t have been achieved. Sure the investment may be larger here, but still not significant. Producing and maintaining a plan won’t break the bank and when the result is the continued provision of life-saving skills, ultimately the investment return is worth far more than just money.

Within local government, making money is not as high on our agenda as it is for private companies but what we do achieve is significant. The services that we provide to the people within our patch can be life changing, ranging from social housing to providing a fire fighting service and all of which requires robust BC plans, as the alternative is not worth thinking about. We work hard to strive for these plans, and can offer our expertise and time to assist those private companies so that all our communities can be resilient and prepared.

Josh Adams is the Resilience Officer, and Tom Knibbs is the Senior Resilience Officer, for the Coventry, Solihull and Warwickshire Resilience Team

The Business Continuity Institute - May 15, 2016 19:04 BST

In mythology, the Muses were nine goddesses who symbolised the arts and sciences. Today, a muse is a person who serves as an artist’s inspiration to produce the best work they can.

Utilising this device is quite useful when I am developing and writing BC plans on behalf of organisations and departments. I find it helps to focus the plan.

Whether the organisation is one of manufacture or of service delivery, I have two muses in mind.

They are both anxious people.

The first is the person that has called and needs one of the organisation's key services or products.

The second is the person who works for the organisation and has to deliver that key service using the business continuity plan.

For me, business continuity is as simple as that, and all about people. Everything else comes from looking after the two muses. Profitability, sustainability, market share and all of the other things attached to business and services follow on from this approach.

I think that in order to get the best value and return on investment from BCM, we have to be in it for the long term. One might even call it, investing for the future.

Organisations may well see an immediate short term ROI if they face an early disruption and the BC plan comes through. Many teams would see this as a result, and be happy. However, this kind of result may well be what we are looking for in a plan, but in my view simple recovery is a superficial return, and not where the real added value lies.

So what then is the real value of BCM?

Well, a long term BCM programme can produce:

  • Social capital from the workforce
  • A loyal customer base
  • A reliable and trustworthy reputation
  • Team Confidence to face the slings and arrows of the real world
  • Customer confidence
  • Organisational strength

Now that is priceless.

John Ball AFBCI is the Business Continuity Coordinator at Sussex and Surrey Police.

The Business Continuity Institute - May 16, 2016 15:11 BST

This year’s Business Continuity Awareness Week theme got me thinking about what return on investment means to me. The question of what business continuity is worth to an organization has been around for at least as long as I have been practising and probably longer. When I first got into BC in 1989, the major Canadian Bank I was working for had recently concluded a huge initiative to build a second data centre, at a cost of $20 million, a tidy sum in those days. With the creation of a second site, built explicitly to house Development and provide disaster recovery for technology, the focus shifted to business recovery and the development of unit plans to address disruption of business functions.

I was not involved in the original cost benefit analysis to justify investment in a state-of-the-art, oversized data centre, featuring lots of redundancy throughout its infrastructure. But I do recall from subsequent discussions that management had no trouble convincing the Board that the outlay was well worth it, just to mitigate the obvious risk of having all systems housed in a single facility without back-up. There was no risk department in those days, so the decision to proceed was not a formal outcome from a risk assessment, just top management applying sound business judgment.

Fast forward a few years and I was now working for a new company providing data processing for multiple banks. Having started off with multiple data centres, thus providing layers of redundancy, the company’s mission was to save money by closing down as many of them as possible and achieving economies of scale to improve the bottom line. That cost benefit analysis must have seemed highly attractive, from a profit standpoint, but what went missing in the strategy was a risk-based perspective on how the downsizing initiative was progressively compromising recovery capabilities. The ultimate irony struck in 1999 when the company decided to downsize its head office staff by 10 per cent in one swipe, to provide expense relief and improve its bottom line, for its owner banks. So my whole department of three was made redundant – no more business continuity function! Simultaneously it was a humiliation and a silver lining. Who wants to work in a company with such narrow vision?

Ever onwards... a few years later still I was working for a financial utility providing clearing and settlement for the exchanges and securities industry. By now, BCM was squarely aligned with risk and top management understood. Investment in good DRP and BCP was a given and under heavy regulatory scrutiny, we were continually seeking improvements. What a joy to work in a company where 2-hour RTO and synchronous data mirroring (0 RPO) were embraced as smart business practices.

Soon after I arrived there, we experienced one of the biggest power failures ever in North America. On the 14th August 2003, an area 1,000 miles wide and a population of 50 million lost grid power on a hot summer afternoon. Happily for us, the failure occurred 11 minutes after completion of the daily settlement cycle, so $250 billion of payments were safe and sound. Two immediate observations: our diesel generators (data centre and office) did their job, so all critical equipment and key business staff remained functional. Had the failure occurred earlier, before the deadline, we would probably have been alright anyway, perhaps experiencing a minor delay in completion of the settlement.

Even though we avoided major impact from that disruptive event, thanks to smart investment in power redundancy and lucky timing, I was embarrassed years later when a Toronto newspaper published a supplement on disaster recovery and featured my experience as a lead story. Front page headline: “Rising from the Blackout.” Sub-title: “How Des O’Callaghan saved his company – and billions of dollars – in the power outage of 2003 with business continuity planning.”

In the inside article “Keeping your cool in meltdown mode,” I received undeserved plaudits for how the incident was handled. The truth is the main reasons we were unscathed were decisions previously made to invest in risk mitigation by implementing high end systems, advanced storage solutions and power redundancy. Yes, we did a good job of managing the crisis and communicating with stakeholders, but I did not actually save the organization a penny. I have come to realize that ROI on business continuity really is just the protection of an organization from unacceptable impacts of adverse events.

Investment in BCM should be viewed in the same way that we regard 'investment' in human resources, or the legal department, or technology infrastructure, or building insurance. Running a healthy, resilient enterprise requires investment based on prudent business judgment, not just financial expenditure. Should we be smart with how we spend money? Of course, but allocation of real resources to strengthen operations and mitigate risk should be considered on the same plane as other investments, such as recruitment, training, marketing and many other corporate expenses. Anything contributing to organizational resilience is a worthwhile investment.

Des O'Callaghan FBCI is one of the leaders of the BCI's Greater Toronto Area Forum and a member of the BCI's Global Membership Council

It’s been nearly a year since Rackspace announced Fanatical Support for Microsoft Azure, which we launched to assist customers who want to run IaaS workloads on the powerful Azure cloud, but prefer not to architect, secure and operate them firsthand.

Our launch of this offering marked an important expansion of our strategy to offer the world’s best expertise and service on industry-leading technologies, and is a natural progression of our 14-year relationship with Microsoft.

As momentum continues to build with our Azure customers here in the U.S., we’re now pleased to offer the same service and support to an even larger customer base, with the Unlimited Availability launch of Fanatical Support for Azure across our European regions: UK, Benelux and DACH.



The Business Continuity Institute - May 13, 2016 08:41 BST

Britain’s businesses are being urged to better protect themselves from cyber criminals after research by the UK government into cyber security found two thirds of large businesses experienced a cyber breach or attack in the past year.

The Cyber Security Breaches Survey found that while one in four large firms experiencing a breach did so at least once a month, only half of all firms have taken any recommended actions to identify and address vulnerabilities. Even fewer, about a third of all firms, had formal written cyber security policies and only 10% had an incident management plan in place.

From this, it is clear to see why cyber attacks and data breaches rank as the top two threats to organizations, as highlighted in the Business Continuity Institute's latest Horizon Scan Report. The vast majority of respondents to a global survey (85% and 80% respectively) expressed concern about the prospect of these threats materialising.

Ed Vaizey, UK Minister for the Digital Economy, said: "Too many firms are losing money, data and consumer confidence with the vast number of cyber attacks. It’s absolutely crucial businesses are secure and can protect data."

Despite the doubling of data breaches in the banking, credit and financial sectors between 2014 and 2015, most IT professionals in financial services are overconfident in their abilities to detect and remediate data breaches. According to a new study by endpoint detection, security and compliance company Tripwire, 60% of these professionals either did not know or had only a general idea of how long it would take to isolate or remove an unauthorized device from the organization’s networks, but 87% said they could do so within minutes or hours.

