Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Industry Hot News

Industry Hot News (6682)

Once it’s done shedding its Enterprise Services business, Hewlett-Packard Enterprise is betting on its bread-and-butter data center hardware business – servers, storage, networking, and software to manage all of the above – to continue driving the bulk of its revenue.

The company, which only recently separated from the former Hewlett-Packard’s printer and PC business, announced earlier this month that Enterprise Services would spin off and merge with Computer Sciences Corp.

In an analysis of recent revenue and profit trends of HPE’s various businesses, The Next Platform’s Timothy Prickett Morgan points out that enterprise technology services are a people-intensive, low-margin business, and says that this is probably the biggest reason CEO Meg Whitman has decided to get out of it.



Today’s corporate environments are filled with leaps and often times hesitations, followed by even larger leaps toward cloud deployment. But about those hesitations: from fears about IT jobs being outsourced to security concerns and questions about the most effective ways to centrally manage a cloud solution, apprehensions can run far and wide.

IT Innovators recently caught up with John Webster, analyst at Evaluator Group, to chat about some of the most common assumptions about the cloud and what factors should instead be top of mind for a more effective cloud deployment.



The potential of radiation risk exposure causing harm in your organization’s workplace may not be the first thought that comes to mind at an ISO  quality management system team meeting…..but, under the new ISO risk-based thinking approach to broaden your scope of understanding risk and its relationship to the context of your organization …perhaps it could be.

To follow this logic further, we begin with the need to better understand radiation.

CenturyLink has committed to improving energy efficiency of its entire US data center portfolio by 25 percent by joining a voluntary US Department of Energy program that promotes investment in more efficient energy use in buildings.

The Monroe, Louisiana-based telco has been upgrading its sprawling data center portfolio to improve efficiency since last year, despite the possibility that it may sell some or all of those sites. CenturyLink management has been evaluating numerous alternatives to owning its data centers.

Bill Gast, CenturyLink’s director of global data center energy efficiency, said uncertainty about ownership of the portfolio in the future hasn’t disrupted the current push to improve its efficiency that started last year.



Using the Business Impact Analysis to Understand Relationships Between Resources and the Business

The business impact analysis (BIA) establishes the foundation of an organization’s business continuity program by establishing business continuity requirements. As a result, a significant part of Avalution’s work involves helping organizations design and execute the BIA process. Furthermore, a well-executed BIA can deliver so much more than just a list of recovery time objectives (RTOs) and recovery point objectives (RPOs)!

One of the ways Avalution adds value as part of the BIA process is by illustrating or “mapping” the relationships between products and services, business activities, and resources. By doing so, we can better understand the business use of specific resources and understand how unavailability impacts the business as a whole. This BIA task is extremely valuable when working with business continuity planning stakeholders, such as an application manager, to plan for and mitigate the risks associated with a disruptive incident. Should a disruptive incident occur, this work also enables our clients to quickly understand the implications of the incident, based on resource loss scenarios.



Whichever way you slice it, NOAA’s just-released outlook for the 2016 Atlantic Hurricane Season appears to suggest we’re on track for more hurricane activity than we’ve seen in a while.

NOAA predicts a 70 percent chance of 10 to 16 named storms (winds of 39 mph or higher), of which 4 to 8 could become hurricanes (winds of 74 mph or higher), including 1 to 4 major hurricanes (Category 3, 4 or 5; winds of 111 mph or higher).

It calls for a 45 percent chance of a near-normal season, but there is also a 30 percent chance of an above-normal season. The likelihood of a below-normal season is at 25 percent.



Your emergency notification system should be incredibly user-friendly—and the process to understanding your vendor and how you would partner together should be just as easy.
From demo to implementation, the process should be painless! Here are some tips for you when you’re getting ready to evaluate and implement a new technology.

First, know what your emergency notification vendor should be doing for you:

An emergency notification system empowers organizations to keep their people safe, informed, and connected through relevant, streamlined mass notifications during a critical event. Emergency notification systems automate and deliver messages so you can quickly and easily communicate with, or engage, your audience from anywhere, at any time, using any device. Your emergency notification system should monitor threats for you, establish business resilience, and protect your organization and people.

When evaluating emergency notification systems vendors and to ensure your success, it’s important to get an understanding of what you can expect from your partnership.



We have all seen data visualization grow in stature over the past decade and it is now an essential part of our daily lives.

Newspaper articles that discuss statistics uniformly communicate these through visualizations, sports teams are critiqued through graphs and animations, and in boardrooms, leaders see the data they want through interactive dashboards. But what can actually be done with visualizations? What is the point of them and why have they become so important?

Showing complex data sets in simple ways

The most important element of any data visualization is the ability to show something complex as simply as possible. If you have a dataset with hundreds of different points, trying to see what the correlation is from an excel spreadsheet is going to be almost impossible. The ability to clearly see trends allows decision makers to act quickly.



Your company has likely spent a lot of time, effort, and money keeping its security systems, policies, and practices up to date. Can the same be said of your law firm?

The legal industry isn't exactly known for its technology leadership, which should be of concern, especially from a security perspective. Don't assume that your data is safe, in other words. Be prepared to do your own due diligence.

"Law firms retain a lot of sensitive corporate data that would be extremely valuable to hackers or outside parties. In particular, hackers are interested in corporate legal information, intellectual property from their clients, information on directors and officers of corporate clients, settlement terms, and more," said Jacob Olcott, the former legal adviser to the Senate Commerce Committee, counsel to the House of Representatives Homeland Security committee, and current VP at Bitsight Technologies, in an interview.



Damage to a company’s reputation can come from so many different crises. Consider Chipotle, which is struggling to bounce back from multiple health scares. Or Target, whose customers questioned the security of its payment systems following its devastating data breach. Or Volkswagen, a company that is struggling to maintain its image in the wake of its falsified emissions tests.

Your organization likely has a crisis response plan to help employees get through any number of emergencies. But will your plan also protect your company’s reputation? Here are a few ways to ensure that your organization keeps its good name, even in the face of a crisis:



When you start to evaluate emergency notification system vendors, you’ll need to narrow in on your organization’s specific needs. Which features matter the most? And are they easy to use? As you’re looking for a vendor to best fit your emergency notification requirements, be on the lookout for these seven must-have features that will make your communications easier.



The grass is green. The days are longer. The school year is over, or winding down. It’s the time of year many people begin thinking about summer vacations.

Business continuity professionals are, of course, no exception.

So, how can you, a person responsible for mission critical resiliency plans and emergency notification programs, really relax (at least a little) on your upcoming vacation? Here are a few helpful tips for dealing with your notification process now, before you pack your Speedos and sunscreen.



What is encryption?

Encryption is the process of transforming information (referred to as plaintext) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a “key”. The result of the process is encrypted information. In many contexts, the word encryption also implicitly refers to the reverse process, decryption (e.g. “software for encryption” can typically also perform decryption), to make the encrypted information readable again (i.e. to make it unencrypted).



After Volkswagen admitted designing software that provided false emissions data in order to appear compliant with emissions standards, many questions were raised about the culture of the company. The scandal also highlighted the difficulties in locating risk across an organization.

The resignation of Volkswagen’s CEO further illustrates how difficult it is to run an organization from an ethical perspective.

With a multinational company as large as Volkswagen, it is inherently tough to keep an eye on every single aspect of the business. It is, therefore, impossible that a senior Volkswagen executive could have known everything about the engine emissions testing process.



In our mobile world, our mobile devices play a pretty large role in our lives, right? We go to sleep with our phones by our beds, most of us even use its alarm to wake us up in the morning. And during the day, it’s always within reach.

That means you should be able to use your most valuable emergency preparedness tools—like your emergency notification system—right from your phone.

Why do you need an emergency notification mobile app?

Smart technology and mobile devices allow you to keep your people safe, informed, and connected from anywhere. You should have access to your emergency notification system whether you’re at your desk or on the go, from whichever device is within reach—whether it’s your personal iPhone, your Android that’s just for work, your PC, or your tablet. The right ENS vendor makes your smart phone even smarter when you have the most reliable enterprise monitoring and notification software available in one easy-to-use app.



In speaking with enterprise CIOs and IT managers, I hear a lot of the same stories about successful technology deployments and complicated mistakes. As companies scale, they tend to take separate paths to similar ends, eventually running into the same obstacles and undertakings.

One of the most interesting, but not infrequent, stories I’ve heard comes from enterprises that recently built primary or secondary data centers – without considering that in the modern cloud era, there are no circumstances under which a company should build a data center.

A company telling this story likely bought land and constructed its new data center in a remote part of the country, where real estate and utilities were cheap. It entered a contracted agreement with a single network carrier that served the area. Then, as the organization grew and the company sought to work with new service providers, the team was surprised to learn that its site’s so-called valuable location prevented the data center from accessing certain services, ultimately putting a cap on the company’s growth.



SALEM, Ore. — When Target’s systems were breached in 2015, it was rumored that the cyber side of the house had the information it needed, but didn’t know it was looking at an attack that compromised its clientele's credit card information.

In just the last decade, threat vectors have evolved from the standard “known” perils of the cyber realm to the evolving attacks that change from discovery to detention within systems — and the ever-changing threats are not just a problem for the private sector.

During the Oregon Digital Government Summit held May 24, Bob Pelletier with Palo Alto Networks discussed the issues facing IT teams everywhere and how they could better defend their networks from bad actors.



Object storage delivers an underlying agility that lets a wide variety of users access and utilize data with a wide variety of applications across a wide landscape of locations.

Have you ever met a senior corporate executive who was asking for data?

Not likely. Answers are what most senior execs are seeking. Actionable answers. Answers that can help them more quickly make more highly effective decisions that drive truly impactful action.



Thursday, 26 May 2016 00:00

Safety After a Tornado

So, you and your family have survived a tornado; it’s awesome that you were prepared, and you ended up coming out of it in good shape. Unfortunately, after a tornado, it’s very common for homeowners to see significant property damage. When you’re dealing with structural damage to your home, you need to consider the safety of your family, and what you do after a tornado can be just as important as what you did in preparation for it.

A study done on tornado damage in Marion, Illinois, showed that 50 percent of tornado-related injuries occurred after a storm
had passed. It’s common for injuries to occur during cleanup and post-tornado activities; almost a third of these injuries occurred after a person stepped on a nail. A tornado damages power, gas and electrical lines, and when you combine that with storm debris, it really puts you at risk.



Springtime is a time for flowers, leaves on trees and new grass – a manifestation of nature’s own recycling program – but it also marks the beginning of weather patterns that can create less-inviting scenarios. Between the tornado season, the hurricane season kickoff and what traditionally has been the start of a fire season, springtime lights up a veritable cauldron of natural disasters just waiting to boil over.

That’s why MSPs at this time of year should be talking to their clients about data backup and disaster recovery (BDR) strategies. With those clients who already have a strategy in place, this is a good time to review their plans to assess whether they still meet all of the clients’ requirements.

Are all new users included in the backup process? Are they aware of recovery procedures in the event of a disaster? Have any systems been installed recently that require some kind of upgrade to the BDR?



Unplanned system downtime is the reality that IT departments need to deal with every day.  Some even see downtime as being the worst thing that can happen with their IT systems.  In fact, as almost everything we know has gone through a digital transformation, businesses rely more and more upon IT; therefore an IT issue is a business issue. When critical incidents occur, the business operations can quickly suffer from it:

  • Loss of online revenue for e-retailers
  • Drop off in employee’s productivity in manufacturing
  • Frustrated clinicians, increased patient safety risk and drop of the hospital bed turnover rate in hospitals
  • Impact on brand, company image and patient satisfaction

Not long ago, CloudEndure published a survey that put system downtime, and more specifically the cost of system downtime into perspective.  The online survey was conducted in January of 2016 and responses were collected from 141 IT professionals from around the world who were using or looking to implement disaster recovery.



Turmoil in emerging markets, increased localisation of Internet networks within country borders and financial repression are some of the key risks identified in this year's Swiss Re SONAR report, published recently. Although aimed at the insurance sector the report contains useful information for all enterprise risk managers. The publication is based on the SONAR process, a crowdsourcing tool drawing on Swiss Re's internal risk management expertise to pick up early signals of what lies beyond the horizon.

The report offers insights into emerging risks, those newly developing or evolving risks whose potential impact and scope are not yet sufficiently taken into account. Among these, the report also highlights a ‘crisis of trust’ in institutions, the ‘legal and pricing risks of the sharing economy’ and technology-related topics, such as the rise of ‘precision medicine’ and ‘distributed energy generation’.

"Risk management is not just about managing risks in the present. It is about anticipating future ones to make sure we will be in a position to deal with them," says Patrick Raaflaub, Swiss Re's Group Chief Risk Officer. "These risks may only fully reveal themselves to future generations. That doesn't mean that we shouldn't act today to reduce uncertainty and alleviate their burden."

The identified risks are relevant to life and non-life insurance areas and are presented with the goal of helping industry players prepare for new scenarios by adapting their behaviours, market conduct and product portfolios.

Detecting early signals of looming threats allows for a proactive approach to risk mitigation and is an important step to help society as a whole to become more resilient.

The three top risks with the highest potential impact:

Emerging markets crisis 2.0: turmoil in emerging countries could hinder the market entry and the penetration strategies of global insurance companies and even result in higher underwriting losses, especially in property, personal and commercial lines, for example in the case of riots.

The great monetary experiment: the long-term costs of negative interest rates and unconventional monetary policies are still unknown, yet they might lead to a broader loss of confidence in the monetary system. Short-term benefits are limited as the policies are unlikely to boost economic growth.

Internet fragmentation: firewalls, special software to filter out unwanted information and isolated IT infrastructure detached from global networks: disconnected nets could soon become a reality. Their potential impact includes increased costs and disrupted business models for insurance companies and other businesses operating across borders.

Read the full report

For many organizations, it is a constant challenge to meet the current year goals and objective for the business continuity management program.  There are a plethora of causes and symptoms, including:

  • Exercises continually fail to meet recovery time objective (RTO) targets.
  • The internal and/or external auditors have black notes that have not been fixed.
  • The board, interested parties, customers and other stakeholders are making more demands.
  • The competition now has certified BCM programs and is winning more business.
  • A lack of confidence in consistently meeting contractual and regulatory obligations.
  • A need to expand the BCM program scope, e.g., additional departments, regions, or community responders, etc.

But there is hope.  A set of fresh eyes to perform a gap analysis of your BCM program can highlight non-conformities and provide direction on how to reasonably move forward to meet your goals.



How else have IT departments been doing so much more with so much less? Cloud service providers have done what so many CIOs and IT managers have only dreamed of.

They have packaged virtualisation, automation, replication and innovation together, and put cost reduction in as part of the deal too.

Never before have enterprises and organisations had so much power at their fingertips for so few dollars (well, thousands of dollars). However, there’s just one big drawback.

The drawback isn’t really due to cloud computing. After all, much of cloud computing fulfils its function marvellously well. That includes providing resources for business continuity and disaster recovery, as well as for data archiving.



Thursday, 26 May 2016 00:00

Emerging Risk: the Internet

We think of the Internet as a borderless entity, but that could all change, according to an annual emerging risk report from Swiss Re.

The publication is based on the SONAR process, an internal crowdsourcing tool that collects inputs and feedback from underwriters, client managers, risk experts and others to identify, assess and manage emerging risks.

Increased localization of internet networks within country borders is one of the key emerging risks that industry players should prepare for, the report suggests.



(TNS) - The John F. Kennedy assassination, the 9/11 terrorist attacks and the Berks County hailstorm of May 22, 2014.

Like the where-were-you aspect of two infamous episodes in U.S. history, the savage hailstorm that hit a small piece of the county slightly more than two years ago has become an unforgettable moment in the lives of those who experienced it.

"It just seemed like the whole world was coming apart," said the Rev. Mark Johnson, pastor of Bausman Memorial United Church of Christ in Wyomissing. "When I came out, my Honda Civic was dimpled up like a golf ball."

The memorable storm hit on a Thursday afternoon. Hail reported as the size of golf balls or larger fell from 2:45 to 3:30 p.m., followed by a second hailstorm within an hour.



(TNS) - Federal officials on Monday announced new procedures for flood insurance policy holders to file appeals and internal steps to exert more control over the process following complaints that private contractors underpaid claims after superstorm Sandy.

The changes come amid lawmakers’ and homeowners’ continuing criticism of the way claims and appeals are handled by the FEMA's National Flood Insurance Program and the private insurance companies it contracts with to carry out its work.

“Fundamental changes need to take place in this program,” said Roy E. Wright, the flood insurance program administrator. He said he was rolling out “three elements” that would go into effect later this year in what he called “a long-term process.” Wright said they include:



Wednesday, 25 May 2016 00:00

Symbolic IO Rewrites Rules For Storage

The defiant math of Radiohead's song "2 + 2 = 5" can now be found in an enterprise storage system called IRIS from Symbolic IO. With IRIS, which stands for Intensified RAM Intelligent Server, the whole is greater than the sum of the parts. That turns out to be an advantage because you can allocate less storage space for the parts than they'd require as a single set.

The four-year-old company, founded by CEO Brian Ignomirello, who served as CTO of HP, claims it has found a way to store data in substantially reduced form and to retrieve it without any loss in random access memory (RAM). Symbolic IO's technology, which the company says is the first computational-defined storage product, thus amounts to magic, in the sense that "any sufficiently advanced technology is indistinguishable from magic," as author Arthur C. Clarke put it.

Indeed, Symbolic IO describes its storage system in magical terms when it refers to IRIS "'materializing' and 'dematerializing' data in real-time."



The State of Virginia Department of Motor Vehicles lost access to its IT systems for hours this past Saturday as a result of a data center outage that disrupted network access for more than 60 state agencies.

Caused by a faulty network switch, the outage was resolved about five hours after it started, Richmond Times-Dispatch reported. The data center is owned and operated by Northrop Grumman, which resolved the issue by replacing a faulty part with one from a test environment that was running in the facility.

The switch failure “caused a widespread outage of inbound and outbound communications traffic through the information technology infrastructure for executive branch agencies,” Marcella Williamson, spokesperson for the state’s IT agency, told the Times-Dispatch.



In the middle of a critical event, it’s easy to forget who needs a notification and where they’re located. When time is of the essence, using groups can streamline the notification process allowing you to notify your users more efficiently. When you have a next-generation emergency notification system like AlertMedia, groups can simplify that process.

Groups are a collection of people that you can quickly and easily send a message to from your emergency notification system. Users can be grouped together based on common traits such as the user’s location, departments, their function, etc. – the possibilities are endless. Here are a few group must-haves you will want to incorporate with your emergency notification system:



FMCSR stands for Federal Motor Carrier Safety Regulations.

While companies are subject to many compliance related requirements, it can still be argued that not all compliance requirements are viewed to be equally important to the operations of a company.  FMCSR and its requirements can often fall into that “of less importance” category.

This posting assumes that Federal Motor Carrier Safety Regulations is a requirement where training is all too often incomplete and in some cases not performed at all ….even knowing that all training must be documented and available on request for internal or external audits.

Even worse — When nothing happens, no accidents, and no one performs a thorough audit, everything can often be perceived to be “OK”.  As a result, many companies are falsely lulled into believing they are in compliance when they are not.

Wednesday, 25 May 2016 00:00

The Cost of Compliance

FINRA released advance warning of their 2016 priorities for broker-dealers with its latest Regulatory and Examinations Priorities Letter earlier this year, highlighting data quality and governance as primary areas of concern. But many firms are forgoing the investments needed to upgrade their compliance programs – even as regulators and data issues increase year over year. Is your firm’s passive ignorance a sure path to more fines this year?

The amount of data being created and stored by broker-dealers has increased over the past few years, and data is being stored in multiple and unstructured formats across a multitude of different systems. This has led to siloed processes and sloppy reporting – and FINRA has noticed, firmly outlining the top areas of concern in the new letter:



(TNS) - Tropical storm and hurricane season kicks off June 1, so it's not too early to get ready.

That was the message federal, state and local emergency planners delivered last week during Hurricane Preparedness Week.

The message is simple: Be prepared.

This year's season, from June 1 through Nov. 30, could be more active than those the past couple of years, experts say.



(TNS) - A lone gunman is in the building, multiple people have been injured and the suspect is armed with semi-automatic handguns and extra ammunition. It’s up to law enforcement and emergency responders to evacuate the injured and subdue the gunman – all at the same time.

That’s the scenario that played out at UC Merced on Saturday morning as multiple Merced County law enforcement and emergency response agencies trained together on protocol and response for violent incidents.

About 50 role-players acted as student witnesses and victims while paramedics and firefighters teamed up with police officers and deputies.



All-flash storage systems are about to spark a renaissance within the data center. Until very recently, the higher costs of all-flash storage has prevented the technology from being adopted across a majority of data center workloads. However, the recent introduction of high-density flash will certainly change this situation, as the ability to mix high density with traditional flash in a real-time auto-tiering manner will dramatically reduce the cost of flash, enabling its broader use for all workloads across the data center.

Flash is still uncharted territory for many data center executives. As the use of all-flash becomes more common, it will be more important than ever to know how to assess key performance parameters and assess any cost challenges encountered along the way.



Crises don’t discriminate. Whether they are economic, geopolitical, technological or environmental, you can expect to have to deal with a major one soon. And how well you minimize the impact of that crisis is the difference between achieving your business objectives, and completely missing them, disappointing your customers, employees, partners, and shareholders in the process. Lucky for you (if you believe in luck and not the probability of chance events), Forrester’s risk experts have updated The Governance, Risk, And Compliance Playbook For 2016. I also recently finished a series of reports on the state of business continuity (which I have creatively named part 1, part 2, and part 3) to give you a jump start on your GRC efforts. Below, I’ve highlighted some of our most recent and exciting GRC research:



Ransomware has become such a prevalent threat that the Los Angeles Times suggested in a March 8 article that “2016 is shaping up as the year of ransomware.”

Recent ransomware victims, the paper reported, included the Los Angeles County Department of Health Services and Hollywood Presbyterian Medical Center, which paid $17,000 to regain access to a communications system that attackers had shut down.

Ransomware is ingeniously simple to execute and, as such, an effective method for cybercriminals to monetize malware attacks. Ransomware uses malware variants with names like “Locky” and “CryptoWall” to encrypt files in victims’ systems. The malware typically is delivered through phishing emails.



Published: Tuesday, 24 May 2016 07:55


The Business Continuity Institute’s Middle East business continuity and resilience Awards took place on Monday 23rd May 2016 in Abu Dhabi.

The winners were:

Continuity and Resilience Newcomer 2016
Pauline Kolset CBCI, Administration Manager, Risk Management, Jumeirah Group

Continuity and Resilience Consultant 2016
Tom Keegan FBCI, Enterprise Resilience Leader, Control Risks

Continuity and Resilience Professional (private Sector) 2016
Abdullah Alrebdi AMBCI, Business Continuity Senior Analyst, Saudi Stock Exchange (Tadawul)

Continuity and Resilience Professional (Public Sector) 2016
Mahmoud Abu Farha MBCI, Head of Business Continuity Management, Palestine Monetary Authority

Continuity and Resilience Team 2016
Roads and Transport Authority Crisis Management Team

Continuity and Resilience Provider (Service/Product) 2016
Deloitte and Touche, Resiliency and Continuity Services (RCS)

Continuity and Resilience Innovation 2016
Estmrarya Academy ‘Learn and be more Resilient’ 

Most Effective Recovery 2016
Commercial International Bank - Egypt

Industry Personality 2016
Fatima Azeem AMBCI, Executive Officer in Business Continuity, National Emergency Crisis & Disaster Management Authority

More details.

Data breaches are now a fact of life. Regardless of the size of your business, or the sector you operate in, sooner or later you should expect to come under attack by hackers.

In the past couple of years, there’s been a steady stream of high-profile attacks on companies around the world, from retailers to banks and healthcare providers. And if smaller firms think they will be overlooked by hackers in the belief they are not a valuable target, they are mistaken.



Let’s be honest: PCI DSS compliance is viewed as a pain in the neck.  It is seen by management in many companies as a big fire drill to check the compliance box, but without real business value.  They see the scramble to test, remediate and report to achieve compliance, but they often cannot connect it to improvements in their actual security posture.  The lack of perceived value is the result of the prevalent “compliant but not secure” mode of operation.

The fire drill typically includes the following scenario: A large company with tens or hundreds of legacy systems, some of which store its most valuable information, is tasked with complying with PCI DSS requirements and validating compliance in quarterly tests and annual audits. The systems are siloed, owned by different line-of-business and application owners, sometimes with their own IT and security experts.  Each application and associated infrastructure needs to be tested, scanned or otherwise validated to be in compliance.  To minimize potentially negative impact on business critical applications, testing and scanning needs to be coordinated and scheduled with application owners.  Results need to be communicated to those same owners and coordinated with IT administrators to apply the fix.  After the fix is finally applied, the scans and tests need to be repeated to verify the exposure no longer exists.  All of this information exchanging hands starts out in vulnerability scanning and governance, risk management and compliance tools, but most often ends up in spreadsheets and emails.  Multiply those spreadsheets and emails by the number of components and stakeholders, and it is easy to see why the process overtakes the intended objective of cardholder data protection.



Market research firm IDC forecasts a 50% increase in revenues from the sale of big data and business analytics software, hardware, and services between 2015 and 2019. Services will account for the biggest chunk of revenue, with banking and manufacturing-led industries poised to spend the most.

Data is the driving force underlying market disrupters such as ride-sharing service Uber. Data and analytic projects dominated the top of InformationWeek's Elite 100 list in 2016. So it's no surprise that IDC's most recent forecast for the big data and business analytics market shows significant revenue growth for the next five years.

