Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 29, Issue 3

Full Contents Now Available!

DRJ Blogs

This is some blog description about this site

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form
Recent blog posts

The business continuity (BC) planning process can be a daunting challenge. Project planning can play an important role in keeping the process on track & help in your success in protecting your organization from unplanned events that can disrupt operations.  The goal is to identify the right information & determine a process to keep it current and accurate.  Key elements of a business continuity plan include:

  • risk assessment
  • business impact analysis
  • strategy development
  • plan development
  • communications
  • awareness & training
  • coordination with external services

Of course you want the project plan to be successful, so there are 10 things not to do to be more likely to reach your business continuity planning milestones & goals.

...

Every organization or business, regardless of revenue or staff size, needs to understand what is truly critical to keep operations going, and how long the business can function without certain elements, components or dependencies. This includes considering how long the business can survive both financial losses and reputational losses due to negative public perception. Obviously, not having a disaster recovery plan is a recipe for disaster, but just having a plan is not enough. Make sure that your disaster plan avoids certain pitfalls that may complicate disaster recovery and make it more of a disaster.

Consider this list of what not to do including:

...

Posted by on in DRJ Blogs

 

We are pleased to be a part of the DRJ community and look forward to sharing information and creating mutually beneficial opportunities! This is our first blog post on the DRJ site, so we’ll start with a bit of information about our company. But first…

...

Target, the IRS, Hillary Clinton, Sony, healthcare systems… the list goes on with new stories of cyber security breaches and hacking. A cyber-attack can lead to financial and reputational losses from which it can be difficult to recover.  A cybersecurity breach can  negatively impact your business continuity and force the organization into disaster recovery mode.  Sometimes simple preventive measures can help mitigate risk, before disaster strikes.  Here are 6 hacks you can try to help your organization avoid getting hacked.

  1. Stop insider attacks
  2. “Gone phishing”
  3. Password security
  4. Defend against intrusions at the device level
  5. Avoid band-aid security fixes
  6. Mandatory cybersecurity education

1. Stop insider attacks

Studies estimate that between 40-90% of cyber-attacks originate from inside the organization. This can either be a hack savvy IT professional, a disgruntled employee, or even an accident caused by an uniformed employee.

Hack: Ensure Accountability and Security via Password Policies

Avoid having a universal company passcode to any device, network, application or internet site. Make sure each employee has an individualized login and password to ensure accountability and the give you the power to revoke an individual’s access, without disrupting the rest of the company’s access. Having separate logins also helps you monitor, just who made a change or mistake, regardless of whether it was deliberate or accidental.   Immediately cancel network access and passwords when employees leave the company, to avoid them using passwords to remotely access the network in future.

...

Posted by on in DRJ Blogs

This week I attended an excellent conference on Cyber Security. TakeDownCon run by EC-Council and hosted by the UConn School of Business in Stamford, CT provided great speakers with separate tracks for CISOs and technologists. I highly recommend an EC-Council event if you’re looking to learn more about Cyber Security or obtain certifications.

In 2015 over 169 million personal records were exposed as a result of cyber intrusions; the result of more than 780 publicized breaches across education, healthcare, government and financial sectors. The average cost per stolen record exceeded $150. In the healthcare sector the cost per stolen record was $360. Despite the rising threat posed by foreign governments, hacktivists, and cyber criminals only 38% of global organizations report they are prepared to handle a sophisticated cyber attack.

Here are some key takeaways from the conference:

...

This month I continue the focus on new innovations in data protection and DR. Give a listen to Data Protection Gumbo; an excellent Podcast series by Demetrius Malbrough. Episode 24 is live with expert insight from Shalabh Goyal and Jeannie Liou from Datos IO. Explore how changes in the world of IT are creating the need for new DR solutions. We discuss new innovations for protecting Cloud applications and how the data protection and DR industry will evolve over the next several years. I welcome your feedback and comments.