When it comes to detecting suspicious and risky activity, confidence routinely exceeded capability. While 92% believe vulnerability scanning systems would generate an alert within minutes or hours if an unauthorized device was discovered on their network, for example, 77% said they automatically discover 80% or less of the devices on their networks. Three out of 10 do not detect all attempts to gain unauthorized access to files or network-accessible file shares. When it comes to patching vulnerabilities, 40% said that less than 80% of patches are successfully fixed in a typical cycle.

The confidence but lack of comprehension may reflect that many of the protections in place are motivated by compliance more than security, Tripwire asserts.



When a crisis strikes, an emergency action plan can be all that stands between a timely, orderly response and chaos. When it comes to your own plan, how prepared is your organization for the myriad of threats it faces?

Considering that nearly two-thirds of organizations report having activated their emergency communications protocols at least once in the previous year, it’s clearly important to have an actionable, up-to-date plan. Faced with a growing number of potential threats, it’s no wonder that many organizations are moving away from the traditional, hard-copy methods of emergency planning to a more advanced, technologically-savvy approach, using mobile apps as a key component for housing, updating and distributing their plans.

Before the next crisis hits, now is the time to ask yourself if your own organization would benefit from doing the same. To guide your decision, let’s take a look at some of the key benefits of moving your emergency action plan from binders to a mobile app:



(TNS) — Research groups nationwide churn out hurricane forecasts as fast and furious as the spin of a tropical cyclone as the June 1 start of storm season approaches.

Already, at least four predictions have been issued, with the big daddy of all storm forecasters — the National Oceanic Atmospheric Administration — waiting until May 27 to offer its guidance.

But National Hurricane Center Director Rick Knabb, who spoke Wednesday at the Governor's Hurricane Conference in Orlando, criticized forecasts that are overly specific about how many storms will hit the U.S. and where.

His concern: People won't prepare if they believe they aren't on the hurricane hit list.



AUSTIN, Texas – Texans who suffered damage or loss from the April flooding and were referred to the U.S. Small Business Administration could lose some income-based FEMA grants if they don’t complete and submit SBA’s loan application.

Other Needs Assistance grants may cover uninsured losses for furniture, appliances and other personal property, even vehicles. Survivors will not be considered for this type of assistance unless they have completed and returned the SBA loan application.  The information on the application is used to determine eligibility for income-based assistance.

Applicants from Austin, Colorado, Fayette, Fort Bend, Grimes, Harris, Liberty, Montgomery, Parker, San Jacinto, Waller and Wharton counties should complete the SBA loan application, even if they don’t want a loan.

“If you don’t complete the SBA loan application, you could be leaving ‘money on the table’ for your recovery,” said Federal Coordinating Officer Kevin Hannes, who is in charge of FEMA’s operations in Texas. “We use that application to check eligibility for additional grants.”

Some types of Other Needs Assistance—medical, dental and funeral expenses—are not SBA dependent and completing the loan application is not required. However, it is always recommended by recovery experts.

SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property, offering low-interest disaster assistance loans to businesses of all sizes, private nonprofit organizations, homeowners and renters.

Survivors should start the loan process as soon as possible, and those who qualify for an SBA loan are under no obligation to accept it.  If approved and the loan is not accepted, the survivor may be ineligible for additional federal assistance.

Submit an SBA loan application even if you are waiting for an insurance settlement.  You may be able to begin your recovery immediately with a low-interest SBA disaster loan. The loan balance will be reduced by the settlement from your insurance. SBA loans may also be available for losses not covered by insurance.

Homeowners may borrow up to $200,000 from SBA to repair or replace their primary residence. Homeowners and renters may borrow up to $40,000 from SBA to replace personal property.

Businesses may borrow up to $2 million for any combination of property damage or economic injury. SBA offers low-interest working capital loans (called Economic Injury Disaster Loans) to small businesses and most private nonprofit organizations of all sizes having difficulty meeting obligations as a result of the disaster.

Disaster loan information and application forms are also available from SBA’s Customer Service Center by calling 800-659-2955 or email disastercustomerservice@sba.gov. Individuals who are deaf or hard‑of‑hearing may call 800-877-8339. For more disaster assistance information or to download applications, visit sba.gov/disaster. Completed applications should be mailed to: U.S. Small Business Administration, Processing and Disbursement Center, 14925 Kingsport Road, Fort Worth, TX  76155.

Texans can register online at DisasterAssistance.gov or by phone at 800-621-3362 (FEMA). Persons who are deaf, hard of hearing or have a speech disability and use a TTY, should call 800-462-7585. Those who use 711 or Video Relay Service, call 800-621-3362.Toll-free numbers are open from 7 a.m. to 10 p.m., seven days a week. Multilingual operators are available.

For more information on Texas recovery, visit the disaster webpage for the April storms at fema.gov/disaster/4269; or visit the Texas Division of Emergency Management website at txdps.state.tx.us/dem. Follow us on Twitter @femaregion6.

# # #

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Securing patient data is a critical mission for Healthcare IT Leadership. Each and every year, countless dollars, thousands of man hours, numerous programs and myriad teams are dedicated to this charter of protecting patient and privacy information.

At Citrix, we understand. You could even say that mandating data security is in our DNA. Every product that Citrix builds reflects the core mindset ‘The Secure Delivery of Apps and Data on any device, on any network, at any time!’ It’s that simple!

In this blog post, I’d like to outline both the security that is inherently built into our XenApp and XenDesktop products and the new feature sets we continue to add throughout our product releases. This is what enables us to deliver secure data where and when you, our customers, need it.



The American Society of Health-System Pharmacists (ASHP) is a leader in the pharmacy sector, providing advocacy, career services, continuing education, meetings/conferences, publishing products, and residency training accreditation. For Gregory Smith, ASHP’s CIO and vice president of Information Technology and Operations, the cloud has enabled his staff to identify what their competencies should be, and to develop those core competencies by delegating other things to the cloud.

“I empowered my team to think differently about what we do and what our core competencies should be,” said Smith, who oversees all technology, software development and integration for new products, e-commerce platforms and operational support, including customer service to members. “Initially, we were doing too much across the spectrum and, as a result, had to try to become experts in too many technologies. We’ve pushed non-core competencies out to vendors where it’s their core competency and shrunk our core to focus and increase expertise.”



This country has already defended and strengthened itself over the centuries against the sea, staking out territories for habitation and farming that would otherwise be under water. The idea of the dyke, the fortification to keep the enemy out, is now being applied in the war against cyber-crime.

To a certain degree, Dutch skills in cyber-security are natural, in that the nation already has a past steeped in similar threats and skills. However, that does not mean that other, landlocked nations have to be at a disadvantage.

Although dykes, windmills, tulips and bicycles make a romantic picture of the Netherlands, the realities of Dutch cyber-defence are different. There are three key aspects that help the country stay virtually strong.



The Business Continuity Institute - May 13, 2016 16:23 BST

Supply chain resilience is a topic that has been debated considerably over the last few years, which has resulted in attempts by various institutions to provide guidance on or standards for discrete elements of the topic. Ensuring greater resilience in your supply chains creates a greater value for money proposition than a supply chain that is fragile and frequently creates disruptions to your business. Understanding exactly what you are paying for in terms of resilience, and using that knowledge to create appropriate levels of investment in supply chain resilience, will give you a competitive advantage.

Procurement includes the management of risk within the category of spends or market being managed by the procurement professional. Supply chain resilience is a component part of overall organisational resilience and contains within it, elements of risk management and business continuity management. Procurement includes all of these components and more, taking into consideration such components as financial resilience, human resources, health and safety, fraud, slavery, sustainability and corporate social responsibility.

For example, what is the appropriate way to analyse the current levels of resilience within your supply chain, for those you are in contractual relationships with? How will you migrate future procurement competitive bidding processes to include resilience assessed total cost of ownership?

How can you add value by exposing the costs associated with investment in resilience within your supply chains and make a calculated informed judgement as to if you are paying the appropriate costs, too much or too little.