IDC predicts revenue from the sales of big data and business analytics applications, tools, and services will increase more than 50%, from nearly $122 billion in 2015 to more than $187 billion in 2019. The analyst firm estimates revenue by technology, industry, and geography in its Worldwide Semiannual Big Data and Analytics Spending Guide.



As mobility has enabled us to work anywhere, the spaces we occupy are now material to the productivity and outcomes we achieve. Quite simply, these spaces and their attributes have an effect on how we work.

Collaborative, activity-based work has become the new default workstyle. It not only embraces the concepts of increased consumerization and mobility, but also the human need to work closely with others.

There is a growing delta, however, between the experiences that we achieve when we collaborate remotely using tools, like GoToMeeting or Skype for Business, and the experiences we have when collaborating physically, in meeting or conference rooms.



The value proposition of the public cloud is pretty clear. Indeed, there are few companies today that aren’t taking advantage of it in some way. The benefits of a private cloud can be a bit more challenging to define.

Jim Rapoza, editorial director and senior analyst at the Aberdeen Group, has seen the innovative ways in which many companies have effectively implemented a private cloud. Here, he shares some of its use cases, and recommends what companies should focus on when building one.

According to Rapoza, one of the main reasons to implement a private cloud is to gain better management over your virtualized infrastructure and be able to better provide services to end users and the business.



Monday, 23 May 2016 00:00

Here Come the Memory Wars

The enterprise has seen many a storage war over the decades, or perhaps it’s more accurate to say many battles of a single storage war. The latest of these pitted the rival cloud providers in a contest to see who could deliver more capacity at the lowest cost.

But even as this phase is winding down, a new one is emerging for the heart and soul of Big Data and IoT data preservation. And the field of battle is no longer on the drive level but in memory subsystems, which are proving to be a lot more versatile than their traditional roles as high-speed cache and random access devices would suggest.

The big breakthrough came earlier this week when IBM announced major improvements to its phase-change memory (PCM) technology that boosts performance way past Flash technologies on a number of key parameters while maintaining relative price parity. According to a paper presented to the IEEE International Memory Workshop in Paris, the company says it can now reliably store three bits per cell in a standard 64k-cell array that has been pre-cycled more than a million times and maintained at temperatures as high as 167°F. This provides a write endurance that is a thousand times better than Flash while at the same time maintaining random access and write-in-place capabilities that Flash does not have. The company plans to implement the technology as a cluster-level and data center solution, pairing it with low-latency networking for data-intensive applications. (Disclosure: I provide web content services for IBM.)



Global companies have been embracing socially responsible spending projects to build stronger relationships with local communities. The idea makes a lot of sense and real projects can result in real benefits.

As with any significant source of money, there are risks. Major global companies have been caught in some embarrassing situations, some of which can have real legal and reputational consequences.

Think of the irony of these situations – in an attempt to promote the goodwill of the company in emerging markets, companies spend large amounts of money, only to find out later that foreign leaders have lined their pockets with the funds to the detriment of the locally intended beneficiaries.



Monday, 23 May 2016 00:00

‘It Happened to Us’

This spring will mark the fifth anniversary of the devastating tornado that struck Joplin, Mo., on Sunday, May 22, 2011. The tornado killed 161 people and caused nearly $3 billion in damage. Keith Stammer was the Joplin/Jasper County director of Emergency Management and is today. He talked recently about the recovery and lessons learned in Joplin.

This year marks the fifth anniversary of the 2011 tornado. How has the recovery gone?

Recovery is going pretty well; everything is cleaned up. We got that done in short order. The problem here is coming back with housing. Joplin has more rentals than it has homeownership, so we have a lot of low- and moderate-income people who need places to stay. If you’ve ever done that, particularly with state and federal tax credits, it takes a while.
We were warned that this would take some time, but I was hoping it wouldn’t take as long as they thought. That being said, we’ve gained back what little of the population we lost. We actually have a few more residents than we had prior to the tornado, and unemployment is running under 5 percent. The other big thing that helped Joplin was that we basically live off sales tax and not off property tax, and the sales tax did not go down in terms of revenue. In fact, it went up because everyone wanted to rebuild. So that helped us from a financial standpoint in terms of not losing anything.



Monday, 23 May 2016 00:00

6 Barriers To IoT Data Flow

The Internet of Things (IoT) is gaining momentum across industries as organizations strive to compete using data. Gartner estimates by 2020, 25 billion connected "things" will be in use. Whether it's weather monitors out in the field or wearables, companies are getting insights that were previously not possible and achieving new levels of automation. The question is whether the devices are enterprise ready.

"Enterprises adopting IoT devices have to support enterprise standards with authentication, encryption, and protocols," said Andy Beier, director of engineering at BI software vendor Domo, in an interview. "The greatest barrier to IoT data flow is that these devices are not created with an enterprise standard, making it more difficult for companies to benefit."

Even when IoT devices are built for enterprise use, there's no guarantee they'll work together. In smart commercial buildings, for example, different manufacturers are working to get their devices to communicate via APIs or an orchestration platform, but the process isn't necessarily plug-and-play or any-to-any simple yet.



Last month I talked about cybercrime as big business and how crime rings take advantage of point of sale (PoS) technology to collect and sell the data they gather. I’d like to build on that conversation, using a new study from Hewlett Packard Enterprise (HPE) that takes an in-depth look at the underlying economy driving cybercrime.

I had the opportunity to talk to HPE researchers involved with this report, and they told me that cybercriminals operate their business in much the same way that any other small business person does. They seek out people who are skilled in different areas – not just computer programmers, but also, say, those with good financial chops or a talent for marketing. They recruit and vet potential employees. The biggest differences between their business operation and yours are that theirs is involved in illegal activities and it is all done anonymously. That’s right – these folks operate under their online alias so you probably will never know anyone’s true identity. It’s a business model that is based primarily on trust and reputation within the Dark Web.

Why should you care about these cybercriminal business ventures? They are your competitors, according to Kerry Matre, senior manager, Security Portfolio Marketing with HPE. Maybe they aren’t going head-to-head with you in a specific industry, but they are looking at how you use technology and the type of data you collect in the course of everyday business, and they are coming up with ways on how to target attacks against that data.



How well do you know the cloud?  What are the roles and responsibilities of the companies that provide cloud services? What part does the state or local government IT organization play when it comes to cloud technology?

These questions and others were at the center of a panel discussion at the Florida Digital Government Summit held May 12 in Tallahassee. During the 90-minute session, Florida’s Chief Technology Officer Eric Larson and two private-sector representatives weighed in on the four most important considerations and steps that need to be made before diving headlong into cloud migration.


The battle over ad blockers has never been fiercer: Their popularity with consumers is skyrocketing across the globe. Ad blockers offer a better online experience and have become easier to use. But consumers like them as a way to protect their privacy and their data from being misused. Firms increasingly think that their best bet is to block the blockers. But a recent study has shown that this strategy is just a losing game, as it has contributed to the deep decline in traffic figures. And the problem doesn’t end there; the EU recently made its voice heard by saying that blocking ad blockers is a practice that breaches EU privacy rules.

But what about your customers? If you use ad blockers, just think of the last time you wanted to check out an article online but were asked to uninstall your ad blocker first or, possibly worse, to fill in your details to “freely” enjoy your read.



The secret to effective mass notifications lies in the simplicity of sending the notification, and streamlining all the activity into one seamless experience, so you can get to the core of what matters most: communicating an important message and monitoring the well-being of your people.

Every day, AlertMedia customers send notifications connecting their audiences in different locations all over the world. Two-way mass communications is quickly creating a connected audience—no matter the size.

An easy-to-use mass notification system that keeps the process of sending a notification simple, while facilitating activity that’s easy to access, manage, and measure, makes our emergency notification software smart and efficient.



(TNS) - First responders geared up Wednesday as they held active shooter training at St. John's College where they simulated a gunman killing and wounding people inside the school's library.

The fake incident played out like this: A lone shooter with a book bag entered the library where he killed and wounded several people. He moved about the first floor and up to the second floor where he stood his ground in a back room.

The exercise was the second active shooter training done at St. John's since 2010. This year was different as emergency medical staff were outfitted with Kevlar vests and helmets as they followed police into the building after floors were cleared.



(TNS) - Marion County emergency officials say that each time they speak to community groups, they become more concerned about inexperience and complacency as hurricane season approaches.

It has been nearly 12 years since Marion County has been hit by a hurricane. In 2004, two storms — Frances and Jeanne — battered 3,000 homes and caused $30 million in damages across the area. And those were tropical storms, only packing 45 mph winds when they toppled trees across the area.

Since that time, there has been a hurricane drought. In fact, it has been more than a decade since Florida has been hit by a hurricane — the longest no-hurricane streak on record.



(TNS) - Drone footage from Twin Falls County Sheriff’s Department reveals the scene that unfolded at Henningsen Cold Storage Wednesday morning.

To the casual observer, it would appear as the site of a gruesome accident — paramedics and firefighters respond to victims on the ground near an overturned school bus, a railroad car and multiple crashed cars.

The scene was a drill — a test of the county’s resources and response, but in an emergency scenario with unknown chemicals involved, the value of drone technology becomes apparent.



In the wake of the damaging Alberta fires, there has been a lot of attention paid to what role climate change plays in wildfires. Yet 2016 is also a powerful El Niño year, which has created ideal conditions for the extraordinary fires in Alberta.

So what climate phenomena could have led to the persistent warm, dry conditions and the extreme fire events?

I have analyzed weather trend data and found that higher temperatures and lower precipitation created the conditions for the extensive fires. It is by looking at exactly when those warmer months occur that we can begin to sort out the role of El Niño versus climate change.



Communications at the Time of a Disaster

It is well known that business continuity and crisis communication plans are vital to minimizing losses during an emergency. 80% of companies that experience a major disaster and don’t have any form of contingency planning go into liquidation within 18 months. Yet only 55% of employers have a crisis communication plan in place.

Of course, simply having a crisis communication plan in place isn’t enough to ensure the safety of your employees and your company’s future. Only 60% of employers think that if a disaster were to effect their workplace, their employees would actually know what to do. Be confident that your employees are prepared for the worst by understanding how to optimize and efficiently execute your crisis communication and response plans, thanks to helpful advice from emergency management and business continuity expert Regina Phelps.



Having mold in your commercial establishment is risky business. A fast-moving health hazard, it can run rampant throughout your space in as little as 48 hours, scattering allergens and irritants as it spreads. What should you do if you suspect that you have a mold issue? Contact SERVPRO of Asheville East. Our mold remediation specialists are highly skilled professionals who are trained in the standards and best practices set by the Institute of Inspection Cleaning and Restoration Certification. You can be confident that they have the expertise and equipment to handle your mold problem efficiently so that you can get back to business.


If a leaky roof, window or plumbing system allows water to flow into your business, mold damage is likely to follow. When you call SERVPRO of Asheville West about a mold problem, we’ll start by completing a thorough inspection of your commercial property, searching for both signs of mold and the hidden water sources that allow it to flourish. We use a variety of technologies to scour your commercial property, which allows us find mold in places that are in plain view and in concealed areas where it might otherwise be missed.



On any given day, most of us rely on the cloud to store, upload, and retrieve various types of data – work files, songs, pictures, videos, apps, etc. It’s a proven, reliable service that we’ve grown accustomed to working with – maybe even taken it for granted.

We’ve discussed the pros (and cons) of cloud computing before – reliability, affordability, and accessibility – but have you ever wondered, even with multiple levels of protections and policies in place, how data goes missing?



New technology, increased regulations and a heightened focus on culture are changing the role of the compliance officer in the capital markets, especially with a new shift toward accountability on compliance teams.

Compliance officer liability is becoming a highly debated, hot topic in the capital markets. SEC executives have made statements in the past about compliance officers being held more “accountable for conduct that…is the responsibility of the adviser itself.”

With this newfound spotlight on CCO accountability, technology, regulations and culture are primary focuses for compliance officers, increasing pressure and responsibility.



(TNS) - Military engineers at Robins think they have developed a way to save lives in an active-shooter situation.

Five Robins airmen and one from Maxwell Air Force Base in Alabama worked for six months to develop a gunshot alarm that sounds an alert when shots are being fired. The Air Force currently is testing the device to determine whether is could be used at bases.

They entered the system into a contest sponsored by the U.S. State Department that sought technological solutions to issues of security and diplomacy. The Robins-led team was among six teams picked from more than 500 entries to present its system at a State Department conference in March. The team won an award for having the most economically feasible entry.



(TNS) - Allegan County Central Dispatch looks to spend as much as $10 million on a new radio system over the next year.

The local 911 network fielded just shy of 53,000 phone calls last year split between law enforcement, fire services and emergency medical services. The current system was installed in 2001 and is due for a replacement, according to county officials.

“It’s at the end of its life,” Dispatch Director Jeremy Ludwig said.

A new system would replace equipment on local radio towers, in the dispatch offices and on the officers and emergency personnel all throughout the county. Ten law-enforcement agencies rely on Allegan County Central Dispatch, as well as 20 fire departments and five EMS agencies.

In 2015, the center handled 37,500 calls relating to law enforcement, 4,900 for fire services and 10,200 for EMS.



The Business Continuity Institute - May 19, 2016 16:57 BST

The theme for Business Continuity Awareness Week is return on investment and the discussion has mainly focussed on the investment in business continuity processes, but what about the investment in those people working in the industry? Does this provide any return? It certainly does for the individual according to the latest research by the Business Continuity Institute, which examined the salaries of business continuity professionals from across the world, and made comparisons between different demographics or factors.

The key finding from the Global Salary Benchmarking Report was that BCI certified members, those who have achieved one of the world’s leading credentials in business continuity, earned more than their non-certified colleagues by up to 30%. In Europe the figure was 30%, while in Australasia and North America it was 18%. This helps demonstrate the value of investing in your career, as ultimately those with the appropriate certifications receive greater remuneration.

The findings of the report also indicated a gender pay gap, with female business continuity professionals in Europe being paid a staggering 37% less than their male counterparts, while those in North America received 19% less. Of course there may be a number of variables that contribute to this, but the fact remains that there is a significant salary imbalance between men and women.

Patrick Alcantara DBCI, Senior Research Associate at the BCI and author of the report, commented: “The report identifies that business continuity professionals must consider the investment in their own career. By attaining the credentials relevant to their role, and investing in their education, they can improve their career prospects and reap the benefits when it comes to remuneration.

It must be noted as well that significant variations still exist between salaries for men and women. This is something that the business continuity community can help change consistent with the principle that equal work deserves equal pay.

In addition to the Global Report, the BCI has also produced reports for several countries and regions across the world, and these can be found using the links below.

Asia | Australasia | Australia | Europe | North America | United Kingdom | United States

Considering the number of threats that organizations face today, it may be surprising to learn that the majority of companies are not prepared for a business-affecting emergency. Unfortunately, it’s true: The Disaster Recovery Preparedness Council found that nearly three quarters of organizations worldwide aren’t properly protecting their data and systems.

The potential consequences of not having a business continuity management program are extremely grave. Consider the many risks that your company faces: network outages, natural disasters, active shooter events, data breaches and more. However, if your organization doesn’t take business continuity seriously, you’re facing even greater risks, including the following:



(TNS) - With one expert calling Zika the “the virus from hell,” health officials warned state lawmakers about the spread of the Zika virus across the state and offered their insights on possible response measures in case of an outbreak.

John Hellerstedt, commissioner for the Department of State Health Services, warned that the virus is expected to begin spreading as prime mosquito season nears.

“We don’t know when and we don’t know at what level that will occur,” Hellerstedt said.

In response to the growing number of Zika cases in Texas in recent months, Tuesday afternoon lawmakers met to discuss what is being done in the state to prevent an outbreak of the virus.



Thursday, 19 May 2016 00:00

Building Scale into the Private Cloud

If all things were equal between the private and public cloud, few enterprises would migrate their workloads to public infrastructure. All things are not equal, however, so IT executives are constantly weighing the security and availability concerns of the public cloud with higher capital costs and lack of scale on the private side.

But while public providers have made a lot of noise touting their improved encryption and service reliability, an equally strong movement is brewing to make private cloud infrastructure more scalable, easier to deploy and less expensive.

The private cloud requires private infrastructure, of course, so deploying resources at scale remains a key challenge. (Yes, hosted is an option, too, but I’m talking about true in-house private clouds.) This is why emerging platform providers like Tintri are pushing the envelope when it comes to deploying hefty resource architectures without crushing the budget. The company’s new VMstore T5000 All-Flash Series appliance supports upwards of 160,000 virtual machines and can be outfitted with SaaS-based predictive analytics and other tools to enable advanced capacity and performance models to suit Apache Spark, ElasticSearch and other Big Data engines. And as is the company’s modus operandi, the system scales at the VM level rather than the LUN level to enable greater flexibility when matching resources to workloads.



Thursday, 19 May 2016 00:00

Global Warming of Data

Eric Bassier is Senior Director of Datacenter Solutions at Quantum.

It already reached 90 degrees in Seattle this year. In April. I’m not complaining – yet – but I’m definitely a believer that global warming is happening and that we need to make some changes to address it. But this article isn’t about climate change – it’s about data. Specifically, it’s about the growth of unstructured data and the gloomy fate ahead if we continue to deny the problem and ignore the warning signs. Sound familiar?

It’s hard to argue with the evidence of unstructured data growth. Estimates and studies vary, but the general consensus is that there will be 40-50 zettabytes of data by the year 2020, and 80-90 percent of that will be unstructured.



Thursday, 19 May 2016 00:00

Joplin Study Spawns Code Recommendations

Though building codes for schools and a range of other structures provide for protection of winds up to 115 mph, that’s not nearly enough to protect against a strong tornado like an EF4, an EF5 or even an EF3. In fact, building codes don’t even mention tornadoes unless discussing a safe room or shelter.

That has to change, and building codes and standards need to acknowledge tornadoes and the difference between straight speeds and the variables of wind presented by tornadoes. That is one of the 16 recommendations that resulted from a National Institute of Standards and Technology (NIST) study of the May 2011 tornado that killed 161 and damaged more than 7,500 structures in Joplin, Mo.

The tornado was the deadliest since the first records were kept in 1951, hence the study to determine what factors contributed most to the death and destruction. The NIST team, led by Marc Levitan, looked at four key factors that contributed: storm characteristics; building performance; human behavior; and emergency communication.



We’re used to hearing that security is the biggest bugaboo holding back greater migration to the cloud. Internet security concerns are said to be so acute that it’s widely accepted as an axiomatic truth.

But it’s time to revise that argument.

Digital security still rates as an important issue in any discussion about whether to migrate an enterprise’s data to the cloud. But enterprises have warmed up to cloud computing to the point where their biggest challenge now is actually finding enough people who have the necessary technical backgrounds to keep their cloud systems up and running.



The Business Continuity Institute - May 18, 2016 09:58 BST

What is the return on investment of business continuity? How do you justify to top management any investment in business continuity? It's a tough question. If a disruption does occur, then clearly having a business continuity plan will demonstrate significant value, as it will help you manage through the disruption. But what if a disruption hasn’t occurred? How do you justify the expense to someone who thinks of it purely as an overhead?

This is the theme for Business Continuity Awareness Week, and to help demonstrate the value that business continuity has to the organization, the Business Continuity Institute has published a new paper that highlights some of the added benefits. Combining a mixture of research and case studies, ‘Business continuity delivers return on investment’ explores some of the main returns including:

  • Business continuity helps organizations obtain lower premiums for business interruption and supply chain insurance.
  • Business continuity enables organizations to realise increased efficiencies which may translate to decreased business costs, avoiding costly overlaps and duplication of work as well as streamlining preparation efforts related to compliance.
  • Business continuity facilitates contract negotiations with customers and suppliers, increasing transparency and raising governance standards.

The paper makes it clear that business continuity significantly contributes towards optimising organizational performance. Indeed, it is not just an overhead, it is an investment for a better organization.

Click here to download Business continuity delivers return on investment.

The Business Continuity Institute - May 18, 2016 12:45 BST

Mobile, social, cognitive and the Internet of Things—technologies like these are reshaping business, improving client engagement and making employees more productive, flexible, and responsive. Our growing reliance on 24/7 availability also puts us more at risk every day and increases the impacts of an outage. In this always-on, connected world, 'recovery' is no longer acceptable. We now have to think in terms of operational resiliency – which requires continuous availability – or always-on.

A few years ago, there was room for a delay in IT recovery. Businesses could operate and perform functions manually for a short period of time. With more integrated, complex systems relying solely on accurate and available electronic processes and data to perform well, that luxury has rapidly dissolved. Without systems and applications up and running, day-to-day business processes cannot be performed with growing impact to businesses across all sectors:

  • Significant Revenue Loss - A retailer’s website goes down and thousands of customers move their loyalty and ongoing purchasing to a competitor.
  • Health and Human Safety - A healthcare provider cannot access the Electronic Medical Records data required to treat a patient.
  • Regulatory Compliance - A bank is hit with a cyber attack and customer records are compromised.

The State of Disaster Recovery hasn't kept up

Today, business continuity/disaster recovery professionals are faced with increased challenges to maintain continuous availability of critical business processes - complex technologies, more interdependencies across critical systems and cyber attacks to name a few - all increasing your day-to-day business risk. At the same time, businesses are under high pressure to return ROI, improve spending on day-to-day business operations, customer services, and IT innovations, making the business case for 'disaster recovery' investment more difficult than ever.

Time for a new paradigm - Time to shift your thinking to operational resiliency

According to Gartner, operational resilience is a set of techniques that allow people, processes and informational systems to adapt to changing patterns. It is the ability to alter operations in the face of changing business conditions. Operationally resilient enterprises have the organizational competencies to ramp up or slow down operations in a way that provides a competitive edge and enables quick and local process modification.

The shift to operational resiliency requires a more holistic view of business continuity, across all levels of the business. With more complex, integrated technologies driving business operations, it requires that resiliency be built in to the day to day operations of your business - in such a way that also provides the 'recovery' elements in the event of a disruption built into the standard business process.

Three keys to operational resiliency

Operational resiliency means having an end to end resiliency program that is embedded into the enterprise, can significantly absorb risks while you innovate and reinvent the way you do business. For operational resiliency, your business must have:

  • Rapid access to data and compute capacity
  • Automated workflows and responses, moving from paper-based to automated incident recovery
  • Communications capabilities across all channels – the first line of defense to any incident is seamless, realtime communications

I don’t have to tell you that the role of BC/DR professionals is rapidly evolving – and it is an exciting time for us to create lasting and significant impact to business. To remain relevant, you must shift your thinking to operational resiliency and achieving this means exploring new technologies that build resiliency in to every level of your business. Join my webinar on the 20th May as we explore how new operational resiliency capabilities can deliver new value to your business to support both daily interruptions to business process as well as preparing you for disaster outages.

Margaret Mills is an Associate Partner at IBM Resiliency Services

The changing scope and scale of disasters, both natural and technological, have altered the ways in which disaster management and financing are addressed and the roles of private-sector organizations specifically. Businesses and nonprofit organizations are increasingly central to the process, offering critical support in immediate disaster response but also contributing necessary redevelopment funding that supports community recovery. Although these new expectations position the private sector as a key leader in community resilience, these responsibilities have not been fully met with established guidance or clear metrics for how and when these organizations should participate in disaster recovery and financing.

This perspective examines key issues confronting the private sector in disaster recovery financing, what roles private-sector entities have played, and where there has been successful integration or leadership of these organizations. The perspective also briefly explores challenges that the private sector faces, with particular attention to issues of information use and application, coordination in response and recovery, and timing of funding. Given continued data gaps in this field, the authors offer opportunities for research and policy analysis.



Wednesday, 18 May 2016 00:00

Contemplating … value vs ROI

Sometimes, often actually, I get worried about the BC industry’s habit to try and redefine commonly understood business terms to mean something different.

Take ROI as an example.

It stand for “Return on Investment”. You can read about it on Wikipedia and there would be little to surprise business folks in that article.

Simply it is a measure of revenue, gain or net profit that flows from an investment. It is used as a tool to choose between different investment options.



(TNS) - When Ryan Blythe leased space for his glassblowing shop in Seattle’s Georgetown neighborhood, he saw a rugged industrial setting that could double as an elegant gallery.

When Seattle building officials looked at his permit application, they saw something else: the most dangerous type of structure to be in during an earthquake.

The Julius Horton building, built in 1914, is like many of its vintage. Its brick walls aren’t bolted to the floors and ceilings. It has withstood past quakes, but they have been mild compared to what seismologists expect: A magnitude 9.0 monster that hits with 2,000 times the power of Seattle’s last major earthquake, toppling walls, dropping ceilings and sending bricks flying with deadly effect.



Wednesday, 18 May 2016 00:00

FEMA: Hurricane Season Approaches

PHILADELPHIA - As the 2016 Atlantic hurricane season approaches, FEMA Region III continues to proactively work with its state, local, and federal partners to increase preparedness, coordinate response and recovery capabilities, and empower individuals to take an active role in preparing themselves, their families, and their communities.

The Atlantic hurricane season starts on June 1, 2016 and lasts until November 30; the greatest potential for storm activity is the months of August and September. A great time to begin planning for hurricane season is Hurricane Preparedness Week, designated May 15 – May 21, 2016.

Everyone should take time to ensure that their family, household, and workplace is properly prepared for a potential hurricane or tropical storm. “It only takes one storm to severely impact a community and disrupt our way of life,” stated FEMA Region III Regional Administrator MaryAnn Tierney. “We encourage everyone to prepare and plan for hurricanes and to be informed of what their risk may be.” It takes all of us, as individuals, families, communities, organizations, and as members of the whole community, to prepare for hurricanes and the potential hazards associated with them.

Residents should interact with their local emergency officials and stay informed of their risk and the potential dangers of a hurricane or tropical storm. By engaging with your local officials, citizens gain valuable insight, lend input, and develop relationships for planning and communications before a storm. 