Podcast - Innovations in Data Protection

 

Hits: 478

Building engagement is a challenge for almost every organization when it comes to business continuity planning. Sometimes it seems like it would be easier to do the whole plan alone, but we all know that in order to be effective, the organizational resilience plan needs to have input from all parts of the organization.

There are 3 approaches that risk managers and continuity managers consider when trying to build engagement. They are fear, framework, reinforce and support. There are benefits to all, but which approach has the most lasting and productive impact for building enterprise engagement of your business continuity planning process? Here are my thoughts on these 3 approaches. You can decide which works best for your program.

...

Whether you are starting a program ‘from scratch’ or seeking to re-energize a program that may have lost some of its original focus, there are a few common pitfalls you should be aware of and seek to avoid. The goal is to create a successful business continuity management program that is objective, consistent & repeatable.

Your piece of the ‘resilience program’ may include one, several, or all of the following disciplines: IT disaster recovery, business continuity, emergency management, crisis management, site or operations risk management, and possibly other related activities.


1. We bought a tool – we’re ready to launch!

It is so tempting to think that all we need is “the right tool” and all will be fine. Our plan owners will adopt it and the program will move forward and be sustained over years. If only it were that simple.

...

Let’s face it. Organizational resilience, business continuity & disaster recovery program management requires buy-in from the entire organization, from the top down, across all departments & across external service partners & providers. Everyone needs to understand how they fit into organizational operations during normal day-to-day operations & also during a disruptive event. Without buy-in, even the best laid resilience plan won’t work.

Ok. So now how do you get buy-in? I suggest these five for building executive buy-in of your organizational resilience management program:

  • Step 1: Define Organizational Resilience specific to your industry/organization
  • Step 2:  Determine a baseline
  • Step 3:  Play by the rules! (Know your regulations)
  • Step 4:  Conduct a business impact analysis
  • Step 5:  Money talks! Quanify the financial impact

Step 1: Define Organizational Resilience or Business Continuity specific to your organization or industry.

Why? Every organization has unique needs & priorities that vary based on the industry, physical location, reliance on resources such as data & supplies or other aspect.  For example, a hospital has an immediate focus on their customers (patients) which a manufacturing company clearly doesn’t need to consider. Just as a manufacturing company may need to take a look at supply chain management more aggressively than a consulting organization does. 

...

The growth of Cloud, social, and mobile technology is driving increased use of NoSQL databases like Apache Cassandra, mongoDB, Amazon DynamoDB and Google Bigtable. A recent study by ESG revealed that 56% of companies have NoSQL databases in production or deployed as part of a pilot/proof of concept. A similar study by Couchbase revealed that 90% of companies consider NoSQL important or critical to their business. Once the province of Internet innovators like Google, Amazon, Facebook, LinkedIn, and Twitter, the use of NoSQL databases is now widespread across every major industry. Modern applications create new demands that developers and DBAs must address such as:

  • Huge volumes of rapidly changing data including semi-structured, unstructured and polymorphic data.

  • Applications are now delivered as services that must be always on, accessible from mobile devices and scaled globally to millions of users.

    ...

Posted by on in DRJ Blogs

One of the best ways to attain senior management buy-in, for any project, is a return on investment (ROI) analysis. The same is true for any business continuity management program implementation. Just one problem. With the exception of financial institutions, it is very difficult to show ROI in financial terms (which executives like). With financial institutions, you can come up with a formula for lost interest on loans over time, loss of fees over time and loss of new business over time. Most other companies don’t have such hard and fast methods to determine financial loss. Sometimes, it comes down to ‘best guesstimates’. Picture managers looking towards the heavens as they try to compute unknown numbers, “Let’s see... there’s the cost of temporary workers (how many? I don’t know), potential overtime hours (how many? I don’t know), the cost of vendors picking up our processes (the Business Impact Analysis can help – but the vendors want to make a profit too), cost of Alternate Work Space (how long are we going to be there?), are there any penalties we have to account for, etc. etc. etc.” Sometimes, you just can’t put a dollar figure to it.

