Fall World 2016

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 29, Issue 3

Full Contents Now Available!

DRJ Blogs

This is some blog description about this site

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form
Recent blog posts

Posted by on in DRJ Blogs

Your original job application is not as important as your company’s payroll database, or even the email database. So, why are you using the same storage policy for both?

 

IT organizations can actually drive up the cost of storage unnecessarily by treating all data as if it were the same and storing it all on the same media. Stop using one policy to rule all of your data. It might be simple, but it is killing your bottom line.

...

Posted by on in DRJ Blogs

Who’s Afraid of the Big Red Button?

I am sitting here in front of 1 petaybte (1,000 terabytes) of disk.  The production database is on it and we are currently running about 12,000 transactions against it every second.  Lights are blinking, and I can just feel the breeze as the orders swoosh by me, to and from the Internet, serving all the customers who are purchasing from my online stores. 

But there’s the big red button. I can push it, right? I’m the manager. The team has been telling me for months that the system can recover, but they never thought in a million years that I’d actually push it. Sally, the sliver-tongued sales rep from Vendor X, thought I wouldn’t have the nerve. Dave, the over-zealous IT guy, considers me a tech-ignorant putz who thinks a “blade server” is someone you’d encounter at a Japanese restaurant. Sorry folks. I don’t make a major purchase just for display.

...

Posted by on in DRJ Blogs

In order for your business continuity plan to be effective and purposeful, you need to be aware of what is making the news. In recent weeks we’ve learned a lot about the Zika virus. A virus that has been present for many years, but really wasn’t making the headlines until recently.

 

There are lots of unknowns about the Zika virus and the impacts it can have on your organization. In light of this, we’ve got a special Tuesday workshop session scheduled at Spring World 2016.

...

DRJ Spring World is a little over a month away and we’re really looking forward to seeing you in Orlando. To help you keep up-to-date with what we’ve got planned for you at our 54th conference, we’re continuing with our blog posts highlighting key features from the agenda. 

 

This week we’re taking a closer look at our pre- and post-conference courses. These courses are the best way for you to maximize your learning opportunities at Spring World. With our pre- and post-conference courses you’re exposed to more in-depth learning opportunities with some of our most experienced instructors. 

...

Posted by on in DRJ Blogs

We’ve been blogging about the range of sessions available to you at DRJ Spring World 2016, highlighting the technical, emergency response and information sessions. This week, we’ll take a closer look at the Senior Advanced Track.

 

The countdown clock is on for Spring World 2016 and the DRJ team is busy finalizing the last details and ensuring everything is ready for you in Orlando, Florida from March 13 - 16. To learn more about our 54th conference, browse the Spring World 2016 website and be sure to download the conference agenda

...

Posted by on in DRJ Blogs

This week we look at the Technical Sessions scheduled for DRJ Spring World 2016. These technical sessions are ideal for all levels of business continuity practitioners and will help you elevate your technical knowledge and skills. 

 

In our previous two blog posts we highlighted the Emergency Response Sessions and Information Sessions

...

Posted by on in DRJ Blogs

IT Change Happens

SSD v HDD

2500 years ago a Greek philosopher named Heraclitus wrote “The Only Thing That Is Constant Is Change”.  Nowhere is that more true that the fast paced world of information technology.  The way we store data, the way we define data, the way we use data and even how we create data has all changed over the years to the point that sometimes it is hard to remember what we did in the past.   In 1988 for example, a one terabyte disk would cost you over 100,000 USD (638,000 RMB) and would take up the same space as a bathtub.  Now that same 1TB of space will cost you 36 USD and is about the size of a pack of Reece’s peanut butter cups.

...

Posted by on in DRJ Blogs

Last week we dipped into the DRJ Spring World 2016 agenda with a look at the Emergency Response Sessions. This week, we’ll take a look at the Information Sessions and tell you how you can take advantage of our extended registration savings discount. 

 

We’re looking forward to seeing you in Orlando, Florida from March 13 - 16, this is the perfect opportunity to enhance your business continuity skill set and meet the industry leaders who are leading the charge in growth and innovation.

...

Posted by on in DRJ Blogs

This is the first of a series of blog posts in which we’ll take you through the DRJ Spring World 2016 agenda, highlighting and showcasing sessions, speakers, sponsors and events. 

 

We’ve got a great team of people and organizations coming together to give you the best in business continuity education and networking this March in Orlando, Florida. 

