Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 30, Issue 1

Full Contents Now Available!

Jon Seals

Jon Seals

Is there a case for blockchain in your organization? Cutter Business Technology Journal contributing authors Steven Kurshand Arthur Schnure recently argued that companies should begin considering which parts of their organization might benefit from blockchain. Among their advice to CIOs and CTOs is to look for areas of friction when it comes to exchange of value or information that would benefit from a blockchain implementation and profit from a shared ledger system.

Write Kursh and Schnure, “Take a page from IBM, which announced in July 2016 that it plans to implement a solution to help its finance division resolve client and partner disputes. IBM believes the new system — one of the largest commercial rollouts of block­chain technology yet — will free up US $100 million in capital locked up in manual dispute resolutions. The company is beginning its journey to blockchain in a sector of its business where the benefits are real, yet the implementation is localized.”

“In the long run,” they continue, “blockchain technologies have the ability to enable cost savings, greater efficiency, more rapid transaction clearing, and greater cybersecurity. How­ever, the development and implementation costs at this stage are likely quite substantial. In addition, the greater energy requirements for a large-scale blockchain may be cost-prohibitive. Developing and implementing blockchain technologies in your organization will require resources and time. And as with most innovations, people and processes will need to change, potentially creating internal conflicts.

...

http://blog.cutter.com/2017/03/28/building-the-case-for-blockchain-in-your-organization/

According to a recent Kaspersky Lab report, attackers who demand a ransom in return for not launching a DDoS attack (or to call off an attack in progress) can earn thousands of dollars in bitcoins, enabling the profitability of such attacks to exceed 95 percent.

"And the fact that the owners of online sites are often willing to pay a ransom without even checking whether the attackers can actually carry out an attack (something that other fraudsters have already picked up on) adds even more fuel to the fire," the report notes.

DDoS attacks, according to the report, can cost anywhere from $5 for a 300-second attack to $400 for a 24-hour attack.

...

http://www.esecurityplanet.com/network-security/cybercriminals-see-95-percent-profit-from-ddos-attacks.html

While data backup and replication have their similarities, they are not the same, and rather than competing with one another can be used as complimentary tools to maximise the efficiency of an IT environment.

Data backup is the process of taking a copy of data at a fixed point in time and storing it for a set time frame (retention) in an alternate location to its original source.

Backups are typically used to make sure regulations and compliance around data protection are being met, and to protect against data loss.

...

https://www.redstor.com/en-gb/news/back-basics-differences-between-backup-and-replication/

“Give me your gut!” (as in “gut feeling”) has long been the cry of business continuity management in meetings, trying to make sense of complex situations or cut through to the essentials.

Gut feelings are nonetheless only as good as judgement and the experience used to make them. They may therefore be wrong, for any number of reasons, including incomplete information, personal prejudice, and faulty reasoning. In business continuity, as in other domains, organisations cannot afford to run on gut feelings when the risk of error is too high. But are data-driven decisions on business continuity a better option?

Business analytics are often suggested as the “cure” for gut feeling.

Instead of trying to deal with emotions or personal preferences, the idea is to use facts as the basis for decision.

...

http://www.opscentre.com/business-continuity-gut-feeling-data-driven-decisions/

As I’ve said many times, cybersecurity seems to be more about reacting than acting or being proactive. Now, a new study by 1E found that, in fact, IT professionals spend a third of their time reacting to emergencies.

Nearly 30 percent of the IT tasks are unplanned, which works out to be about 14 weeks of job time per year. More than half of the respondent admit that a problem that is found relatively quickly (within an hour) can take most of the day to resolve.

While this study looks at IT as a whole, it fits into the scope of security, as well. Think of the amount of downtime that is caused by a security incident and how long it takes you to get the company up and running properly again, or how long it takes to resolve that incident. Then ask yourself if you were prepared to address the security incident. Again, I think the formal statement that Sumir Karayi, founder and CEO of 1E, made is as applicable for security as well as overall IT functions:

We knew that IT teams spend a lot of time on unplanned incidents, but we didn’t think it was this high – one third of their time. That’s taking a huge toll on their ability to innovate.

...

http://www.itbusinessedge.com/blogs/data-security/why-your-business-must-be-prepared-for-security-incidents.html

More than 30,000 people in low-lying coastal areas have been urged to evacuate their homes ahead of powerful Cyclone Debbie, as it bears down on the Queensland coast in northeastern Australia.

With landfall expected early Tuesday, Cyclone Debbie is currently a Category 4 storm and could intensify to Category 5. A Category 4 storm on the Australian scale equates to wind gusts of more than 140 miles per hour, the New York Times said.

Storm surge poses the biggest threat as the cyclone strengthens, according to major weather forecasters and news outlets.

...

http://www.iii.org/insuranceindustryblog/?p=4885

IRVINE, Calif. – Vision Solutions, a leading provider of business resilience solutions for IBM Power Systems, published episodes two and three of its “Power Talk” podcast. 

 

Episode two features a conversation with guest Larry Youngren, retired leader of IBM’s remote journaling team for IBM i and well-known author and speaker on high availability (HA). Topics covered include: 

  • Meeting timely recovery point goals through remote journaling 
  • Understanding the key differences between hardware and software replication
  • Techniques for optimizing remote journaling performance and bandwidth usage
  • Three tips for evaluating HA options

Tweet about episode two of the Vision Solutions podcast.

 

Episode three features a conversation with guest Ron Peterson, retired leader of IBM’s clustering team for IBM i and former senior product strategist for MIMIX. Topic related to IBM i HA are covered, including: 

  • Clustering in today’s HA options
  • Unique HA challenges for IBM i systems
  • Significant differences between SAN and software replication
  • Tips for finding the right high availability solution

Tweet about episode three of the Vision Solutions podcast.