FEMA recommends that everyone have enough supplies to last for several days. Emergency supply kits should include essential items like bottled water, a battery-powered radio, flashlight, batteries, medicines, toiletries, non-perishable food items, manual can opener, and first aid supplies.

When planning, think about the potential needs of everyone in the household during an emergency. If your household includes pets, a person with a disability, an infant, or a senior citizen, be sure to take the necessary steps to assist and make them comfortable during an emergency, in addition to having any necessary documents or medications on hand.

For more preparedness information, visit fema.gov, ready.gov, and nhc.noaa.gov.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Stay informed of FEMA’s activities online: videos and podcasts are available at fema.gov/medialibrary and youtube.com/fema. Follow us on Twitter at twitter.com/femaregion3.

Business Continuity Awareness Week is upon us and this year the core focus is on a topic close to my heart – Return on Investment. This is a very important area that can be easily overlooked or lost in the activity of running your day to day business continuity or resiliency program. Having clearly defined value drivers for your program outside of the normal areas of RoI can not only help you drive awareness, but also help you gain buy in from other business units.

So how does this relate to using a mass notification platform? Put simply – give your notification system a day job. That day job can be a natural fit like the time sensitive and critical nature of IT alerting, or something less obvious – some examples of these may be:



(TNS) - Wichita County officials met with local members of the American Radio Relay League (ARRL) and Texas Amateur Radio Emergency Service (TARES) to hash out some regulations about control of radio networks during emergency weather situations.

County Judge Woody Gossom said ARRL regional members decided to realign the system to have SKYWARN be the parent network of a controlled network rather than a closed one.

Local ARRL member Charlie Byars said in a previous article that a repeater is normally open to all ham radios, but is closed to unauthorized users during severe weather events. He explained that they would take a emergency report, such as a tornado sighting, and refer the information to the National Weather Service.



Wednesday, 18 May 2016 00:00

Plan the Test, Test the Plan

If your organization has an Emergency Notification Service (ENS) in place, it’s already taken an important step toward communicating faster and more effectively in critical situations. But, if the solution is not routinely “touched,” or better yet, tested, you could still be at risk in an actual emergency. Consider the following recommendations from Send Word Now to create a full and repeatable test cycle, ensuring your alerting readiness.

Set a regular testing schedule and stick with it – It’s important to test your ENS on a regular basis. Test your system frequently with a small group of administrators or other participants. Conduct widespread exercises at regular intervals throughout the year to ensure recipient familiarity with notifications and procedures. As a BC professional, you’ll appreciate the peace of mind that comes from knowing your solution is working and your people know what to do.



Moving security operations away from your security team? This may sound counterintuitive, but it’s something that we see happening more and more. Nimmy Reichenberg explains why this is happening and highlights the advantages of the approach.

Escalating security requirements, the growing risks of breaches and outages, and the shortage of skilled and experienced security staff is forcing businesses to find new ways to make more efficient use of their security specialists. As a result, organizations are directing their security teams to focus on protecting the network from external and internal threats, and increasingly handing over operational tasks to other areas of IT.

I see this as a positive development. However, for this transition to be successful, there are certain processes and conditions that need to be in place first.



Wednesday, 18 May 2016 00:00

HDD vs SSD – which lasts longer?

Many comparisons can be made between a Hard Disk Drive (HDD) and a Solid State Drive (SSD); cost, speed, data storage capacity – there’s no end of areas to consider. However in this post, we’ll be looking specifically at the durability of HDDs and SSDs to assess if there is any difference in life expectancy between the two data storage types.

Physical failures

It’s important to firstly note that any life expectancy figures for HDDs and SSDs alike cannot be 100% guaranteed. These estimates assume manufacturer’s recommended environmental conditions and do not take into consideration extremes of temperature, humidity and physical mishandling. In fact, out of almost 2000 devices surveyed between January and March 2016, at least 30% had sustained some form of physical damage to cause the media to stop working and/or cause data loss.



(TNS) - In a training exercise, the Frederick County Health Department practiced distributing medication to the public last week in a scenario in which thousands may have been exposed to aerosolized anthrax.

According to Barbara Rosvold, director of public health preparedness at the county health department, the drill went smoothly.

The practice scenario involved a widespread release of anthrax through the air, though the department did not specify a pretend source for the release.

In the scenario, the anthrax was detected by a sensor in Washington, D.C., necessitating an emergency action plan in the surrounding areas, Rosvold said.



The Business Continuity Institute - May 18, 2016 17:04 BST

The figures are well rehearsed:

  • 80% of businesses affected by a major incident close within 18 months
  • 90% of businesses that lose data from a disaster are forced to shut within 2 years

And yet it’s somehow unsurprising to find that few SMEs consider business continuity a priority.

Why do businesses avoid crucial planning?

The reasons aren’t hard to find. Apart from total disaster junkies no one particularly likes to think about crises and for most SMEs just surviving is a daily struggle. Keeping all the plates spinning in the air requires 100% attention, who is going to slice out even 1% just to consider a bunch of scary ‘what if’ scenarios?

But perhaps someone senior in your organisation feels the extra effort should be made – perhaps that person is you. What then? Well if potential crisis scenarios are scary then so is the prospect of dealing with business impact analyses, risk assessments and the whole task of writing a business continuity plan. Even the jargon is intimidating particularly for someone with little or no business continuity experience or training.

Large companies employ business continuity specialists, many have a whole dedicated department or can afford to employ outside contractors to help with writing and testing plans. Not an option for most SMEs.

In addition, resilience implies at least some form of contingency - for example a recovery site - and how many businesses can afford duplication when the boss is always trying to find ways to cut costs, not increase them.

The financial case for business continuity

The tried, tested and not always successful counter argument goes like this. If it seems like a lot of time, effort and expenditure to adopt business continuity practices, the cost of these will be as nothing compared to the cost of enduring a catastrophe and its aftermath without a plan.

It can be a persuasive argument, but so can: “Yes I agree, but right now we don’t have time for that, because just in case you haven’t noticed we’ve got 300 orders to get out, Acme Suppliers have just told me they can’t deliver until Thursday, and the wage bill needs to be met at the end of the month.” That can be a pretty persuasive argument too with the result that resilience gets kicked into the long grass.

But here’s the cruel paradox. Big businesses can often withstand a crisis; they have the money, the expertise and plans in place to deal with disruption. SMEs are far more vulnerable and business disruption, even for just a few days, can be terminal given their limited resources and manpower.

Business continuity and business as usual

So what can SMEs do to become more resilient? If the money and effort to produce and test a business continuity plan is either too much to ask or more realistically just not going to happen then what about building business continuity into business as usual? It might also lead to a more efficient workplace.

Instead of writing a BC plan, what about documenting workplace procedures, suppliers, inventories, equipment maintenance along with contact details for staff and external stakeholders? And talking of external stakeholders what about developing key stakeholder templates? Why is this person/company important to us, what services do they provide or what services do we provide them? Add contact details and names and you have a useful document that can be beneficial anytime, not just in an emergency.

Moving things forward

Inventories should include all the equipment your firm needs to get the job done and that even applies to very small businesses that operate from peoples’ homes. If you make a list of all your personal items for insurance purposes, you will likely do the same for computers and other business equipment. Have this list available so if the equipment is lost (perhaps your office is flooded) you know exactly what you need to get back up and running. Keeping that list current will also mean your list of insured items is easily updated.

Personnel changes can cause problems for small firms where far fewer people are available to fill gaps or be promoted. Staff training time will likely be limited so why not document office procedures and job descriptions including roles and responsibilities? Then if crisis strikes and key employees are not available – perhaps they are ill or on holiday – you at least have a clear indication as to what their jobs entail should other staff have to fill the vacancy or new staff are hired on a temporary or permanent basis. Once again you are streamlining office efficiency and will have information in place that will help during an emergency.

What about office security? A couple of years ago UK civil servants seemed to leave laptops on trains and in restaurants with bewildering regularity. That trend seems to have diminished but often a very light touch is displayed when it comes to information security. Once again your office document should include all the encryption and protection protocols your staff are expected to follow.

The same goes for IT back up, particularly now when even smart phones carry huge amounts of sensitive work related content. In many cases procedures for protection and storage have not kept pace with available technology. Make sure yours are up to date and documented.

Small steps with big impact

Writing a document setting out work procedures and job descriptions should not be intimidating for those involved in business. There need be no scary and little understood jargon and will not cost a fortune to produce – just the time taken by those tasked with it’s implementation. The one caveat is that this is a live document and will need constant updating - so someone will have to grasp that nettle and make sure it is reviewed on a monthly basis. If it’s well written in the first place that shouldn’t take too long.

Resilience can seem like a giant step for many small businesses, but good office management should be achievable by any dynamic and well-intentioned SME. Document it and you may not have a full blown BC plan but you’ll have the next best thing, which may well help your business run more efficiently in normal times and might just save your bacon in a crisis – now that’s what I call a return on time invested.

jim.preen@crisis-solutions.com" style="color:#3d9bbc">Jim Preen is a Senior Consultant at Crisis Solutions

The Business Continuity Institute - May 17, 2016 10:43 BST

Resilience professionals around the world… you are a victim of your own success! If your business is resilient (whether by effective planning or pure luck!) you will find that it becomes increasingly difficult to capture the imagination (and attention) of your boardroom.

“It’s just a shame we haven’t had a big incident recently isn’t it?”

Working in what is often considered as a loss centre is tough…I can’t count how many times I have heard that sympathetic statement from senior management when resilience isn’t getting the attention it deserves. Although I remember all too well being flavour of the month during floods, IT failures and employee walkouts. My mobile and inbox were buzzing from virtually all levels of the organisation.

Following those incidents, I would often refer back to them to reinforce the message of resilience and maintain our leadership buy in (usually until about a year later by which point the next hot topic or initiative is in full force). The business memory is incredibly short term in my opinion. You can spot the changes as they happen. The glazed look from the management during briefing sessions, the unattended meetings, and the un-responded emails. Keeping the business on board with resilience activities in peace time is for me one of my long-standing challenges. How do we go about demonstrating value and benefit?

I’ve experienced (and adopted) a few different ways when trying to promote value. Over the years I have tried to combine them all to produce a ‘resilience reporting dashboard’ which at the very least makes it a good start. However, it still feels to me like it needs to evolve to the next level. I’ve explained each approach individually below to show you how I arrived at my recent attempts.

1. The output approach

I assume like many of my peers I have this typical default approach / bad habit which often tends to focus on the overall work undertaken and the ‘effort’ involved. I would regularly report the following to leadership:

  • Number of desktop exercises undertaken
  • Number of call tree cascade tests
  • Number of work area recovery tests
  • Number of crisis management simulation events

More often than not there would be a huge amount of engagement time, document reviews, planning workshops and subsequent output for each and every one of those bullet points, literally hundreds of hours of work. However, what does that really tell the leadership? It would appear to be very little in my opinion.

2. The risk approach

I then took a slightly different approach, deciding to focus on key risk indicators (KRIs). I would regularly report to leadership and rather than highlight effort I would flag if something wasn’t done and comment on the risk of not doing it. For example:

  • Percentage of desktop exercises undertaken against monthly target
  • Percentage of call tree cascade tests undertaken against monthly target

I suppose really all I was doing here is just the opposite of activity reporting and with a monthly target installed. It is useful insofar as highlighting what hasn’t been done but it really doesn’t go any further in explaining to the business the real value.

3. The speed and efficiency approach

In another organisation I’ve tried to focus on performance to help demonstrate value (more specifically incident management with this one). I would report monthly into a senior management team on things like

  • Increasing speed of response
  • Reducing the time taken to close an incident
  • Reducing time taken to establish root cause
  • Reducing time taken to implement corrective actions
  • The leadership did seem to like this method because they like tend to like anything done fast at the best of times, however it still doesn’t necessarily capture much value.


Unfortunately, the concept of value is frequently linked to, and mistaken for ROI (return on investment). This is a widely used business term in which a calculation is made based on the overall expenditure of a product/service/system against its potential or actual financial yield. However, resilience activities are an overhead or at the very most an unofficial insurance policy. But what if it never happens? It’s just a shame you haven’t had a recent incident eh?

Ultimately anyone can report on output, efficiency and risk if you combine the above methods and you can find someone willing who is half decent at PowerPoint and Excel. However, capturing ‘value’ is an extremely difficult thing to achieve. The term itself is subjective and will often depend on your sector, the organisations risk appetite, your C-suite sponsors background and interest among many other different factors. I personally haven’t arrived at the next level but I’d be ready and willing to thrash out a few ideas with anyone who wanted to!

US data center REITs reported record leasing for the year’s first quarter, attributing their success primarily to a digital land grab by public cloud giants, who are racing to expand capacity.

The biggest data center providers are now operating in uncharted waters. The rising tide of public cloud deployments, combined with the paradigm shift in enterprise IT toward hybrid architectures, which combine cloud services with colocation, has created a perfect storm of demand for providers.

According to Equinix CEO Steve Smith on his Q1 earnings call, “Interconnection-oriented architectures represent a fundamental shift away from centralized, legacy enterprise IT models to distributed and dynamic models.”



RIDGELAND, Miss. — Disaster survivors in Mississippi who apply for assistance with the Federal Emergency Management Agency and are referred to the U.S. Small Business Administration are advised to submit an SBA loan application to ensure that the disaster recovery process continues.

If you are a homeowner or renter and SBA determines you cannot afford a loan, you may be considered for FEMA’s other needs assistance program, which provides grants for disaster-related medical and dental care, funeral costs and vehicle repairs. Survivors may also be eligible for assistance from other organizations.

There is no requirement to take out a loan if one is offered from SBA.

Next to insurance, SBA is the primary source of funds for real estate property repairs and replacing lost contents following a disaster. Renters and homeowners alike may borrow up to $40,000 to repair or replace clothing, furniture, cars or appliances damaged or destroyed in the disaster. Homeowners may be eligible for low-interest loans up to $200,000 for primary residence structural repairs or rebuilding.

May 24, 2016, is the last day survivors can register with FEMA and apply for SBA disaster loans for physical damage.

Loan applications may be submitted online at https://disasterloan.sba.gov/ela/ or mailed to:

U.S. Small Business Administration

Processing and Disbursement Center

14925 Kingsport Rd.

Ft. Worth, TX 76155-2243

For additional information, contact the SBA Disaster Assistance Customer Service Center at 800-659-2955 or TTY 800-877-8339, email DisasterCustomerService@sba.gov or visit sba.gov/disaster.

Survivors with questions regarding the FEMA application or appeal process, or who need to register for assistance, can go online to DisasterAssistance.gov or call 800-621-3362 (voice, 711 or relay service). (TTY users should call 800-462-7585.) The toll-free lines are open 7 a.m. to

10 p.m. seven days a week. Multilingual operators are available.

For more information on Mississippi disaster recovery, visit www.fema.gov/disaster/4268 and www.msema.org.


FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-3362 (voice, 711 or video relay service). TTY users can call 800-462-7585.

The U.S. Small Business Administration is the federal government’s primary source of money to help business of all sizes, private non-profit organizations, homeowners and renters rebuild and recover after a disaster. SBA low interest disaster loans repair and replace property losses not fully compensated by insurance and do not duplicate benefits of other agencies or organizations.

To remain competitive in an increasingly competitive world, it is important to continually seek opportunities to boost operational efficiency, reduce expenses and improve the bottom line. Within every corner of business, improving efficiency is a never-ending journey.

As a significant capital investment, data centers are often under the microscope when it comes to improving performance. Within the industry, there is little doubt that data centers need to run as efficiently as possible to avoid tying up valuable (and often, unnecessary) company resources. In our business, we talk to data center managers every day and hear from them about their successes and frustrations when it comes to improving data center efficiency. It is evident from these conversations that there are five key areas where improvements can be made. Most importantly, these areas don’t require a lot of internal bandwidth but if done right, will go a long way towards an optimized data center.



We now live in a data-driven world, where everything we do creates data or is based on decisions informed by data.

From the way we use the heating in our homes, through to the information pilots flying planes across the world can receive, it is omnipresent in almost everything we do. Despite this, the changes have been minimal for many in terms of their daily lives.

In the business world though, the use of data has had a huge impact, revolutionizing several industries and changing the face of many others. Below, we look at three of those that have had been impacted the most.



Data center design and construction has been pushing through a number of barriers lately, a product of virtualized infrastructure and the prevalence of high-speed connectivity to remote areas of the globe.

But as increased reliance on cloud computing leads to greater deployment of hyperscale infrastructure, it is hard to see how some of the more far-out designs will make a significant impact on the broader data ecosystem going forward.

Microsoft made a big “splash” (sorry) earlier this year when it deployed a submersible data center at Cal Poly Pier in the San Luis Obispo (California) Bay. The 10x7 foot capsule weighed about 38,000 pounds, according to the local Tribune newspaper, and had relatively modest computing capabilities, roughly equivalent to 300 desktops.



Late last year, Gemalto released a report that found that the health care industry leads the way in data breaches. As Healthcare IT News reported then:

The key finding is perhaps that the healthcare industry had 34 percent of its total records breached, amounting to 84 million data records compromised, the highest rate of any industry. Government accounted for the second highest rate of breaches at 77.2 million records lost, or 31.4 percent.

I bring up last year’s numbers because a new report from Ponemon Institute shows the seriousness of cybersecurity failures in the health care industry. According to the study, an overwhelming number of health care organizations  – 89 percent – admit they were the victim of a data breach, and half of those attacks are caused by cybercriminals, an increase of 5 percent from last year’s report. The other half are from the usual suspects – employee mistakes, stolen or lost devices, and third-party issues.

Also, we’re seeing that the health care organizations continue to struggle with security issues even after they’ve been breached: Seventy-nine percent of organizations claim they have been breached twice and nearly half said there have been multiple breaches.



State Offers Ideal Environment for Data Centers

Texas continues to be one of the best states in the country for business. With the lowest per capita tax rates in the nation, cutting-edge infrastructure, excellent schools, and a skilled workforce, many corporations are relocating to Texas. Importantly, the unemployment rate in Texas was 4.4 percent for February 2016 and has been at or below the national rate for 110 consecutive months.

Texas’ transportation infrastructure enables easy movement of commercial goods. The state hosts 26 commercial airports, 46 freight railroads, 11 interstate highways, and 624 miles of coastline with 16 ports of call.



have never let my schooling interfere with my education – Mark Twain (unverified).

Everything has its limit–iron ore cannot be educated into gold. – Mark Twain (verified)

Board members believe they know what they need to know. That is why they were asked to serve on the board. Unfortunately, like many issues today, confidence does not mean competency.

Corporate boards are increasing their focus on compliance issues. Unless a board member has prior experience in the field, the board has to be trained on compliance and has to “learn” how to oversee and monitor compliance issues. As I use the term “board,” the focus is on the specific board committee responsible for oversight of the compliance function.

The Chief Compliance Officer has an important role in this process. The CCO has to recognize the importance of the “teaching” moment. Every piece of compliance information has to be subject to a test – “what is the importance of this information” to oversight and monitoring of a company’s compliance program.



The second, slightly subtler but possibly more important, is that employees working with their favourite devices tend to be more productive. On the other hand, mobile security issues may keep IT managers awake at night.

What might help them to sleep better is to consider that a psychological element of BYOD might be helping to improve security, instead of hindering it.

People who use their own, personal devices for work are less likely to do something ill-considered on those devices than on a device issued by their employer, according to a recent survey. After years of employers beseeching employees to treat company property “as if it were your own”, BYOD has employees doing just that, at least for computing devices.



Plummeting oil prices, natural catastrophes and political disruption in a borderless business environment are some of the threats to the resilience of countries that can impact supply chains, according to the 2016 FM Global Resilience Index, which aggregates data to help companies identify their key supply chain risks. The Index ranked the resilience of 130 countries to supply chain disruption based on drivers in three categories: economic, risk quality and supply chain factors.

This year’s top-rated country, Switzerland, traded places with Norway—a reflection of Norway’s drop in oil revenue at a time of falling crude oil prices. Rounding out the top 10 in the Index, in descending order, are Ireland, Germany, Luxembourg, the Netherlands, the central United States, Canada, Australia and Denmark.

The lowest-ranked country in 2016 is Venezuela (ranked 130) for the second year in a row. It is followed in ascending order by the Dominican Republic, Kyrgyz Republic, Nicaragua, Mauritania, Ukraine, Egypt, Algeria, Jamaica and Honduras.



The Business Continuity Institute - May 14, 2016 14:32 BST

What’s the ROI on that?” is one of the most common questions management ask when evaluating business programmes and projects. When it comes to business continuity programmes, the answer is often “Well, there’s not really any ROI unless you experience a major disaster, and we haven’t experienced one yet.

Because of this perceived lack of immediate value, budgets often get diverted away from business continuity to other projects that produce more tangible results. In fact, 49% of businesses don’t even have a comprehensive business continuity plan, leaving their entire company at risk because of the lack of an obvious ROI.

But what you may not realize is that your business continuity programme is almost guaranteed to produce ROI for the following two key reasons.

Disasters are increasing in frequency

Research from ITS reveals that floods and severe storms – such as Desmond and Katie – are increasing in frequency and have the potential to cost billions of pounds in damage. Even seemingly mundane incidents such as burst pipes have also proven disruptive to UK businesses. In July 2015, for example, a burst pipe cut power to the Royal Berkshire Hospital and caused flooding, resulting in the A&E closing to all but critical patients.

Investing in the forward planning required to cope with these incidents can save valuable time, protect the organisation’s revenue and preserve its customer base. Advance planning also gives you time to test the solutions you’ve invested in to help keep your business moving forward.

Today many businesses believe 'set it and forget it' disaster recovery as a service (DRaaS) solutions provide enough protection from disasters. However, simply moving data off-site isn’t enough to protect your IT infrastructure. To avoid wasting money on a product that doesn’t work in the face of a disaster, it’s important to work with your DRaaS provider to test the solution and have a plan for coping with power outages and other consequences of a disaster.

Business continuity planning improves your day-to-day operations

While having a business continuity programme can help you protect your revenue after a man-made or natural disaster, you don’t have to experience a disaster to reap the benefits.

The foundation of a profitable business continuity programme is the business impact analysis (BIA). During this process, you’ll assess and prioritize critical business processes, employee roles and technology. As you take a closer look at the inner workings of your business, you’re likely to discover new opportunities for cost savings or even revenue generation. If you work with a consultant who can provide an objective business continuity assessment, you’re likely to find areas for improvement within your company.

Here are just a few ways business continuity planning can help you realize ROI on a day-to-day basis:

  • Identify and phase out archaic processes, such as those involving paper-based workflows and manual data entry.
  • Shorten project and revenue cycles by eliminating unnecessary touchpoints in critical processes.
  • Decrease vendor investments by identifying products and services that can be bundled, thus reducing the number of vendors you work with.

As you can see, having a business continuity programme in place helps you protect your revenue in case you’re affected by a disaster (and the odds of being affected by one are increasing as disasters become more frequent). But business continuity planning isn’t just about preparing for disasters. An effective plan can help you make your processes more efficient, reduce revenue cycles and streamline vendor management.

You’ve been warned: skimping on your BC/DR budget might not save you the money you think it will.

Matt Kingswood is the UK Head of ITS

Monday, 16 May 2016 00:00

BCI: More than money

The Business Continuity Institute - May 15, 2016 14:22 BST

If you could imagine, a rubber ducky inside a plastic paddling pool full of water, in an emergency control centre made during the cold war. This image might not automatically trigger thoughts of a professional business continuity exercise, however that’s exactly what it was. As a local authority our approach to business continuity is a little different; 1) because we have a statutory duty to do it and 2) because we don’t tend to focus on money and profit in the same way a private company would – but that’s not to say that we don’t still get a return on our BC investments.

Back to the rubber ducky, this scenario was part of an exercise we ran with our internal museums service to test what they would do if some of their artefacts were water damaged. (Don’t worry we didn’t actually use any real artefacts… they wouldn’t let us). It helped test practices and procedures, but most importantly it highlighted to those staff playing the importance of their BC plans for the company as a whole, and ultimately their livelihoods.

Often when people think about business continuity they tend to think about saving big bucks and less about the costs which are not monetary based. There is a phrase that habitually goes around the BC community that £1 spent on preparedness will save £8 on response, and whilst I don’t doubt that is true, often it is hard to find out whether or not that is the case.

Using the example above there was very little in regards to investment (a borrowed child’s paddling pool and a few buckets of water), however the return on investment could very well be priceless as most of the artefacts in the museum are irreplaceable. Knowing what to do, who to call and how to achieve their plans is crucial in any response and goes to show that BC really does add more value that can be recorded on a ledger.

Livelihoods is something which often doesn’t get mentioned as prominently, we focus on getting the business back up and running, but don’t appreciate that if that doesn’t occur people will lose their jobs, their houses and their ability to cope with financial pressures. During our duty officer roles here at the local authority, we come across a wide range of emergencies that often dip into the realms of business continuity.

How can you put a price on a life? More importantly how would you quantify what you have invested versus the cost of a life. I suppose the answer is that you can’t (granted that might not be what the budget holders out there want to hear). Fire emergencies have been topical across the West Midlands recently with a number of major scrap yard fires. We’ve worked closely with our fire service colleagues to help produce robust and dovetailing BC plans to help ensure that their potentially life-saving services can be maintained during disruptive events and that we can provide wider support if needed. Without the investment of time, money and expertise these plans wouldn’t have been achieved. Sure the investment may be larger here, but still not significant. Producing and maintaining a plan won’t break the bank and when the result is the continued provision of life-saving skills, ultimately the investment return is worth far more than just money.