...

If a crisis disrupts your business mission, the response should be supported by leadership who would assess and decide what actions should be taken from an overall organizational standpoint.  As leadership would convene to discuss and manage the response, this group of leaders would still require to be managed. Just like an orchestra, this group of leaders needs a conductor, this conductor is your crisis manager who should have some unique characteristics.

Let’s look at the key characteristics that make an effective crisis manager:

1. First-rate communication skills and trusted partnerships

...

Posted by on in DRJ Blogs

We're gearing up behind-the-scenes here at DRJ for a fantastic 54th conference at DRJ Spring World 2016. In the coming weeks and months, we'll be posting regularly to highlight different speakers, sessions, workshops, and other conference details. 

To kick things off, we'll start with providing you with the key information and links you need to be prepared and ready for DRJ Spring World 2016.

What?: DRJ Spring World 2016 is the number one business continuity conference in the world. We bring together the best in business continuity education, research, innovation and technology to give you three packed days of learning and networking.

...

 

Automation and technology have made it fairly easy to recover an environment at an alternate site.  Technically speaking, the alignment and enablement of systems, data, and network access constitute a recovery.  But, does this likewise imply that the business is adequately positioned as well, can support the influx of transactions following an outage, and can sustain on-going operations until such time that the IT function can be returned to normal?  The latter is the more challenging and concerning question relative to the overall level of resiliency being provided.

 

...

In 2015 we saw some very big changes in the storage world. Two powerhouses joined forces in the first all technical merger in almost 20 years, while storage technology continued its march towards commoditization. We saw private cloud retrofitted to serve the enterprise world; we saw the total amount of data stored jump by 40% and saw the number of devices attached to the Internet jump to 2.7 billion.

 

As for 2016, I think…

...

Posted by on in DRJ Blogs

I wanted to share news about my new book, Business Continuity as a Career?  Really? (Building a World Class BC Program and Career) available on Amazon now. 

Maybe Business Continuity wasn’t represented in your high school career day, but this book is intended to share the joys and challenges of working in an exciting field.  Inside is a host of practical information on using the tools of the trade, like the Business Impact Analysis (BIA), creating a comprehensive recovery strategy for both the technical and business areas, positioning BC/DR for the best chance of mission success, hiring staff, using BC consultants effectively, and conducting successful table top exercises.  All you need to build a top tier program and have fun doing it.


...

2015 has certainly been a busy year for cyber-attackers, with TalkTalk and Vodafone being the most recent victims of high-profile attacks. While much has been written about the technological, legal, and security issues around such attacks (e.g. was the data protected properly?), little has been written about how companies communicate in a time of crisis.

Despite all the technology powering the modern organization, business is still a fundamentally human endeavor with humans reacting very differently at times of crisis. In the wake of an attack, company communications can vary from non-existent, to inaccurate, to just plain misleading. There is often a desire to ‘play down’ the attack or ‘sugar coat’ the facts in a misguided attempt to protect the company’s reputation (a move which almost always backfires). In addition, it is very common to see inconsistent responses from different parts of the organization, bringing to mind the phrase “the left hand doesn’t know what the right hand is doing”.

One of the biggest mistakes in crisis management is not having planned for a crisis in the first place. As such, organizations must form a coherent communications plan for how they will respond in the event of an attack. This includes the activities employees need to perform and what and to whom to communicate.  Also included, employees must forecast how customers are likely to react, and what customers will be told and when. All employees, but especially those in customer-facing roles, need to know what to do and say and this takes thoughtful and careful planning and coordination with Marketing, Legal and especially Corporate Communications.

...

Posted by on in DRJ Blogs

When considering any backup solution it is important to assess two key metrics, RPO & RTO.  I put more value on RPO then RTO and here is why.

RPO (Recovery Point Objective) represents how frequently backups are taken, or put another way, how much data you are willing to lose.

RTO (Recovery Time Objective) The duration of time and a service level within which a business must be restored after a disaster or disruption.

...