A former colleague once said to me, “business continuity requires you to think outside the box, because the box has been blown away.” Because so much of what we do seems to be art, as opposed to cut and dry mathematics, looking at ROI strictly in the financial sense won’t give a complete picture. As Robin Williams' character – Mr. Keaton – said in ‘Dead Poets Society’, "This isn't like laying pipe." Yes, we have standards and processes, tried and true. However, there are just too many unknowables to give a dollar figure saved (or made) for a BCM program. Sure, we can probably do it based on a Business Unit / Critical Process basis. But for an overall program? In some instances, there can be a return on investment but I would think it would be virtually impossible to calculate. As noted earlier, I think it will usually come down to a best guesstimate.

...

Posted by on in DRJ Blogs

The earthquake in Ecuador has left me thinking about how many of the country’s businesses will survive and if many of them had business continuity plans in place? As quickly as details of the incident came onto the TV, they seem to have vanished again, as the news circus moves on to the deaths of Victoria Wood and Prince.

The earthquake got me thinking about the justification in carrying out business continuity and how we sell it to organizations to ensure that it adds value, and is worth spending the time and money to develop it. For a long time I asked many people, ‘where are the case studies which prove that business continuity works’? I was looking for an example of an organization that has put in place a business continuity program that could prove that they would fail without it. There may be case studies out there, but it seems as an industry, that there is not the well quoted example that everyone refers to. Therefore, case studies are probably not the way to justify implementing business continuity.

...

Posted by on in DRJ Blogs

Is Your Data Storage Childproof?

The Internet of Things is in its infancy right now, and like most infants, if will make you rethink everything you do, and provide moments of joy and inconvenience in equal measure.

Everything Gets Counted

...

Originally posted on Rentsys Recovery Services' blog.

Medical Provider Struck by Hackers!

Insurance Giant Suffers Massive Data Breach!

Millions of Patients Have Data Stolen!

It seems like there are new headlines about data breaches in the healthcare industry every month — if not more frequently. In the last few years, electronic protected health information (ePHI) has become the primary target for hackers, and it's easy to see why.

According to a recent report by Reuters, ePHI fetches 10 to 20 times more than credit card data on the black market. That's why organizations that handle healthcare data are prime targets for data breaches and theft. In fact, 28.5 percent of the entire U.S. population was affected by just two — Anthem and Premera — healthcare data breaches that were discovered in 2015.

Starting to feel a little overwhelmed? Don't worry. Here are five things you can do to keep your ePHI safe from prying eyes.

Encrypt Everything


In 2013, two laptops were stolen from a secure office at a hospital in California. The laptops contained ePHI such as financial information, health conditions and demographic information. Unfortunately, the data wasn't encrypted, so the hospital had to notify 729,000 individuals that their ePHI had been compromised. The hospital implemented policies and procedures to reduce risks to the patients' ePHI, but the damage was already done. Had the laptops been encrypted, the hospital could have protected the information.

recent article by Health Data Management points out that it's easy to encrypt everything, since encryption tools are embedded in current operating systems and come with nearly every device. (If a device doesn't have built-in encryption functionality, that's a sign that it's outdated and shouldn't be used to handle ePHI in the first place. We talk about that more below.) Yes, encrypting all your data costs time and money, but it's a drop in the bucket when you compare it to the cost of recovering from a breach.

...

This is part 1 of a multi-part series on the evolution of analytics in disaster recovery

It may seem odd to discuss the role of analytics in the field of disaster recovery. These disciplines appear to have little in common. Wikipedia describes Disaster Recovery (DR) as a set of policies and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disasterAnalytics is described as the discovery and communication of meaningful patterns in data.