 

The Vision Solutions Power Talk podcast series is available at: http://www.visionsolutions.com/powertalk

 

“The conversations in these episodes continue what we started with our first podcast: tapping industry legends to give their invaluable perspectives on modern trends,” said Edward Vesely, EVP and CMO of Vision Solutions. “The stories and commentary in our Power Talk podcast series are invaluable to IT professionals seeking to better understand and optimize the technologies they rely upon to keep their organizations up and running.”

 

About Vision Solutions

Vision Solutions is a leading provider of business resilience solutions – high availability, disaster recovery, migration and data sharing – for IBM Power Systems. For more than 25 years, customers and partners have trusted Vision to protect and modernize their environments, whether on-premises or in the cloud. Visit visionsolutions.com and follow us on social media, including Twitter, Facebook and LinkedIn.

New Ransomware Prevention Checklist Provides Actionable Steps to Recover from and Prevent Costly Cyber Attacks

 

SUNNYVALE, Calif.  – Zetta, a leading provider of high-performance business continuity solutions, today released a new Ransomware Prevention Checklist which provides actionable advice to help recover from and prevent ransomware attacks. It includes immediate steps that can be taken when infected by ransomware to mitigate its impact along with top attack prevention tips that can be implemented to minimize threat risk. 

“The high cost of ransomware has made threat mitigation a top priority for businesses of all sizes,” said Mike Grossman, CEO, Zetta. “To help prevent the risk of ransomware, and to provide immediate guidance for those that have had the unfortunate experience of being hit by an attack, our new Ransomware Prevention Checklist is an excellent resource. It offers simple, actionable advice that can help any data-driven business protect themselves from the high cost, and agony, of ransomware.” 

According to the Federal Bureau of Investigation, ransomware attackers collected more than $209 million from victims during the first quarter of 2016 alone and as many as 50% of ransomware victims paid the ransom in an attempt to recover their data. Adding to the high cost of ransomware, is its impact on IT downtime. The State of Disaster Recovery Surveyreports that virus and malware attacks are the fourth cause of IT downtime, following power outages, hardware errors and human errors. 

The Zetta Ransomware Prevention Checklist offers top steps to prevent the impact of a ransomware attack and tips for safer online behavior, security tools and computer protection to minimize risk and safeguard valuable data from compromise. 

To view the Zetta Ransomware Prevention Checklist, visit: http://www.zetta.net/resource/ransomware-prevention-checklist.

About Zetta
Zetta is an award-winning provider of high-performance cloud-first data protection and disaster recovery solutionsthat are a worry-free choice for businesses and managed service providers. The Company’s direct-to-cloud approach provides businesses a fast and reliable way to protect, access and quickly recover their business-critical data and systems—both physical and virtual – without the need for costly extra hardware. For more information, visit www.zetta.com.

We have been a fan of the Incident Command System (ICS) since the 1990s. It was created in my fair state – California – to manage wildfires. Everyone realized early on, it had many more uses that just the fire service.  It it now required for all city, county, state and federal departments and agencies. What about a company?

Many companies fail to have a great Crisis Management Team because they lack four simple things. Are you developing or retooling the team you have? Then you should consider using ICS.

On Wednesday, March 29, I will be doing a general session at DRJ in Orlando with one of our clients,Salt River Project (SRP), who have embraced ICS.  We will both be speaking so you will learn from the “horses mouth” how SRP reorganized their team and the results.

The goal of this presentation is to help you create both a great team and a great process in order to manage incidents large and small. There are four key things that we often find missing in company teams and plans:

  1. A clearly defined structure
  2. Identified roles and responsibilities
  3. A formal assessment process and team
  4. The ability or knowledge to develop an Incident Action Plan (IAP)

You will learn how SRP has embraced the Incident Command System, refocusing their Crisis Management Team and their processes to be even more effective.

Topics Covered

  • Incident Command System – a powerful methodology.
  • Crisis Management Teams – Roles and responsibilities.
  • Initial Assessment Team – Who should be on the team.
  • Incident Action Plan (IAP) – How to write one.

Speakers

  • Regina Phelps, EMS Solutions Inc.
  • Kenneth Lewis, Salt River Project, Principal Emergency Management Program Analyst

http://www.drj.com/springworld/index.php/event-program/general-sessions

You lock your home—now lock your network. This means having a reliable and secure data center and following basic safety rules, like locking down ports, shutting off services, removing rights and privileges when no longer justified, and using firewalls. You’ll also need host and network intrusion detection and prevention (IDS/IPS) as well as physical access controls such as badge, PIN pad and biometrics etc., to ensure you let only the right traffic and the right people in.

The best way to keep a secret is to encrypt it. But what to encrypt? Encryption can occur at many layers—the network, the physical disk drive, the database, or individual fields. All encryption is not the same; algorithms have different key lengths, some are slower in performance than others and some have been compromised through the ages. Be aware, and keep current with encryption techniques.

At the application layer, strong authentication is key. Create a process for good passwords and keep it simple so people will use it, but make it strong to keep the bad guys out. Passphrases, account ID images and challenge questions are other techniques. A simple technique to use for challenge questions is to not respond with the answer to the question being asked. If the question is “What is your mother’s middle name” use a word like “chair” or “fish.” These red herring responses cannot be traced back to your Facebook or other social accounts.

...

http://www.mir3.com/cybersecurity-principle-locked-door/

Page 1 of 2504