Undertaking a more objective calculation of the risks in your supply chain to understand the onerous costs of a supply chain disruption and the cost benefit analysis associated with reducing the chance of a disruption or recovering from one.

How to utilise good practice when analysing the market and going through prequalification to achieve shortlists?

Understanding the costs associated with service level agreements for business as usual within a contractual arrangement and expectations of service during a disruption. Calculating the costs and the cost benefit of adding specific risk and business continuity terms and conditions within a request for offers be it quotations or formal tenders, public sector or private sector and how will this affect you as a bidder?

What methodology would you undertake to utilise resilience as a distinguishing factor when undertaking bid analysis, negotiations and best and final offer due diligence?

How do risk mitigations and continuity responses feature in supplier relationship management and are they embed in contractual relationships appropriately and adequately reflected in supplier relationship management information, through self -assessment or quality audits.

Finally will your internal or external auditors in undertaking an audit of supply chain resilience give you a clean bill of health on managing risk and continuity issues appropriate to your corporate objectives and corporate risk appetite? Does your corporate attitude to risk and continuity reflect the wishes of your 'Top Management' Executives and Audit Committees

David J. Window is a CIPS Senior Consultant and Head of Supply Chain Resilience. Discover more about the return on investment of supply chain resilience during David's BCAW webinar on the 16th May. Click here to register.

The Business Continuity Institute - May 12, 2016 09:44 BST

Let’s be honest, we all get annoyed at the constant challenge to justify our existence. I don’t hold with the commentators who say that business continuity is always a cost centre, insurance buy or grudge purchase. It makes me mad... but that’s not difficult.

So inevitably, we all have to talk the language of value and savings. This is a shame because incredibly important elements like safety of staff in emergencies, public perception, legal compliance and positive risk taking can all get pushed to the sidelines when there’s pressure to ‘put a figure on it’, as these softer elements are notoriously difficult to quantify. My advice is don’t pander to the bean counters and do shamelessly exploit the soft targets too as part of any justification. But that’s a different conversation to this one - So if you do need some hard numbers then read on...

Here are a few ideas for ‘fingertip figures’ - one for each finger if you will, to amaze your colleagues and turn the discussion into one about how you are really indispensable, in case they hadn’t realised. These are taken from the coal face of real life and incidents… the experiences that your executives may not have seen and from which they are cocooned by their middle managers. Move that discussion on from mere expense to pure savings, losses avoided and returns.

I don’t bother with the reason for the disruption here: fire, flood, and supplier issue, whatever… you add that bit based on your own organisational aims, risks and recent experiences. And don’t allow anyone to tell you it can’t happen here… make sure you sell the function long and not short! Don’t be shy in ‘annualising’ any figures based on the incident rates as well as also using the single incident or ‘spot’ figures.

  1. Reputation reputation reputation: It’s a reputation thing... what’s 5% of your capital and share value on the markets? What if you lost that 5% due to losing the trust of your customers or badly disappointing them and having to pay them reparation or compensation? What could that compensation amount to? Remember Mitsubishi and BMW!
  2. Customer is king: What’s the value of one day of lost sales from customers not being able to contact you through all those whizzy new channels - web, chat, twitter, email … I could go on… and I haven’t even mentioned the humble telephony call centre. It’s all blended now! Unified Communications it’s called …. make sure you know both how and through whom your customers talk to your business and an averaged value of business written in one day. Then, which days are the hot spots?
  3. Recovery royalties: What’s the value of the losses avoided because you were able to recover that business process much faster with a pre-tested plan? Any time saved = costs saved and avoided... direct and indirect. Heck, you are so good that you actually managed to avoid the disruption happening in the first place, or growing to a full blown event, because the Recovery Team met as soon as the potential arose... you ‘headed it off at the pass’... what was the value of that bigger event not landing?
  4. Crystal ball: Your predictive powers are legendary! How many times did the exercise scenario you facilitated suddenly become prescient when the real thing threatened or landed later? The team knew immediately what to do and who to involve, saving time in the recovery and avoiding larger damages and impacts. Remember; don’t let anyone say ...’it can’t happen here’.
  5. Contract creative: What did you save on that review of the off site recovery contract this year? Get a fixed price for three years? Knocked out the unnecessary seats and systems because your Impact Analysis is so good? What’s the difference from standard market rates for the contract life? [Incidentally - did the last time you used the off site recovery for real actually pay for itself? Yes? Good – then make sure you tell that story. How many days use would do that? What do you think would be a good figure for this? Two days, three, five, more?]
  6. Resource reasonable: Remember the costs saved on IT Systems resources and availability and resilience measures: due to the business owner accepting a longer but reasonable RTO after your intervention - instead of living with ‘I can’t do without it ‘or ‘I need it in two hours’. Did you align your business process RTOs to IT System RTOs or vice versa and save on costs?
  7. Champions on the field: So you’ve embedded the BC lifecycle using champions for analysis and plan maintenance etc. out there in the business - they understand their business activities intimately. What would that equivalent work cost in full time employees or contractors?
  8. Love your neighbours: Those local mutual aid arrangements with neighbours - and cross unit relocation plans - how much is that worth in the alternatives - off site service costs and welfare costs during any emergency? Over one day, two days?
  9. Analysis anticipation: Your BIAs are awesome - How many operational risks did you uncover during your BIAs - which are now on the organisation's Risk and Governance Register for effective treatment so they never materialise? You pointed out some rather embarrassing holes in the operation! What if they had landed: did they have an annual probability value of 1 = certain? What costs avoided here? Halve this number for a probability of 0.5, i.e. once every two years etc.
  10. Brilliant value: Now compare the annual total of all the above with the gross salary of your BC Team – one is peanuts in the comparison - and it won’t be the sum saved! And I bet no one would agree to pay you an annual bonus based on 10% of savings either! If anyone has tried this tack, I really want to hear from you!

Discuss: I hope some of these sound at least familiar, or prompt you to look again at the good work you naturally do, for which you can then express a value. I’m certain you have your own golden keys to the justification debate – share them!

Neil Wainman MBCI is the Business Continuity Manager at E.ON.

The Business Continuity Institute - May 12, 2016 16:52 BST

I have been involved in disaster business resilience since the 1980's. In that time, I’ve seen it go through the phases of disaster recovery, business continuity and now business resilience. Y2K (remember that?!) gave it a major boost – then nothing considerable happened. Terror campaigns in the UK and USA then the pandemic 'flu scare in 2006-7 also kept it in the C-suite's mind.

Again the number of organisations directly impacted by these were relatively small.

Then came the financial crisis of 2008 squeezing the budgets of both governments and large financial institutions who had been previously big investors in business continuity. As nothing such had happened despite the above “crises” it seems that senior management felt business continuity was an area ripe for savings.

Team sizes were slashed and investment cut. Business Impact Analyses (BIAs) were largely abandoned as expensive, resource intensive exercises that in a fast changing business world were out of date before they had written up their results. The way of identifying the benefits of investing in business continuity had been axed arguably accelerating its decline.

However, in the same period the complexity of organisations and their supporting IT systems has increased. Outsourcing/strategic alliances resulting in supply chains that span the planet are common and legacy IT systems are stitched into new, end user facing web channels. Added to this, the rate of change is accelerating as organisations try to address greater demands for flexibility from the consumer or citizen whilst fending off new entrants in the private sector or budget cuts in the public sector.

Looking around at the organisations I deal with, it seems that everywhere business resilience professionals are struggling to do more, with less. The threats are still there, events such as terrorist attacks and severe weather are happening almost weekly.

So why aren't we seeing a resurgence of investment in business resilience?

Partly I suspect that the impacts of realised threats are not widespread enough to overcome the perception that the risks are small, won't happen to 'us' and anyway they're 'someone else's problem' (such as the government or an outsourced supplier). This, coupled with a marketplace which is stagnant in many areas, means there is a reluctance to invest money in the “insurance” of business resilience.

So, how can we, as business resilience professionals, address this?

Well we have to take up the challenge of doing 'more with less'. We have to be able to tackle the increased rate of business change, increased complexity and get back to a realistic understanding of the real business needs without employing large and expensive teams to plan for and manage our way through crises.