Within local government, making money is not as high on our agenda as it is for private companies but what we do achieve is significant. The services that we provide to the people within our patch can be life changing, ranging from social housing to providing a fire fighting service and all of which requires robust BC plans, as the alternative is not worth thinking about. We work hard to strive for these plans, and can offer our expertise and time to assist those private companies so that all our communities can be resilient and prepared.

Josh Adams is the Resilience Officer, and Tom Knibbs is the Senior Resilience Officer, for the Coventry, Solihull and Warwickshire Resilience Team

The Business Continuity Institute - May 15, 2016 19:04 BST

In mythology, the Muses were nine goddesses who symbolised the arts and sciences. Today, a muse is a person who serves as an artist’s inspiration to produce the best work they can.

Utilising this device is quite useful when I am developing and writing BC plans on behalf of organisations and departments. I find it helps to focus the plan.

Whether the organisation is one of manufacture or of service delivery, I have two muses in mind.

They are both anxious people.

The first is the person that has called and needs one of the organisation's key services or products.

The second is the person who works for the organisation and has to deliver that key service using the business continuity plan.

For me, business continuity is as simple as that, and all about people. Everything else comes from looking after the two muses. Profitability, sustainability, market share and all of the other things attached to business and services follow on from this approach.

I think that in order to get the best value and return on investment from BCM, we have to be in it for the long term. One might even call it, investing for the future.

Organisations may well see an immediate short term ROI if they face an early disruption and the BC plan comes through. Many teams would see this as a result, and be happy. However, this kind of result may well be what we are looking for in a plan, but in my view simple recovery is a superficial return, and not where the real added value lies.

So what then is the real value of BCM?

Well, a long term BCM programme can produce:

  • Social capital from the workforce
  • A loyal customer base
  • A reliable and trustworthy reputation
  • Team Confidence to face the slings and arrows of the real world
  • Customer confidence
  • Organisational strength

Now that is priceless.

John Ball AFBCI is the Business Continuity Coordinator at Sussex and Surrey Police.

The Business Continuity Institute - May 16, 2016 15:11 BST

This year’s Business Continuity Awareness Week theme got me thinking about what return on investment means to me. The question of what business continuity is worth to an organization has been around for at least as long as I have been practising and probably longer. When I first got into BC in 1989, the major Canadian Bank I was working for had recently concluded a huge initiative to build a second data centre, at a cost of $20 million, a tidy sum in those days. With the creation of a second site, built explicitly to house Development and provide disaster recovery for technology, the focus shifted to business recovery and the development of unit plans to address disruption of business functions.

I was not involved in the original cost benefit analysis to justify investment in a state-of-the-art, oversized data centre, featuring lots of redundancy throughout its infrastructure. But I do recall from subsequent discussions that management had no trouble convincing the Board that the outlay was well worth it, just to mitigate the obvious risk of having all systems housed in a single facility without back-up. There was no risk department in those days, so the decision to proceed was not a formal outcome from a risk assessment, just top management applying sound business judgment.

Fast forward a few years and I was now working for a new company providing data processing for multiple banks. Having started off with multiple data centres, thus providing layers of redundancy, the company’s mission was to save money by closing down as many of them as possible and achieving economies of scale to improve the bottom line. That cost benefit analysis must have seemed highly attractive, from a profit standpoint, but what went missing in the strategy was a risk-based perspective on how the downsizing initiative was progressively compromising recovery capabilities. The ultimate irony struck in 1999 when the company decided to downsize its head office staff by 10 per cent in one swipe, to provide expense relief and improve its bottom line, for its owner banks. So my whole department of three was made redundant – no more business continuity function! Simultaneously it was a humiliation and a silver lining. Who wants to work in a company with such narrow vision?

Ever onwards... a few years later still I was working for a financial utility providing clearing and settlement for the exchanges and securities industry. By now, BCM was squarely aligned with risk and top management understood. Investment in good DRP and BCP was a given and under heavy regulatory scrutiny, we were continually seeking improvements. What a joy to work in a company where 2-hour RTO and synchronous data mirroring (0 RPO) were embraced as smart business practices.

Soon after I arrived there, we experienced one of the biggest power failures ever in North America. On the 14th August 2003, an area 1,000 miles wide and a population of 50 million lost grid power on a hot summer afternoon. Happily for us, the failure occurred 11 minutes after completion of the daily settlement cycle, so $250 billion of payments were safe and sound. Two immediate observations: our diesel generators (data centre and office) did their job, so all critical equipment and key business staff remained functional. Had the failure occurred earlier, before the deadline, we would probably have been alright anyway, perhaps experiencing a minor delay in completion of the settlement.

Even though we avoided major impact from that disruptive event, thanks to smart investment in power redundancy and lucky timing, I was embarrassed years later when a Toronto newspaper published a supplement on disaster recovery and featured my experience as a lead story. Front page headline: “Rising from the Blackout.” Sub-title: “How Des O’Callaghan saved his company – and billions of dollars – in the power outage of 2003 with business continuity planning.”

In the inside article “Keeping your cool in meltdown mode,” I received undeserved plaudits for how the incident was handled. The truth is the main reasons we were unscathed were decisions previously made to invest in risk mitigation by implementing high end systems, advanced storage solutions and power redundancy. Yes, we did a good job of managing the crisis and communicating with stakeholders, but I did not actually save the organization a penny. I have come to realize that ROI on business continuity really is just the protection of an organization from unacceptable impacts of adverse events.

Investment in BCM should be viewed in the same way that we regard 'investment' in human resources, or the legal department, or technology infrastructure, or building insurance. Running a healthy, resilient enterprise requires investment based on prudent business judgment, not just financial expenditure. Should we be smart with how we spend money? Of course, but allocation of real resources to strengthen operations and mitigate risk should be considered on the same plane as other investments, such as recruitment, training, marketing and many other corporate expenses. Anything contributing to organizational resilience is a worthwhile investment.

Des O'Callaghan FBCI is one of the leaders of the BCI's Greater Toronto Area Forum and a member of the BCI's Global Membership Council

It’s been nearly a year since Rackspace announced Fanatical Support for Microsoft Azure, which we launched to assist customers who want to run IaaS workloads on the powerful Azure cloud, but prefer not to architect, secure and operate them firsthand.

Our launch of this offering marked an important expansion of our strategy to offer the world’s best expertise and service on industry-leading technologies, and is a natural progression of our 14-year relationship with Microsoft.

As momentum continues to build with our Azure customers here in the U.S., we’re now pleased to offer the same service and support to an even larger customer base, with the Unlimited Availability launch of Fanatical Support for Azure across our European regions: UK, Benelux and DACH.



The Business Continuity Institute - May 13, 2016 08:41 BST

Britain’s businesses are being urged to better protect themselves from cyber criminals after research by the UK government into cyber security found two thirds of large businesses experienced a cyber breach or attack in the past year.

The Cyber Security Breaches Survey found that while one in four large firms experiencing a breach did so at least once a month, only half of all firms have taken any recommended actions to identify and address vulnerabilities. Even fewer, about a third of all firms, had formal written cyber security policies and only 10% had an incident management plan in place.

From this, it is clear to see why cyber attacks and data breaches rank as the top two threats to organizations, as highlighted in the Business Continuity Institute's latest Horizon Scan Report. The vast majority of respondents to a global survey (85% and 80% respectively) expressed concern about the prospect of these threats materialising.

Ed Vaizey, UK Minister for the Digital Economy, said: "Too many firms are losing money, data and consumer confidence with the vast number of cyber attacks. It’s absolutely crucial businesses are secure and can protect data."

Despite the doubling of data breaches in the banking, credit and financial sectors between 2014 and 2015, most IT professionals in financial services are overconfident in their abilities to detect and remediate data breaches. According to a new study by endpoint detection, security and compliance company Tripwire, 60% of these professionals either did not know or had only a general idea of how long it would take to isolate or remove an unauthorized device from the organization’s networks, but 87% said they could do so within minutes or hours.

When it comes to detecting suspicious and risky activity, confidence routinely exceeded capability. While 92% believe vulnerability scanning systems would generate an alert within minutes or hours if an unauthorized device was discovered on their network, for example, 77% said they automatically discover 80% or less of the devices on their networks. Three out of 10 do not detect all attempts to gain unauthorized access to files or network-accessible file shares. When it comes to patching vulnerabilities, 40% said that less than 80% of patches are successfully fixed in a typical cycle.

The confidence but lack of comprehension may reflect that many of the protections in place are motivated by compliance more than security, Tripwire asserts.



When a crisis strikes, an emergency action plan can be all that stands between a timely, orderly response and chaos. When it comes to your own plan, how prepared is your organization for the myriad of threats it faces?

Considering that nearly two-thirds of organizations report having activated their emergency communications protocols at least once in the previous year, it’s clearly important to have an actionable, up-to-date plan. Faced with a growing number of potential threats, it’s no wonder that many organizations are moving away from the traditional, hard-copy methods of emergency planning to a more advanced, technologically-savvy approach, using mobile apps as a key component for housing, updating and distributing their plans.

Before the next crisis hits, now is the time to ask yourself if your own organization would benefit from doing the same. To guide your decision, let’s take a look at some of the key benefits of moving your emergency action plan from binders to a mobile app:



(TNS) — Research groups nationwide churn out hurricane forecasts as fast and furious as the spin of a tropical cyclone as the June 1 start of storm season approaches.

Already, at least four predictions have been issued, with the big daddy of all storm forecasters — the National Oceanic Atmospheric Administration — waiting until May 27 to offer its guidance.

But National Hurricane Center Director Rick Knabb, who spoke Wednesday at the Governor's Hurricane Conference in Orlando, criticized forecasts that are overly specific about how many storms will hit the U.S. and where.

His concern: People won't prepare if they believe they aren't on the hurricane hit list.



AUSTIN, Texas – Texans who suffered damage or loss from the April flooding and were referred to the U.S. Small Business Administration could lose some income-based FEMA grants if they don’t complete and submit SBA’s loan application.

Other Needs Assistance grants may cover uninsured losses for furniture, appliances and other personal property, even vehicles. Survivors will not be considered for this type of assistance unless they have completed and returned the SBA loan application.  The information on the application is used to determine eligibility for income-based assistance.

Applicants from Austin, Colorado, Fayette, Fort Bend, Grimes, Harris, Liberty, Montgomery, Parker, San Jacinto, Waller and Wharton counties should complete the SBA loan application, even if they don’t want a loan.

“If you don’t complete the SBA loan application, you could be leaving ‘money on the table’ for your recovery,” said Federal Coordinating Officer Kevin Hannes, who is in charge of FEMA’s operations in Texas. “We use that application to check eligibility for additional grants.”

Some types of Other Needs Assistance—medical, dental and funeral expenses—are not SBA dependent and completing the loan application is not required. However, it is always recommended by recovery experts.

SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property, offering low-interest disaster assistance loans to businesses of all sizes, private nonprofit organizations, homeowners and renters.

Survivors should start the loan process as soon as possible, and those who qualify for an SBA loan are under no obligation to accept it.  If approved and the loan is not accepted, the survivor may be ineligible for additional federal assistance.

Submit an SBA loan application even if you are waiting for an insurance settlement.  You may be able to begin your recovery immediately with a low-interest SBA disaster loan. The loan balance will be reduced by the settlement from your insurance. SBA loans may also be available for losses not covered by insurance.

Homeowners may borrow up to $200,000 from SBA to repair or replace their primary residence. Homeowners and renters may borrow up to $40,000 from SBA to replace personal property.

Businesses may borrow up to $2 million for any combination of property damage or economic injury. SBA offers low-interest working capital loans (called Economic Injury Disaster Loans) to small businesses and most private nonprofit organizations of all sizes having difficulty meeting obligations as a result of the disaster.

Disaster loan information and application forms are also available from SBA’s Customer Service Center by calling 800-659-2955 or email disastercustomerservice@sba.gov. Individuals who are deaf or hard‑of‑hearing may call 800-877-8339. For more disaster assistance information or to download applications, visit sba.gov/disaster. Completed applications should be mailed to: U.S. Small Business Administration, Processing and Disbursement Center, 14925 Kingsport Road, Fort Worth, TX  76155.

Texans can register online at DisasterAssistance.gov or by phone at 800-621-3362 (FEMA). Persons who are deaf, hard of hearing or have a speech disability and use a TTY, should call 800-462-7585. Those who use 711 or Video Relay Service, call 800-621-3362.Toll-free numbers are open from 7 a.m. to 10 p.m., seven days a week. Multilingual operators are available.

For more information on Texas recovery, visit the disaster webpage for the April storms at fema.gov/disaster/4269; or visit the Texas Division of Emergency Management website at txdps.state.tx.us/dem. Follow us on Twitter @femaregion6.

# # #

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Securing patient data is a critical mission for Healthcare IT Leadership. Each and every year, countless dollars, thousands of man hours, numerous programs and myriad teams are dedicated to this charter of protecting patient and privacy information.

At Citrix, we understand. You could even say that mandating data security is in our DNA. Every product that Citrix builds reflects the core mindset ‘The Secure Delivery of Apps and Data on any device, on any network, at any time!’ It’s that simple!

In this blog post, I’d like to outline both the security that is inherently built into our XenApp and XenDesktop products and the new feature sets we continue to add throughout our product releases. This is what enables us to deliver secure data where and when you, our customers, need it.



The American Society of Health-System Pharmacists (ASHP) is a leader in the pharmacy sector, providing advocacy, career services, continuing education, meetings/conferences, publishing products, and residency training accreditation. For Gregory Smith, ASHP’s CIO and vice president of Information Technology and Operations, the cloud has enabled his staff to identify what their competencies should be, and to develop those core competencies by delegating other things to the cloud.

“I empowered my team to think differently about what we do and what our core competencies should be,” said Smith, who oversees all technology, software development and integration for new products, e-commerce platforms and operational support, including customer service to members. “Initially, we were doing too much across the spectrum and, as a result, had to try to become experts in too many technologies. We’ve pushed non-core competencies out to vendors where it’s their core competency and shrunk our core to focus and increase expertise.”



This country has already defended and strengthened itself over the centuries against the sea, staking out territories for habitation and farming that would otherwise be under water. The idea of the dyke, the fortification to keep the enemy out, is now being applied in the war against cyber-crime.

To a certain degree, Dutch skills in cyber-security are natural, in that the nation already has a past steeped in similar threats and skills. However, that does not mean that other, landlocked nations have to be at a disadvantage.

Although dykes, windmills, tulips and bicycles make a romantic picture of the Netherlands, the realities of Dutch cyber-defence are different. There are three key aspects that help the country stay virtually strong.



The Business Continuity Institute - May 13, 2016 16:23 BST

Supply chain resilience is a topic that has been debated considerably over the last few years, which has resulted in attempts by various institutions to provide guidance on or standards for discrete elements of the topic. Ensuring greater resilience in your supply chains creates a greater value for money proposition than a supply chain that is fragile and frequently creates disruptions to your business. Understanding exactly what you are paying for in terms of resilience, and using that knowledge to create appropriate levels of investment in supply chain resilience, will give you a competitive advantage.

Procurement includes the management of risk within the category of spends or market being managed by the procurement professional. Supply chain resilience is a component part of overall organisational resilience and contains within it, elements of risk management and business continuity management. Procurement includes all of these components and more, taking into consideration such components as financial resilience, human resources, health and safety, fraud, slavery, sustainability and corporate social responsibility.

For example, what is the appropriate way to analyse the current levels of resilience within your supply chain, for those you are in contractual relationships with? How will you migrate future procurement competitive bidding processes to include resilience assessed total cost of ownership?

How can you add value by exposing the costs associated with investment in resilience within your supply chains and make a calculated informed judgement as to if you are paying the appropriate costs, too much or too little.

Undertaking a more objective calculation of the risks in your supply chain to understand the onerous costs of a supply chain disruption and the cost benefit analysis associated with reducing the chance of a disruption or recovering from one.

How to utilise good practice when analysing the market and going through prequalification to achieve shortlists?

Understanding the costs associated with service level agreements for business as usual within a contractual arrangement and expectations of service during a disruption. Calculating the costs and the cost benefit of adding specific risk and business continuity terms and conditions within a request for offers be it quotations or formal tenders, public sector or private sector and how will this affect you as a bidder?

What methodology would you undertake to utilise resilience as a distinguishing factor when undertaking bid analysis, negotiations and best and final offer due diligence?

How do risk mitigations and continuity responses feature in supplier relationship management and are they embed in contractual relationships appropriately and adequately reflected in supplier relationship management information, through self -assessment or quality audits.

Finally will your internal or external auditors in undertaking an audit of supply chain resilience give you a clean bill of health on managing risk and continuity issues appropriate to your corporate objectives and corporate risk appetite? Does your corporate attitude to risk and continuity reflect the wishes of your 'Top Management' Executives and Audit Committees

David J. Window is a CIPS Senior Consultant and Head of Supply Chain Resilience. Discover more about the return on investment of supply chain resilience during David's BCAW webinar on the 16th May. Click here to register.

The Business Continuity Institute - May 12, 2016 09:44 BST

Let’s be honest, we all get annoyed at the constant challenge to justify our existence. I don’t hold with the commentators who say that business continuity is always a cost centre, insurance buy or grudge purchase. It makes me mad... but that’s not difficult.

So inevitably, we all have to talk the language of value and savings. This is a shame because incredibly important elements like safety of staff in emergencies, public perception, legal compliance and positive risk taking can all get pushed to the sidelines when there’s pressure to ‘put a figure on it’, as these softer elements are notoriously difficult to quantify. My advice is don’t pander to the bean counters and do shamelessly exploit the soft targets too as part of any justification. But that’s a different conversation to this one - So if you do need some hard numbers then read on...

Here are a few ideas for ‘fingertip figures’ - one for each finger if you will, to amaze your colleagues and turn the discussion into one about how you are really indispensable, in case they hadn’t realised. These are taken from the coal face of real life and incidents… the experiences that your executives may not have seen and from which they are cocooned by their middle managers. Move that discussion on from mere expense to pure savings, losses avoided and returns.

I don’t bother with the reason for the disruption here: fire, flood, and supplier issue, whatever… you add that bit based on your own organisational aims, risks and recent experiences. And don’t allow anyone to tell you it can’t happen here… make sure you sell the function long and not short! Don’t be shy in ‘annualising’ any figures based on the incident rates as well as also using the single incident or ‘spot’ figures.

  1. Reputation reputation reputation: It’s a reputation thing... what’s 5% of your capital and share value on the markets? What if you lost that 5% due to losing the trust of your customers or badly disappointing them and having to pay them reparation or compensation? What could that compensation amount to? Remember Mitsubishi and BMW!
  2. Customer is king: What’s the value of one day of lost sales from customers not being able to contact you through all those whizzy new channels - web, chat, twitter, email … I could go on… and I haven’t even mentioned the humble telephony call centre. It’s all blended now! Unified Communications it’s called …. make sure you know both how and through whom your customers talk to your business and an averaged value of business written in one day. Then, which days are the hot spots?
  3. Recovery royalties: What’s the value of the losses avoided because you were able to recover that business process much faster with a pre-tested plan? Any time saved = costs saved and avoided... direct and indirect. Heck, you are so good that you actually managed to avoid the disruption happening in the first place, or growing to a full blown event, because the Recovery Team met as soon as the potential arose... you ‘headed it off at the pass’... what was the value of that bigger event not landing?
  4. Crystal ball: Your predictive powers are legendary! How many times did the exercise scenario you facilitated suddenly become prescient when the real thing threatened or landed later? The team knew immediately what to do and who to involve, saving time in the recovery and avoiding larger damages and impacts. Remember; don’t let anyone say ...’it can’t happen here’.
  5. Contract creative: What did you save on that review of the off site recovery contract this year? Get a fixed price for three years? Knocked out the unnecessary seats and systems because your Impact Analysis is so good? What’s the difference from standard market rates for the contract life? [Incidentally - did the last time you used the off site recovery for real actually pay for itself? Yes? Good – then make sure you tell that story. How many days use would do that? What do you think would be a good figure for this? Two days, three, five, more?]
  6. Resource reasonable: Remember the costs saved on IT Systems resources and availability and resilience measures: due to the business owner accepting a longer but reasonable RTO after your intervention - instead of living with ‘I can’t do without it ‘or ‘I need it in two hours’. Did you align your business process RTOs to IT System RTOs or vice versa and save on costs?
  7. Champions on the field: So you’ve embedded the BC lifecycle using champions for analysis and plan maintenance etc. out there in the business - they understand their business activities intimately. What would that equivalent work cost in full time employees or contractors?
  8. Love your neighbours: Those local mutual aid arrangements with neighbours - and cross unit relocation plans - how much is that worth in the alternatives - off site service costs and welfare costs during any emergency? Over one day, two days?
  9. Analysis anticipation: Your BIAs are awesome - How many operational risks did you uncover during your BIAs - which are now on the organisation's Risk and Governance Register for effective treatment so they never materialise? You pointed out some rather embarrassing holes in the operation! What if they had landed: did they have an annual probability value of 1 = certain? What costs avoided here? Halve this number for a probability of 0.5, i.e. once every two years etc.
  10. Brilliant value: Now compare the annual total of all the above with the gross salary of your BC Team – one is peanuts in the comparison - and it won’t be the sum saved! And I bet no one would agree to pay you an annual bonus based on 10% of savings either! If anyone has tried this tack, I really want to hear from you!

Discuss: I hope some of these sound at least familiar, or prompt you to look again at the good work you naturally do, for which you can then express a value. I’m certain you have your own golden keys to the justification debate – share them!

Neil Wainman MBCI is the Business Continuity Manager at E.ON.

The Business Continuity Institute - May 12, 2016 16:52 BST

I have been involved in disaster business resilience since the 1980's. In that time, I’ve seen it go through the phases of disaster recovery, business continuity and now business resilience. Y2K (remember that?!) gave it a major boost – then nothing considerable happened. Terror campaigns in the UK and USA then the pandemic 'flu scare in 2006-7 also kept it in the C-suite's mind.

Again the number of organisations directly impacted by these were relatively small.

Then came the financial crisis of 2008 squeezing the budgets of both governments and large financial institutions who had been previously big investors in business continuity. As nothing such had happened despite the above “crises” it seems that senior management felt business continuity was an area ripe for savings.

Team sizes were slashed and investment cut. Business Impact Analyses (BIAs) were largely abandoned as expensive, resource intensive exercises that in a fast changing business world were out of date before they had written up their results. The way of identifying the benefits of investing in business continuity had been axed arguably accelerating its decline.

However, in the same period the complexity of organisations and their supporting IT systems has increased. Outsourcing/strategic alliances resulting in supply chains that span the planet are common and legacy IT systems are stitched into new, end user facing web channels. Added to this, the rate of change is accelerating as organisations try to address greater demands for flexibility from the consumer or citizen whilst fending off new entrants in the private sector or budget cuts in the public sector.

Looking around at the organisations I deal with, it seems that everywhere business resilience professionals are struggling to do more, with less. The threats are still there, events such as terrorist attacks and severe weather are happening almost weekly.

So why aren't we seeing a resurgence of investment in business resilience?

Partly I suspect that the impacts of realised threats are not widespread enough to overcome the perception that the risks are small, won't happen to 'us' and anyway they're 'someone else's problem' (such as the government or an outsourced supplier). This, coupled with a marketplace which is stagnant in many areas, means there is a reluctance to invest money in the “insurance” of business resilience.

So, how can we, as business resilience professionals, address this?

Well we have to take up the challenge of doing 'more with less'. We have to be able to tackle the increased rate of business change, increased complexity and get back to a realistic understanding of the real business needs without employing large and expensive teams to plan for and manage our way through crises.

In other areas of work, organisations have exploited automation to improve efficiency. Look at the Industrial Revolution tackling human manual work and the computer revolution of the 1950s and 1960s reducing the cost of administrative effort. When did you last see a typing pool or payroll clerk with a tabulating machine?

Sure there have been software packages to automate data gathering and the administration of the Business Continuity Management System, but is that where the costs lie?

Are there better approaches emerging that could help us with the information gathering and contextual analysis plus the more efficient handling of adverse events?

We are starting to see these come through. It's early days yet but I am sharing my thoughts on developments as well as some ideas on approaches to get investment in these made available on my Business Continuity Awareness Week webinar on the 18th May. I invite you to join today.

Tony Perry is a Senior Managing Consultant at IBM.

Cybersecurity requires a specialized skillset and a lot of manual work. We depend on the knowledge of our security analysts to recognize and stop threats. To do their work, they need information. Some of that information can be found internally in device logs, network metadata or scan results. Analysts may also look outside the organization at threat intelligence feeds, security blogs, social media sites, threat reports and other resources for information.

This takes a lot of time.

Security analysts are expensive resources. In many organizations, they are overwhelmed with work. Alerts are triaged, so that only the most serious get worked. Many alerts don’t get worked at all. That means that some security incidents are never investigated, leaving gaps in threat detection.

This is not new information for security pros. They get reminded of this every time they read an industry news article, attend a security conference or listen to a vendor presentation. We know there are not enough trained security professionals available to fill the open positions.



TORONTO, Canada – Organizations can now receive real-time, continuous updates on risk-related events to further inform and affect critical due diligence processes. OutsideIQthe leader in investigative cognitive computing, today launched a monitoring module for its DDIQ® product, which monitors the open web to discover risk events on a continuous basis, alerting compliance and due diligence professionals to any changes in a target profile on a daily basis. Any negative events found by the cognitive engine will be highlighted on the DDIQ Monitoring dashboard, where the risks can be assessed and adjudicated.

Built on an advanced cognitive computing platform, the DDIQ internet monitoring module has been trained to think and act like an investigator to reduce noise and prevent false positives.  This allows DDIQ users to receive accurate, relevant updates, rather than reviewing a full report whenever they want to have the latest information.