Posted by on in DRJ Blogs

 I’m speaking on Thursday at the 2015 SecureWorld Seattle conference, expanding and refining a presentation I made this past summer, and on an article I wrote on the same topic a couple of years ago.   I’ll be talking about the life of the CEO, including the magnitude and frequency of decisions that CEOs make every day.  I’ll examine how is it possible to make a perfect pitch to the C-suite for a large scale project, and the attendant expense, that is both intelligible and persuasive, when is data security and cyber security.  Part of that examination involves looking at how executives send and receive information and make decisions, using four executive archetypes – “online junkies, schmoozers, cheerleaders and firefighters” –   that can be found in a 2013  McKinsey Quarterly article to explain how large scale projects derail when the way that executives spend time is not aligned to the organization’s strategic priorities. 

The content aligns with my ongoing research on executives and risk, and how much executives actually know about risk present in their organizations.  Executives become more used to making decisions that could involve people, process, systems or external events as they rise higher in an organization. In almost parallel fashion, information appears to become simplified as it moves higher in the organization, past managers to senior management and then refined once again for the C-Suite, and perhaps a final time in the form of a report for the firm’s board of directors.  So we move from what can be a well-thought-out expensive proposal, to management signoffs as the proposal moves up to the C-suite for approval, the executive signoff, and then a summary in the form of a report – or ongoing status reports -- to the board of directors.

 My focus will be on how to think about and then create a proposal that is the “perfect pitch” – including an easily understandable executive summary that covers both tangible (the cost, the data available on the need for the project, and the competitive landscape) and the more intangible (corporate reputation, corporate liability, alignment with the corporate mission and other strategic initiatives) costs.

...

Basking in the glow of this year’s Disaster Recovery Journal Fall World conference (held in sunny San Diego) I have had an opportunity to start reflecting on some of the conversations that I had with fellow business continuity and disaster recovery colleagues.

One theme that continually emerged was that BCM professionals have unique access to all aspects of the businesses and organizations that we help support.  We constantly update business impact analysis data, interview colleagues, and adjust our BC and DR plans to ensure that our company’s board of directors can sleep soundly(ish) at night.

But, how can we leverage this holistic access to our competitive advantage? I suggest considering the following three points as you approach your next BC/DR project:

...

As risk professionals, it’s important that we’re always up to date with the latest legislation. Recently, the FFIEC, otherwise known as The Federal Financial Institution Examination Council, set out a new piece of legislation that it’s vital we understand.

THE FFIEC’s BCP Appendix J (Appendix J) aims to ensure that financial institutions are taking seriously, their responsibility for the third-party service providers they utilize. Among other things, this means that their third party service providers must have sufficient recovery capabilities should anything go wrong.  This drives to the importance of businesses enforcing due diligence, ensuring that business resilience is in place in order to allow critical activities to continue to run in the case of a security breach or otherwise, and to consider the multitude of risks associated with using new technology.

Appendix J also includes requirements for management of Cyber threats. It was just last year that, America’s largest bank, was subject to a cyber attack that affected 76 million households. With cyber attacks on the rise, this new piece of ruling from the FFIEC certainly comes at a pertinent time.

...
Originally posted on Rentsys Recovery Services' blog.
 
These days the cloud is no longer a no-go for critical infrastructure. In a survey conducted by Infosys last year,81 percent of respondents said they were already or were planning to use mission-critical apps in the cloud within the next two years.
 
With many cloud environments featuring capabilities for high availability, which by definition provide 99.999 percent uptime, how does that affect disaster recovery (DR) planning? If you manage all your applications in a third-party cloud environment with high availability built into the apps’ architecture, does that mean you can nix internal DR plans, procedures and tests?
 
The answer is no, and here are three reasons why.

You Need a Plan for Handling Data Corruption

DR planning is still a key component of the organization’s overall business continuity strategy. It’s important to have a high availability strategy for your critical systems and information, but if your high availability solution replicates errors, your data — while it might be available — would be useless. In that case, you’d need to fall back on your DR plan to recover that system.

Your Employees and Vendors Need a Plan to Follow

 
Even if you’ve outsourced management of critical applications, your employees still need to know what will transpire in the event of a power outage, facility loss or other incident. For instance, where will they work? How will they access the data and applications that are necessary to their job duties?

Your Cloud Provider Needs to Understand Your Environment

 
If you’re using a third party to manage your environment, it’s important to test so the vendor understands your environment. With documented and rehearsed DR plans, the vendor will be familiar with how to react during a business interruption and can do more on your behalf.
 
Although high availability is a key part of protecting your top-priority applications, it shouldn’t replace DR planning. To see what other components you should include in your DR plan,download our checklist.  
Hits: 3109