In other areas of work, organisations have exploited automation to improve efficiency. Look at the Industrial Revolution tackling human manual work and the computer revolution of the 1950s and 1960s reducing the cost of administrative effort. When did you last see a typing pool or payroll clerk with a tabulating machine?

Sure there have been software packages to automate data gathering and the administration of the Business Continuity Management System, but is that where the costs lie?

Are there better approaches emerging that could help us with the information gathering and contextual analysis plus the more efficient handling of adverse events?

We are starting to see these come through. It's early days yet but I am sharing my thoughts on developments as well as some ideas on approaches to get investment in these made available on my Business Continuity Awareness Week webinar on the 18th May. I invite you to join today.

Tony Perry is a Senior Managing Consultant at IBM.

Cybersecurity requires a specialized skillset and a lot of manual work. We depend on the knowledge of our security analysts to recognize and stop threats. To do their work, they need information. Some of that information can be found internally in device logs, network metadata or scan results. Analysts may also look outside the organization at threat intelligence feeds, security blogs, social media sites, threat reports and other resources for information.

This takes a lot of time.

Security analysts are expensive resources. In many organizations, they are overwhelmed with work. Alerts are triaged, so that only the most serious get worked. Many alerts don’t get worked at all. That means that some security incidents are never investigated, leaving gaps in threat detection.

This is not new information for security pros. They get reminded of this every time they read an industry news article, attend a security conference or listen to a vendor presentation. We know there are not enough trained security professionals available to fill the open positions.



TORONTO, Canada – Organizations can now receive real-time, continuous updates on risk-related events to further inform and affect critical due diligence processes. OutsideIQthe leader in investigative cognitive computing, today launched a monitoring module for its DDIQ® product, which monitors the open web to discover risk events on a continuous basis, alerting compliance and due diligence professionals to any changes in a target profile on a daily basis. Any negative events found by the cognitive engine will be highlighted on the DDIQ Monitoring dashboard, where the risks can be assessed and adjudicated.

Built on an advanced cognitive computing platform, the DDIQ internet monitoring module has been trained to think and act like an investigator to reduce noise and prevent false positives.  This allows DDIQ users to receive accurate, relevant updates, rather than reviewing a full report whenever they want to have the latest information.



The Zika virus, and its presumed association with serious birth defects and a paralytic neurological disorder, poses an unusual problem for business leaders and risk managers. While the virus is not currently being spread by mosquitoes in the U.S., Brazil is an important destination for many U.S. business travelers, which will only increase in the build-up to this summer’s Olympic Games. For many companies, health and safety concerns are top priorities, but travel to Brazil may be a business necessity. Before making decisions around these two opposing drives, it is vital that risk managers and business leaders weigh the facts around Zika.

The Risk to Employees

Brazil ranks in the top 10 in the business travel global rankings, making it one of the world’s largest corporate travel markets. With the Olympics, business travel to Brazil is expected to increase considerably this year, yet many Americans are worried about the threats of the virus. Consider the results of a recent survey conducted by my company, On Call International: 64% of Americans and 69% of all women surveyed, said they would cancel their travel plans because of Zika. There is, however, a disparity between these widespread concerns and the ways businesses have actually responded to the virus. A survey by the Overseas Security Advisory Council found that of the 321 businesses that responded, less than 40% are allowing female employees to defer travel to affected countries, and only a fifth are allowing men to opt out. The majority of respondents are only taking steps to inform their employees about the virus.



(TNS) — Florida health officials confirmed two new Zika infections in Miami-Dade on Tuesday, raising the statewide total to 109 people who have contracted the virus this year, more than any state.

In Miami-Dade, where most of Florida’s Zika cases have been reported, 44 people have been infected with the virus, said the state health department, but the disease has not been transmitted locally by mosquito bites. Broward County has reported 15 cases of Zika.
With South Florida's rainy season approaching and the numbers of mosquitoes that transmit the disease expected to rise — along with increases in international travel from Zika-affected areas, such as Brazil, which will host the Summer Olympics — Miami-Dade and state officials are preparing to combat the spread of the infectious disease.



(TNS) — Improving communication on when and how a tropical cyclone will impact a community is a reoccurring theme at this year's storm conferences, but the National Hurricane Center is missing a key tool to connect with today's tech-savvy world.

There's no app for that.

The National Hurricane Center doesn't have a smartphone app people can download to track a storm's progress or monitor hurricane forecast updates. Instead, the National Oceanic and Atmospheric Administration, which oversees the hurricane center, steers people to buying a weather radio.

"That's 1930s technology," said Dan Sobien, president of the National Weather Service Employees Organization. "It's something very few people have outside marine interests and farming communities. Not only do they not have a weather radio, they don't have a radio at all."



(TNS) — Moore Mayor Glenn Lewis is in Washington D.C. this week for a conference on Resilient Building Codes hosted by the White House. The conference focused on building codes to enhance community resilience.

“We talked about all of the things we’ve done [in Moore],” Lewis said. “I was on a panel with another mayor and an administrator from the city of New York. I guess it was productive — I’m still translating it all.”

Lewis said adopting new tornado resistant building codes in Moore made the city more competitive for disaster relief funds.

The Moore City Council made history on March 17, 2014, with the adoption of 11 recommendations by structural engineering experts for residential building codes. These code changes made new homes in Moore more likely to survive a tornado without unduly raising construction costs. The code went into effect on April 17, 2014.



Modern IT platforms are designed to handle more users than ever, but what happens when these systems become the primary access point for most, if not all, users? What happens when a critical system experiences a fault or goes down entirely?

A survey by the Disaster Recovery Preparedness Council found two years ago that only 27 percent of companies received a passing grade for disaster readiness. The more we rely on data centers, the more costly data center outages become. A recent study by the Ponemon Institute and Emerson Network Power found that:

  • The cost of downtime has increased 38 percent since 2010.
  • Downtime costs for the most data center-dependent businesses are rising faster than average.
  • Maximum downtime costs increased 32 percent since 2013 and 81 percent since 2010.
  • Maximum downtime costs for 2016 are $2,409,991.
  • UPS system failure continues to be the number one cause of unplanned data center outages, accounting for one-quarter of all such events.
  • Cybercrime represents the fastest growing cause of data center outages, rising from 2 percent of outages in 2010 to 18 percent in 2013 to 22 percent in the latest study.



There is no denying the success of Amazon in delivering data services as part of their public cloud. Their database as a service (DBaaS) offerings have been some of the fastest growing and widely used and stand-outs in their amazing growth. At the same time, there are some situations where other options, and in particular those based on OpenStack, can provide clear advantages.

In this article, I’ll share the current state of DBaaS on OpenStack and provide seven concrete examples of how an organization can benefit from using OpenStack Trove relative to the offerings available from Amazon Web Services (AWS). I’ll assume you understand the value of DBaaS and databases in the cloud so I won’t review those here. Let’s get started.



Virtualized infrastructure (VMs, virtual networking, software-defined storage, etc.) provides a flexible, well-understood and secure platform on top of which a diverse set of workloads can be efficiently deployed and managed. Containers, such as Docker, provide a convenient method to package, distribute and deploy applications.

Both technologies provide useful abstractions, but at different layers in the stack. By making these layers work well with each other, the overall stack can more effectively meet the needs of both application developers and infrastructure administrators.



Despite the flexibility that the cloud offers customers, a new survey by Microsoft and 451 Research suggests that customers are fiercely loyal to their primary service provider.

According to the survey, The Digital Revolution, Powered by Cloud, which was released Wednesday at the Microsoft Cloud & Hosting Summit in Washington, more than one-third of customers (38 percent) surveyed said they plan to increase spending with their primary cloud and hosting service provider upon contract renewal.

In an interview with The WHIR, Microsoft’s vice president, Hosting and Cloud Service Provider Business, Aziz Benmalek said that this indicates the critical role service providers play in continuing to “drive organic growth in existing customers and help them in their cloud journey.”