The Zika virus, and its presumed association with serious birth defects and a paralytic neurological disorder, poses an unusual problem for business leaders and risk managers. While the virus is not currently being spread by mosquitoes in the U.S., Brazil is an important destination for many U.S. business travelers, which will only increase in the build-up to this summer’s Olympic Games. For many companies, health and safety concerns are top priorities, but travel to Brazil may be a business necessity. Before making decisions around these two opposing drives, it is vital that risk managers and business leaders weigh the facts around Zika.

The Risk to Employees

Brazil ranks in the top 10 in the business travel global rankings, making it one of the world’s largest corporate travel markets. With the Olympics, business travel to Brazil is expected to increase considerably this year, yet many Americans are worried about the threats of the virus. Consider the results of a recent survey conducted by my company, On Call International: 64% of Americans and 69% of all women surveyed, said they would cancel their travel plans because of Zika. There is, however, a disparity between these widespread concerns and the ways businesses have actually responded to the virus. A survey by the Overseas Security Advisory Council found that of the 321 businesses that responded, less than 40% are allowing female employees to defer travel to affected countries, and only a fifth are allowing men to opt out. The majority of respondents are only taking steps to inform their employees about the virus.



(TNS) — Florida health officials confirmed two new Zika infections in Miami-Dade on Tuesday, raising the statewide total to 109 people who have contracted the virus this year, more than any state.

In Miami-Dade, where most of Florida’s Zika cases have been reported, 44 people have been infected with the virus, said the state health department, but the disease has not been transmitted locally by mosquito bites. Broward County has reported 15 cases of Zika.
With South Florida's rainy season approaching and the numbers of mosquitoes that transmit the disease expected to rise — along with increases in international travel from Zika-affected areas, such as Brazil, which will host the Summer Olympics — Miami-Dade and state officials are preparing to combat the spread of the infectious disease.



(TNS) — Improving communication on when and how a tropical cyclone will impact a community is a reoccurring theme at this year's storm conferences, but the National Hurricane Center is missing a key tool to connect with today's tech-savvy world.

There's no app for that.

The National Hurricane Center doesn't have a smartphone app people can download to track a storm's progress or monitor hurricane forecast updates. Instead, the National Oceanic and Atmospheric Administration, which oversees the hurricane center, steers people to buying a weather radio.

"That's 1930s technology," said Dan Sobien, president of the National Weather Service Employees Organization. "It's something very few people have outside marine interests and farming communities. Not only do they not have a weather radio, they don't have a radio at all."



(TNS) — Moore Mayor Glenn Lewis is in Washington D.C. this week for a conference on Resilient Building Codes hosted by the White House. The conference focused on building codes to enhance community resilience.

“We talked about all of the things we’ve done [in Moore],” Lewis said. “I was on a panel with another mayor and an administrator from the city of New York. I guess it was productive — I’m still translating it all.”

Lewis said adopting new tornado resistant building codes in Moore made the city more competitive for disaster relief funds.

The Moore City Council made history on March 17, 2014, with the adoption of 11 recommendations by structural engineering experts for residential building codes. These code changes made new homes in Moore more likely to survive a tornado without unduly raising construction costs. The code went into effect on April 17, 2014.



Modern IT platforms are designed to handle more users than ever, but what happens when these systems become the primary access point for most, if not all, users? What happens when a critical system experiences a fault or goes down entirely?

A survey by the Disaster Recovery Preparedness Council found two years ago that only 27 percent of companies received a passing grade for disaster readiness. The more we rely on data centers, the more costly data center outages become. A recent study by the Ponemon Institute and Emerson Network Power found that:

  • The cost of downtime has increased 38 percent since 2010.
  • Downtime costs for the most data center-dependent businesses are rising faster than average.
  • Maximum downtime costs increased 32 percent since 2013 and 81 percent since 2010.
  • Maximum downtime costs for 2016 are $2,409,991.
  • UPS system failure continues to be the number one cause of unplanned data center outages, accounting for one-quarter of all such events.
  • Cybercrime represents the fastest growing cause of data center outages, rising from 2 percent of outages in 2010 to 18 percent in 2013 to 22 percent in the latest study.



There is no denying the success of Amazon in delivering data services as part of their public cloud. Their database as a service (DBaaS) offerings have been some of the fastest growing and widely used and stand-outs in their amazing growth. At the same time, there are some situations where other options, and in particular those based on OpenStack, can provide clear advantages.

In this article, I’ll share the current state of DBaaS on OpenStack and provide seven concrete examples of how an organization can benefit from using OpenStack Trove relative to the offerings available from Amazon Web Services (AWS). I’ll assume you understand the value of DBaaS and databases in the cloud so I won’t review those here. Let’s get started.



Virtualized infrastructure (VMs, virtual networking, software-defined storage, etc.) provides a flexible, well-understood and secure platform on top of which a diverse set of workloads can be efficiently deployed and managed. Containers, such as Docker, provide a convenient method to package, distribute and deploy applications.

Both technologies provide useful abstractions, but at different layers in the stack. By making these layers work well with each other, the overall stack can more effectively meet the needs of both application developers and infrastructure administrators.



Despite the flexibility that the cloud offers customers, a new survey by Microsoft and 451 Research suggests that customers are fiercely loyal to their primary service provider.

According to the survey, The Digital Revolution, Powered by Cloud, which was released Wednesday at the Microsoft Cloud & Hosting Summit in Washington, more than one-third of customers (38 percent) surveyed said they plan to increase spending with their primary cloud and hosting service provider upon contract renewal.

In an interview with The WHIR, Microsoft’s vice president, Hosting and Cloud Service Provider Business, Aziz Benmalek said that this indicates the critical role service providers play in continuing to “drive organic growth in existing customers and help them in their cloud journey.”



The Business Continuity Institute - May 11, 2016 16:09 BST

“To expect the unexpected shows a thoroughly modern intellect.”
Oscar Wilde, Irish playwright, novelist, essayist, and poet. 1854-1900

Preparing for the 'unexpected' is not a new idea. Over the last 50 years, the business continuity industry has grown out of the need to protect businesses from the unexpected and expected interruption. However, when we stop and think about the threats business continuity professionals must mitigate in today’s business continuity (BC) plans versus 20, 10 or even 5 years ago, all agree there is a new threat landscape. Threats that are making the 'unexpected' drastically different today and unimaginable tomorrow.

Protecting an organization from an 'IT outage' is where most BC plans originated. Yet, even IT outages today have taken on a new level of complexity. We live in an 'Always on world' where complex, global infrastructures and open-source code systems join with the Internet of Thing’s 9 billion possible entry points to capture more and more data to the Cloud every minute. On top of that, we 'Bring (Y)our Own Devices' (BYOD) then capture and analyze Big Data to enable a ‘cognitive’ world. As BC planners we are asked to protect our businesses from interruptions caused by these many factors and do it faster, cheaper and with less staff to help solve the problem.

Moreover, there is now increased pressure from outright criminal activity. Yes, cybercrime. Our most precious business resource, our differentiating factor that is our competitive advantage - our intellectual property and personal information - is under sophisticated, malicious, criminal attack 24 hours a day, every day.

Linda LaunBy the end of 2014, some estimates indicated more than one billion leaked personally identifiable information, think emails, credit card numbers, and passwords, was reported stolen1. An organization of 15,000 employees can expect to see 1.7 million security events in one week. However, typically only 1 out of every 100 security compromises actually are detected. So add two zeros to the 1.7 million and you get the picture2.

With this new threat landscape, what truths can BC Planners hold onto today?

Linda LaunWell we know the principles of BC, like the laws of physics, never change. However, what must change is how we apply and adapt these principles to new threats. In this world of rising crises, incidents, and organized cyber-attacks, how we apply the tried and true BC techniques we’ve practiced over dozens of years brings real benefits when teamed with security to win in this war against cybercrime. According to the 2015 Cost of Data breach Study by the Ponemon Institute and IBM, Business Continuity Management (BCM) involvement in data breach response can reduce the associated costs by $14 per affected record and reduce the time to contain the data breach by 41%3.

When business continuity and security team we apply three waves of defense: Frontline, Response, and Containment. Security prevents as much as possible with implemented frontline security services like strong security policies, passwords, encryption and personnel awareness training. Should, or when the attack comes, BC’s deep experience in incident response adds command and control, measured incident response and the 'who' needs to be involved. Lastly, if the worst happens and records are lost, our company’s reputation is protected through containment by implementing BC plans for IT outage and personnel depletion scenarios.

What would BCM and Security teaming look like in the real world?

First, establish joint representation where Security and BCM work as members of each other’s teams building the response plan. Work on each other’s teams, include BC in the response team, and involve the Chief Information Security Officer (CISO) throughout.

Second, BCM and Security work together to align cyber incident response and participate in joint testing with simulated exercises. Teams work together to validate the planned actions and educate all participants on their roles as well as the unique attributes of a cyber response.

Third, appoint crisis management representatives to coordinate BC and Cyber security efforts during and after the breach. Cyber response like BC response requires clear roles, responsibilities and communication. Joint roles defined in a communication plan delineate who can answer the tough questions.

Yes, threats are changing every day and cyber is just one of the many threats from which we must protect our businesses. Now, you are armed with hard evidence and three simple actions to start, or strengthen your BCM program from a cyber event and realize real value for your organization.

Linda Laun is the Chief Continuity Architect at IBM Global Business Continuity. During Business Continuity Awareness Week, she will be hosting a webinar on the same subject giving you the opportunity to ask questions. The webinar is in Monday 16th May and you can register for it by clicking here.

1IBM X-Force Threat Intelligence Report 2016, pg. 2
22014 Cost of Data Breach Study, Ponemon Institute and IBM
32015 Cost of Data Breach Report, Ponemon Institute and IBM

Zika Prevention KitsThe first thing that comes to mind when people think about the Strategic National Stockpile (SNS) is probably a big warehouse with lots of medicines and supplies. What many do not know is that even when the SNS does not have the specific medicines or supplies needed to combat a public health threat, SNS experts can play a key role in working with medical supply chain partners to locate and purchase products during an emergency response.

The involvement of the SNS in the Zika virus response is a perfect example of this little-known, but significant, role. Zika is spread to people primarily through the bite of an Aedes aegypti mosquito infected with Zika virus, although Aedes albopictus mosquitoes may also spread the virus. Recent outbreaks of Zika in the Americas, Caribbean, and Pacific Islands have coincided with increased reports of microcephaly and other birth defects as well as Guillain-Barré syndrome. As a result, the Centers for Disease Control and Prevention’s (CDC) response is focused on limiting the spread of Zika virus. Prevention is key for Zika control, because there is no vaccine or medicine for Zika virus. This is where the SNS comes in.

Controlling mosquito populations is key to prevention

Zika prevention kit

During a public health emergency, CDC can deploy the SNS for medicines and supplies or can use SNS’ contracting abilities to access materials and services that can be used to prevent or treat diseases that threaten U.S. health security. Controlling the mosquito population and addressing other known routes of infection are important to limit the spread of Zika virus in U.S. territories. The SNS is providing immediate vector control services and preventive supplies for pregnant women to protect themselves from mosquito bites. Pregnant women are particularly vulnerable because they can pass Zika virus to their fetuses, which can cause microcephaly and other brain defects.

Before the Zika virus outbreak, the SNS did not stock or purchase medicines or supplies to respond to illnesses spread by mosquitoes, ticks, and other insects. In response to this outbreak, SNS staff are working with CDC procurement experts to award and implement immediate, short-term contracts to deploy materials and services to control the mosquito populations responsible for Zika transmission. These contracts allow CDC to work with territorial public health jurisdictions to treat areas where mosquitoes breed and live, as well as areas where pregnant women live.

Zika Prevention Kits help pregnant women protect themselves

Zika prevention kit bags

The SNS is creating Zika Prevention Kits for pregnant women in U.S. territories. These kits are being distributed as an effort to help prevent Zika infection in pregnant women and to reduce the number of babies born with birth defects caused by Zika, such as microcephaly and other brain defects. Through donations from the CDC Foundation and its partners and by purchasing products, the SNS has obtained materials for the kits – including insect repellent, larvicides, mosquito netting, condoms to prevent sexual transmission of Zika, and educational materials.  The SNS is rapidly assembling these materials in reusable bags that can be given to pregnant women.

The SNS has sent nearly 7,000 kits to affected areas, and more are planned. Each U.S. territory is identifying the best way to get the kits to pregnant women. In Puerto Rico, local public health officials have partnered with clinics that are part of the Special Supplemental Nutrition Program for Women, Infants, and Children (WIC) so they can reach expectant mothers. WIC already interacts with this population through its healthcare and nutritional services for low-income women, infants, and children. Local obstetrician offices are also being used to distribute these kits.

In the past, the SNS primarily focused on warehousing products and deploying those products for public health threats related to bioterrorism, pandemics, and natural disasters. With every emergency response, it has become more evident that the SNS can play a much larger role, especially when specialty products, products in high demand, and medical countermeasures are needed to secure the nation’s health. As one of the federal government’s leading groups of medical supply chain and logistics experts, the SNS at CDC has the ability to coordinate with industry partners to rapidly procure and transport medicines and supplies and serve specific populations in a public health emergency.

(TNS) — The Department of Homeland Security is testing airflow inside the city’s subway system this week as a way to predict what would happen in a possible chemical attack.

The week-long study poses no risk to the public, the Department of Homeland Security said.

From May 9 through May 13, DHS said officials will be releasing harmless, non-toxic gases inside several subway stations in Manhattan, including Penn Station, Grand Central Terminal and at Times Square.

“This study is part of the department’s ongoing commitment to preparedness and the shared responsibility of protecting the nation’s critical infrastructure,” DHS S&T program manager Dr. Donald Bansleben said in a statement. “The results of this study will provide us with a greater understanding of airflow characteristics, informing the research and development of next generation systems that continue to ensure the safety and security of the general public.”



AUSTIN, Texas – Texans affected by the April storms and flooding can get their questions answered in many languages by accessing the FEMA booklet “Help After a Disaster: Applicant’s Guide to the Individuals & Households Program.”

The guide provides information on the types of assistance available and how survivors in the disaster-impacted area might qualify for housing assistance and other grants and essential needs. It also explains the types of eligible losses covered by the program and information about insurance settlements and uninsured, disaster‐related necessary expenses. Applicants must meet specific eligibility requirements to qualify for help.

The guide, fema.gov/help-after-disaster, is available in English, Spanish, Arabic, Urdu, Vietnamese, Chinese and many other languages.

In Texas, federal disaster assistance is available to residents of Austin, Colorado, Fayette, Grimes, Harris, Parker, Waller and Wharton counties who suffered damage from the April 17-24 storms.

Survivors in the affected counties are urged to register for assistance the following ways:

  • online at DisasterAssistance.gov;
  • phone (voice, 711 or video relay service) 800-621-3362 (FEMA), TTY 800-462-7585. Toll-free lines are open 7 a.m. to 10 p.m. local time, seven days a week. Multilingual operators are available.
  • by visiting any disaster recovery center in the disaster-impacted counties.

# # #

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

The threat of cyber crime has created a significant increase in interest on the topic of cyber security, with organizations spending billions of dollars to protect themselves against a fast evolving array of current and potential future threats. Many spend heavily on monitoring, surveillance and software; however, they often neglect the risk exposure created by their own people – and, in this digital age, by their customers.

Like bank robbers of yore, cyber criminals target “where the money is,” and that often means banks and financial institutions. With many decades’ experience in protecting themselves against crime, banks and insurance companies typically have reasonably sound physical and technical cyber security defenses in place. The concept of currency has changed, however, and now, rather than trying to cart off bills and coins, cyber thieves seek to steal valuable information.



BATON ROUGE, La. – If you’re a survivor of the Louisiana storms and flooding that struck the state March 8 through April 8 and you’ve received an application for a U.S. Small Business Administration low-interest disaster loan, you should complete and return it as soon as possible.

Obtaining a low-interest disaster loan may be the solution to your recovery needs by providing you the funds you need for home repair, rebuilding and property loss. Returning the application also may lead you to Federal Emergency Management Agency disaster recovery grants that do not have to be repaid.

While no survivor is obligated to accept a loan, you will be considered for other federal disaster assistance only if you return the SBA loan application.

There are important reasons for you to file the loan application (even if you don’t think you currently need a loan):

  •     Your insurance settlement may fall short. As you began to recover from the effects of your personal disaster, you may discover that you were underinsured for the amount of work required to repair or replace your home. An SBA low-interest disaster loan can cover the gap.
  •     SBA will work with you to provide a loan that fits your personal budget. If you already have a mortgage on damaged property, SBA specialists can help with a low-interest loan you can afford. In some cases, that may mean your current mortgage loan could be included in your SBA loan which could give you one overall, affordable loan payment on your home.
  •     Don’t know how you’ll replace household contents or vehicles? SBA may be able to help.  Homeowners may borrow up to $200,000 for the repair or replacement of real estate. Both homeowners and renters may borrow up to $40,000 to repair or replace clothing, furniture, cars or appliances damaged or destroyed in the disaster.
  •     What about businesses that were damaged? If you’re a business owner, you may be able to borrow up to $2 million for physical damage and economic injury.
  •     By submitting your SBA loan application, you keep the full range of disaster assistance available as an option. If SBA does not approve a loan, you may be offered a FEMA grant or grants to replace essential household items, replace or repair a damaged vehicle, cover storage expenses or meet other serious disaster-related needs.

SBA Loans have Low Interest Rates.

Interest rates for loans for homeowners and renters can be as low as 1.813 percent. For private nonprofit organizations rates can be a low as 2.625 percent. For businesses rates can be as low as 4 percent.

Even if you qualify for an SBA loan, you are under no obligation to accept it.

Refinancing and relocation loans may be available on a case-by-case basis. Survivors are encouraged to speak with an SBA representative for details.

For more information, call the SBA at 800-659-2955 (800- 877-8339 TTY). Homeowners, renters and businesses may visit SBA’s secure website at disasterloan.sba.gov/ela to apply online for disaster loans.

Although it’s not required to register with FEMA to apply for an SBA loan, you are strongly urged to do so as grants could be available to you from FEMA.  

Register with FEMA for help or information regarding disaster assistance: call 800-621-FEMA (3362), register online at DisasterAssistance.gov or fema.gov/disaster/4263. Help is available in many languages. Cuando llame al 800 621-3362 (FEMA) marque el 1 y escuche las instrucciones en español.
Disaster applicants who use TTY should call 800-426-7585. Those who use 711 or Video Relay Service should call 800-621-3362. Lines are open 7 a.m. to 10 p.m. local time, every day.


We urge everyone to continue to use caution in areas where floodwaters remain. Monitor DOTD’s 511la.org website for updated road closure information. Look for advisories from your local authorities and emergency managers. You can find the latest information on the state’s response at emergency.la.gov. GOHSEP also provides information at gohsep.la.gov, Facebook and Twitter. You can receive emergency alerts on most smartphones and tablets by downloading the new Alert FM App. It is free for basic service. You can also download the Louisiana Emergency Preparedness Guide and find other information at www.getagameplan.org.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). If you are deaf, hard of hearing or have a speech disability loss and use a TTY, call 800-462-7585 directly; if you use 711 or Video Relay Service (VRS), call 800-621-3362.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at https://twitter.com/femaregion6 and the FEMA Blog at http://blog.fema.gov.

FEMA offers a number of free online resources for home and property owners. To get started, go to fema.gov/safer-stronger-protected-homes-communities or fema.gov/louisiana-disaster-mitigation

The U.S. Small Business Administration (SBA) is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling (800) 659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s website at SBA.gov/disaster Deaf and hard-of-hearing individuals may call (800) 877-8339.

A lifelong Atlanta Braves fan, Forrester Senior Analyst Joseph Blankenship longs for the mid-1990’s with respect to his baseball team, but we promise that he looks to the future as he advises his clients on current and emerging security technologies. He covers security infrastructure and operations, including security information management (SIM), security analytics, and network security, and his research currently focuses on security monitoring, threat detection, operations, and management. Joseph has presented at industry events, been quoted in the media, and has written on a variety of security topics.


Joseph’s over 10 years of security experience includes marketing leadership and product marketing roles at Solutionary (NTT), McAfee (Intel Security), Vigilar, and IBM (ISS), where he focused on managed security services, consulting services, email security, compliance and network security. As a marketing leader, Joseph helped to align client needs with marketing strategy, messaging, and go-to-market activities while educating users about security strategy. His background also includes extensive experience in the IT, telecommunications, and consulting industries with Nextel, IBM, Philips Electronics, and KPMG.


Listen to Joseph’s conversation with VP, Research Director Stephanie Balaouras to hear about Joseph’s biggest surprises since starting as a Forrester analyst, his most frequent client inquiries, and the topics he’s excited to research in the coming year:



Impact Forecasting has published the latest edition of its monthly Global Catastrophe Recap report, which evaluates the impact of the natural disaster events that occurred worldwide during April 2016.

The report highlights the two major earthquakes which struck southern Japan during the month, causing massive devastation and killing at least 66 people, with more than 4,000 others injured. Total economic losses, including physical damage to residential and commercial structures, vehicles and infrastructure, and business interruption, were expected to exceed JPY 1.12 trillion (USD 10 billion).

The General Insurance Association of Japan reported that nearly 70,000 non-life claims had been filed, as total insured losses were expected to breach JPY 225 billion (USD 2.0 billion).

Meanwhile, a major magnitude 7.8 earthquake struck Ecuador's northwest coast on April 16th, killing at least 660 people and injuring more than 17,638 others. According to government figures, the total economic cost for the damage and reconstruction was expected to be above USD 3.0 billion. Given low insurance penetration levels, the insured loss was set to be a fraction of the overall financial cost.



Considering the scope of possible crises, it’s no wonder the final draft of the newly minted Chatham County, Ga., Hazard Mitigation Plan runs to a hefty 211 pages. Drought and flood; extreme heat and winter storms; hurricanes and rising sea levels; and in this latest plan, add terrorism to the catalog. Granted, the county won’t likely see all of these at once. But still, you have to plan for all hazards.

That’s what the county mitigation plan does, and it’s been no small feat to craft the document.

“There is a lot to keep up with, a lot of documentation from a lot of government entities, along with FEMA guidelines, state guidelines,” said Margaret Walton, a senior planner in Land Planning at Atkins North America. She consulted with the Chatham Emergency Management Agency (CEMA) on the plan, which covers the county as well as seven municipalities and the Savannah metro area, population 527,106 according to the 2014 Census Bureau estimate.



There are a multiplicity of trends simultaneously altering our collective vision of what a data center is, and what it is becoming. And those trends are not necessarily acting in concert. We thought software-defined networking would make it easier for data centers to stage workloads more efficiently on a Layer 3 that was more effectively decoupled from Layer 2. But then NFV came along, and suddenly telcos are introducing the rest of the world to a completely new way to envision the role of the data plane in SDN.

It’s not as easy to predict where data center technology is going when all the trends converge. At the OpenStack Summit in Austin, Texas, a few weeks ago, network functions virtualization stole the show. Attendance at sessions that had the slightest relationship to NFV was as much as two orders of magnitude higher than those dealing with ordinary OpenStack administration. IT professionals are curious as to whether this new methodology for workload orchestration will have any impact, directly or indirectly, upon data center architecture.

NFV came about as a result of the common need among communications providers to automate the provisioning of customer services when deployed on common, commodity servers. Virtualization was essentially the means to an end; NFV’s initial goal was automation. What makes NFV attractive to data centers outside of telcos is that high-level automation aspect. What makes it risky is the degree to which NFV would reform data centers to make this automation feasible.



Early next month, FEMA Region X, in cooperation with local, state and tribal entities in the Pacific Northwest, will lead on a three day emergency operations test scenario that includes a 9.0 magnitude earthquake along the Cascadia Subduction Zone (CSZ) with a resulting tsunami -- the most complex disaster scenario that emergency management and public safety officials in the Pacific Northwest could face in the future.

Several days earlier, my own neighborhood organization that covers roughly 300 homes will perform its own first earthquake disaster drill.  We’re organized by zones, with homes pre-identified as care and shelter centers or first aid centers.  We’ve purchased and stored emergency supplies in each of our zones.  But we’ve never tested our search and rescue or communications capacities, or the protocols we plan to follow, including ham radio communications with the city’s emergency operations center.

Working on either exercise always brings up the same questions:  what should my family have on hand in the way of an emergency supply kit?  How will our family communicate if we are spread out around the city when such a disaster strikes?  How long will we be without help?



Tuesday, 10 May 2016 00:00

Emergency Leader: Dual Helping Careers

(TNS) - When an emergency strikes in the Flathead Valley, Mary Granger may or may not be physically present at the scene, but it is very likely that Granger somehow has a hand in keeping folks safe.

Granger retired as the Flathead County Emergency Medical Services manager in April. The six-year stint was a second career for Granger after working 33 years as a school teacher.

“I’ve been on this adventure since 1980 when I took a first-aid class and this is really the culmination of that adventure,” Granger said of her retirement.

Granger was one of the founding members of the Lakeside Quick Response Unit. At the time there was no first responder program in Lakeside, which sometimes meant waiting a long time for emergency personnel to arrive from Kalispell or Polson.

After the first-aid class, Granger was hooked.



(TNS) -- A new microwave backup to the region's 911 emergency telephone service will add a layer of reliability in case of violent storms or an accidental slicing of a fiber-optic cable.

The South East Texas Regional Planning Commission will spend about $3.3 million to erect 12 towers and equip five existing towers with the technology, said Pete De La Cruz, director of the commission's 911 program.

Although it could become the primary system for Jefferson, Hardin and Orange counties sometime in the future, for now it's designed as a backup, De La Cruz said.