In this series I'll discuss how analytics will improve resilience, lower risk and enhance business continuity. I'll explore how analytic DR services could come to market, which parties stand to benefit most, and some of the challenges that lie ahead. Part 1 will discuss how analytics will enhance disaster recovery (near term) and a vision in which analytics and automation are combined to improve risk management. 

...

 

Your data is doubling every 18 months, your profits aren’t.

This makes data storage a growing part of your business, and it’s being disrupted.

...

Posted by on in DRJ Blogs

The IT analyst firm Gartner predicts that by 2020 there will be over 26 billion devices connected to the Internet. When your alarm clock goes off in the morning it will notify your coffee maker to begin brewing. Five million new devices are attached to the Internet every day streaming digital information to be captured, analyzed, and turned into useful information. Technology innovations such as Cloud computing, smartphones and new distributed database structures (e.g. NoSQL) have replaced legacy IT systems to provide rapid, scalable IT services. The pace of business is accelerating and our reliance on technology has never been greater. Speaking at a recent conference of business leaders in Davos, Switzerland John Chambers, former CEO of Cisco told an audience that "Forty percent of the companies in this room won't exist, in my opinion, in a meaningful way in 10 years unless they change dramatically". 

Today’s economy is being increasingly defined by digital technology. Companies have designed IT systems that connect them to their customers, suppliers, and partners in real time. Data from transactions and interactions is captured and analyzed resulting in faster decisions which reflect current market conditions. The Internet of Things (IoT) is allowing any device with an on-off switch to be connected to the Internet or each other. This includes cars, fitness trackers, coffee makers, jet engines, traffic lights, water systems, etc.

As companies race to integrate digital technology their reliance on IT is increasing. The loss of IT systems or applications is felt immediately by customers, suppliers, and business partners. In many cases customers can fire you with two clicks of a mouse. The cost of downtime is increasing. A study by IDC revealed that for the Fortune 1000 the average total cost of unplanned downtime per year is $1.25 billion to $2.5 billion. The average cost of a critical application failure is $500,000 - $1M per hour. 

...

Cloud computing, with its varied forms of private, public, and hybrid services capabilities, represents an IT platform that is extremely flexible, scalable (based upon need), and highly cost efficient when leveraging the pay for consumption models in the marketplace. But, do these advantages really provide a solid foundation for building your resiliency platform to protect your critical business operations?

The question may be best answered when evaluating the specific results that must be achieved during an event.

While resiliency requirements have changed quite significantly over the past several years, specifically in the form of decreased time to recover and increased currency of the data, the basic tenants have remained intact. The deep rooted disciplines for resiliency in the form of resource availability, system integrity, data protection, with complete connectivity to resume business functionality are still the underlying building blocks for success. These disciplines must not be compromised without sacrificing the integrity of the recovery efforts to ensure business viability. When exploring cloud alternatives the first area to assess is how the resources will be provided to meet recovery requirements. Traditional recovery vendors balance the need for availability of assets during a wide scale event through a 100 per cent allocation strategy whereby all assets were freed up to support a recovery.

...

Posted by on in DRJ Blogs

The last full day of DRJ Spring World 2016 was a very good one. We started with some very popular General Sessions in the morning, as usual the Exhibit Hall was the place to be to between sessions and workshops, and ended the day with some excellent Breakout Tracks and Workshops. A big thank you to everyone who made DRJ Spring World 2016 such a huge success.

 

General Sessions

...

Posted by on in DRJ Blogs

It was another exciting and busy day for everyone at DRJ Spring World 2016 on Tuesday. We had the second morning of our General Sessions, a buzzing Exhibit Hall with  many software demonstrations and meetings, our afternoon Breakout Tracks and the special Zika session. 

Networking/Demonstrations

DRJ conferences are the number one in the industry for a few key reasons. We offer outstanding networking opportunities. We bring in the best in innovation, education and leadership to ensure our attendees learn all they can. The exhibit hall is unmatched for the product demonstrations, consultations with vendors, and meeting opportunities. DRJ is your best choice for a BC/DR conference.

...