The Business Continuity Institute - May 11, 2016 16:09 BST

“To expect the unexpected shows a thoroughly modern intellect.”
Oscar Wilde, Irish playwright, novelist, essayist, and poet. 1854-1900

Preparing for the 'unexpected' is not a new idea. Over the last 50 years, the business continuity industry has grown out of the need to protect businesses from the unexpected and expected interruption. However, when we stop and think about the threats business continuity professionals must mitigate in today’s business continuity (BC) plans versus 20, 10 or even 5 years ago, all agree there is a new threat landscape. Threats that are making the 'unexpected' drastically different today and unimaginable tomorrow.

Protecting an organization from an 'IT outage' is where most BC plans originated. Yet, even IT outages today have taken on a new level of complexity. We live in an 'Always on world' where complex, global infrastructures and open-source code systems join with the Internet of Thing’s 9 billion possible entry points to capture more and more data to the Cloud every minute. On top of that, we 'Bring (Y)our Own Devices' (BYOD) then capture and analyze Big Data to enable a ‘cognitive’ world. As BC planners we are asked to protect our businesses from interruptions caused by these many factors and do it faster, cheaper and with less staff to help solve the problem.

Moreover, there is now increased pressure from outright criminal activity. Yes, cybercrime. Our most precious business resource, our differentiating factor that is our competitive advantage - our intellectual property and personal information - is under sophisticated, malicious, criminal attack 24 hours a day, every day.

Linda LaunBy the end of 2014, some estimates indicated more than one billion leaked personally identifiable information, think emails, credit card numbers, and passwords, was reported stolen1. An organization of 15,000 employees can expect to see 1.7 million security events in one week. However, typically only 1 out of every 100 security compromises actually are detected. So add two zeros to the 1.7 million and you get the picture2.

With this new threat landscape, what truths can BC Planners hold onto today?

Linda LaunWell we know the principles of BC, like the laws of physics, never change. However, what must change is how we apply and adapt these principles to new threats. In this world of rising crises, incidents, and organized cyber-attacks, how we apply the tried and true BC techniques we’ve practiced over dozens of years brings real benefits when teamed with security to win in this war against cybercrime. According to the 2015 Cost of Data breach Study by the Ponemon Institute and IBM, Business Continuity Management (BCM) involvement in data breach response can reduce the associated costs by $14 per affected record and reduce the time to contain the data breach by 41%3.

When business continuity and security team we apply three waves of defense: Frontline, Response, and Containment. Security prevents as much as possible with implemented frontline security services like strong security policies, passwords, encryption and personnel awareness training. Should, or when the attack comes, BC’s deep experience in incident response adds command and control, measured incident response and the 'who' needs to be involved. Lastly, if the worst happens and records are lost, our company’s reputation is protected through containment by implementing BC plans for IT outage and personnel depletion scenarios.

What would BCM and Security teaming look like in the real world?

First, establish joint representation where Security and BCM work as members of each other’s teams building the response plan. Work on each other’s teams, include BC in the response team, and involve the Chief Information Security Officer (CISO) throughout.

Second, BCM and Security work together to align cyber incident response and participate in joint testing with simulated exercises. Teams work together to validate the planned actions and educate all participants on their roles as well as the unique attributes of a cyber response.

Third, appoint crisis management representatives to coordinate BC and Cyber security efforts during and after the breach. Cyber response like BC response requires clear roles, responsibilities and communication. Joint roles defined in a communication plan delineate who can answer the tough questions.

Yes, threats are changing every day and cyber is just one of the many threats from which we must protect our businesses. Now, you are armed with hard evidence and three simple actions to start, or strengthen your BCM program from a cyber event and realize real value for your organization.

Linda Laun is the Chief Continuity Architect at IBM Global Business Continuity. During Business Continuity Awareness Week, she will be hosting a webinar on the same subject giving you the opportunity to ask questions. The webinar is in Monday 16th May and you can register for it by clicking here.

1IBM X-Force Threat Intelligence Report 2016, pg. 2
22014 Cost of Data Breach Study, Ponemon Institute and IBM
32015 Cost of Data Breach Report, Ponemon Institute and IBM

Zika Prevention KitsThe first thing that comes to mind when people think about the Strategic National Stockpile (SNS) is probably a big warehouse with lots of medicines and supplies. What many do not know is that even when the SNS does not have the specific medicines or supplies needed to combat a public health threat, SNS experts can play a key role in working with medical supply chain partners to locate and purchase products during an emergency response.

The involvement of the SNS in the Zika virus response is a perfect example of this little-known, but significant, role. Zika is spread to people primarily through the bite of an Aedes aegypti mosquito infected with Zika virus, although Aedes albopictus mosquitoes may also spread the virus. Recent outbreaks of Zika in the Americas, Caribbean, and Pacific Islands have coincided with increased reports of microcephaly and other birth defects as well as Guillain-Barré syndrome. As a result, the Centers for Disease Control and Prevention’s (CDC) response is focused on limiting the spread of Zika virus. Prevention is key for Zika control, because there is no vaccine or medicine for Zika virus. This is where the SNS comes in.

Controlling mosquito populations is key to prevention

Zika prevention kit

During a public health emergency, CDC can deploy the SNS for medicines and supplies or can use SNS’ contracting abilities to access materials and services that can be used to prevent or treat diseases that threaten U.S. health security. Controlling the mosquito population and addressing other known routes of infection are important to limit the spread of Zika virus in U.S. territories. The SNS is providing immediate vector control services and preventive supplies for pregnant women to protect themselves from mosquito bites. Pregnant women are particularly vulnerable because they can pass Zika virus to their fetuses, which can cause microcephaly and other brain defects.

Before the Zika virus outbreak, the SNS did not stock or purchase medicines or supplies to respond to illnesses spread by mosquitoes, ticks, and other insects. In response to this outbreak, SNS staff are working with CDC procurement experts to award and implement immediate, short-term contracts to deploy materials and services to control the mosquito populations responsible for Zika transmission. These contracts allow CDC to work with territorial public health jurisdictions to treat areas where mosquitoes breed and live, as well as areas where pregnant women live.

Zika Prevention Kits help pregnant women protect themselves

Zika prevention kit bags

The SNS is creating Zika Prevention Kits for pregnant women in U.S. territories. These kits are being distributed as an effort to help prevent Zika infection in pregnant women and to reduce the number of babies born with birth defects caused by Zika, such as microcephaly and other brain defects. Through donations from the CDC Foundation and its partners and by purchasing products, the SNS has obtained materials for the kits – including insect repellent, larvicides, mosquito netting, condoms to prevent sexual transmission of Zika, and educational materials.  The SNS is rapidly assembling these materials in reusable bags that can be given to pregnant women.

The SNS has sent nearly 7,000 kits to affected areas, and more are planned. Each U.S. territory is identifying the best way to get the kits to pregnant women. In Puerto Rico, local public health officials have partnered with clinics that are part of the Special Supplemental Nutrition Program for Women, Infants, and Children (WIC) so they can reach expectant mothers. WIC already interacts with this population through its healthcare and nutritional services for low-income women, infants, and children. Local obstetrician offices are also being used to distribute these kits.

In the past, the SNS primarily focused on warehousing products and deploying those products for public health threats related to bioterrorism, pandemics, and natural disasters. With every emergency response, it has become more evident that the SNS can play a much larger role, especially when specialty products, products in high demand, and medical countermeasures are needed to secure the nation’s health. As one of the federal government’s leading groups of medical supply chain and logistics experts, the SNS at CDC has the ability to coordinate with industry partners to rapidly procure and transport medicines and supplies and serve specific populations in a public health emergency.

(TNS) — The Department of Homeland Security is testing airflow inside the city’s subway system this week as a way to predict what would happen in a possible chemical attack.

The week-long study poses no risk to the public, the Department of Homeland Security said.

From May 9 through May 13, DHS said officials will be releasing harmless, non-toxic gases inside several subway stations in Manhattan, including Penn Station, Grand Central Terminal and at Times Square.

“This study is part of the department’s ongoing commitment to preparedness and the shared responsibility of protecting the nation’s critical infrastructure,” DHS S&T program manager Dr. Donald Bansleben said in a statement. “The results of this study will provide us with a greater understanding of airflow characteristics, informing the research and development of next generation systems that continue to ensure the safety and security of the general public.”