Recently, a contractor in Lumberton building a new dentist's office sliced through a fiber-optic cable bundle in the ground.

The bundle contained the cable that connected to the Hardin County Sheriff's Office 911 dispatchers at the courthouse in Kountze.

No emergency calls were missed because all the Hardin County calls were routed to the Silsbee Police Department, the second location for incoming emergency calls in Hardin County.

But it did demonstrate a vulnerability of the 911 system, De La Cruz said.



The increase of ransomware has been discussed in great length over the past year. In my 2016 security predictions round-up, I noted that we should expect to see substantial growth in ransomware attacks, quoting Stu Sjouwerman, founder and CEO of KnowBe4:

Current estimates from the Cyber Threat Alliance put the damage caused by CryptoWall ransomware at $325 million, up 1800 percent since the FBI's report in June 2015.

And I’m not the only one who had ransomware on the mind. Others also were concerned about the rise of ransomware. For example, CSO had this to say:



Tuesday, 10 May 2016 00:00

What Is Poor Data Quality Costing You?

Your data is a valuable asset. Especially in today’s world of faster consumers, your data needs to be in tip-top shape to target, engage, and convert prospects. If not properly maintained, you risk any number of lost opportunities, decreased efficiency, and a negative impact to your bottom line.

Marketing data has become so important that 97% of companies feel driven to turn their data into insights, according to the 2015 Data Quality Benchmark report by Experian. According to the research, the top three drivers include:

  • 53% - Wanting to understand customer needs
  • 51% - Wanting to find new customers
  • 49% - Wanting to increase the value of each customer
  • Chart reason for maintaining high-quality data



Today, many Fortune 500 companies are enlisting a hybrid cloud approach that uses a patchwork of on-premises, private cloud and third-party, public cloud services to allow workloads to move between clouds to meet the ever-evolving demands of computing needs and cost expectations. In turn, these companies benefit from greater flexibility and more data deployment options.

However, Tom Gillis, founder of startup Bracket Computing, quickly realized that this approach, with server hardware, software applications, storage capacity, and networking services spread across data centers and multiple service providers, invites operational complexity and introduces an opportunity for error. Gillis decided there was an unmet need for a new virtualization technology; one that could secure multiple cloud environments by creating a container for infrastructure so that an enterprise could move data out on the public cloud, while still maintaining the control it wanted.

On his mission to create a virtualization technology that could provide one set of infrastructure across multiple clouds, Gillis was met with a technical challenge: when sticking a hypervisor on top of a hypervisor at the cloud, the technology was incredibly slow and performance was being cut in half. To overcome this challenge, a lot of trial and error, fine-tuning and tweaking was needed to get the technology—Bracket Computing Cell—to a point that Gillis refers to as “lightning fast.”



Information is critical to our businesses. We cannot make good decisions without it. We identify the cause of issues based on it. In a crisis, without information, we may be making decisions or trying to contact appropriate parties like a myopic without his glasses.

What is the information that may be required during a crisis?

  • The severity of the impact to business processes
  • How long the crisis may last
  • Internal contact lists
  • External contact lists
  • Crisis & Recovery Team members and responsibilities
  • Recovery plans and checklists
  • Business processing requirements
  • Manual processing procedures
  • Information on business risks



Data centers worldwide are energy transformation devices. They draw in raw electric power on one side, spin a few electrons around, spit out a bit of useful work, and then shed more than 98 percent of the electricity as not-so-useful low-grade heat energy. They are almost the opposite of hydroelectric dams and wind turbines, which transform kinetic energy of moving fluids into clean, cheap, highly transportable electricity to be consumed tens or hundreds of miles away.

But maybe data centers don’t have to be the complete opposite of generation facilities. Energy transformation is not inherently a bad thing. Cradle-to-Cradle author and thought leader William McDonough teaches companies how to think differently, so that process waste isn’t just reduced, but actively reused. This same thinking can be applied to data center design so that heat-creating operations like data centers might be paired with heat-consuming operations like district energy systems, creating a closed-loop system that has no waste.

It’s not a new idea for data centers. There are dozens of examples around the globe of data centers cooperating with businesses in the area to turn waste heat into great heat. Lots of people know about IBM in Switzerland reusing data center heat to warm a local swimming pool. In Finland, data centers by Yandex and Academica share heat with local residents, replacing the heat energy used by 500-1000 homes with data center energy that would have been vented to the atmosphere. There are heat-reuse data centers in Canada, England, even the US. Cloud computing giant Amazon has gotten great visibility from reuse of a nearby data center’s heat at the biosphere project in downtown Seattle.



(TNS) — Soon enough rainy season will begin drenching Southwest Florida with its annual average rainfall of 55 inches.

Standing water, even a capful in a plastic bottle top, can be a breeding ground for mosquitoes that transmit the Zika virus.

The Collier County Mosquito Control District is upgrading its laboratory to start testing for the mosquito species that carries the virus.

"This allows us to gets the results back in a matter of hours instead of days," Patrick Linn, executive director of the district, said.



With every passing year, the role of technology in business continuity only grows. From social media coordination, disaster-relief apps, “micromappers” and Google People Finder to computer models designed to predict where the next crisis will occur, technology is enabling us to make huge improvements to the ways we handle business continuity.

For many organizations, the newest, most practical business continuity software technology is an app that enables companies to house their crisis plans “in the cloud,” and then disperse them to each end user through mobile devices. Employees and other stakeholders are empowered with anywhere, anytime access to crisis plan details, which helps to streamline emergency response, better protect people and physical assets, and encourage a faster, more effective return to normalcy.

If you feel your organization could benefit from a mobile business continuity solution, consider the best ways to implement it into your business. You can either build the app in-house, use a vendor solution, or outsource it to a third-party developer. There are several key factors to consider when weighing a build vs buy decision:



It’s been a common information security event in the news for all too many business enterprises —- e.g. yet another large publicly traded company is the recent victim of a data breach.

The situation is worsened, when not only business information is breached but also millions of customer’s personal and financial information records are compromised.

Who is winning this cyber-security war?  That answer is far too complex to deal with in this short article.  Nonetheless, this article will hopefully give our readers a stronger sense of urgency to pay more attention to risk assessment and risk management when developing their corporate cyber-security related strategic goals and objectives.

(TNS) - It's been an educational year for Capt. Christopher White.

Before he was promoted to the head of Corpus Christi Police Department's Animal Care Services and Vector Control, it never crossed his mind that he would have to learn the correct temperature to make puddle conditions perfect for mosquito breeding.

But in the battle against the pesky insects that knowledge — 83 degrees, by the way — means snaring a strategic advantage.

"I got tired of trying to explain everything I was learning about mosquitoes during staff meetings, so I made these," White said as he pulled out two packets. One he dubbed "Mosquito 101" and the other details Corpus Christi's management policy in varying mosquito risk levels.



(TNS) - At Ipswich, locking the front doors to the school is only a screen tap away.

Superintendent Trent Osborne said he has an app on his phone that gives him the ability to quickly lock the school's main entrance. It's the only door at the school that's open during the day, he said, and that's because visitors walk straight into the school office.

Last week, the front door to Ipswich was locked. Osborne said it wasn't a lockdown incident, but the district was dealing with a family situation. No threats were made, he said, he just locked the door as a precaution.

Visitors to Aberdeen public and private schools will note intercom systems in place at the main entrances that allow entry into the schools. Aberdeen public school Superintendent Becky Guffin said installation of the systems started in 2013.



To some, cloud computing and IT security do not intersect. The results are often disastrous. Considering the huge amount of press that cloud computing receives when breaches occur, it's easy to understand why they believe that. But if you look at IT security from a wider lens, you'll see that cloud computing technologies are actually helping to propel IT security at rates never seen before.

Indeed, some of the advancement of security mechanisms and architectures such as end-to-end encryption can be traced back to public and private cloud security breaches where sensitive data was stolen for profit or fun.

This brought the topic of encryption to the forefront of conversation in CIO circles around the globe. It also likely contributed to the recent skyrocketing adoption rates for encryption. According to a recent Ponemon Institute study that polled more than 5,000 IT and business managers from various parts of the world, 41% said that encryption has been adopted extensively in their organizations, an increase from 16% in 2005.



Data is finding its way into just about every type of modern product and service. As a result, some companies are necessarily rethinking their business models, product strategies, customer engagement strategies, and supply chain strategies. Meanwhile, entrepreneurs and intrapreneurs are discovering entirely new solutions to age-old problems.

"Our traditional business model, the way we provide products and services, is being disrupted because people -- especially Millennials -- do not look at a big book of codes," said Nataniel Lin, analytics and strategy lead at the National Fire Protection Association (NFPA), in an interview. "We're in the process of becoming a 120-year-old startup. Essentially, we're leveraging all the data that's available out there and aggregating data to create unique value and solutions that up until today were not possible."

In NFPA's case, data is flowing in from connected IoT systems in homes and commercial buildings, insurance companies, and other sources. Lin is working with 26 different property and casualty insurance companies with the goal of anonymizing and aggregating data in a way that benefits all of the companies without exposing them to privacy or security risks. That way, the companies can have a more objective view of revenue, profitability, and risks than would be possible using only their own data.



When laying down the foundation for employee safety and communication, one of the most essential resources to establish within your organization is a secure emergency phone number. A reliable place where your employees can go to hear pertinent information, retrieve updates, and understand how the information on the other side of the phone affects their well-being, their day, or their job. A number your employees can call or text to report information, raise concerns, present questions in one centralized place for the employer.

In 1967, the President’s Commission on Law Enforcement and Administration of Justice worked to implement a universal phone number nationwide for anyone reporting emergencies. That’s why 9-1-1 exists today, so we can report emergencies relating to crime, accidents, and medical issues, and request assistance.

As mobile people living among an increasing population, subsequently producing a rising number of incidents, the methods of reporting and responding to incidents are changing. The resources to keep people informed and connected are becoming smarter, more useful. The technology to monitor, communicate, and resolve a situation faster is readily available to us.



(TNS) - Pittsburgh public safety officials have promised to review and seek improvements to how they handle all major events hosted by the city in the wake of two events that generated complaints from the police union.

Two recent events — the mid-April Donald Trump rallies and Sunday’s Pittsburgh Marathon — created concerns about the public safety department’s preparedness to handle major events and will be the subject of reviews.

“We’ll be doing more after-actions on every type of event, whether it’s a scheduled event, whether it’s an unexpected event,” city Public Safety Director Wendell Hissrich said Wednesday. “There will be after actions across the department of public safety to include EMS, fire and police, not to hang anybody, but to figure out how we can make the improvements down the road.”



The BCI has announced that Lorraine Darke is to stand down as Executive Director of the Institute after 12 years in the post. Applications are being invited for her replacement. 

BCI Chairman, David James-Brown FBCI, commented: “Since Lorraine’s appointment in 2004, the Institute has been through a dramatic period of growth and modernisation, and we are now seeking an experienced and inspirational leader to drive the BCI forward in the next stage of its development. We will be appointing a new Executive Director who has a thorough understanding and experience of the challenges facing contemporary professional bodies, and the skills necessary to triumph in this competitive environment. The successful candidate will be a dynamic, energetic and enthusiastic leader, with excellent people skills and the ability to engage and develop lasting, positive relationships with a range of stakeholders.  They will have proven capabilities in identifying and capitalising on commercial opportunities through original solutions.” 

For more details about the role click here.

Friday, 06 May 2016 00:00

Understanding Cyber Security Threats

In 2014, the federal government was the victim of 61,000 cyber security breaches. If the government is so vulnerable, what are the cyber security risks for businesses, whether large or small? Revisit the cyber security threats facing modern businesses to learn how to best protect your business from threats. 

Cyber Security Threats Facing Businesses

Businesses in all industries face a growing range of cyber security threats. Companies must understand the barrage of threats coming from attackers in order to implement a comprehensive security plan that addresses their vulnerabilities. Pressing concerns for small and large businesses include:



The Business Continuity Institute - May 06, 2016 16:08 BST

Return on investment… a dilemma for business continuity practitioners. How to demonstrate the value of something that is designed for events which (hopefully) never occur? How to access, then budget, resources, organizational importance and leadership, as this ROI is potentially a part of the 'beauty contest' with resource competing disciplines? Providing concrete numbers is obviously challenging… so what could be the solutions?

Understanding the budget approving audience is a major prerequisite. What are current business and/or personal requirements and agendas? How would you concretely respond when being asked “what is in there for me” by this audience?

Important to know: the behavior of human beings can be influenced best with personal, immediate, certain, positive consequences… respective innovation and adaption considering the psychological background are therefore the key for designing the 'right' (personal) ROI strategy (mix).

Potential ROI types:

The emotional ROI

It requires the generation of emotions in particular fear of significant and specific events where a BC program could return a 'better sleep' or the avoidance of any form of reprimand or career impact.

And it works… however usually for a small time window only utilizing the post-event felt urgency for action, and with limited success over time. Human beings tend to normalize scenarios and fall back to the 'will not happen to us' and 'business as usual' reflex especially when the projected apocalypse does not occur in their own backyard. As a matter of fact, the dose of bad news has to be increased over time for achieving a constant attention level. At a certain point credibility may be impacted as a function of the risk appetite. This ROI approach should be used therefore economically and selectively.

The competitive ROI

BC Intelligence means collecting consistently concrete data on external incidents, good practices, business strategies, and BC activities and benefit, in particular concerning explicitly the same industry or major business competitors. Data is consolidated and illustrated provoking a 'why don`t we' reflex by generating the perception of a competitive disadvantage when not implementing a similar or even superior BC program. The return is a (perceived) competitive advantage with respective business consequences (market share, revenue etc) which may be qualitatively illustrated for supporting the ROI design.

The monetary ROI

Concrete numbers are challenging, however an indirect approach could work. BC should not be limited to the classical disastrous event role, but the view should be expanded to regular incidents by taking the discipline out of the fateful special and rare event corner. Joining forces with incident management and/or business functions in the frame of a resilience approach could facilitate the collection of respective and concrete data.

There is a variety of direct and indirect costs linked to incidents which could be (examples):

  • Event management, alternative resource, recovery
  • Product / service / process incl. for downstream - rework / penalties
  • Clients / contracts - fines / reputation
  • Revenue / billing / investment
  • Cash flow / discounts / credit rating

Cost aspects should be formally recorded, if possible quantitatively (or at least estimated or qualitative statements if not). Taking all eventual costs into consideration may lead to surprising findings setting the breeding ground for BC ROI illustrations.

Records should then be explicitly checked for potential BC support aspects. Could, or have, plans, plan parts or linked action, the mapping of processes and business impact (BIA), interface processes (like crisis management, emergency response, and crisis communication) directly or indirectly mitigated the cost impact? If yes, to what extent? What is needed for optimizing this? What are quick wins? These findings are consolidated and illustrated bearing in mind the interests and requirements of those assigning resources. Found 'bright spots' could be used for driving change. Costs could be defined as a certain form of 'loss' which links the ROI to popular business strategies e.g. 'lean'. For tailoring this a sound understanding of business initiatives in particular of those dragging currently the interest of the budget and resource approving audience is beneficial.

To summarize…

Resource competition games require usually ROI strategies. The rules are set directly or indirectly by the business and budget owners, and apply to all disciplines competing for the resource pool. Practitioners need to be able to sell the BC value to those in the driver`s seat for budget and resources approval by tailoring innovative language, communication channels and ROI scenarios according to personal and business requirements and capabilities. Joining forces via a resilience approach might facilitate the designing of business cases.

Thomas Schildbach MBCI Ph.D. is the Risk and Business Continuity Manager at Post Technologies

The Business Continuity Institute - May 04, 2016 10:20 BST

If you’re an SME, you’re busy making money and keeping daily business under control. The last thing you need is another task, creating something that you may never need to use. But there are many immediate benefits and important reasons for creating a business continuity plan (BCP). Here are six that will more than justify the effort of creating one:

1. Stay out of legal trouble

A number of industries require their players to have a BCP, either due to Government regulations or contractual obligations. Typical examples of regulated industries are the financial industry (through the Central Bank Business Continuity standards), certain time-critical Government functions, as well as supply chain driven industries such as the oil and gas sector and the manufacturing industry. This means that if you operate in any of these industries, having a tried and tested BCP is a ‘must’ if you do not want to risk losing your customers and/or your license to operate.

2. Gain competitive advantage and increase your revenue

Having a well developed and tested BCP can mean you get the business instead of a competitor.

Many regulatory standards and commercial agreements now include a ‘third party business continuity’ requirement. This means that an organisation’s critical suppliers need to have a BCP. So even if you’re a catering supplier, a construction company, a transport supplier or a cleaning company, you can be critical to your customers. And they will be keen to review your risk management capability and disaster response options. So be smart and proactively communicate your continuity ability on your website and in your business proposals.

And BCPs are not just valuable to businesses whose customers are other businesses (B2B). Even consumers can be interested in your ability to continue providing products and services ‘no matter what happens’. Imagine you’re operating a small tourism business and entire families join you on your trips. Why not proudly tell them about your alternate guides, drivers, communication tools, emergency health provisions, accommodation options and transport facilities in case any of a disruption. Why not use the existence of your BCP to convince your customers that they (and their kids) are in good hands? This strategy can be applied to numerous sectors, in particular those where health and wellbeing are at stake, such as private hospitals, food suppliers, security providers and utilities.

3. Appeal to investors

Investors are concerned about your business being sustainable and your ability to continue to operate should adverse events occur.

One of the tools you can use to convince investors that you will stay ‘afloat’ in the event of a flood or other disruption, is a properly developed and tested business continuity plan. In fact, the U.S. Securities and Exchange Commission prescribes asking for a BCP by any investment advisers as a compliance requirement (see footnote 22). Hedge Fund investors have been pushing for years for business continuity plans to be in place prior to a fund’s launch.

4. Reduce your insurance premiums and/or get better coverage (or any coverage at all!)

According to a survey amongst brokers and insurers by the British Insurance Brokers Association (BIBA), 61.6% of interviewed insurers and brokers confirmed that companies, by having a BCP, will benefit from getting additional types of insurance, and as a result, comfortably opening new markets. If an SME, for example, is looking to include larger clients in its portfolio, it is required to show strength and seriousness in their management processes to the insurer (e.g. its ability to deliver on any obligations arising from larger contracts), so the insurer will cover them for related risks.

The BIBA survey also shows that 55.7% of the responding insurance firms offer discounts on premiums, if a client has a BCP. Additionally, they pointed out the unacceptable risk of not having a BCP when wanting to access insurance products. In total, 83.3% of the respondents said they would either offer a discount or improvement of the terms of business interruption policies, if companies had a BCP.

5. Be prepared for the big disaster, therefore also for the small disasters

Having detailed plans in place for the ‘big bang’ makes you stronger against the far more regular, minor mishaps of everyday life. Your responsiveness to small incidents will improve exponentially, considering your staff will have a stronger ‘what if’ mindset, making themselves and the company more resilient. Plus, having your contingency procedures kept updated and accessible from one central place (i.e. your BCP), will enable you to get ready quicker in the event of such smaller, regular mishaps without having to hunt around for the relevant response procedure.

6. Fill the gaps left by your insurance policy

Most businesses care about their people and about the future of their business. Not knowing what threats are around the corner (and not knowing in what forms they may present themselves) can be very stressful. Knowing that your insurance policy covers you for some unforeseen circumstances can partially alleviate that stress. But not every risk is insurable!

For example:

  • Your SME has certain assets, tangible or intangible, that are not covered by any insurance, simply because there are no policies for every single threat or every single asset (for example, your reputation).
  • Insurance policies often include force majeure clauses, meaning that for certain threats the insurer doesn’t pay.
  • Long waiting periods and/or ‘no claim’ requirements limit your ability to insure your business from day one,
  • It takes ages before the approval occurs and/or the physical pay-out hits your bank account.

By having a business continuity plan, arrangements can be made before a disaster hits that would minimise its adverse impact. These arrangements might include having reciprocal arrangement in place with a business who can service your customers while you recover, or who can provide you with the tools and equipment you need. You might also look at ensuring the key information you need to continue your business is accessible in the event of an IT disaster, such as storing a copy of your customer details and order information offsite or ‘in the cloud’.

Setting up and running a business is not easy. After surviving the avalanche of getting licenses, paying for the set-up of equipment, allocating roles and responsibilities, marketing the products/services and establishing systems required to run business functions, SMEs face new challenges, pressures and deadlines every single day.

Even more reason to protect your business and ensure its survival and make sure you didn’t waste all that time, effort and money. Especially if your business is part of a supply chain, or customers can choose between you and your competitors, or if the business is taking off and growing. You need to have a plan. One that will help you even if you don’t experience a disaster.

Rinske Geerlings MBCI is the Founder, MD and Principal Consultant at Business As Usual.

Thursday, 05 May 2016 00:00

BCI: Educating the educated educator

The Business Continuity Institute - May 04, 2016 16:11 BST

This year’s theme for Business Continuity Awareness Week is 'return on investment'. As someone who has worked in business continuity in both the public and private sector for over six years I am seeing that the investment in building robust, easy to use and readily available business continuity plans is essential, but nowhere more so than throughout the world of education in the United Kingdom with the Conservative Government slowly but steadily guiding all Local Authority maintained schools towards an academy status.

The ability to manage everything down to what is spent on what and when is now making the academies much more business focussed than they ever were before, and this self-sufficiency of course means that they want to get more bang for their buck.

But they still need to understand their primary function... to provide education, and what it is that they need to continue doing that... whatever.

Case studies

Major incidents in schools and academies can be much more disruptive than lost PE tops, grazed knees or spilled paints. Look at the total rebuild of Crockerne School in Pill due to a contractor's asbestos incident, or the total loss of Leyland School where teenagers set the school alight days before a new term.

Who pays?

Actually both were covered by Local Authority insurance providers at the time but now the academies need to convince the insurers that they too can cope with the disruption and have a plan.

Where’s the saving?

I have been working with many schools, academies and governing bodies over the last four years ensuring that they have an easy to use document that is fully exercised, which allows them to understand what they need to do during and after a disruptive event. I am now seeing the questions arise from Insurance providers. "Can we have sight of your business continuity/DR plans?" There will of course be several reasons for this but mainly the insurance provider wants to know that the school or academy is taking responsibility and has the ability to recover quickly and effectively, these insurance companies are also in a very competitive world themselves, trying to keep premiums down for their customers to protect their business and provide future growth in their own industry. Schools and academies can take advantage of this in their negotiations.

Of course education is just one example but it is a very good one. From a management perspective it has changed massively over the last few years and will continue to do so. The education pot is not a bottomless one, schools and academies need to make their budget stretch a long way to ensure that the children get the education they should in a safe and secure environment. But, through careful planning and preparation and quality time spent in areas such as business continuity that budget may just stretch a little further. 

The Business Continuity Institute - May 05, 2016 11:29 BST

As we take a look at our organizations during Business Continuity Awareness Week, perhaps one of the most consistent challenges has been the business case. The definition of value is the cornerstone for clear communication with senior management, and continues to be a quandary.

The struggle for definitions; value, resilience, ROI in BC, must have us ask: “What is the value of business continuity?

The search for the value of business continuity is not of models, but of philosophy; not of others, but our own. The history of BC grew from DR, preparing systems and processes for recovery, and evolved toward resilience with the addition of emergency management and response. But the ability to handle brand management has been awkward, and garners less credibility, due to the ill-balance of upside and downside risk management.

Senior management primarily focuses on creation of opportunity; wealth, innovation, resources, and acquisitions. BCM has an opportunity to be directly involved in the creation of efficiencies in these areas, and is strategically placed within Operations Management, which is the costliest area of an organization. The ability of BCM to streamline new and current revenue streams, is unique. By mitigation of risk, and determination of upside risk capacity, it is one of the few areas where substantive change can be made, due to constraints.

There are those who argue business processes are not under the purview of business continuity, but suppliers, technology, SLAs, are part of processes. We are already involved, and the resultant optimization of systems, risk mitigation of upside risk for better decision-making in the innovation life cycle, and reduction of response time during breaches increases value.

A balanced scorecard: strategic value creation

The Poneman Institute states business continuity shortens response times to breaches by 100 days, and losses by 66%. One of the ways to know if we have generated influence, is if there is insight between departments. In a different Poneman report, cyber resilience was placed in the CIO’s hands in most organizations, but several in the information space are main influencers. BCM is at the bottom of the pile.

On the flipside, business continuity planning is seen as critical, with 70% stating it is one the most important aspects of resilience. Many have stated a:

  • Lack of metrics
  • Lack of leadership connection of resilience to revenue
  • Lack of knowledge of their own resources

This is also troublesome, as metrics, specifically a balanced scorecard, would join the strategic goals and objectives in an iterative fashion. This creates accountability, which is elusive, in resilience. This is where Operations Management can offer its experience in making the intangible, tangible. When an organization establishes an audit process, senior management believes it has value.


  • This is the opportunity to become the SME of the organization
  • Information security states, reputation and revenue were of little importance to them
  • Business continuity is the balance, as internal and external stakeholders cannot be left out of the decision-making process

The question lately has been: “Why isn’t anyone listening?” Perhaps the query should be: “Are we listening?” Business drivers are innovation and new technology, which increases upside and downside risk, and revenue. In that case, we must be there to vet new technology, because it increases competitive advantage. Understand the drivers of new business, and you can reach senior management, establish value, and create the need for business continuity.

For BCM, it is crucial to create an identity which is part of the business culture of an organization. It is not enough to build a plan from the mission statement. This means disaster recovery must a universally independent entity. Business continuity must understand resilience is not based in the processes alone, but future investments, the supply chain, sustainability, innovation, and people.

Value is more than a number, which is only a symbol, an expression. Return on investment is dependent upon the value business continuity and the business place upon one another. Similarly to a marriage, the effort to learn value can be a simple, 'why?'


So, where are we now, and where do we go from here? As a great professor once stated: “It is neither good, nor bad, just a different idea of what people believe is worth the effort.” Perhaps, value is better measured in the long-term, where events regress to the mean, and reached after we have agreed upon definitions for 'returns', and 'success'.

Radhika Murali is an MS student at Boston University, in Business Continuity, Security, and Risk Management. She has her ABCP, ten certifications with FEMA, and twelve years of experience in supply chain, as well as independent research in organizational resilience.

BSI CAR/1 (Continuity and Resilience Standards Committee)

I have been a member of CAR/1 representing the Berkshire Business Continuity Forum since 2006, when it was known as BCM/1.  CAR/1 mirrors ISO TC/292 and CEN TC/391.  The British Standards landscape (at April 2016) includes:



By asking the CEOs of some of the most successful and influential companies in the world, such as GE and Google, a clear definition of innovation manage­ment emerges. The definition addresses the need to quickly and effectively implement organizational goals and objectives to remain competitive and the desire to strengthen advantages through the adoption of innovative ideas, products, processes, and business models.

Enterprises facing increasing competition and the pressure of techno­logical innovation are beginning to realize that to drive organic business growth and maintain a competitive advantage, they need to discover and imple­ment innovation quickly and with great care to ensure maximum value. One-off innovations are moderately easy to take advantage of, but to create a pipeline of innovative ideas that materially impacts the growth of an organization, it is critical to nurture an innovation management proc­ess that can be sustained and that can remain flexible and adjustable to accommodate changes in the competitive environment. Today’s enterprises need to manage and govern the process of innovation; it is a crucial facet of a company’s overall function.



In the first part of our “Workplace Violence” blog series, we discussed this troubling and increasingly prevalent issue of workplace violence, along with highlighting the importance of being prepared for a very real yet unpredictable violent scenario taking place in your workplace. Which begs the question: How do you plan for something you can’t anticipate? The fact is that you can, and it all starts with the formation of a proactive crisis management team.



(TNS) - Mark Michalk was in Rockport on April 18 when the water rose into his Katy home.

He had been out of town to help his aunt repair her summer home. When he reached his house on Y Street and Avenue D three days later, Michalk stood shocked at damage from 1-foot-deep water in the building.

"We have to gut my house, tear the Sheetrock out of the walls at least 4 feet up," said Michalk, who has lived in his downtown Katy home more than 10 years. "All the damages will probably cost $80,000 to $90,000 to repair. I have no flood insurance."



The buzz at yesterday’s inaugural Cyber Investing Summit – held on Wall Street at the New York Stock Exchange – was that most CEOs and board members don’t get cybersecurity.

Cybercrime is on the rise — to the tune of $2.1 trillion by 2019, according to Juniper Research. The Verizon 2016 Data Breach Investigations Report (DBIR) states that no location, industry or organization is immune from attack. A DBIR executive summary — described as the C-level guide to what they need to know — is chock full of information that most CEOs will struggle to understand. For instance, ‘the median traffic of a DoS attack is 1.89 million packets per second — that’s like over 113 million people trying to access your server every minute.’ Huh?

Make no mistake, Verizon’s report is an invaluable resource and recommended reading for business leaders. A skim through is certain to heighten awareness around cyber risks — even if it leaves a CEO scratching her head trying to figure out what all the technical terms mean — including patching, change monitoring, SLAs for DoS mitigation, CMS plugins, two-factor authentication, tamper evident controls, and all the rest.



Guesswork is often the enemy of those responsible for data center design, operations, and optimization. Unknown variables lead to speculation, which inhibits predictability and often compromises success. In the world of storage, many mysteries still remain, unfortunately, with block sizes being one of the most prominent. While the concept of a block size is fairly simple, its impact on both storage performance and cost is profound. Yet, surprisingly, many enterprises lack the proper tools for measuring block sizes, let alone understanding them and using this information to optimize data center design.

Let’s look this topic in more detail to better understand what a block is and why it is so important to your storage and application environment.



(TNS) - Tracey Herrera suspected she had a bout of food poisoning and would be out of the Langley Health Services clinic in a few minutes with a prescription for antibiotics and some encouragement to get well.

Jerry Azevedo thought that he and Herrera had picked up a flu-like, bacterial infection during their mission work in the Republic of Sierra Leone, in west Africa, a few weeks before.

“I'm vomiting blood. I feel pretty bad,” he said. “Imagine the worst flu you've ever and multiply it by 10.”

They walked into the Ocala clinic on Magnolia Avenue at 9 a.m. together. They were pale and shivering, and between coughing fits managed to tell the clinic's the receptionist they had been out of the country and were now sick. Clinic staff immediately took them into a quarantine room and contacted Munroe Regional Medical Center that they suspected the two were infected with the highly contagious and deadly Ebola virus.



(TNS) - Florida health officials confirmed three new Zika virus infections on Tuesday, including one pregnant woman and one new case in Miami-Dade, as U.S. Sen. Bill Nelson, a Democrat, held a press conference in Coral Gables urging Congress to fund a $1.9 billion emergency appropriation requested by President Barack Obama to combat the disease.

Zika virus has impacted Florida more than any other state, with a total of 102 people affected since February, including at least 40 in Miami-Dade, the county with the most cases. Included in the statewide total are seven pregnant women, though the health department does not disclose their counties of residence because of privacy concerns.

With Zika cases on the rise and the rainy season at South Florida’s doorstep, Nelson called a media conference with University of Miami Health System infectious disease experts and a Miami-Dade mosquito control manager to press Congress for additional funding.



Thursday, 05 May 2016 00:00

How to Appeal a FEMA Decision

RIDGELAND, Miss. – Some survivors, who registered for federal disaster assistance after the March storms and flooding, may have received a letter from the Federal Emergency Management Agency that says they are ineligible. However, the reason for the decision may be something that can be easily fixed, such as providing insurance documents or new contact information.

Applicants can appeal any FEMA decision.

The first step is to look at the specific reason the letter was sent. If it isn’t clear, or more information is needed, a specialist at the FEMA helpline at 800-621-3362 (voice, 711, video relay service) can help. TTY users can call 800-462-7585. The toll-free lines are open 7 a.m. to 10 p.m. seven days a week. Information is also available online at DisasterAssistance.gov.

Appeals must be made in writing and sent by mail or fax to FEMA within 60 days of receiving the letter.

Mail appeals to:

National Processing Service Center
P.O. Box 10055
Hyattsville, MD 20782-8055

Appeals and documents can be faxed to 800-827-8112.

Information on how and where to file an appeal is included with the letters and in the "Help After a Disaster" booklet, which can be downloaded at FEMA.gov/help-after-disaster.

Effective appeal letters should follow these procedures:

  • In the first paragraph, list the applicant's full legal name used on the aid application, along with Social Security number and the FEMA case number. Include a personal phone number as well as a back-up phone number where the applicant also can be reached, in addition to a correct mailing address.
  • Write an explanation of events that provides evidence to support the appeal. Summarize changes in circumstances or needs, additional damage to property discovered after the registration was filed or higher-than-anticipated costs for repairs.
  • Include photocopies of receipts for materials and labor as well as up to three written bids for repair work if those costs exceed the award amount. Submitting repair estimates, receipts, statements or invoices is recommended.
  • Keep a copy of the appeal letter and supporting documentation as a record.


FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-3362 (voice, 711 or video relay service). TTY users can call 800-462-7585.

Technology is forcing fundamental changes in business landscape, and the data center is at the core of these changes. New levels of user mobility, the pace and style of application delivery are revolutionizing how businesses compete and stay ahead. Your data center is now the driving force behind your business, and as its role evolves, it too must change.

There needs to be a better way to deploy powerful, scalable systems that are integrated and easy to manage. To address this need, a new type of platform has emerged: hyperconverged infrastructure.

First, let’s define the concept. It’s important to note that there are a number of similarities between hyperconverged and converged infrastructure. Both are deployed as blocks, and both converge critical resources to deliver higher density. The biggest difference is in how these environments are managed. In hyperconverged infrastructure, the management layer – storage, for example – is controlled at the virtual layer. Specifically, it incorporates a virtual appliance that runs within the cluster. This virtual controller runs on each node within the cluster to ensure better failover capabilities, resiliency, and uptime.



Thursday, 05 May 2016 00:00

Small Business Interrupted

Every business comes with a certain amount of risk. Although difficulties and challenges can’t be avoided, they can be mitigated with the proper precautions, planning and insurance coverage.

In support of National Small Business Week (May 1-7) and to help business owners understand insurance, the Insurance Information Institute (I.I.I.) developed this infographic that focuses on business interruption insurance which is also posted on the I.I.I’s Business Pinterest Board.

Did you know that after a catastrophe or other disaster 40 percent of businesses do not reopen and another 25 percent fail within a year?



The Business Continuity Institute - May 03, 2016 10:27 BST

The Business Continuity Institute's recent Horizon Scan Report identifies that cyber attacks are still perceived as the top threat by businesses. Also within the top 10 is concern about supply chain disruption, especially as they are becoming increasingly complex and often transgress international borders. Other sources of anxiety include a data breach and, for the first time this year, concerns over the availability of talent and skills. So how does business continuity help with these very real issues for businesses operating today?

The need to understand your business

Taking what is termed a 'granular approach' to your business and investing time to understand the various processes and roles within your organisation will probably provide one or two revelations. You may discover that there is duplication of processes or an incompatibility in how contact details are saved e.g. product names versus name of supplier. Could this be causing unnecessary delays or confusion between your own departments? Would the purchasing department have a plan in place if a key supplier suddenly fails? Do HR and departmental managers allow themselves the time to think about what actions may be required in the short, medium and long term if a key member of staff is unexpectedly going to be absent? Is this key person's knowledge accessible for whoever may have to fill their post on a temporary basis? Being aware of these things may improve both the efficiency of your internal systems and as a consequence the quality of service provided to other departments. So often businesses spend time worrying about the customer experience but many often ignore the fact that 'customers' i.e. people or persons requiring a product or service, exist within their own organisation, and that getting those departmental customer interactions right, can make a huge contribution to the bottom line. Gaining a better understanding of the interactions within your organisation is just one supplementary benefit of thorough business continuity planning.

Data management often comes under scrutiny during a disaster recovery (DR) programme initiative. A business that really thinks about its data will often discover the diversity and value of information that it has acquired and stored, though one aspect of this that is often overlooked or not fully appreciated is the system's ability to ‘de-duplicate’ this data. Much of the data on your organisation's live system will be copied time and time again. For example, when you cc an email to other people in the business the same data is saved multiple times across the business. With a modern DR system only one version of the email will be stored. At its most effective, this de-duplication system can deliver a staggering reduction in data storage of up to 65 percent!

What other questions should you be asking?

When planning business continuity the first question is, 'What are the vital assets without which my business can't function?' Relocating staff is inconvenient but not impossible, buildings are a shell housing your business and can be replaced. It is the records of contacts, contracts, transactions and communications that represent years of trading, and the associated applications that have been developed to manage and evaluate this knowledge and intelligence, that are the unique asset that needs protecting. Maintaining reliable and secure access to this information is key to ensuring the continuity of your business. With this in mind take some time to assess your current situation; ask yourself; ‘Am I as protected as I can be?'

Consider the following:

  • Can you access your data remotely?
  • Have all sources of information (data) been identified
  • Is it backed up and accessible off site?
  • Are staff able to work remotely, with access to relevant files?How long would it take to get alternative services up and running?
  • Have you considered moving processes away from a dedicated IT infrastructure to hosted capacity and applications, delivered over the Internet?

If you answered ‘yes’ to the last question there are some supplementary points you should consider checking with your provider:

  1. What guarantees are within the Service Level Agreement (SLA)?
  2. Where is my data? Check where your data is being housed, UK, Europe, America…

Choosing a Cloud provider should be done with business continuity and due diligence in mind. Should the unthinkable happen and your day-to-day business is compromised you will need to get to that all important data so the first thing you need to ask is, “How do I get my data out?”’How do I get my data out?’

Future proofing your BC plan

A BC (business continuity) plan needs to be adaptable to Cloud technologies and these are constantly changing and improving. Your BC plans should not define how to operate with a Cloud vendor but should allow for the relationship to evolve and respond to your business' growth and evolution and that of the technology. Many Clouds are provided ’as is’ with no recourse, as long as you know that and accept the risk you can plan for it. Where there is a service level agreement, this needs to be understood and reflected in your own BC planning and may cover elements such as the speed and amount of data restored. This is where taking the time to think about your business can really improve the efficiency of your BC plan. You will need the phone numbers and emails of your suppliers and customers within the first few hours of any incident occurring, in order to keep them informed about progress should your business be compromised. What you won't need with quite the same urgency, if ever, are the photos from the last staff Christmas party!

Having the right recovery time should be decided by the business, with careful consideration around which applications should be given priority and the maximum outage period. Having near instant restores will cost more than an eight hour recovery option, but not all business functions need to be restored at the same rate and every business is different.

So to conclude, don't approach business continuity planning as another process to follow through mechanically. Embrace it as an opportunity to review, refine and reinvigorate your business and not only will you sleep at night with the knowledge that you have a backup plan, you may even find new opportunities and ideas that bring new life to you, your staff and your customers.

Russell Cook, managing director at SIRE Technology has long been an advocate of business continuity and not just because it makes sense to make a contingency plan in case of the unexpected. No longer is business continuity just about backing-up your IT systems; if implemented and maintained in a professional manner, business continuity planning becomes a valuable business tool in its own right.

A growing trend in law enforcement today is the use of social media and technology as a valuable resource to agencies and residents. The acronym LESM (Law Enforcement Social Media) is becoming a common term across Twitter, podcasts, and a focus among law enforcement agencies. Agencies are adopting LESM to stay current with today’s technologies as well as connecting with the community in the most effective way.



One of the highest-value services MSPs offer customers is protecting their data with automated backup and recovery. However, often neglected in the conversation with customers is the need for business continuity planning.

When you get right down to it, the ultimate goal of any BDR strategy should always be to keep the business running, no matter how serious a calamity it suffers. To achieve that level of readiness, BDR technology is essential, but there is more to business continuity planning than backing up data.

MSPs, therefore, should not only provide BDR technology, but also take on the role of business continuity consultant. In this way, you add value for the client by addressing a critical need while creating consulting revenue opportunities. Of course, helping clients stay in business through a catastrophe also helps protect your future income.



Tuesday, 03 May 2016 00:00

Planning for the Data Center Future

The future of the data center is quickly evolving into the question of the day as changes to technology, business processes and the economy itself spur the reconsideration of long-held design precepts up and down the data stack.

Existential angst over the data center is no different from what philosophers have been pondering for millennia – “Who am I? Where am I going? What does it all mean?” – but in this day and age, plans for the future, and not even the very long-term future, are having direct consequences on decisions being made in the here and now. So amid the mad rush to get on the cloud, deploy Big Data and remake all that the IT department holds dear, it’s worth it to stop and think where we want to be in a few years.

According to Rakesh Kumar Singh, lead tech of data center technologies at Juniper, the future data center will focus heavily on client-facing and analytical workloads, with the overarching goal being to maintain and even extend a competitive edge in an increasingly cut-throat economy. The best way to approach this is to upend the age-old practice of constantly seeking out and deploying the latest and greatest technologies to instead focus on business priorities and work out the infrastructure from there. As IDC noted in its most recent FutureScape study, half of all infrastructure investment by 2018 will foster greater engagement, insight and action rather than systems maintenance, while 45 percent of the installed base will employ automation and even autonomy to improve performance, lower costs, and provide the agility and scalability to remain relevant in the coming years.



ATLANTA – The Federal Emergency Management Agency (FEMA) recognized Louisville-Jefferson County, Ky as a premier participant in the National Flood Insurance Program’s (NFIP) Community Rating System (CRS). With additional steps the community has taken, Louisville-Jefferson County is now the first community in Kentucky, and only the second in the eastern US, to receive a CRS Class 3 rating. Jesse Munoz, FEMA Region IV mitigation division director, presented Metro Council President David Yates a plaque recognizing Louisville-Jefferson County’s achievement at the April 14 Metro Council Meeting.

The CRS rewards communities that voluntarily take steps to reduce flood risks beyond the minimum requirements of the NFIP, such as increasing flood protection and implementing preparedness and mitigation activities. As a result, property owners and renters in CRS-participating communities enjoy a reduction in flood insurance premiums.

“Louisville-Jefferson County is the only community in the commonwealth and among only a handful of communities nationwide that has achieved Class 3, which is a notably high rating,” said Gracia Szczech, regional administrator for FEMA Region IV. “I am pleased that we can recognize Louisville-Jefferson County for taking steps to make their community safer, more resilient and save their residents money.”

Policyholders in Louisville-Jefferson County first began receiving flood insurance discounts under the CRS program in 1991. Currently, there are more than 5,194 flood insurance policies in force in Louisville-Jefferson County, representing more than $880 million in flood insurance coverage. Policyholders located in the high risk areas of flooding, or Special Flood Hazard Areas, can now receive a 35 percent discount on their policy premium, which is an average savings of $505 per policy. Some policyholders in the lower risk areas are eligible for a 10 percent discount. In total, policyholders realize an annual savings of $2,054,687 because of the community’s participation in the CRS program.

For more information on the NFIP’s CRS program visit https://www.fema.gov/national-flood-insurance-program-community-rating-system. For more information about the NFIP, a program administered by FEMA, visit www.floodsmart.gov.


FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Growth forecasts for data center storage capacity show no signs of slowdown. Cisco expects that by 2019, 55 percent of internet users (2 billion) will use personal cloud storage — up from 42 percent in 2014. By 2019, a single user will generate 1.6 Gigabytes of consumer cloud storage traffic per month — up from 992 megabytes per month in 2014. Finally, data created by devices that make up the Internet of Things, which Cisco calls “Internet of Everything,” will reach 507.5 Zettabytes per year by 2019 — up from 134.5 ZB per year in 2014.

Needless to say, that’s a lot of data, which will require a lot of storage, and Google is proposing a fundamental change to the way engineers think about and design data center storage systems, a rethink that reaches all the way down to the way optical disks are designed.



Today, MetricStream, the market leader in governance, risk and compliance (GRC) apps, has released the results of a survey which reveal the maturity of Regulatory Compliance Management (RCM) in North American and European businesses, having surveyed more than 100 compliance professionals. Identifying the factors that impact the effectiveness of RCM, which is essential for monitoring for regulatory changes and ensuring compliance, the survey analyzes the processes in place, number of dedicated employees and departments in charge. The results indicate that, despite being well staffed to manage RCM, many businesses are still unaware of or unable to invest in appropriate technology and tools; key findings include:



Michael Dell today revealed the new names, and yes we are talking multiple names, for the artist formerly known as the Dell-EMC deal. EMC will be deprecated for the main branding Dell Technologies, but will live on for the enterprise brand Dell EMC while the client services business will be called Dell, Inc. according to multiple reports.

Confused? I’m sure you’re not alone, but Dell was reportedly very excited about the new brands as he spoke about them on stage at EMC World in Las Vegas today. I suppose when you spend $67 billion, a few extra names makes sense — more names for your buck. Other brands like VMware, Virtustream, RSA and Pivotal will also reportedly live on.

If you aren’t familiar with the deal, it has gone through some twists and turns, but last October Dell surprised the world by announcing it was buying EMC for $67 billion in what’s believed to be the largest technology acquisition in history. It involves a mountain of debt, approximately $40 to $50 billion, depending on which reports you believe, and it will likely require selling off pieces of both companies to pay the deal.



The Weather Company estimates that weather is perhaps the single largest external factor affecting business performance, to the tune of nearly $1 trillion lost annually in the US alone. Combining weather data with business data can improve decision-making for a wide range of companies. The company's work earned it the No. 2 spot on the 2016 InformationWeek Elite 100.

The Weather Company and its project to modernize its data collection, storage, and forecasting platform won recognition in last year's Elite 100, coming in at No. 5.

So it's no big surprise that, a year later, The Weather Company is in the top 5 again as the company continues to build on its previous success. Its expanded ambitions involve its new parent company, IBM, and a plan to apply Watson cognitive computing to the Internet of Things (IoT).



Tuesday, 03 May 2016 00:00

Why Compliance Must Not Fit In

My upbringing was a little different to that of my friends. I was a young teenager in the ’80s, when hair was backcombed high and shoulder pads were “in.” My mum was constantly being confused as the pop star Cher. With her similar hair, makeup, heels and great outfits, people would stop her and ask for her autograph. She certainly did not fit in to any type of normal mother mold I saw around me. I’m proud to say, she is now 67 and still does not fit in to what the average woman her age should look like or do.

Years later, I realized the wisdom of her stance against “fitting in.” Having worked in the ethics and compliance field for 20 years, I now understand how much compliance is not about “fitting in.” Indeed, it’s the exact opposite. Unfortunately, we live in a world where the “norm” in many countries would be seen as unscrupulous to many. We have seen it with the politicians in Brazil recently with Petrobas case. We have seen it on our own doorstep with the Panama papers, in which almost every country you can think of seems to have been touched. And we see it everyday with the prosecutions by the numerous regulators around the world. Fitting in does not work.

NOT fitting in means being unreasonable. Compliance needs to stand out and rebrand itself. Many of my clients tell me that they are queuing up to make their training/communications/projects front of house. They have to stand in line behind safety, security, sales, innovation and the countless other serious and important issues a company needs to address. That’s why it’s important NOT to fit in.



Tuesday, 03 May 2016 00:00

BCI: Business Continuity and Shoes!

The Business Continuity Institute - May 03, 2016 16:50 BST

Q. How can you develop robust business continuity and still have enough budget left for a pair of shoes?

Within the heart of every business there is a hole that only business continuity can fill.

I would like to present a low cost, continuous improvement model that has proved successful in providing business continuity management to a large organisation and an additional capability that it did not have before.

Generally speaking we develop or employ one expert, who is trained to a recognised standard and responsible for BCM across the organisation. In some cases BCM is combined with emergency planning and risk under the title of 'Resilience Manager'. Personally I think that putting three jobs into one is not ideal, however I understand that organisations have to 'cut their cloth' according to the pressures they face.

Whatever the setup, and depending on the budget, the BC programme will be delivered via a project team, a single manager, or a manager guiding a number of BC representatives (in addition to the day job) that receive training as they go along. These are all tried and tested processes, the result of which sees us where we are today. Many organisations aspire to align with ISO22301, and consequently the BC programme is driven along those lines.

It is important that BC managers should be trained to a high level of expertise. This is a necessary, yet expensive process, but brings with it a measurable return on investment in the form of continued service delivery. In addition, I think that those members of staff who are given the BC plan to develop or update should also be given some formal training to assist them. In my own organisation this training took the form of a two day fundamentals course, which was delivered by an outside trainer. This was very successful and properly equipped staff, (with some guidance) to produce BC plans for their area of work.

This approach worked well for the first year, but because of staff moving post, we found that the following year we needed to repeat the process. Again, no bad thing, because those that had moved on, took with them a basic knowledge of BC into the organisation. At year three, we decided that the training costs were becoming prohibitive, but still necessary. Consequently, I gained a teacher training qualification at night school, wrote a fundamentals and plan development course aligned to ISO22301 and the Good Practice Guidelines 2013, which I now deliver to our staff annually.

Senior and middle managers that have attended this course have found that it has improved their knowledge and understanding of BC, allowing them to give the correct level of support to staff that are tasked with developing their plan.

The development of a BC response also creates an additional capability that can be called upon in times of high demand. For example, by activating the communications room fall-back procedure and staffing the now vacated room with minimum staffing, we produced an additional capability to deal with high volume calls. Working the organisation on the failover server, frees up the main one for maintenance and repair without loss of performance. It should be understood that this type of use of the BC plan cannot be sustained for very long, and utilised carefully, but it does work.

The costs associated with this course are minimal, and break down as follows; in house training venue, "on costs", staff salary, two days away from day job and the price of two BC text books given to each student.

  • The benefits to the organisation include:
  • Significant cost savings on outside training
  • Staff trained to a consistent standard
  • Widespread promotion of organisations core values and objectives
  • Continuous improvement of BC awareness within the organisation
  • Identifies future experts in BC who understand the organisation and how it works
  • Provides a capability that can boost production or service delivery at little or no cost

Generally the best time to deliver training of this kind, particularly if you need a working budget to buy books for example, is between January and March. I have found over the years that almost all departments have money that they are looking to spend before the end of March, or face losing it from the following year's budget.

I can already hear finance shouting “it’s not like that anymore”, well, my experience is that either departmentally or organisationally there is very often some money around. Spending some of it on in house staff BC training is a low cost option that will develop staff, and produce long term benefits for the organisation, and maybe still have enough for shoes.

John Ball AFBCI is the Business Continuity Coordinator at Sussex and Surrey Police.

The International Standards Organisation has issued the Draft for Public Comment (DPC) for its new standard covering Organizational Resilience - Principles and Guidelines | ISO 22316.

The closing date for comments is 13 Jun 2016.  Comments can be made through the BSI Draft Review System (DRS). 

This International Standard provides guidance to enhance organizational resilience for any size or type of public or private organization and is not specific to any industry or sector. It can be applied throughout the life of an organization.



(TNS) - This decade has seen Boulder and surrounding communities faced with profound dangers posed by wildfire, flood and even a degree of social upheaval as its residents struggle to cope with quality of life factors sometimes not in their control.

In response to a range of potential threats, the city of Boulder on Thursday released a draft of its first Resiliency Strategy, promoting a series of 15 steps to be taken with the goal of surmounting challenges such as climate change, social cohesion, disaster recovery and more.

Boulder's action comes as the most concrete manifestation of its work to date through participating in the 100 Resilient Cities program, pioneered by The Rockefeller Foundation.