AUSTIN, Texas – Texans affected by the April storms and flooding can get their questions answered in many languages by accessing the FEMA booklet “Help After a Disaster: Applicant’s Guide to the Individuals & Households Program.”

The guide provides information on the types of assistance available and how survivors in the disaster-impacted area might qualify for housing assistance and other grants and essential needs. It also explains the types of eligible losses covered by the program and information about insurance settlements and uninsured, disaster‐related necessary expenses. Applicants must meet specific eligibility requirements to qualify for help.

The guide, fema.gov/help-after-disaster, is available in English, Spanish, Arabic, Urdu, Vietnamese, Chinese and many other languages.

In Texas, federal disaster assistance is available to residents of Austin, Colorado, Fayette, Grimes, Harris, Parker, Waller and Wharton counties who suffered damage from the April 17-24 storms.

Survivors in the affected counties are urged to register for assistance the following ways:

  • online at DisasterAssistance.gov;
  • phone (voice, 711 or video relay service) 800-621-3362 (FEMA), TTY 800-462-7585. Toll-free lines are open 7 a.m. to 10 p.m. local time, seven days a week. Multilingual operators are available.
  • by visiting any disaster recovery center in the disaster-impacted counties.

# # #

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

The threat of cyber crime has created a significant increase in interest on the topic of cyber security, with organizations spending billions of dollars to protect themselves against a fast evolving array of current and potential future threats. Many spend heavily on monitoring, surveillance and software; however, they often neglect the risk exposure created by their own people – and, in this digital age, by their customers.

Like bank robbers of yore, cyber criminals target “where the money is,” and that often means banks and financial institutions. With many decades’ experience in protecting themselves against crime, banks and insurance companies typically have reasonably sound physical and technical cyber security defenses in place. The concept of currency has changed, however, and now, rather than trying to cart off bills and coins, cyber thieves seek to steal valuable information.



BATON ROUGE, La. – If you’re a survivor of the Louisiana storms and flooding that struck the state March 8 through April 8 and you’ve received an application for a U.S. Small Business Administration low-interest disaster loan, you should complete and return it as soon as possible.

Obtaining a low-interest disaster loan may be the solution to your recovery needs by providing you the funds you need for home repair, rebuilding and property loss. Returning the application also may lead you to Federal Emergency Management Agency disaster recovery grants that do not have to be repaid.

While no survivor is obligated to accept a loan, you will be considered for other federal disaster assistance only if you return the SBA loan application.

There are important reasons for you to file the loan application (even if you don’t think you currently need a loan):

  •     Your insurance settlement may fall short. As you began to recover from the effects of your personal disaster, you may discover that you were underinsured for the amount of work required to repair or replace your home. An SBA low-interest disaster loan can cover the gap.
  •     SBA will work with you to provide a loan that fits your personal budget. If you already have a mortgage on damaged property, SBA specialists can help with a low-interest loan you can afford. In some cases, that may mean your current mortgage loan could be included in your SBA loan which could give you one overall, affordable loan payment on your home.
  •     Don’t know how you’ll replace household contents or vehicles? SBA may be able to help.  Homeowners may borrow up to $200,000 for the repair or replacement of real estate. Both homeowners and renters may borrow up to $40,000 to repair or replace clothing, furniture, cars or appliances damaged or destroyed in the disaster.
  •     What about businesses that were damaged? If you’re a business owner, you may be able to borrow up to $2 million for physical damage and economic injury.
  •     By submitting your SBA loan application, you keep the full range of disaster assistance available as an option. If SBA does not approve a loan, you may be offered a FEMA grant or grants to replace essential household items, replace or repair a damaged vehicle, cover storage expenses or meet other serious disaster-related needs.

SBA Loans have Low Interest Rates.

Interest rates for loans for homeowners and renters can be as low as 1.813 percent. For private nonprofit organizations rates can be a low as 2.625 percent. For businesses rates can be as low as 4 percent.

Even if you qualify for an SBA loan, you are under no obligation to accept it.

Refinancing and relocation loans may be available on a case-by-case basis. Survivors are encouraged to speak with an SBA representative for details.

For more information, call the SBA at 800-659-2955 (800- 877-8339 TTY). Homeowners, renters and businesses may visit SBA’s secure website at disasterloan.sba.gov/ela to apply online for disaster loans.

Although it’s not required to register with FEMA to apply for an SBA loan, you are strongly urged to do so as grants could be available to you from FEMA.  

Register with FEMA for help or information regarding disaster assistance: call 800-621-FEMA (3362), register online at DisasterAssistance.gov or fema.gov/disaster/4263. Help is available in many languages. Cuando llame al 800 621-3362 (FEMA) marque el 1 y escuche las instrucciones en español.
Disaster applicants who use TTY should call 800-426-7585. Those who use 711 or Video Relay Service should call 800-621-3362. Lines are open 7 a.m. to 10 p.m. local time, every day.


We urge everyone to continue to use caution in areas where floodwaters remain. Monitor DOTD’s 511la.org website for updated road closure information. Look for advisories from your local authorities and emergency managers. You can find the latest information on the state’s response at emergency.la.gov. GOHSEP also provides information at gohsep.la.gov, Facebook and Twitter. You can receive emergency alerts on most smartphones and tablets by downloading the new Alert FM App. It is free for basic service. You can also download the Louisiana Emergency Preparedness Guide and find other information at www.getagameplan.org.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). If you are deaf, hard of hearing or have a speech disability loss and use a TTY, call 800-462-7585 directly; if you use 711 or Video Relay Service (VRS), call 800-621-3362.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at https://twitter.com/femaregion6 and the FEMA Blog at http://blog.fema.gov.

FEMA offers a number of free online resources for home and property owners. To get started, go to fema.gov/safer-stronger-protected-homes-communities or fema.gov/louisiana-disaster-mitigation

The U.S. Small Business Administration (SBA) is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling (800) 659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s website at SBA.gov/disaster Deaf and hard-of-hearing individuals may call (800) 877-8339.

A lifelong Atlanta Braves fan, Forrester Senior Analyst Joseph Blankenship longs for the mid-1990’s with respect to his baseball team, but we promise that he looks to the future as he advises his clients on current and emerging security technologies. He covers security infrastructure and operations, including security information management (SIM), security analytics, and network security, and his research currently focuses on security monitoring, threat detection, operations, and management. Joseph has presented at industry events, been quoted in the media, and has written on a variety of security topics.


Joseph’s over 10 years of security experience includes marketing leadership and product marketing roles at Solutionary (NTT), McAfee (Intel Security), Vigilar, and IBM (ISS), where he focused on managed security services, consulting services, email security, compliance and network security. As a marketing leader, Joseph helped to align client needs with marketing strategy, messaging, and go-to-market activities while educating users about security strategy. His background also includes extensive experience in the IT, telecommunications, and consulting industries with Nextel, IBM, Philips Electronics, and KPMG.


Listen to Joseph’s conversation with VP, Research Director Stephanie Balaouras to hear about Joseph’s biggest surprises since starting as a Forrester analyst, his most frequent client inquiries, and the topics he’s excited to research in the coming year:



Impact Forecasting has published the latest edition of its monthly Global Catastrophe Recap report, which evaluates the impact of the natural disaster events that occurred worldwide during April 2016.

The report highlights the two major earthquakes which struck southern Japan during the month, causing massive devastation and killing at least 66 people, with more than 4,000 others injured. Total economic losses, including physical damage to residential and commercial structures, vehicles and infrastructure, and business interruption, were expected to exceed JPY 1.12 trillion (USD 10 billion).

The General Insurance Association of Japan reported that nearly 70,000 non-life claims had been filed, as total insured losses were expected to breach JPY 225 billion (USD 2.0 billion).

Meanwhile, a major magnitude 7.8 earthquake struck Ecuador's northwest coast on April 16th, killing at least 660 people and injuring more than 17,638 others. According to government figures, the total economic cost for the damage and reconstruction was expected to be above USD 3.0 billion. Given low insurance penetration levels, the insured loss was set to be a fraction of the overall financial cost.



Considering the scope of possible crises, it’s no wonder the final draft of the newly minted Chatham County, Ga., Hazard Mitigation Plan runs to a hefty 211 pages. Drought and flood; extreme heat and winter storms; hurricanes and rising sea levels; and in this latest plan, add terrorism to the catalog. Granted, the county won’t likely see all of these at once. But still, you have to plan for all hazards.

That’s what the county mitigation plan does, and it’s been no small feat to craft the document.

“There is a lot to keep up with, a lot of documentation from a lot of government entities, along with FEMA guidelines, state guidelines,” said Margaret Walton, a senior planner in Land Planning at Atkins North America. She consulted with the Chatham Emergency Management Agency (CEMA) on the plan, which covers the county as well as seven municipalities and the Savannah metro area, population 527,106 according to the 2014 Census Bureau estimate.



There are a multiplicity of trends simultaneously altering our collective vision of what a data center is, and what it is becoming. And those trends are not necessarily acting in concert. We thought software-defined networking would make it easier for data centers to stage workloads more efficiently on a Layer 3 that was more effectively decoupled from Layer 2. But then NFV came along, and suddenly telcos are introducing the rest of the world to a completely new way to envision the role of the data plane in SDN.

It’s not as easy to predict where data center technology is going when all the trends converge. At the OpenStack Summit in Austin, Texas, a few weeks ago, network functions virtualization stole the show. Attendance at sessions that had the slightest relationship to NFV was as much as two orders of magnitude higher than those dealing with ordinary OpenStack administration. IT professionals are curious as to whether this new methodology for workload orchestration will have any impact, directly or indirectly, upon data center architecture.

NFV came about as a result of the common need among communications providers to automate the provisioning of customer services when deployed on common, commodity servers. Virtualization was essentially the means to an end; NFV’s initial goal was automation. What makes NFV attractive to data centers outside of telcos is that high-level automation aspect. What makes it risky is the degree to which NFV would reform data centers to make this automation feasible.



Early next month, FEMA Region X, in cooperation with local, state and tribal entities in the Pacific Northwest, will lead on a three day emergency operations test scenario that includes a 9.0 magnitude earthquake along the Cascadia Subduction Zone (CSZ) with a resulting tsunami -- the most complex disaster scenario that emergency management and public safety officials in the Pacific Northwest could face in the future.

Several days earlier, my own neighborhood organization that covers roughly 300 homes will perform its own first earthquake disaster drill.  We’re organized by zones, with homes pre-identified as care and shelter centers or first aid centers.  We’ve purchased and stored emergency supplies in each of our zones.  But we’ve never tested our search and rescue or communications capacities, or the protocols we plan to follow, including ham radio communications with the city’s emergency operations center.

Working on either exercise always brings up the same questions:  what should my family have on hand in the way of an emergency supply kit?  How will our family communicate if we are spread out around the city when such a disaster strikes?  How long will we be without help?



Tuesday, 10 May 2016 00:00

Emergency Leader: Dual Helping Careers

(TNS) - When an emergency strikes in the Flathead Valley, Mary Granger may or may not be physically present at the scene, but it is very likely that Granger somehow has a hand in keeping folks safe.

Granger retired as the Flathead County Emergency Medical Services manager in April. The six-year stint was a second career for Granger after working 33 years as a school teacher.

“I’ve been on this adventure since 1980 when I took a first-aid class and this is really the culmination of that adventure,” Granger said of her retirement.

Granger was one of the founding members of the Lakeside Quick Response Unit. At the time there was no first responder program in Lakeside, which sometimes meant waiting a long time for emergency personnel to arrive from Kalispell or Polson.

After the first-aid class, Granger was hooked.



(TNS) -- A new microwave backup to the region's 911 emergency telephone service will add a layer of reliability in case of violent storms or an accidental slicing of a fiber-optic cable.

The South East Texas Regional Planning Commission will spend about $3.3 million to erect 12 towers and equip five existing towers with the technology, said Pete De La Cruz, director of the commission's 911 program.

Although it could become the primary system for Jefferson, Hardin and Orange counties sometime in the future, for now it's designed as a backup, De La Cruz said.

Recently, a contractor in Lumberton building a new dentist's office sliced through a fiber-optic cable bundle in the ground.

The bundle contained the cable that connected to the Hardin County Sheriff's Office 911 dispatchers at the courthouse in Kountze.

No emergency calls were missed because all the Hardin County calls were routed to the Silsbee Police Department, the second location for incoming emergency calls in Hardin County.

But it did demonstrate a vulnerability of the 911 system, De La Cruz said.



The increase of ransomware has been discussed in great length over the past year. In my 2016 security predictions round-up, I noted that we should expect to see substantial growth in ransomware attacks, quoting Stu Sjouwerman, founder and CEO of KnowBe4:

Current estimates from the Cyber Threat Alliance put the damage caused by CryptoWall ransomware at $325 million, up 1800 percent since the FBI's report in June 2015.

And I’m not the only one who had ransomware on the mind. Others also were concerned about the rise of ransomware. For example, CSO had this to say:



Tuesday, 10 May 2016 00:00

What Is Poor Data Quality Costing You?

Your data is a valuable asset. Especially in today’s world of faster consumers, your data needs to be in tip-top shape to target, engage, and convert prospects. If not properly maintained, you risk any number of lost opportunities, decreased efficiency, and a negative impact to your bottom line.

Marketing data has become so important that 97% of companies feel driven to turn their data into insights, according to the 2015 Data Quality Benchmark report by Experian. According to the research, the top three drivers include:

  • 53% - Wanting to understand customer needs
  • 51% - Wanting to find new customers
  • 49% - Wanting to increase the value of each customer
  • Chart reason for maintaining high-quality data



Today, many Fortune 500 companies are enlisting a hybrid cloud approach that uses a patchwork of on-premises, private cloud and third-party, public cloud services to allow workloads to move between clouds to meet the ever-evolving demands of computing needs and cost expectations. In turn, these companies benefit from greater flexibility and more data deployment options.

However, Tom Gillis, founder of startup Bracket Computing, quickly realized that this approach, with server hardware, software applications, storage capacity, and networking services spread across data centers and multiple service providers, invites operational complexity and introduces an opportunity for error. Gillis decided there was an unmet need for a new virtualization technology; one that could secure multiple cloud environments by creating a container for infrastructure so that an enterprise could move data out on the public cloud, while still maintaining the control it wanted.

On his mission to create a virtualization technology that could provide one set of infrastructure across multiple clouds, Gillis was met with a technical challenge: when sticking a hypervisor on top of a hypervisor at the cloud, the technology was incredibly slow and performance was being cut in half. To overcome this challenge, a lot of trial and error, fine-tuning and tweaking was needed to get the technology—Bracket Computing Cell—to a point that Gillis refers to as “lightning fast.”



Information is critical to our businesses. We cannot make good decisions without it. We identify the cause of issues based on it. In a crisis, without information, we may be making decisions or trying to contact appropriate parties like a myopic without his glasses.

What is the information that may be required during a crisis?

  • The severity of the impact to business processes
  • How long the crisis may last
  • Internal contact lists
  • External contact lists
  • Crisis & Recovery Team members and responsibilities
  • Recovery plans and checklists
  • Business processing requirements
  • Manual processing procedures
  • Information on business risks



Data centers worldwide are energy transformation devices. They draw in raw electric power on one side, spin a few electrons around, spit out a bit of useful work, and then shed more than 98 percent of the electricity as not-so-useful low-grade heat energy. They are almost the opposite of hydroelectric dams and wind turbines, which transform kinetic energy of moving fluids into clean, cheap, highly transportable electricity to be consumed tens or hundreds of miles away.

But maybe data centers don’t have to be the complete opposite of generation facilities. Energy transformation is not inherently a bad thing. Cradle-to-Cradle author and thought leader William McDonough teaches companies how to think differently, so that process waste isn’t just reduced, but actively reused. This same thinking can be applied to data center design so that heat-creating operations like data centers might be paired with heat-consuming operations like district energy systems, creating a closed-loop system that has no waste.