Earlier this year 38-year-old Cedric Larry Ford killed four and wounded 14 others in a chaotic workplace shooting spree in Kansas. Investigators at the time were unclear of the shooter’s motive—only that there were "some things that triggered this particular individual." While it’s easy to push aside news of these incidents with the justification, “It can’t/won't happen here,” the fact is that workplace violence can and does happen to unsuspecting organizations—and often for no immediately discernable reason.

With this blog, we’re debuting a comprehensive, four-part series aimed at shining the light on this frightening—and increasingly common—issue. This inaugural entry takes a closer look at the risks of workplace violence, along with the consequences of failure to plan and prepare for threatening incidents.



ATLANTA – Five years after tornadoes devastated the southeast and resulted in four federal disaster declarations in five days, hard-hit communities are building back stronger. To date, assistance to residents and communities in Alabama, Georgia, Mississippi and Tennessee from the Federal Emergency Management Agency totals more than $504 million.

“The success of community recovery comes through strong partnerships at the local, state and federal levels. Together we have focused on rebuilding communities that are stronger and more sustainable for the future,” said Gracia Szczech, FEMA’s Region IV Regional Administrator.

Alabama by-the-numbers:

To date, assistance to Alabama’s residents and communities from the Federal Emergency Management Agency totals more than $361 million.

In Alabama, 88,229 individuals and families received $77,332,325 in Individual Assistance grants. More than $70 million was provided within a year of the storms, giving residents a helping hand in rebuilding their lives and restoring livelihoods.

The state and FEMA provided $343,990 in Disaster Unemployment Assistance to 333 survivors who lost jobs as a result of the tornadoes.

FEMA provided $4,810,399 to fund crisis counseling programs to help adults and children deal with the trauma and stress of surviving and recovering from the tornadoes.

Through collaborative efforts, FEMA and the state of Alabama provided temporary housing units to 307 families.

More than $202 million has been obligated as federal share reimbursements through FEMA’s Public Assistance program to state and local governments, and eligible private nonprofit organizations; and more than $1.36 million was obligated as part of these Public Assistance projects to build stronger, safer, more resilient communities and mitigate against future damage. To date, nearly 96 percent of the projected repair and replacement costs under the Public Assistance program have been disbursed to the State.

Some 4,492 residential and community tornado safe rooms have been approved to be built with $76.8 million obligated through FEMA’s Hazard Mitigation Grant program. Mitigation forms the foundation of a community's long-term strategy to reduce disaster losses and break the cycle of disaster damage, reconstruction and repeated damage.

The U.S. Small Business Administration provided $114,494,500 in low-interest disaster recovery loans to help businesses of all sizes, homeowners and renters in Alabama rebuild.

Tennessee by-the-numbers

Tennessee residents and communities have received more than $70.8 million from the Federal Emergency Management Agency.

Nearly $8.6 million in Individual Assistance grants were provided to 8,845 individuals and families. More than $8.28 million of the total was provided within a year of the storms.

FEMA provided more than $690,000 to fund crisis counseling programs to help adults and children deal with the trauma and stress of surviving and recovering from the tornadoes.

More than $52 million has been obligated as federal share reimbursements through FEMA’s Public Assistance program to the state and local governments, and eligible private nonprofit organizations. To date, more than 96 percent of the projected repair and replacement costs under the Public Assistance program have been disbursed to the state.

FEMA obligated nearly $8.7 million to Tennessee through its Hazard Mitigation Grant program. Projects include eight safe rooms.

The U.S. Small Business Administration provided more than $10 million in low-interest disaster recovery loans to help businesses of all sizes, homeowners and renters rebuild.

Mississippi by-the-numbers

Mississippi’s residents and communities have received more than $38.9 million from the FEMA.

More than $10.7 million in Individual Assistance grants were provided to 7,259 individuals and families. More than $9.9 million of the total was provided within a year of the storms.

More than $24.3 million has been obligated as FEMA’s share reimbursements through the Public Assistance program to the state and local governments, and eligible private nonprofit organizations. To date, more than 96 percent of the projected repair and replacement costs under the Public Assistance program have been disbursed to the state.

FEMA, MEMA and local jurisdictions also considered the safety of residents in the future. With more than $3 million in FEMA assistance through its Hazard Mitigation Grant program, communities across the state are using the funds to implement safe and smart building practices.

The U.S. Small Business Administration provided more than $10 million in low-interest disaster recovery loans to help businesses of all sizes, homeowners and renters rebuild.

Georgia by-the-numbers

FEMA provided Georgia’s residents and communities more than $12 million in recovery assistance.

Individual Assistance grants of nearly $5.6 million were provided to 5,461 individuals and families. More than $5 million of the total was provided within a year of the storms.

FEMA provided $350,807 to fund crisis counseling programs to help adults and children deal with the trauma and stress of surviving and recovering from the tornadoes.

More than $21 million has been obligated as federal share reimbursements through FEMA’s Public Assistance program to the state and local governments, and eligible private nonprofit organizations. To date, more than 91 percent of the projected repair and replacement costs under the Public Assistance program have been disbursed to the State.

FEMA has obligated more than $4 million through its Hazard Mitigation Grant program for communities across the state to become more resilient from disasters.  

The U.S. Small Business Administration provided $8,492,000 million in low-interest disaster recovery loans to help businesses of all sizes, homeowners and renters rebuild.


FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Information security is paramount in the healthcare industry, requiring compliance with some of the strictest privacy and storage standards. Even so, healthcare companies still face risks for data loss and security gaps—often making headlines for breaches affecting millions of patient records, with the average time to discovery more than 200 days.

MEDHOST helps more than 1,100 hospitals, behavioral healthcare organizations and rehabilitation facilities across the nation manage their facilities and provide medical care with financial and clinical solutions, as well as consumer engagement software and services. William Crank, chief information security officer at MEDHOST, is devoted to keeping patient health records and other secure data safe without impeding the business.

Hired as the company’s first fully dedicated security professional four years ago, Crank recalled the environment requiring “security discipline and maturity” upon his arrival. “The challenge that I had to overcome was visibility. The key to any security program meeting its goals is having visibility of all of the activities within the organization’s network,” recalled Crank. “I can’t protect what I don’t know or don’t see.”



In last month’s column, we introduced five common risk management failures along with indicators of each:

  • Poor governance and “tone at the organization”
  • Reckless risk-taking
  • Inability to implement effective enterprise risk management
  • Nonexistent, ineffective or inefficient risk assessment
  • Not integrating risk management with strategy-setting and performance management

The warning signs provided for each of the above failures provide a diagnostic for the Board and management to check the health and vitality of their organization’s risk management.

Below we detail five more common risk management failures, along with warning signs for each. As with the first five failures discussed last month, we separate the warning signs for these additional failures into organizational, process and behavioral indicators.



Ransomware is everywhere. I’ve talked at length about the ransomware attacks that have literally shut down health care computer networks. That’s just the tip of the iceberg. A TV station out of Oklahoma reported the rise in ransomware attacks targeting police departments, and PC World told of a toy maker that has been hit by a new ransomware called CryptXXX.

As Vadim Kotov, senior security researcher with Bromium, told me in an email:

Ransomware is not going anywhere. It’s a perfect crime tool, with black market logic -- easy to implement, high ROI. We’re going to have to learn how to live with it, so backing up data to external drives on a regular basis must become everybody's habit.



An increasingly digital world is resulting in companies across all industries reassessing how they approach risk management. Thanks to the connectedness of devices brought about by the Internet of Things (IoT), executives have much more information at their disposal for assessing risk than before.

IoT is a network of devices that collect and exchange data—think back to the classic example of your fridge ordering fresh milk before it runs out. This is quickly becoming a fact for businesses that rely more and more on being connected to remote devices for competitive advantage.

For risk managers, IoT boils down to introducing a layer of technology on top of the business. Operations do not have to be reinvented. This provides organizations that are reliant on managing risks with an indispensable tool.



In today’s corporate world, most organizations have a crisis management plan in place. However, many of these plans are out of date or not truly actionable, leaving businesses vulnerable to a wide range of threats.

In a recent Deloitte survey, researchers found that after a crisis more than 70 percent of organizations took up to three years to fully recover their reputation and operations. Many of these companies even had a plan in place—but it simply didn’t get the job done.

Is your crisis plan operational? If a crisis strikes tomorrow, would your stakeholders be prepared to react accordingly to protect themselves and mitigate damage to the company? Or would you still be cleaning up the mess three years later?



Friday, 29 April 2016 00:00

A Generation that Speaks Up

It is becoming more common to see the integration of millennials in the workforce. Many people assume this population of workers to be young kids fresh out of college. However, that is not the case. The higher ladder of millennials are already holding roles in management, leadership and even executive positions. Companies are seeking out millennials because they are a generation of visionaries and bring new perspectives. It is estimated that by the end of 2016, millennials will be the largest generation in the workforce.

A key characteristic of these young workers is their ability to speak up and take a stand. They have been socially trained to look at the bigger picture and ask necessary relevant questions that will take your organization to the next level. Given their go-getter mentality, millennials want to grow and that includes growing out of your company if they don’t see the promise of personal benefit or growth.



When I started in this business more than 30 years ago, it took a supercomputer to do what a laptop can do today, and networks were in their infancy in places like Stanford. Storage is a lot more complicated these days, and storage architects and administrators need to be on top of a whole lot more than they used to. So with a nod to the now-retired David Letterman, here is my list of the Top 10 things storage architects and admins need to be monitoring and doing.



Friday, 29 April 2016 00:00

My Technical Learning Curve: Encryption

Resilience professionals, particularly those from a non IT background, really need to step up and develop their overall understanding of technology, especially focusing on how we all communicate with one another in the modern age. I mean, how else are you going to be able to fully appreciate the magnitude of risks potentially facing your business?

I hear you say “my IT guy will tell me” but even then beyond the tech descriptions you’re only ever getting their individual perspective. How confident are you of their awareness of the business process that’s using the technology? or the impact to customer experience? Or how it might affect the long term leadership strategy as to why you have that technology in the first place? In my experience, very technical employees are often very skilled in one particular area of focus and tend to think in a very linear way. I therefore think it’s vital that resilience professionals who face off to senior management and leadership need to have a basic understanding of how some of it actually works.

Oh and by the way I’m not just talking about all the buzzwords you see coming out from half-baked vendor blogs repeatedly referencing cool words like “Brute Force,” “Spear Phishing” or “Whaling” or “Social Engineering.”



Friday, 29 April 2016 00:00

The Demands for Cyber Security

We’re under attack and to say organizations across the board are slow to respond is an understatement. On average, it takes the Enterprise anywhere from nine to eighteen months to identify that a security breach has occurred.

How much data do you think the bad guy is able to exfiltrate in that period of time? All of it!

The demands for Cyber Security amid the ever-increasing pressures in the enterprise for bigger, better, faster and yesterday, have become a huge challenge for any administrator and/or security professional.

Within the plethora of technologies, demands from users and compliance, keeping the organization’s most prized assets – their data – safe is a highly complex task. Time and again, the age old problem perpetuates a weakened security posture. Is this Groundhog Day reality, the result of highly sophisticated and innovative threats? Are attackers all of a sudden much smarter and more coordinated?



When Joseph Latouf was in high school, a challenge sparked his curiosity. His algebra class was informed that if anyone could come up with a prime number generator, they would win a $100,000 reward. Latouf got fast at work, and after some intense analyzing and deliberating, uncovered a clever method of creating a prime number generator. A professor at a nearby university was called in to prove that his prime number generator worked—and indeed, it did. Sadly, however, there really wasn’t a $100,000 prize.

Latouf said he tucked away the fruits of his labor in his back pocket, hoping that it would someday lead to something of value. After all, he knew that a prime number generator was important, since it holds the keys for encryption.

Fast forward many years later, when Latouf was wrestling with the idea of security and encryption and feeling uneasy about the fact that if he had a prime number generator, others likely do too. And, that meant that there were people out there who can crack encryption.



In the early years of the internet, it was often recommended, when addressing the question of security in the net, to disconnect the connected computer to the Internet from the rest of the working processes. That way, the malware from the net would not corrupt the data of the companies. It used to be a simpler and more efficient suggestion, obviously no longer practicable in the current era of almost total connections: rarely can a firm avoid having a computer network. However, the constant connection to the Internet – also from mobile devices – makes these nets easily vulnerable and this is why sensitive data must be more and more protected.

What are the threats?

Cybercriminals use unprotected web protocols to launch their attacks. These protocols are responsible for the exchange of data between computers and net providers, the most popular being the TCP/IP protocol. Under an insufficient protection, what is known as man-in-the-middle attacks can be started. If an attacker has obtained access to a computer network he or she can stand between two communication partners without being noticed. That way the intruder can hear – or rather read – the whole communication content, impersonate one of the communication partners or intercept confidential data.



Digital Realty has pre-leased the entirety of its first data center in Japan. The anchor tenant who signed the lease is a major hyperscale cloud provider whom the data center company did not name.

There’s currently a wave of high demand for large chunks of data center space in top markets around the world as the biggest cloud providers race to increase the scale of their infrastructure and win share of the quickly growing enterprise cloud market. This wave has fueled a boom for wholesale data center providers like Digital Realty.

It’s difficult to deduce which of the hyperscale cloud providers has signed the multi-megawatt lease in Osaka, but the top players in this category are Amazon, Microsoft, and Google, as well as IBM and to a lesser degree Oracle. Some Software-as-a-Service providers, such as Salesforce, could also be considered hyperscale.



Emergencies are, by definition, unexpected occurrences — but one Florida county has a new 911 system that aims to remove some of the guesswork by putting data in the hands of decision-makers who can make smarter choices about emergency response.

In Manatee County, Fla., an aging legacy 911 center kicked off conversations about how to improve emergency services, and late last year, officials launched the city's new, more efficient next-generation 911 call center. The upgrades give dispatchers modernized communication tools and will allow for multimedia communications, but perhaps most significant is that officials now have the necessary ammunition to make life-saving decisions: data analytics.

Public Safety Director Bob Smith said that hard data has allowed for more precision in staffing first responders on the streets and on the county’s barrier island, which is connected to the mainland by two bridges.



Thursday, 28 April 2016 00:00

Why Bad Breaches Happen To Good Companies

Although it’s early into 2016, according to the Identity Theft Resource Center, there have already been more than 200 data breaches this year, and that number is only going to rise.

Why do data breaches keep happening? Surely by now everyone knows how to prevent them. Except, it seems, that they don’t.

Every day at work, I watch more companies fall prey to security threats and think about what they could have done to protect themselves. Our research team at Malwarebytes is constantly discovering new attacks targeting companies and organizations around the world. Three consistent, preventable problems lead me to believe that businesses will continue to be victims of more of these attacks for the foreseeable future if they do not change the way they operate.



One of the most common questions we hear is: what is the return on investment that can be expected when purchasing XenApp? To help answer that question objectively, Citrix recently commissioned Forrester Research to conduct a Total Economic Impact (TEI) study to learn more about the ROI that customers experience when deploying XenApp.

Forrester set out to understand the benefits, costs and risks associated with an individual XenApp deployment. They interviewed IT managers from a large manufacturing company[1] that have been using XenApp for several years and applied Forrester’s Framework and Methodology to determine the total economic impact. They learned that their business was primarily benefitting from XenApp in three ways:

  1. Reduced costs of access to enterprise applications
  2. Consolidating licenses of legacy applications
  3. Providing secure access of applications to third parties

Let’s take a closer look at the results.



(TNS) - Around the country, 911 telecommunicators are a calm voice when there’s a call for help.

“Woo-woo-woo-woo-woo! Orange County 911. What’s the address of the emergency?”

The voice on the line might be Jimmy Summey – an 18-year telecommunicator and Efland Fire Department volunteer – or Jessica Slaughter – a young mother with two years under her belt – or any of the other two dozen people behind the scenes.

They’re the “unseen heroes” backing up law enforcement, firefighters and EMS workers, interim Emergency Services director Dinah Jeffries said.

“It’s kind of a compliment, in a way, but (people) think of 911 as the entire thing. You forget this voice that’s behind the scenes, and they’re the ones that actually coordinated this for you,” she said. “They do a heck of a job, and it is a difficult job.”



(TNS) - A line of severe thunderstorms plowed through North Texas Tuesday night leaving a wake of damage from hail, high winds, and tornadoes.

National Weather Service Meteorologist Steve Fano said there was at least one confirmed tornado that touched down about five miles west, northwest of Bells at about 10:10 p.m. A 90 mph wind gust blew through Sherman at 10:13 p.m. and more high winds caused damage across Grayson County.

“We won’t know any specifics on if there were any more tornadoes until tomorrow,” Fano said on Tuesday night.

Fano said most of the wind gusts that hit the county were between 60 and 70 mph, but they were damaging. In Whitesboro, an apartment and office building had damage reported to roofs. A vehicle was blown off the road three miles southwest of Gordonville. Power lines were reported as down, and tree limbs blocked multiple roadways across the county.



Thursday, 28 April 2016 00:00

Migration Services Help Simplify the Cloud

The cloud is fast becoming an indispensable component of modern data infrastructure, and many organizations are working feverishly to unite their public and private clouds into a unified hybrid entity.

But it is becoming clear that while building clouds is challenge enough, the complexity really kicks into high gear during the migration process. Not only do you have to move large volumes of data back and forth, but you must maintain consistent management and policy enforcement across disparate infrastructures and provide this in such a way that business users, not IT, can oversee the process. This is not as easy as it sounds given that applications behave differently on internal and external infrastructure, even if they are based on the same cloud platform.

This is what makes migration so stressful and frustrating, says Bill Carolan, of New Jersey-based systems integrator SHI International. The assessment and planning stages alone are enough to slow a cloud program to a crawl, as these steps require a thorough review of local infrastructure, particularly networking, followed by tests, trial runs, the inevitable re-evaluation of the migration process, then more tests… And even after a successful launch, migration must be continually monitored and adjusted to meet changing workload requirements and business objectives. All the while, there is constant user and admin training and retraining, plus a host of considerations when it comes to the disposal of unnecessary hardware.



I was invited to sit in on the reveal of the 2016 Verizon Data Breach Investigations Report (DBIR), which was formally released today. In the past, the DBIR had some real groundbreaking findings; I believe it was the DBIR that showed just how serious the insider threat was. This year, I don’t think the report contains anything that news making. Instead, what jumped out at me is how we continue to struggle against long-time threats.

For instance, one of the findings in the 2016 DBIR is that old vulnerabilities continue to be leveraged. According to the report, 85 percent of the malicious traffic seen targeted the top 10 vulnerabilities, most of which are more than a year old.

Passwords also continue to plague security efforts, as 63 percent of breaches involved weak or lost/stolen passwords. Marc Spitler, senior manager at Verizon Security Research, and co-author of the report, told Dark Reading that he thought that percentage was “startling” and went on to say:



To say that the software-defined data center (SDDC) is different than traditional data centers is putting it mildly. The term “sea change” is more like it.

Indeed, Forrester Research has said that the potential impact of SDDC products is immense, “offering an integrated architecture merging legacy architectures, cloud computing, and workload-centric architectures into a single automation domain.”

To begin to gauge the impact that SDDC can have on MSPs and their customers, it’s important to understand some of the inherent differences between the SDDC and traditional data centers.



Wednesday, 27 April 2016 00:00

CDC: 10 Ways to be Prepared

Mom, dad, and child with blueprints for house.

To mark the National Day of Action, there are hundreds of little steps you can take to be better prepared at home, in your community, and on the go. Here are a few quick action steps you can take today!

10 Ways to be Prepared

Sign up for local alerts and warnings. There are different types of alerts and warnings that you can receive about weather conditions and other emergency situations. Check with your local health department or emergency management agency to see how they share emergency information, whether it is through emergency texts, phone calls, digital road signs, social media, or sirens. You can even download an emergency app from FEMA, The Red Cross, or the Weather Channel.

  1. Create and test communication plans. Have a discussion with your family before a disaster strikes and make a plan for how you will connect to each other.
    • Complete a contact card for every member of your family. Make sure to keep these cards with you at all times
    • Choose an emergency contact. Keep in mind that it might be easier to reach a friend or relative who lives out of town.
    • Identify a meeting place in your neighborhood and your city or town where your family could gather if there is an emergency.
    • Batteries, radio, candles, and flashlight
  2. Build an emergency supply kit. Make sure you have at least a three day supply of food and water for each person in your family. Also include health supplies, personal care items, safety supplies, electronics, and copies of important documents.
  3. Safeguard documents. Identify financial and legal documents, medical information, household identification, and key contact information you might need after a disaster. Use this helpful checklist to take an inventory and not forget to safeguard any critical documents.
  4. Document and insure property. Different types of insurance cover different types of damage after a disaster. Make sure you understand your insurance policies and minimize potential losses.
  5. Make your property safer. Make property improvements to reduce damage to your property during a disaster and prevent potential injuries from different types of emergencies.
  6. Conduct a drill. Practice emergency response actions for disasters that might happen in your community.
  7. Conduct an exercise of a disaster scenario. Use mock scenarios for different types of disasters to review and improve your emergency plan. You might consider participating in a community-wide tabletop exercise for different emergency situations. In your home, you can practice a fire drill, tornado drill, or earthquake drill.
  8. Plan with neighbors. Many people rely on their neighbors after a disaster. Make sure you start the conversation about preparedness before a disaster strikes. Know the needs of your neighbors and be ready to help in an emergency.
  9. Participate in a class, training or discussion. Contact your local emergency management agency to see what trainings are available in your community, or consider enrolling in a first aid or CPR course at your local Red Cross.

Hail claims are making headlines following multiple springtime hailstorms in Texas, including one in the San Antonio region that is expected to be the largest hailstorm in Texas history.

While the estimated insured losses from the storms—$1.3 billion and climbing from two storms that hit the Dallas-Fort Worth region in March; as yet not estimated (but expected to be worse) insured losses from a third storm in the Dallas-Fort Worth region April 11; plus a further $1.36 billion early estimate of insured losses from the San Antonio storm April 12—may seem high, property insurers are well-prepared to handle such events.

In a new briefing, ratings agency A.M. Best says it expects limited rating actions to result as affected property/casualty insurers are expected to maintain sufficient overall risk-adjusted capitalization relative to their existing financial strength ratings.


(TNS) – How prepared is Iowa when it comes to dealing with a natural disaster or public health scare?

According to a study by the Robert Wood Johnson Foundation, it’s more prepared than most.

The National Health Security Preparedness Index tracks the nation’s progress in preparing for, responding to and recovering from disasters and other large-scale emergencies.

The index combines measures from more than 130 individual capabilities to determine the preparedness of health security surveillance; community planning and engagement; information and incident management; health care delivery; countermeasure management; and environmental and occupational health.



Comprehensive survey of senior IT and business executives reveals predictions of increased adoption, faster deployment and security less of an obstacle

MOUNTAIN VIEW, Calif. – We’ve long been moving toward cloud-based and virtualized infrastructures, but in some ways 2016 might just be the year in which the software-defined data center (SDDC) really becomes a fixture in corporate America. There will be increased adoption of this dynamic trend and faster deployment of the technologies and processes involved, leading to greater tangible benefits and a clear return on investment. In fact, there’s almost unanimous belief that optimal SDDC strategies and deployment can quantifiably drive up virtualization ratios and server optimization, thus noticeably benefiting the bottom line. All this because even though data breaches will surely happen, concerns over security and compliance will be far less an obstacle.



As part of an effort to make it possible for applications to have more granular control on wide area network (WAN) connections, Riverbed Technology today unveiled a Riverbed SteelConnect platform managed via the cloud that unifies control of extended networks.

Josh Dobies, senior director of product marketing for Riverbed, says Riverbed SteelConnect is an instance of a software-defined WAN that ties together orchestration of application delivery and network connectivity.

Riverbed SteelConnect can be deployed as a virtual appliance on top of existing infrastructure or deployed as a physical appliance acquired from Riverbed. A SteelConnect Manager portal hosted in the cloud then provides the management plane through which IT organizations can construct a hybrid network using Riverbed switches and access points spanning both on-premise and data center and cloud service providers such as Amazon Web Services (AWS). In addition, Riverbed will add support for Microsoft Azure later this year.



Cloud adoption in government is increasing, and the reasons are many: Adopting cloud services can lend an organization greater flexibility and agility, and save it dollars. But for those C-level executives who aren’t adopting, it's not because they're being stubborn or encountering significant barriers to adoption: A new study suggests that the "barriers" encountered may primarily be psychological, as the technology is catching up to business need.

The survey from HyTrust, called the State of the Cloud and Software-Defined Data Center (SDDC) 2016, was given to 500 C-level and vice president executives who lead medium- and large-sized organizations, mostly in the private sector, and found that 70 percent of respondents believe cloud services will see increased adoption over the next year. In addition, 60 percent of respondents see that adoption being deployed more quickly than it has been in the past.



As revealed by the results of a recent survey of IT pros, moving some parts of an organization’s infrastructure to the cloud is a priority, but one that presents a challenging management scenario. But server and application management in the cloud doesn’t have to be a daunting prospect. IT professionals can better equip themselves to manage—or prepare to manage—servers and applications in a hybrid IT environment by addressing several key considerations as well as leveraging certain best practices for an optimized data center.

To start, one of the most important things to remember in the hybrid IT era is that the cloud is not for everything. Too many companies begin implementing hybrid IT environments without first considering which workloads make most sense for which environments. While it’s tempting to look at the growing popularity and benefits of cloud computing and say, “Let’s move some of our applications to AWS and see how it works,” without a fundamental understanding of all your workloads and what they require for optimal performance, you will more than likely hinder your organization’s efforts to generate cost savings, greater performance and agility, or any other anticipated benefit of cloud computing.