It’s not a new idea for data centers. There are dozens of examples around the globe of data centers cooperating with businesses in the area to turn waste heat into great heat. Lots of people know about IBM in Switzerland reusing data center heat to warm a local swimming pool. In Finland, data centers by Yandex and Academica share heat with local residents, replacing the heat energy used by 500-1000 homes with data center energy that would have been vented to the atmosphere. There are heat-reuse data centers in Canada, England, even the US. Cloud computing giant Amazon has gotten great visibility from reuse of a nearby data center’s heat at the biosphere project in downtown Seattle.



(TNS) — Soon enough rainy season will begin drenching Southwest Florida with its annual average rainfall of 55 inches.

Standing water, even a capful in a plastic bottle top, can be a breeding ground for mosquitoes that transmit the Zika virus.

The Collier County Mosquito Control District is upgrading its laboratory to start testing for the mosquito species that carries the virus.

"This allows us to gets the results back in a matter of hours instead of days," Patrick Linn, executive director of the district, said.



With every passing year, the role of technology in business continuity only grows. From social media coordination, disaster-relief apps, “micromappers” and Google People Finder to computer models designed to predict where the next crisis will occur, technology is enabling us to make huge improvements to the ways we handle business continuity.

For many organizations, the newest, most practical business continuity software technology is an app that enables companies to house their crisis plans “in the cloud,” and then disperse them to each end user through mobile devices. Employees and other stakeholders are empowered with anywhere, anytime access to crisis plan details, which helps to streamline emergency response, better protect people and physical assets, and encourage a faster, more effective return to normalcy.

If you feel your organization could benefit from a mobile business continuity solution, consider the best ways to implement it into your business. You can either build the app in-house, use a vendor solution, or outsource it to a third-party developer. There are several key factors to consider when weighing a build vs buy decision:



It’s been a common information security event in the news for all too many business enterprises —- e.g. yet another large publicly traded company is the recent victim of a data breach.

The situation is worsened, when not only business information is breached but also millions of customer’s personal and financial information records are compromised.

Who is winning this cyber-security war?  That answer is far too complex to deal with in this short article.  Nonetheless, this article will hopefully give our readers a stronger sense of urgency to pay more attention to risk assessment and risk management when developing their corporate cyber-security related strategic goals and objectives.

(TNS) - It's been an educational year for Capt. Christopher White.

Before he was promoted to the head of Corpus Christi Police Department's Animal Care Services and Vector Control, it never crossed his mind that he would have to learn the correct temperature to make puddle conditions perfect for mosquito breeding.

But in the battle against the pesky insects that knowledge — 83 degrees, by the way — means snaring a strategic advantage.

"I got tired of trying to explain everything I was learning about mosquitoes during staff meetings, so I made these," White said as he pulled out two packets. One he dubbed "Mosquito 101" and the other details Corpus Christi's management policy in varying mosquito risk levels.



(TNS) - At Ipswich, locking the front doors to the school is only a screen tap away.

Superintendent Trent Osborne said he has an app on his phone that gives him the ability to quickly lock the school's main entrance. It's the only door at the school that's open during the day, he said, and that's because visitors walk straight into the school office.

Last week, the front door to Ipswich was locked. Osborne said it wasn't a lockdown incident, but the district was dealing with a family situation. No threats were made, he said, he just locked the door as a precaution.

Visitors to Aberdeen public and private schools will note intercom systems in place at the main entrances that allow entry into the schools. Aberdeen public school Superintendent Becky Guffin said installation of the systems started in 2013.



To some, cloud computing and IT security do not intersect. The results are often disastrous. Considering the huge amount of press that cloud computing receives when breaches occur, it's easy to understand why they believe that. But if you look at IT security from a wider lens, you'll see that cloud computing technologies are actually helping to propel IT security at rates never seen before.

Indeed, some of the advancement of security mechanisms and architectures such as end-to-end encryption can be traced back to public and private cloud security breaches where sensitive data was stolen for profit or fun.

This brought the topic of encryption to the forefront of conversation in CIO circles around the globe. It also likely contributed to the recent skyrocketing adoption rates for encryption. According to a recent Ponemon Institute study that polled more than 5,000 IT and business managers from various parts of the world, 41% said that encryption has been adopted extensively in their organizations, an increase from 16% in 2005.



Data is finding its way into just about every type of modern product and service. As a result, some companies are necessarily rethinking their business models, product strategies, customer engagement strategies, and supply chain strategies. Meanwhile, entrepreneurs and intrapreneurs are discovering entirely new solutions to age-old problems.

"Our traditional business model, the way we provide products and services, is being disrupted because people -- especially Millennials -- do not look at a big book of codes," said Nataniel Lin, analytics and strategy lead at the National Fire Protection Association (NFPA), in an interview. "We're in the process of becoming a 120-year-old startup. Essentially, we're leveraging all the data that's available out there and aggregating data to create unique value and solutions that up until today were not possible."

In NFPA's case, data is flowing in from connected IoT systems in homes and commercial buildings, insurance companies, and other sources. Lin is working with 26 different property and casualty insurance companies with the goal of anonymizing and aggregating data in a way that benefits all of the companies without exposing them to privacy or security risks. That way, the companies can have a more objective view of revenue, profitability, and risks than would be possible using only their own data.



When laying down the foundation for employee safety and communication, one of the most essential resources to establish within your organization is a secure emergency phone number. A reliable place where your employees can go to hear pertinent information, retrieve updates, and understand how the information on the other side of the phone affects their well-being, their day, or their job. A number your employees can call or text to report information, raise concerns, present questions in one centralized place for the employer.

In 1967, the President’s Commission on Law Enforcement and Administration of Justice worked to implement a universal phone number nationwide for anyone reporting emergencies. That’s why 9-1-1 exists today, so we can report emergencies relating to crime, accidents, and medical issues, and request assistance.

As mobile people living among an increasing population, subsequently producing a rising number of incidents, the methods of reporting and responding to incidents are changing. The resources to keep people informed and connected are becoming smarter, more useful. The technology to monitor, communicate, and resolve a situation faster is readily available to us.



(TNS) - Pittsburgh public safety officials have promised to review and seek improvements to how they handle all major events hosted by the city in the wake of two events that generated complaints from the police union.

Two recent events — the mid-April Donald Trump rallies and Sunday’s Pittsburgh Marathon — created concerns about the public safety department’s preparedness to handle major events and will be the subject of reviews.

“We’ll be doing more after-actions on every type of event, whether it’s a scheduled event, whether it’s an unexpected event,” city Public Safety Director Wendell Hissrich said Wednesday. “There will be after actions across the department of public safety to include EMS, fire and police, not to hang anybody, but to figure out how we can make the improvements down the road.”



The BCI has announced that Lorraine Darke is to stand down as Executive Director of the Institute after 12 years in the post. Applications are being invited for her replacement. 

BCI Chairman, David James-Brown FBCI, commented: “Since Lorraine’s appointment in 2004, the Institute has been through a dramatic period of growth and modernisation, and we are now seeking an experienced and inspirational leader to drive the BCI forward in the next stage of its development. We will be appointing a new Executive Director who has a thorough understanding and experience of the challenges facing contemporary professional bodies, and the skills necessary to triumph in this competitive environment. The successful candidate will be a dynamic, energetic and enthusiastic leader, with excellent people skills and the ability to engage and develop lasting, positive relationships with a range of stakeholders.  They will have proven capabilities in identifying and capitalising on commercial opportunities through original solutions.” 

For more details about the role click here.

Friday, 06 May 2016 00:00

Understanding Cyber Security Threats

In 2014, the federal government was the victim of 61,000 cyber security breaches. If the government is so vulnerable, what are the cyber security risks for businesses, whether large or small? Revisit the cyber security threats facing modern businesses to learn how to best protect your business from threats. 

Cyber Security Threats Facing Businesses

Businesses in all industries face a growing range of cyber security threats. Companies must understand the barrage of threats coming from attackers in order to implement a comprehensive security plan that addresses their vulnerabilities. Pressing concerns for small and large businesses include: