Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 30, Issue 1

Full Contents Now Available!

Industry Hot News

Industry Hot News (7044)

Monday, 16 March 2015 00:00

Are UK business disruptions on the rise?

Sungard Availability Services has released its 2014 UK invocation figures, which show the highest number of incidents since 2009.

Overall incidents of downtime, in which staff are unable to work from their usual office or access business critical systems, rose by over one third (38 percent) compared to 2013, leading to concerns that organizations are failing to sufficiently invest in availability and business continuity strategies and solutions.

While workplace related disruptions, in which the office environment is rendered inaccessible have remained fairly stable – with only a minor increase in 2014 – disruptions due to technology failures have more than doubled, increasing by 140 percent. Sungard AS’ 2014 invocation statistics show that hardware has been the main issue, causing a fifth of all problems (21 percent). The year-on-year spike in technology-related incidents, also including power and communications, is particularly worrying, suggesting that while many organizations are now entirely dependent on their IT systems, they are struggling to maintain them.



Monday, 16 March 2015 00:00

Downtime costs under the spotlight

A new industry survey has found that of those who responded the largest group (37 percent) estimated that the cost-per-minute of downtime in their organization fell into the £10,000 - £20,000 bracket.

With 80 percent of those questioned giving their recovery time objectives as two hours or greater, the results mean that the potential losses to UK businesses are high.

The study, conducted by Timico, gave a comprehensive insight into the disaster recovery habits of IT managers in the UK, and revealed a distinct lack of awareness, despite the predicted cost of outages.

The survey revealed that almost a quarter (24 percent) of IT managers acknowledged having an outage within the past month but despite that, over 70 percent admitted to never having worked out the cost of the resulting downtime.

The research also found that over 60 percent of SMEs had not yet rolled out any form of cloud-based back up within their business. Moving to the cloud can negate the need for dual site replication, an option still favoured by 18 percent of those businesses questioned. Shockingly, despite the risks, a minority of respondents even admitted to never backing up their data.


The potential value in the Internet of Things (IoT) is bringing to a fever pitch the focus on data as one of the enterprise’s most valuable assets. Clearly, those who carefully collect, transform, analyze, model and report on IoT data are seeing their influence rise. As much of this work is settling around the data scientist role, I talked with Don DeLoach, CEO of Infobright, provider of an analytics database platform, about what data scientists are being asked to do now, and how those responsibilities around IoT data might change in the near future.

DeLoach says it’s definitely early days when you look at what data scientists are being asked to examine:

“Look at the progress of the Internet of Things. Most, probably 95 percent, of the focus is on the closed loop message response systems that make up the use cases: service models for capital equipment, focus on specific silos, alerting to problems, not having to send service professionals out when they’re not needed, or information like temperatures in machines, or lighting levels that are appropriate for time or conditions. It’s grabbing a message off a sensor, and then determining whether an action is needed. We’re at an early stage.”



Who needs a data scientist when you can have a robot analyze your data? No, seriously, that’s an actual question enterprises may be asking if this Computerworld article on artificial intelligence is right.

Technically, I guess artificial intelligence isn’t a robot until you add a body, but the question still stands: Can artificial intelligence solve the data deluge better than humans? AI experts certainly think so.

"The notion that a human analyst can look at all of this data unaided becomes more and more implausible," Oren Etzioni, CEO of the Allen Institute for Artificial Intelligence, told senior reporter Sharon Gaudin.  "You can't have a person sitting there watching Twitter to protect your brand. … You need A.I. tools."

The obvious use case is with security, where humans are already failing to keep up with the ever-changing threat. Algorithms can “learn” from the data and flag deviations.



Cloud computing and modular infrastructure are working hand-in-hand to remove the hassles of physical infrastructure from the enterprise’s list of concerns.

If it all goes as planned, the loss of any one server, storage or networking component will cease to be the service-killing event that drives IT into a state of near-insanity. If a piece goes down, an automation system simply reroutes traffic to another module and a replacement device is swapped in at IT’s leisure, perhaps by a robotic arm.

But that does not mean IT is on easy street. Rather, responsibility for the smooth flow of data simply travels up the stack, to the application and service layers, to be precise. And exactly how the enterprise prepares for data management on that level will go a long way toward determining how well the bosses in the executive suite can fulfill their business models.



(Tribune News Service) -- New York state's top bank regulator told a University at Albany audience on Thursday that one of the greatest threats to the economy today is a "cyber 9/11" attack that causes widespread panic in financial markets.

Benjamin Lawsky, who as superintendent of the state Department of Financial Services oversees 3,800 banks and insurance companies, said that trying to stop cyberattacks on the state's financial system — from data breaches to cyberterrorism — is his biggest concern.

"It's the one issue that I personally work on every single day," Lawsky said at UAlbany's Business School, where he delivered the first-ever Massry Lecture. "What should we do to prevent these nightmare scenarios?"

Although Lawsky doesn't have criminal prosecution powers, his office has been aggressive in negotiating civil penalties with banks that have been investigated for wrongdoing in New York state. On Thursday, just an hour before his UAlbany speech, his office announced a $1.45 billion fine for Commerzbank of Germany — of which $610 million will go to New York state.



(TNS) — Aiming to minimize the number of victims, the Japanese government is hurrying to establish a network of undersea cables to monitor the occurrence of tsunami on the floor of the Pacific Ocean, where a huge earthquake is expected to take place.

The cables connect tsunami gauges and other observation devices for that purpose.

On seabeds stretching from off Hokkaido to off Chiba Prefecture, the National Research Institute for Earth Science and Disaster Prevention (NIED) is installing tsunami gauges and other devices in 150 locations. The total length of the undersea cables will be 5,700 kilometers.

“There is no precedent anywhere in the world for such a large-scale tsunami observation network," NIED President Yoshimitsu Okada said. “Completion is scheduled for fiscal 2015. After that, it will be possible to detect tsunami waves 20 minutes earlier than we do now."



MSPs who offer cloud-based file sharing have a full time job. It isn’t enough to simply sell and set up cloud services for your client – you then need to monitor them.

Surprisingly, 44 percent of corporate data stored in the cloud environment is not managed or controlled by the IT department.

While you could try to make it easier for customers to monitor the cloud sharing you set up, there are advantages to being the one to handle this task. For one, you obviously want to make sure that the file sharing system you set up is working properly. You also want to be able to tell when your client may need additional functions or storage based on their use. Finally, your clients care about it, so being the one to offer it will increase your value to them.

Here are four things your clients care about, and things you should be actively monitoring:



Many information security professionals are looking for help with security and may very well partner with managed security service providers (MSSPs) this year. That's according to a new report from Trustwave. Here are the details.

The 2015 Security Pressures Report revealed that most businesses expect the pressure to secure their organizations against cyber threats will increase in 2015. Also, 78 percent of information security professionals said they are likely or plan to partner with an MSSP to protect their organizations.



According to the Occupational Health and Safety Administration, 4.1 million U.S. employees experience work-related injuries or illnesses each year and 1.12 million of those employees lose work days as a result. With the average employee missing eight days per injury, even a minor injury can create a domino effect in your company.

When employees experience illness or injury, it often impacts their ability to perform their jobs, especially in occupations that are more labor intensive. As soon as your worker is able, it is in everyone’s best interest to return him or her to work in some capacity. Oftentimes, this is done through formalized return to work programs. Return to work programs are extremely effective because they provide benefits to not only the employee, but also your company.



Friday, 13 March 2015 00:00

BCM & DR: When to Use Software

Often, when an organization initiates its Business Continuity Management (BCM) / Disaster Recovery (DR) program, it a pretty manual process: documents, power points and spreadsheets abound. They look good and they serve a purposes but when the program needs to mature and grow, the manual maintenance and monitoring processes just can’t keep up properly. Suddenly, the person responsible – use is usually only assigned to BCM/DR part time – can’t keep up and things begin to fall apart. It’s time for some help to automate the BCM process to keep it current and maintainable (not just the plans being maintained).

So where do you start and what needs to be considered when determining what software is best for you? Here are some helpful tips to consider when you get to that point.



Often, when an organization initiates its Business Continuity Management (BCM) / Disaster Recovery (DR) program, it a pretty manual process: documents, power points and spreadsheets abound. They look good and they serve a purposes but when the program needs to mature and grow, the manual maintenance and monitoring processes just can’t keep up properly. Suddenly, the person responsible – use is usually only assigned to BCM/DR part time – can’t keep up and things begin to fall apart. It’s time for some help to automate the BCM process to keep it current and maintainable (not just the plans being maintained).

So where do you start and what needs to be considered when determining what software is best for you? Here are some helpful tips to consider when you get to that point.

If you are the IT person who handles security for your company, where do you feel the most pressure when it comes to protecting business interests and consumer privacy? The folks at Trustwave sought to discover what was causing the most stress and concerns for IT and security professionals, and they just released their findings in the 2015 Security Pressures Report.

It’s an interesting perspective to study. All professionals are under pressure to perform well in their job duties, but as more companies reveal disastrous breaches and security breakdowns, IT security pros are really in the spotlight right now, with minimal room for failure. In fact, as the study stated in the introduction:

Few white-collar professions face as much mounting pressure as the information security trade. It is a discipline that, due to the widely publicized data breach epidemic, has suddenly crept out from behind the shadows of the mysterious, isolated and technical — and into the public and business mainstream.

- See more at: http://www.itbusinessedge.com/blogs/data-security/stress-levels-on-the-rise-for-security-professionals.html#sthash.Txh7nrOk.dpuf

If you are the IT person who handles security for your company, where do you feel the most pressure when it comes to protecting business interests and consumer privacy? The folks at Trustwave sought to discover what was causing the most stress and concerns for IT and security professionals, and they just released their findings in the 2015 Security Pressures Report.

It’s an interesting perspective to study. All professionals are under pressure to perform well in their job duties, but as more companies reveal disastrous breaches and security breakdowns, IT security pros are really in the spotlight right now, with minimal room for failure. In fact, as the study stated in the introduction:

Few white-collar professions face as much mounting pressure as the information security trade. It is a discipline that, due to the widely publicized data breach epidemic, has suddenly crept out from behind the shadows of the mysterious, isolated and technical — and into the public and business mainstream.

- See more at: http://www.itbusinessedge.com/blogs/data-security/stress-levels-on-the-rise-for-security-professionals.html#sthash.Txh7nrOk.dpuf

(TNS) — A new report from the U.S. Geological Survey shows it is increasingly likely a magnitude 8.0 or greater earthquake will hit California, but that "doesn’t change the bottom line” for the state’s emergency management workers, an agency official says.

Lucy Jones, a USGS seismologist and Mayor Eric Garcetti’s adviser on earthquakes, tweeted Tuesday about the randomness of big quakes.

"This new science doesn't change the bottom line for emergency managers," she wrote. "Which one happens in our lifetimes is a random subset."

The tweet was in response to a question posed to Jones about the practical takeaway for those trying to prepare the state for just such a disaster.



Accessing analytics of any type has always been a complex endeavor. But starting this week, Ryft Systems wants to make real-time analytics running on a 1u server built using field programmable gate arrays (FPGAs) a single application programming interface (API) call away.

Pat McGarry, vice president of engineering for Ryft Systems, says that by deploying a dedicated Ryft ONE server that runs a “Linux-like” operating system to process analytics IT organizations can once and for all eliminate I/O bottlenecks.

The biggest challenge with Big Data, says McGarry, is not so much the size of that data that needs to processed at any given time, but rather the velocity at which that data needs to be processed. Rather than relying on a general-purpose processor, McGarry says that Ryft has combined FPGAs with up to 40 solid-state disk drives that can process up to 48TB of data at a rate of 10 gigabytes per second.



Let’s start with the notion that nobody is perfect. I know, that will drive the perfectionists up a wall, but it is true. No person, no organization, no company is perfect. This means we will all make mistakes. So why not plan for it.

Plan for it! Yes. We all know that someday there will be a screw up, a goof, or God forbid an intentional negative act. For example, consider the recent experience of a Comcast customer.  Lisa wanted to find a way to save money, so she decided that the family could do without the cable portion of the family bill. The Comcast customer service representative was not happy with this request, tried to retain her, and when she still refused Lisa got her next Comcast bill addressed to –  “Asshole Brown”. Needless to say Lisa was upset about trying to get the name changed back to her real name. Even that task was not easy.

So here we go. Like I said,  no one is perfect and in this case Comcast certainly deserves a black eye.



CompTIA's new "Enabling SMBs with Technology" study revealed many small- and medium-sized businesses (SMBs) want innovative technology partners, and a lack of innovative technology solutions is one of the primary reasons why some of these companies choose to switch IT firms.

CompTIA reported that more than 70 percent of SMBs said they have used an outside IT firm at least occasionally over the past 12 months. Also, 46 percent of SMBs noted that they look to outside IT firms when they need greater expertise and new options, which could create new opportunities for innovative managed service providers (MSPs).

"For an MSP to be innovative, it must focus on business results at a broad scale and proactively determine the best technology solution," Seth Robinson, CompTIA's senior director of technology analysis, told MSPmentor.



By James Stevenson

The first few exercises I ran were pretty nerve wracking. Would the plans work? Would the team play nicely or start throwing stuff? Would they realise I was new to this?

Since then I’ve been fortunate to work with many different groups around the world facilitating exercises, coaching and training new business continuity managers to design and run their own successful exercises.
It’s not rocket science but there is a skill to setting up and running a great exercise.

To help with this, the ten steps below are packed full of tips and suggestions to develop this skill, run great exercises and maximise your business continuity programme:



Carbonite, Inc., a provider of cloud and hybrid business continuity solutions for small and midsize businesses, has published a report on recent business continuity and channel research. Entitled, ‘Business Continuity: A Growing Opportunity in a Digitalized World,’ the report details the results of research conducted through Spiceworks Voice of IT, and identifies trends, challenges and strategies related to business continuity.

According to the report, 67 percent of channel partners reported an increase in demand for business continuity solutions from small and medium sized businesses, and 77 percent expect the demand to continue growing over the next three years. 87 percent of channel partners agree that business continuity solutions are worth the investment, but they are faced with two key challenges when selling related products: lack of customer education (45 percent) and budget concerns (45 percent).



Where are the weak points in your organisation and its operations? Where could disasters or criminals do the most damage? Vulnerability testing, as its name suggests, is done to find out where the soft underbelly is. Then protection and security can be suitably reinforced. In a general sense, it can cover everything: from freak weather conditions to power outages, supplier failure and IT disasters. Indeed, the latter category of IT is where vulnerability testing is often the most performed. This is partly because of the critical role of IT throughout many organisations, and partly because IT vulnerability testing is relatively easy to automate. However, even systematic automated testing can’t do it all. So what’s the solution?



Consensus is building that the cloud will subsume traditional data center infrastructure within the next decade. This is not to say that local resources will go the way of the dinosaur, but that whatever remains in the data center will be cloud-based.

This means that both the hardware and software platforms that hope to support future data architectures will have to cater more toward cloud functionality than traditional data center constructs. And yet, it seems that only recently have we seen anything that can be described as cloud-specific enterprise systems in the channel.

HP took the wraps off of its Cloudline server this week, aimed specifically at helping cloud service providers gain an edge on competitors by offering not just lower costs, but advanced functionality as well. This includes open management capabilities that enable a broad range of third-party solutions, as well as broad ties to the OpenStack format through HP’s Helion platform. This should give providers a wedge in crafting hybrid cloud solutions for enterprises that convert their legacy architectures to OpenStack-based clouds. At the same time, Cloudline supports the HP Altoline open network switch, which itself supports the Cumulus Networks Linux networking distribution aimed at building web-facing hyperscale infrastructure.



(TNS) — Dallas startup accelerator Tech Wildcatters is launching a program focused on wearable technology for police officers, firefighters and emergency medical personnel.

The unique public-private experiment will be announced Wednesday.

The pilot program is funded by the Department of Homeland Security’s research and development arm, and Tech Wildcatters is one of two U.S. accelerators tapped to run it. The program is being managed by the Center for Innovative Technology, a Virginia-based nonprofit.

This is the first time Homeland Security’s research division has experimented with accelerators. The federal agency is interested in wearable technology such as advanced sensors, smart voice and data communication chips embedded in gear, and health-related monitors.



Thursday, 12 March 2015 00:00

Public Entities Targeted By Cyber Attacks

Cyber attacks against businesses may dominate the news headlines, but recent events point to the growing number and range of cyber threats facing public entities and government agencies.

City officials yesterday confirmed that city and county computer systems in Madison, Wisconsin were being targeted by cyber attackers in retaliation for the shooting death of Tony Robinson, an unarmed biracial man, by a Madison police officer last Friday. A Reuters report says the cyber attack is thought to have been initiated by hacker group Anonymous.

Then on Sunday the website of Colonial Williamsburg was hit in a cyber attack attributed to ISIS. The attack targeted the history.org website and comes just a week after the living history museum offered to house artifacts at risk of destruction in Iraq.



A new Carbonite (CARB) channel partner survey revealed 87 percent of respondents agreed that business continuity solutions are worth the investment.

However, the study, titled "Business Continuity: A Growing Opportunity in a Digitalized World," also showed that channel partners are typically faced with two key challenges when selling business continuity products: lack of customer education (45 percent) and budget concerns (45 percent).



In case you thought Microsoft was lagging behind in mobile productivity, you might want to reconsider. Microsoft and other cloud companies have taken some big steps to extend Microsoft Office far beyond the desktop and into the cloud. In the last couple of months, Google and Box have separately announced online editing features and close integration with Office desktop apps, while Microsoft announced just two weeks ago that Office users on iPad will be able to save their documents in any kind of cloud storage.

What’s the upshot for MSPs given these moves? The days of employees storing their important data on a single server or within a single cloud repository are long gone. Now, as the applications that take advantage of cloud storage are becoming more cloud platform-agnostic, employees can and will store their data in any number of cloud services, such as Google Drive, Office 365 and Box. MSPs need to make sure that clients’ data is properly controlled, no matter where it resides.



Wednesday, 11 March 2015 00:00

Managing Your Reputation Risk

One of my favorite virtual friends is Dr. Andrea Bonime-Blanc, the Chief Executive Officer (CEO) and founder of GEC Risk Advisory LLC, the global governance, risk, integrity, reputation and crisis advisory firm which serves executives, boards, investors and advisors in diverse sectors, growth stages and industries, primarily in the Americas, Europe and Africa, providing strategic and tactical advice to transform risk into value. Dr. Bonime-Blanc is an extensively published author and editor of several books and numerous articles. She writes The GlobalEthicist column for Ethical Corporation Magazine. She also co-authored and co-edited The Ethics and Compliance Handbook for the ECOA Foundation. While her career and current consulting is wide-ranging, I want to focus on one of her recent book, The Reputation Risk Handbook, which should be read by any compliance practitioner, senior executive or board member.

Why should you read this book? It is because you should recognize that “Reputation risk has become strategic because of the age of hyper-transparency.” The book provides a variety of examples of reputation risk and explains its special nature. The book also provides strategies for management of reputation risk. Bonime-Blanc concludes her book by going into the veiled land of the future to opine on not only risk management techniques but also the “transformation of this risk into an opportunity and value for the organization.” Her book is broken down into three general areas, I. Understanding Reputation Risk, II. Triangulating Reputation Risk, and III. Deploying Reputation Risk.



No doubt enterprise IT technology will be vastly different in five years’ time. We’re not just talking about better, faster, more flexible infrastructure, but a top-to-bottom overhaul of what data infrastructure is all about and how it should be architected for the new digital economy.

But what gets lost in the whirlwind of activity surrounding the cloud, modular infrastructure, mobility and all the rest is how this will change the day-to-day operations of the data center, and in particular the responsibilities of the IT staff and the skillsets required to fulfill those responsibilities.

We can start with the CIO. Traditionally, this position is served by someone steeped in technical knowledge and the careful relationships that must be maintained between the various layers of the IT stack. (Yes, there is much more to it than that, but in general terms this is good for our discussion.) But as Mike Altendorf, CEO of systems integrator Conchango told CIO.com, a technology background will become steadily less valuable as things unfold, and more traditional business-minded skills will rise. These include not only budgeting and management, but marketing, customer relations and even sales as IT becomes more integrated with the business side of the operation.



Even though the U.S. government has broadened its pursuit against corruption, only about 9% of organizations see the Foreign Corrupt Practices Act’s monitoring of corruption as a top concern, according to “Bribery and Corruption: The Essential Guide to Managing the Risks” by ACL.

Remaining competitive can be difficult in some areas due to expectations of payments, gifts and consulting fees, but companies need to identify and manage the risks across the organization. Much is at stake as penalties are rising and reputations are at risk.

According to ACL:



(TNS) — In Pennsylvania, nearly 1.5 million people are in potential danger if a train carrying crude oil derails and catches fire, according to a PublicSource analysis.

That is about one in every nine Pennsylvanians, or 11.5 percent of the state's population.

The analysis also found 327 K-12 schools, 37 hospitals and 61 nursing homes in the state are at risk.

These numbers take on new meaning in the wake of the recent derailment near Mount Carbon, W. Va. And, a federal report predicts 15 trains carrying crude oil and ethanol in the United States could derail in 2015 alone.



Looking to put an end to spearphishing attacks that have made a mockery of IT security defenses, Check Point Software Technologies Ltd. today unveiled technology that automatically extracts malware from both documents attached to email and content downloaded from Web sites.

Gabi Reish, vice president of product management for Check Point, says Check Point Threat Extraction software works by decomposing content in real time into a set of digital bits and then removing any and all code that is identified as malware. The content is then reconstituted and send on to the intended user.

Running on security gateways from Check Point, Reish says Check Point Threat Extraction software is the second major IT security innovation Check Point is bringing to market in as many months. Last month Check Point acquired Hyperwise, a provider of software that identifies threats at the processor level.



Wednesday, 11 March 2015 00:00

Keeping your Emergency Kit Nutritious

Vegetables in cans

When gathering food for an emergency kit, we often think about items that do not require cooking or refrigeration and have a long storage life. Yet, we often forget to check the nutritional value of the food in our emergency kits. March is National Nutrition Month and a great time to review the food in your emergency kit and makes sure it is healthy and not expired. Here are a few healthy tips to keep in mind when gathering food for your emergency kit and reviewing the food you have already stored.

1. Avoid salty snacks.

Salty snacks make you thirsty and increase your need to drink water. When you have a limited supply of food and water, you don’t want foods that will make you want to drink more water than you need or planned for.

2. Include protein.

While you may not be able to rely on your normal sources of protein like meat, after an emergency, you should still include some good sources of protein in your emergency kit. Nuts, protein bars and peanut butter can be sustaining foods that can help keep you full and are easy to store in your emergency kit.


3. Look for high-energy foods.

Mother and daughter with can

Food with protein, carbohydrates, and good fats can help keep your energy up, which can be very important during or after a disaster. Choose foods like nuts, dried meat, whole grains (crackers, cereal, etc.) and canned beans, fruits, or vegetables.

4. Don’t forget water.

Water is a crucial part of any emergency kit. Store at least 1 gallon of water per day for each person and each pet. If possible, try to store a 2-week supply of water or at least a 3-day supply of water for each person in your family. Unopened, commercially bottled water is the safest and most reliable emergency water supply.

5.  Make sure your emergency kit food is healthy and safe.

In addition to choosing the right foods for your emergency kit, you should also regularly review the content of your kit to make sure none of your food has expired or become dented or damaged. Keep the food in your emergency kit in a dry, cool spot, out of the sun to help ensure that the food does not become damaged or unusable.

6. Stick with what you know.

The most important part choosing food for your emergency kit is making sure you know how to prepare and will want to eat the food you store. Stick with foods you know your family will eat. Also, do not forget about food allergies or dietary needs of your loved ones. Consider how you will meet everyone’s unique nutritional needs if you can only access your emergency kit food supply.

For more information about choosing and storing food for your emergency kit, visit CDC’s webpage http://emergency.cdc.gov/disasters/foodwater/index.asp.



The results of a Risk Management Association (RMA) and MetricStream survey on third-party and vendor risk management in financial institutions has been published.

The survey drew responses from over 100 leading financial institutions and addressed vendor management frameworks, vendor selection and monitoring processes, critical vendors and critical activities, tools and techniques, contracts, regulatory compliance, and fourth-party suppliers.

With the growing need to grow the business, provide new offerings, reduce overall costs, and maximise profitability and revenues, outsourcing to third-party service providers has become the norm for most banks and financial institutions (FIs) worldwide. Larger organizations have tens of thousands of vendor relationships to manage, and in this scenario, are increasingly exposed to financial loss and reputation if they fail to maintain adequate quality control over all third-party activities.

“Managing the risks inherent in vendor and other third party relationships has become critically important in recent years, as the actions of vendors can cause significant financial and reputational impact to organizations, no matter their size or industry,” said Edward J. DeMarco, RMA's general counsel and director of operational risk.



BitSight Technologies has released the results of a commissioned study, conducted by Forrester Consulting on behalf of BitSight, which reveals third-party security as a top business concern for enterprises. The findings suggest a significant appetite for monitoring third-party security but a steep disconnect in resources available to adequately and objectively manage this.

The study, ‘Continuous Third-Party Security Monitoring Powers Business Objectives and Vendor Accountability,’ is based on surveys of IT security and risk-management decision makers in the US, UK, France and Germany.

Forrester found that when it comes to tracking third-party risk, critical data loss or exposure (63 percent) and the threat of cyber attacks (62 percent) ranked as the top concerns, above standard business issues, including whether the supplier could deliver the quality and timely service as contracted (55 percent). Despite the desire for more robust insight into third-party security practices, only 37 percent of survey respondents reported tracking any of these metrics on a monthly basis.



Data theft is becoming big business if the estimated damages of recent breaches are any indication. Can you imagine being insured for US $100 million against such events, yet having to bear costs that exceeded even that figure? The recent attack against Anthem, the second largest health insurer in America, involved as many as 80 million records being stolen. The associated expenses have been estimated at more than the $100 million policy taken out by the enterprise. Elsewhere, supermarket chain Target (also in the US) estimated costs of over US $148 million after 100 million customer records were compromised at the end of 2013. But the attack similarities don’t end there – and could apply to any company.



At the end of last week, I started getting email messages warning me about the latest TLS/SSL vulnerability that has been discovered. This one is called the FREAK Attack and a site dedicated to informing users about the attack describes this new vulnerability in this way:

It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data.

The first reports of FREAK Attack, which like Heartbleed involves open source code, were via initial warnings through Mac and Android-native browsers—although Chrome appeared to be safe, as is Firefox. BlackBerry browsers are also affected by the vulnerability. At first glance, it looked like Windows machines were okay. A second glance, however, tells a different story.



(TNS) — For more than 100 years, people have questioned whether taking oil and gas from the depths of the earth can cause tremors.

When an earthquake shook Austin in 1902, some thought an explosion in the oilfields of Spindletop, in southern Beaumont, might be to blame.

The 1902 earthquake was naturally occurring. But the link between human activity and earthquakes is very real and well established, said Cliff Frohlich, associate director and senior research scientist with UT's Institute for Geophysics.

"When people make the statement that it hasn't been established that humans can cause earthquakes, they're either woefully uninformed about the research by myself and hundreds of others over the last 70 years or they're trying to mislead you," he said. "That's like people saying the world is flat; that evolution hasn't been proven or that humans can't cause climate change."



KANSAS CITY, Mo. — The woman’s voice on the intercom was anguished.

“There’s a shooter in the building. Lockdown! Lockdown!”

Inside the library at Independence’s Pioneer Ridge Middle School, about 65 teachers and staff members — who knew this was all pretend but were warned it may be unnerving — assumed their positions under desks and crouched between rows of children’s books.

Someone switched off the lights as instructed. Maybe the shooter won’t see them hiding. The rest of the school stood empty.

It was part of training increasingly occurring in the nation’s schools, hospitals and other workplaces to drive home lessons, some of them controversial, on how not to become an armed intruder’s sitting duck.



(TNS) — Ohio tops the country with the most school threats in the first half of the school year, according to a recent report by a national school-safety consultant.

From August to December 2014, Ohio had 64 reports of school threats, more than California (60), New York (46) and Texas (41).

Across the nation, school threats are up 158 percent from last year, the first year of the survey conducted by Cleveland-based National School Safety and Security Services.

Local safety experts question the company’s figures because they are based on news reports instead of police records. The local experts say that schools and media outlets tend to underreport threats.



Tuesday, 10 March 2015 00:00

Putting the Enterprise Stamp on Shadow IT

When it comes to so-called “shadow IT,” the enterprise has three basic responses. You can accept it, you can fight it, or you can ignore it.

Unfortunately, it seems that a large number of organizations are choosing option three, ignoring it, which is probably the worst approach to take because shadow IT can, in fact, become a strategic asset to the enterprise, provided it is not left to its own devices.

Ideally, the enterprise should accept shadow IT, but with conditions. With the coming of the mobile-first generation to the knowledge workforce, IT needs to recognize that enterprise data will find its way onto personal smartphones and tablets, and that the best thing to do is encourage this level of flexibility but impress upon people the need to maintain an adequate security posture.



Monday, 09 March 2015 00:00

'Spring Ahead' And Be Flood Ready

CHICAGO – You may be ready to enjoy more daylight hours after we “Spring ahead” an hour on March 8, but are you ready for the threat of flooding that warmer months can bring?

“With the change of seasons comes the risk of snow melt, heavy rains, and rising waters—we’re all at some level of flood risk,” said Andrew Velasquez III, FEMA Region V administrator.  “It is important we prepare now for the impact floods could have on our homes, our businesses and in our communities.”

Take action with these simple steps to protect what matters before a flood threatens your community:

Your Home
• Ensure you’re insured. Consider purchasing flood insurance to protect your home against the damage floodwaters can cause. Homeowners’ insurance policies do not typically cover flood losses, and most policies take 30-days to become effective.  Visit FloodSmart.gov for more information.
• Keep important papers in a safe place. Make copies of critical documents (mortgage papers, deed, passport, bank information, etc.). Keep copies in your home and store originals in a secure place outside the home, such as a bank safe deposit box.
• Elevate mechanicals off the floor of your basement—such as the water heater, washer, dryer and furnace—to avoid potential water damage.
• Caulk exterior openings where electrical wires and cables enter your home to keep water from getting inside.
• Shovel! As temperatures warm, snow melt is a real concern. Shovel snow away from your home and clean your gutters to keep your home free from potential water damage.

Your Family
• Build and maintain an emergency supply kit. Include drinking water, a first-aid kit, canned food, a radio, flashlight and blankets. Visit www.Ready.gov for a disaster supply checklist for flood safety tips and information. Don’t forget to store additional supply kits in your car and at the office too.
• Plan for your pet needs. Ensure you have pet food, bottled water, medications, cat litter/pan, newspaper, a secure pet carrier and leash included in your emergency supply kit.
• Have a family emergency plan in place. Plan and practice flood evacuation routes from home, work and school that are on higher ground. Your family may not be together when a disaster strikes so it is important to plan in advance: how you will get to a safe place; how you will contact one another; how you will get back together; and what you will do in different situations.

To learn more about preparing for floods, how to purchase a flood insurance policy and the benefits of protecting your home or property investment against flooding visit FloodSmart.gov  or call 1-800-427-2419. For even more readiness information follow FEMA Region V at twitter.com/femaregion5 and facebook.com/fema. Individuals can always find valuable preparedness information at www.Ready.gov or download the free FEMA app, available for Android, Apple or Blackberry devices.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at twitter.com/femaregion5, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.


Monday, 09 March 2015 00:00

What is Your Reputation Worth?

My reading and research includes white papers from the Big Four accounting firms. I note for the record that Deloitte, a firm that has consistently produced excellent white papers on risk, has upped its game past white papers with a weekday Risk & Compliance Journal for executives in the Wall Street Journal, a convenient daily reminder of what’s at stake for publically listed firms. But it’s Deloitte’s 2014 Global Survey on Reputation Risk that I’d like to discuss here, and then make note of several other useful and available white papers. 

It’s always been difficult to quantify reputation, whether individual or corporate. We claim to know when a firm’s reputation has been compromised, and often the market punishes that firm directly. Yet there are other cases where direct actions taken to save a reputation -- notably investigations, which may lead to the removal of the CEO or other executives – seem autocratic and insufficient. We express our own judgments by comment and retweet, often becoming part of a groundswell of distrust and dissatisfaction on social media that has a longer term impact on the firm in question. Social media in that sense is more innovative than traditional data analytics. [It is hard to know whether social media commented more upon the corporate reputation of NBC or the individual reputation of anchor Brian Williams, but that particular groundswell led to the six month suspension without pay of Williams, who is said to make $10 million a year. So far at least, NBC Evening News is holding its own in the ratings, but the company is making significant changes in its management staff; and it is not clear that Williams will ever return to the news desk.]



Project managers—especially in the tech sector—know all too well how many factors can cause a project to miss its deadline or go over budget. Keeping a project within its projected scope is one of the most difficult challenges for project managers.

Issues such as project omissions, slow or no user involvement, customer over-expectation and lengthy application development times can often not be avoided. One thing that can usually be reined in is the scope of the project, which includes the objective, timeline, goals, resources, tasks, team and budget.

By properly defining these requirements, a project has a better chance of staying within these guidelines. Of course, often the collection of data to define these requirements can be a huge challenge within itself.

The book “Project Scope Management: A Practical Guide to Requirements for Engineering, Product, Construction, IT and Enterprise Projects,” provides instruction on developing and defining project requirements to keep projects on track and within scope. It deals with practical tools and simple techniques for project managers to use in the daily struggle to avoid scope creep.



For most companies, the on-premise appliance sits firmly rooted at the center of their backup world--making disc-to-disc (D2D) the preferred data protection method for backup and recovery of critical data, servers and applications. While D2D isn’t a perfect solution--often characterized by its high cost, capacity planning challenges and finite storage constraints--it’s tested, trusted and reliable. 

With the cloud becoming more broadly adopted, many companies are considering cloud backup as a viable option for their disaster recovery (DR) strategy.  Who doesn’t want lower costs and increased efficiency?

Heeding the call, the backup industry, which has always let the appliance drive its product vision, introduced hybrid backup appliances to the market. These appliances, designed to deliver cost savings, act as your local D2D backup. The cloud becomes your replication repository.



Facing a future where extreme weather events are more common, cities on the East Coast are building up their resiliency to power outages. 

At-risk cities,  especially those on the East Coast that haven’t historically had to prepare for hurricane-induced problems, are trying to improve their infrastructure and emergency plans to prevent power outages.

A recent analysis from Johns Hopkins University ranked Philadelphia as the second most likely city in the United States to experience more power outages.



Whenever a project is being planned, risk management has to be part of the equation – things rarely go smoothly or completely as expected, and there will always be areas that present more risks than others. Whether they affect the projected timeframes, budgets or outcomes, it is the job of the project manager to identify them and ensure that provisions are in place to limit their impact should they occur.

However, failures are made in risk management every day – they helped to trigger the economic crisis in 2008, demonstrating that even the world’s biggest banks, which take financial and logistical risks every day, are not immune to risk mismanagement. With this in mind, it’s understandable that smaller projects and processes might suffer from errors made in risk management.

Why aren’t we performing risk management well, then? With project management an ever-growing sector and more and more jobs being created every day, the next generation of risk managers needs to be able to identify issues in order to rectify them.



It may seem a bit incongruous to talk about solar energy when nearly half the country is covered in snow, but the data center is still the energy hog of today’s economy and is constantly ratcheting up its consumption with every new hyperscale facility.

But even as Apple, Facebook and other top firms embrace solar power and other renewables, the question remains whether this is a viable option for the broader enterprise community. And if not, will the pressure to shed local data infrastructure still come from environmental corners anxious to foster greater dependence on cleaner, utility-style computing?

The key test of a technology like solar power is not in its ability to generate electricity, but in its ability to do so reliably. In a recent report, the North American Electric Reliability Corp. (NERC) said that the influx of renewables into the bulk energy grid of the U.S. and Canada and the closing of aging coal-fired facilities is lowering energy reliability in the region. This could cause rates to increase as utilities up their reserve fuel stores to maintain adequate load. The report is disputed by many, to be sure, but it does point up the uncertainties that accompany changes to such fundamental infrastructure as the energy grid.



By Joe Schreiber

Once you’ve come to terms with the harsh reality of the world, you come to understand that sooner or later, you will be the victim of a security breach. Chances are that it may not be this month, or even this year, but as the insightful Tyler Durden so shrewdly observed, “On a long enough timeline, the survival rate for everyone drops to zero.”

Getting breached doesn’t establish whether or not you have a decent security program in place: but how you respond to a security breach does.

If you come to accept Murphy’s Law; that everything that can go wrong will do so – and usually with the worst possible timing, there are several steps that can be taken today to help soften any future blows. These motions that you can set in place give you the ‘freedom’ to expect the unexpected.

Try to rid yourself of any notion that the work you do in network security is ‘protecting’ the company’s assets. Your mission is to look into and analyze how the network can be attacked, with the anticipation that you can control the battlefield smoothly enough to be able to respond to all attacks satisfactorily. So, think strategically about what can be done today and what can be delayed for later. The following are six key actions you can take to make sure you and your organization are more than prepared.



As conflict continues in Ukraine, and fears of an expansionist Russia throw a shadow of war over Europe, the Cambridge Risk Centre for Risk Studies has urged businesses to incorporate geopolitical conflict scenarios into their business continuity planning.

Interstate conflict was the number one concern of nearly 900 businesses and academics who responded to the Global Risks 2015 Report published in January by the World Economic Forum.

"These risks are continuing to grow in this new era of political uncertainty," said Dr Andrew Coburn, director of the Centre for Risk Studies Advisory Board at Cambridge Judge Business School. "Businesses should reappraise their readiness to manage possible disruption to their activities from armed conflicts in different parts of the globe," he said at the Centre's risk briefing held recently in the City of London.

The Centre for Risk Studies and its research partner, Cytora, has identified more than 100 potential country-to-country conflicts based on recent antagonist statements towards each other, antithetical values and historical enmity. All have the potential to cause severe disruption to business activities.

Cytora's risk map of potential future conflicts highlights a number of regional hot-spots, including the obvious Middle East, Central and Eastern Africa; the Eastern European margins; the Indian subcontinent, parts of Latin America and the emerging Southeast Asian powers.

More details.

Friday, 06 March 2015 00:00

Hybrid Cloud: Why Data Should Come First

Toby Owen of Peer 1 Hosting identifies four drivers for the hybrid cloud:

  1. Federation
  2. Interoperability
  3. Big Data
  4. The Internet of Things

But covering data issues changes your perspective on these things, because when you boil it down, most technology is about sharing, securing or using data and information. Since information is just unstructured data — it really all boils down to data. So I look at that list and see only two drivers:

  1. Shared services (supported by federation and interoperability)
  2. Data. Just data.



Establishing relationships with potential clients and partners is absolutely necessary for succeeding in business. One of the most effective ways to build such connections is to hold a lunch-and-learn event. That is, it’s effective when done right.

When done wrong, you’ll end up giving a presentation to a near-empty room in some dingy hotel conference space. Or even if you have a full house at a nice venue, it might as well be empty because your message is so unclear, cliché-ridden, and poorly delivered that it convinces no one to use your services.  

It’s easy to avoid these ugly scenarios if you know what you’re doing. I spoke with David Russell, CEO of MANAGEtoWIN, who has over 41 years of experience in business, and has held too many lunch-and-learn events to count. Recently we held a webinar together to share what it takes to hold a successful lunch and learn. Here are the main tips we shared:



(TNS) — A study funded by a $10,000 grant will look at whether post-Sandy Long Islanders are better prepared when the streets are blocked, phones die and the water or snow turns into life-threatening challenges.

Sustainable Long Island, a nonprofit organization that promotes economic development, social equity and the environment, said a State Farm insurance grant awarded last month will develop and launch a Disaster Preparedness Program.

Under the three-prong plan, the group will conduct surveys to assess whether Long Islanders have strategies and supplies ready; teach high school and college students on how to let their peers know about the effectiveness of social media in helping residents during disasters; and work with Long Beach to create a pilot program that would educate the public about disaster preparedness.



As a business continuity manager, CIO or company risk office, you’ve probably already done numerous risk value calculations. In order to make a table to compare risks and their impacts, you might assign percentages or relative scores to risks, and monetary values or relative scores again to impacts. The risk value in each case is then simply “risk X impact”. You get a simple table that allows you to rank risks in order of their risk value and set your priorities accordingly. However, what may be forgotten is that risk calculations can be positive as well as negative.

This harks back to the perception of business continuity planning and management exclusively as something that prevents interruptions (negative) and ensures that operations continue as usual (zero change). This is true, but it is only half the story. Increasingly, business continuity is becoming an opportunity not just to do as well as usual, but better (positive). For example, BCM must contain negative risk of suppliers failing, but can also encourage positive risk of increased profitability thanks to higher efficiency stemming from BC measures.



Did I pack socks? Check. Toothbrush? Check. Business cards, phone charger, passport? Check, check, and check. Do I know what I need to do and what not to do to protect myself, my devices and the company’s data while I’m on the road and traveling for work? [awkward silence, crickets chirping]

S&R pros, how would employees and executives at your firm answer that last question? It’s an increasingly important one. Items like socks and toothbrushes can be replaced if lost or forgotten; the same can’t be said for your company’s intellectual property and sensitive information. As employees travel around the world for business and traverse through hostile countries (this includes the USA!), they present an additional point of vulnerability for your organization. Devices can be lost, stolen, or physically compromised. Employees can unwittingly connect to hostile networks, be subject to eavesdropping or wandering eyes in public areas. Employees can be targeted because they are an employee of your organization, or simply because they are a foreign business traveler.



Wednesday, 04 March 2015 00:00

UK businesses frozen by cold snaps


Cold snaps are the weather phenomenon most likely to damage UK business performance according to new research commissioned by cloud services company, 8x8 Solutions, to highlight the need for businesses to prepare for adverse weather to limit lost productivity. Economists from the Centre for Economics and Business Research (Cebr) examined the relationship between different weather events and economic growth across the UK’s main industries over the last decade.

They found that since 2005, periods of very cold weather have seen quarterly GDP growth on average 0.6 percentage points lower than typical levels. When minimum temperatures are one degree Celsius lower than average, quarterly GDP is on average £2.5 billion lower. This is a bigger negative effect than any other form of adverse weather, including snowfall, heat waves or flooding.

The fall in GDP results from lower output across a number of industries and lost productivity as transport links and staff availability suffer. Those who do get to work on particularly poor weather days often meet a skeleton staff, hindering productivity.

Whilst cold has the biggest negative effect on the economy, different industry sectors are impacted by different forms of extreme weather. For example, professional services and accommodation and food are the sectors that take the biggest hit from heavy rainfall. High rainfall has a big impact on office-based jobs, with just ten millimetres above average costing the economy £86 million in a single quarter. In January 2015 rainfall was 26.5mm above the 2004-2014 January average of 126.8mm – potentially costing the economy £76.3million over the quarter.

The research also explores the resilience of businesses of different sectors and sizes. The information and communications sector is one of the few to see positive growth during poor weather. Cebr concluded that this is because the sector leads the way in using cloud-based technology allowing employees to work from home. On average, nearly two thirds (65%) of all companies in this sector use some form of cloud technology compared to just 15-30% of all other businesses.

But the report warns that smaller businesses are at a disadvantage in terms of poor weather, as Scott Corfe, Head of UK Macroeconomics, Cebr explains: “Many small offices are unprepared for such events as they often lack remote access to their work due to security concerns and a lack of infrastructure. This is compounded in many cases by inadequate internet connections or computing power at staff homes. In addition SMEs tend to suffer more than their larger counterparts who can spread the setup and maintenance costs of remote working infrastructure across many more staff.”

Kevin Scott-Cowell, CEO of 8x8 Solutions, says, “Bad weather hits businesses hard, and medium-sized companies are more vulnerable than their larger counterparts. Until now, the technical infrastructure to enable remote working and guard against disruption has been out of reach for many companies, but cloud solutions are changing this. It’s now affordable for any size business to put in place a plan and deploy the right remote working technology. This can make sure it’s business as usual for customers, whatever the weather.”

The research is released in the run up to Business Continuity Awareness Week, an initiative run by the Business Continuity Institute. Lyndon Bird FBCI, Technical Director at the BCI, said, “This research is a timely reminder of the need for companies to adopt business continuity management best practice. That means having the plans and technology in place to manage risks to the smooth running of their organisation or delivery of a service, ensuring continuity of critical functions in the event of a disruption, and effective recovery afterwards.”


By Duncan Ford MBCI

Could you get more out of your business continuity exercises? Do you have an inner concern that last year’s exercise programme didn’t demonstrate as much as you would have liked, or that there may be alternative ways of delivering the exercise that would be more cost effective and less effort?

Guidance from the various business continuity institutes and regulators, also included in recognised standards, puts a strong emphasis, quite correctly, on the essential requirement to exercise plans and recovery procedures. However, how do you assess the quality of the exercises, as opposed to the quantity?  Are different types and styles of exercises being used, within an integrated programme, to meet different business needs?
Take a couple of seconds to consider whether:

  • The maximum return is being gained from the time people commit to exercises;
  • Different techniques could be used to engage directors and senior managers;
  • The exercise(s) sufficiently challenge the organization’s assumptions about its ability to respond and recover.



Wednesday, 04 March 2015 00:00

The 2015 Natural Hazards Risk Atlas

Verisk Maplecroft has published its 2015 Natural Hazards Risk Atlas, which ranks over 1300 cities in 198 countries on their exposure to natural hazards to help organizations identify and compare risks to populations, economies, business and supply chains.

According to the Atlas, the strategic markets of Philippines, China, Japan and Bangladesh are home to over half of the 100 cities most exposed to natural hazards, highlighting the potential risks to foreign business, supply chains and economic output in Asia from extreme weather events and seismic disasters. Of the 100 cities with the greatest exposure to natural hazards, 21 are located in the Philippines, 16 in China, 11 in Japan and 8 in Bangladesh. Analysis for the Natural Hazards Risk Atlas considered the combined risk posed by tropical storms and cyclones, floods, earthquakes, tsunamis, severe storms, extra-tropical cyclones, wildfires, storm surges, volcanoes and landslides.

The Philippines’ extreme exposure to a myriad of natural hazards is reflected by the inclusion of eight of the country’s cities among the ten most at risk globally: including Tuguegarao (2nd), Lucena (3rd), Manila (4th), San Fernando (5th) and Cabantuan (6th). Port Vila, Vanuatu (1st) and Taipei City, Taiwan (8th) are the only cities not located in the Philippines to feature in the top ten.



The Cloud Standards Customer Council has released version two of its guide to cloud security.

The abstract reads as follows:

“Much has changed in the realm of cloud computing security since the original Security for Cloud Computing whitepaper was published in August, 2012. The aim of this guide is to provide a practical reference to help enterprise information technology (IT) and business decision makers analyze the security implications of cloud computing on their business. The paper includes a list of steps, along with guidance and strategies, designed to help these decision makers evaluate and compare security offerings from different cloud providers in key areas.”

Read the document as a PDF.

Wednesday, 04 March 2015 00:00

Responders are Human – With Limits

Business Continuity Planning is often theoretical.  After all, we can’t really know what we’ll need until a disruption occurs (and by then, it’s too late for planning!).  As a result, we have little choice but to make our best guess as to what we’ll need when something hits the proverbial fan.  A previous article discussed the pitfalls of assigning Business Continuity tasks to individuals because of risks to their availability.  You should also be cognizant of the limitations of those teams and individuals assigned to carry out recovery tasks.

BC Planning deals with many unknowns: what will happen, when it will happen, how severe the disruption may be.  We also don’t know how long the disruption – or the recovery from it – will last.  We may assume that assigned teams or individuals will stick with the recovery process until normalcy is achieved.  Is that likely?  Who knows?  But if it isn’t (if, for example, the recovery lasts more than 3 days) what is in our Plan to account for the limitations on assigned personnel? What kinds of ‘limitations’ must be accounted for?



Anyone who has ever used Business Continuity Management System (BCMS) knows that having access for your business, IT, and executive planners is essential for two critical reasons:

  1. YOUR SYSTEM MAY INHIBIT DATA GATHERING AND ANALYSIS: You need quite a bit of data from many sources in your organization in order to formulate your BCP. While meeting with all users is fantastic, it simply is not feasible—even in the smallest of organizations. Even though your BCMS is supposed to streamline this activity, limiting users can do the exact opposite. It FORCES YOU to gather data by going directly to the user or utilizing outside methods (e.g. spreadsheets or external survey tools). This requires extensive work outside the BCMS.




It is the end of an era for the Business Continuity Institute as Lyndon Bird FBCI has announced he is to stand down from his role of Technical Director. Over the last 21 years, Lyndon has become an integral part of the Institute, from his role as one of the founding members, through his position as Chairman of the Institute, to his job as Technical Director.

In nine years as Technical Director at the BCI, Lyndon has ensured that the BCI continues to have an effective and consistent voice on all matters of Business Continuity Management within the business, government, regulatory and academic communities. During his time, the Good Practice Guidelines have become a well respected source of global best practice, and the BCI has contributed significantly to the development of national and international standards.

On announcing his decision, Lyndon reflected that “although the BCI's work in all of these fields is ongoing, I feel my role as the main catalyst for this has changed. The BCI has grown to the point where it is staffed by a wide range of very competent people who are more than capable of dealing with the future challenges the Institute and the discipline might face. It is therefore an ideal time for me to move on and seek other interesting and challenging projects.”

On what lies ahead for him, Lyndon explained that "the opportunities created by the emergence of a wide-scale global resilience movement are very exciting and I look forward to continuing with my diverse writing, editing, teaching, commentating and consulting activities wherever in the world such opportunities emerge. I will no doubt be working with many BCI members in the future, albeit in a different capacity, but still with the same enthusiasm and passion for our subject.”

David James-Brown FBCI, Chairman of the Institute, described Lyndon as being "intimately involved with the establishment and growth of the Institute and has dedicated an enormous amount of his time and energy to making the BCI what it is today. Lyndon is truly one of the fathers of the industry and has been an inspiration to so many."

"On behalf of the BCI Board and the Membership I would like to express our heartfelt thanks and appreciation for an exceptional contribution; not just in terms of work but the personal attributes that Lyndon has brought. Lyndon will be sorely missed around the office for his wisdom, humour and humility; for his mentoring, his support and his encouragement. He will be missed by the Board for his dependability, his insightfulness and his clear thinking."

Steve Mellish FBCI, former Chairman of the BCI, and close friend to Lyndon, said of him: "Lyndon has always been reliably consistent in his passion for the subject and has such an astute capability to analyse situations and information to see connections or trends that many just don’t see. His devotion to the BCI has been there from ‘day one’ as one of the founding members. He has probably spent more time on the Board than anyone else I know including two terms as Chairman. To this day he still talks enthusiastically about the future and how business continuity and the BCI has and will continue to drive the whole resilience agenda going forward."

"If it wasn’t for Lyndon I know that I would not have achieved half of what I have done as a business continuity professional and without doubt, never have been so involved with the Business Continuity Institute. His wise counsel and support enabled me to face and deal with many challenging situations over my 12 years on the Board."

Ridesharing service Uber reported last week that some of its current and former drivers' names and license numbers were compromised.

And as a result, Uber lands atop this week's list of IT security newsmakers to watch, followed by Natural Grocers, Target (TGT) and TalkTalk.

What can managed service providers (MSPs) and their customers learn from these IT security newsmakers? Check out this week's list of IT security stories to watch to find out:



Tuesday, 03 March 2015 00:00

Survey looks at solid state disk uptime

Whilst SSD usage is up, the technology is still a cause of downtime: one third of respondents to a Kroll Ontrack survey confirm they have experienced some sort of SSD technology malfunction.

According to a recent solid state disk (SSD) technology use survey by Kroll Ontrack, while nearly 90 percent of respondents leverage the performance and reliability benefits of SSD technology within their organisation, one-third confirmed they experienced some sort of SSD technology malfunction. Of those who did, 61 percent lost data and fewer than 20 percent were successful in recovering their data, highlighting the known complexity of SSD data recovery.

In the UK, 27 per cent of respondents had experienced a failure of their SSD technology and of these 56 per cent experienced data loss as a result. A slightly higher number than the global figure (26 per cent) were able to recover their data following a failure.



Risk management and risk transfer must work together to make organizations more resilient, as firms become more exposed to major disasters and subsequent business interruptions as a result of their increasingly complex global networks. Traditional property damage/business interruption policies were never designed to meet the risks faced by organizations today, and the business interruption insurance market has not kept pace with these rapid changes, according to Marsh.

In a new Marsh Risk Management Research report, the firm highlights how the limitations of existing business interruption insurance, including gaps in cover and inaccurate valuations, are resulting in less than optimal coverage for clients and makes the case for insurance modernisation.

Based on concerns raised by colleagues, clients, loss adjusters, lawyers and insurers, the report focuses on five core areas where Marsh believes improvement is required: insured values; indemnity periods; wide area damage scenarios; supply chain; and claims.

Caroline Woolley, Global Leader of Marsh’s Business Interruption Center of Excellence, commented: “A property damage event remains one of the major exposures any company can face, and business interruption is one of the main insurances purchased. Business interruption policies, however, have done little to evolve since the middle of the last century.

“The insurance industry needs to acknowledge the shortcomings of existing business interruption cover and build a better solution for buyers. This report is Marsh’s contribution to the debate as we seek to improve existing solutions and reshape the industry to address insurance buyers’ evolving needs.”

The report ‘Business Interruption Insurance Efficacy: Five Key Issues’ can be found after registration here.

Disaster recovery planning for your IT installations may use automated procedures for a number of situations. Virtual machines can often be switched or re-started in case of server failure, and network communications can be rerouted without human intervention. For other requirements, people will be involved in getting IT systems up and running properly after an incident. But people do not switch into auto-run modes like a machine. They can be affected by the surprise factor of an IT disaster and by the pressure to bring things back to normal. Five aspects of usability may need to be designed into your DR planning if you want the best chances of a satisfactory recovery.



For many of our readers and the organizations where they work, any kind of supply chain disruption could easily qualify as a serious incident and one that would easily have been discussed and included in their disaster preparedness planning process.

With that thought in mind, our staff recommends reading and potentially adding a recent EventWatch™ 2014 Supply Chain Disruption report to your organization’s business continuity and disaster preparedness team’s reading resource library.

This report  This report was funded and supported by Resilinc’s database of over 40,000 suppliers and over 400,000 parts which are tracked in its cloud supplier intelligence repository, and, analyzed incidents by risk type, industry, geography, severity, and seasonality and compared 2014 data in these categories with 2013.


Two of my favorite bloggers, Tony Jaques in Australia and Jonathan and Erik Bernstein from California, had excellent posts and two of the most important topics: rumor management and apologies.

Tony tells the story of a hepatitis A scare in Australia that got linked to a frozen berry product.  The company out of an abundance of caution as they like to say, voluntarily recalled their product without verification their product was the cause. From there as you will see the media did their thing and the company apparently did not do enough to correct the misreporting.

The lesson is clear: a lie (or error) repeated often enough becomes the truth. The only way I know to deal with this is to loudly, clearly over and over and over tell the truth and correct the misinformation.



Cybersecurity is a priority for enterprise executives and their boards, but a serious disconnect also exists in the C-suite on what the risk priorities should be and why, according to recent research. Some of the gap can be attributed to the day-to-day focus of different executive functions, but much of it goes far deeper into problems with culture and communication.

When consulting firm Protiviti and the Enterprise Risk Management (ERM) Initiative at the North Carolina University Poole College of Management recently conducted the third annual survey of business executives for “Executive Perspectives on Top Risks for 2015,” and examined the ranking of 27 risks by job function, they found that CFOs and chief audit executives (CAEs) perceived a riskier business environment than CEOs and the board. And CEOs and board members each had their own focus on the types of risks they perceived as most important.

Protiviti examined the relationship between the job functions of the executives it surveyed and whether they ranked macroeconomic, strategic or operational risks as of highest concern, and a pattern emerged. Board of directors members collectively named four strategic risks among their top five concerns, along with one macroeconomic issue; CEOs collectively named four macroeconomic risks among their top five, along with one strategic risk. And other executives named more operational risks to their top five lists.



(TNS) — Army researchers in a lab outside Washington worked for years on a software tool to help soldiers understand how hackers were targeting military computers.

Late last year they did something unusual: They released their project for anyone on the Internet to poke and prod.

William Glodek, the leader of the project, said the Army Research Lab hopes that if his team gives something, they'll get something.

"The Army is open and willing to collaborate," he said. "Hopefully, we can attract some bright talent to contribute to the project."

The federal government is looking for ways to improve the security of the nation's computers, but its plan to share information about threats faces legal obstacles before it can get moving. By offering up code, rather than data, Glodek's team has been able to take a step forward — and join a growing movement among military and intelligence community coders to share what they make.



Virtualization has been changing the business IT landscape since the first hypervisor solution debuted in 1999. The technology initially targeted large enterprises and data center operators that could take advantage of its ability to add capacity and scale without physical components or the power and cooling costs required by hardware assets.  During the past several years, though, virtualization has made significant in-roads in the SMB market due to a reduction in upfront investment costs, improved reliability and the proliferation of virtualization-dependent cloud services.

Industry research points to the continued growth of virtualization, and, according to social business platform provider Spiceworks’ 2014 State of IT Report, the adoption of virtualization among IT pros is currently at 74 percent worldwide. The Spiceworks report found that just over half of SMBs with fewer than 20 employees are currently leveraging virtualization, while 70 percent of SMBs with 20 to 99 employees and 83 percent of SMBs with 100 to 249 employees have adopted the technology for everything from productivity applications to databases to managed services.



(TNS) — Emergency personnel responding to an oil train derailment in West Virginia last week applied lessons learned from a rail disaster more than three decades ago, and likely prevented a bad situation from becoming much worse.

This week marks 37 years since a deadly explosion in Waverly, Tenn. On Feb. 24, 1978, a derailed tank car carrying liquid propane violently ruptured, killing 16 people, including the small town’s police and fire chiefs.

Emergency response and training has changed dramatically in decades since the tragedy.

Buddy Frazier, the city manager of Waverly, about 65 miles west of Nashville, who was a young police officer when he witnessed the 1978 explosion, said that emergency responders are better trained and better equipped today. Still, he understands the challenges they face.



If the value that data analytics has brought to businesses can be measured in the extent to which it enables those businesses to retain their customers, it makes sense to drill down on exactly what that enabler is. Most observers would argue that the enabler is Big Data. But the real enabler just might be small data.

That was my key takeaway from a recent conversation with John Rode, senior director of demand generation at Preact, a provider of cloud-based data analytics services in San Francisco that’s focused on reducing customer churn. According to Rode, “small data” is typically CRM data, which he said is the starting point for almost every decision about customers, whether it’s targeting prospects, conversion, up-sell or retention. Rode explained the significance of that this way:

While this data is most definitely “small,” it tells a lot about the customer—how much they pay, for which product, how many employees they have, which industry they are in, their decision-making authority, and so on. Once you begin to analyze customer behavior [associated with] your product, you are essentially operating a dial that takes you from small data to Big Data, depending on the sophistication of your analysis. You can analyze the behavior of each individual separately … and apply algorithms that analyze how their behavior is trending, and thus determine whether they are a churn risk. While this is a lot of data, most folks would still characterize this as small data.



By John Zeppos, FBCI

Business continuity management in large organizations with many different departments and diverse personalities can be a challenge at times.

When you’re trying to implement good business continuity management in a company that spans countries and time zones it gets even more complicated. Throw in cultural differences between the various regional offices on top of the business-cultural differences within each office, and it can seem like a hard road to nowhere.

As a top-level manager in a multi-national company, you will understand the challenges in getting your own staff to understand the concept of business continuity, let alone the difficulties involved in communicating these plans to managers in overseas branches: understanding business continuity jargon is hard enough in one language, but communicate you must because resilience to business disruption affects not only their own staff, but the stability of the business as a whole.



Excellent exercises take time and resources to prepare and run; but they are an essential component of a business continuity programme to prove capability and to train people. It is important to get the best out of them and make sure they deliver against the business recovery objectives.

What makes a good exercise?

With this question in mind, Corpress has created an Exercise Checklist as an aide-memoire to help business continuity, crisis management and emergency professionals develop, run and observe exercises. The document shares Corpress partners’ combined experience gained over 20 plus years delivering global programmes for testing and training.

The Exercise Checklist includes a number of new ideas and approaches to exercises and simulations, which are designed to engage senior executives, reduce development time and maximise engagement across the business.

Get the best from your exercise programme in the year ahead by downloading the Checklist after free registration using the form below:



Friday, 27 February 2015 00:00

WHO warns on influenza pandemic signals

The current global influenza situation is characterized by a number of trends that must be closely monitored, says the World Health Organization (WHO) in a recent briefing document.

According to WHO these trends include:

  • An increase in the variety of animal influenza viruses co-circulating and exchanging genetic material, giving rise to novel strains;
  • Continuing cases of human H7N9 infections in China; and
  • A recent spurt of human H5N1 cases in Egypt.
  • Changes in the H3N2 seasonal influenza viruses, which have affected the protection conferred by the current vaccine, are also of particular concern.

The highly pathogenic H5N1 avian influenza virus, which has been causing poultry outbreaks in Asia almost continuously since 2003 and is now endemic in several countries, remains the animal influenza virus of greatest concern for human health. However, over the past two years, H5N1 has been joined by newly detected H5N2, H5N3, H5N6, and H5N8 strains, all of which are currently circulating in different parts of the world. In China, H5N1, H5N2, H5N6, and H5N8 are currently co-circulating in birds together with H7N9 and H9N2.

“The diversity and geographical distribution of influenza viruses currently circulating in wild and domestic birds are unprecedented since the advent of modern tools for virus detection and characterization. The world needs to be concerned,” states WHO.

Virologists interpret the recent proliferation of emerging viruses as a sign that co-circulating influenza viruses are rapidly exchanging genetic material to form novel strains.
The emergence of so many novel viruses has created a diverse virus gene pool made especially volatile by the propensity of H5 and H9N2 viruses to exchange genes with other viruses. The consequences for animal and human health are “unpredictable yet potentially ominous” says WHO.

On many levels, the world is better prepared for an influenza pandemic than ever before, according to WHO. However, the level of alert is high and although the world is better prepared for the next pandemic than ever before, it remains highly vulnerable, especially to a pandemic that causes severe disease. Nothing about influenza is predictable, including where the next pandemic might emerge and which virus might be responsible. The world was fortunate that the 2009 pandemic was relatively mild, but such good fortune is no precedent, says WHO.

Read the WHO document.

The Business Continuity Institute’s North America awards will take place on 24th March 2015 during the DRJ Spring World in Orlando. The awards recognise the achievements of business continuity professionals and organizations based in the USA and Canada.

The BCI has now issued the shortlist for the awards which is as follows:

Continuity and Resilience Consultant

  • Robbie Atabaigi, KPMG
  • Jeff Blackmon FBCI, Strategic Continuity Solutions
  • Christopher Duffy, Strategic BCP
  • Paul Kirvan FBCI
  • Debjyoti Mukherjee, KPMG

Continuity and Resilience Newcomer

  • Garrett Hatfield, MetLife, Inc.
  • William Kearney, Cameron
  • Tamika McLester, Crawford & Company

Continuity and Resilience Team

  • Business Resiliency Office (BRO), Automatic Data Processing (ADP)
  • ETS Enterprise Resiliency Department, Educational Testing Service
  • TMG Health Team, TMG Health

Continuity and Resilience Provider (Service/Product)

  • Axcient
  • ClearView Continuity
  • Everbridge
  • Fusion Risk Management, Inc.
  • MissionMode
  • Strategic BCP
  • Virtual Corporation
  • xMatters, Inc.

Continuity and Resilience Innovation

  • 9yahds, Inc.
  • Strategic BCP
  • Send Word Now
  • Quorum Technologies

Industry Personality

  • Suzanne Bernier MBCI
  • Christopher Duffy
  • Frank Leonetti FBCI

More details.

by Ben J. Carnevale

Business Continuity, Resiliency and Emergency Management Planning teams are often looking for additional ideas, programs and campaigns to help those teams be more prepared and ready to mitigate losses from potential disasters affecting the organization where they work, and the community where they work and live with their families.

Our staff believes that the America’s PrepareAthon™ campaign qualifies as one of the best resources for those teams to look for ideas and assistance for taking action to increase emergency preparedness and resilience.

America’s PrepareAthon! is a grassroots campaign for action within the United States to increase community emergency preparedness and resilience through hazard-specific drills, group discussions, and exercises. Throughout the year, America’s PrepareAthon! ™ helps communities and individuals across the country to practice preparedness actions before a disaster or emergency strikes.

Will 2015 be the year the cloud gets past the hype? While cloud-based file sharing and other cloud services are being adopted by almost all businesses, the cloud is still in the early stages of its technological revolution. Whether it is personal computers, the internet, or 3D printing, every new technology goes through a period of hype and disillusionment before the really productive innovation takes place.

Gartner calls this the Hype Cycle of Emerging Technologies. According to Gartner, cloud computing has already passed the inflated expectations people had about it and everyone is beginning to become disillusioned by it. But that’s not a bad thing! Once the hype ends, real enlightenment can begin, and that’s where really useful and significant things get created.

So now that the hype over the cloud is over, is 2015 the year of enlightenment?



(TNS) — The tornado that struck Joplin, Mo., nearly four years ago left 161 people dead and much of the city devastated.

But the storm taught forecasters lessons that may have saved lives during subsequent disasters, including the May 2013 tornadoes in the Oklahoma City area, a National Weather Service official said Wednesday.

During a keynote address Wednesday at the National Tornado Summit in Oklahoma City, National Weather Service Deputy Director Laura Furgione discussed lessons the agency learned from a series of deadly tornadoes in the spring of 2011.



Friday, 27 February 2015 00:00

Moving 911 Out of the Landline Era

Among the many services state and local governments provide, few are as popular, as trusted or as essential as 911. Americans place roughly 240 million 911 calls each year, says the National Emergency Number Association, and access to 911 is nearly universal. Nevertheless, the system so many Americans rely on today to report emergencies and other problems stands on the brink of obsolescence.

While Americans are now accustomed to using Twitter, Facebook, Instagram and other social-media platforms for the rapid-fire sharing of news and information, most 911 systems can't handle the texts, videos, data and images that we increasingly use to communicate.

That's because in many parts of the country 911 is still rooted in the landline-telephone-based infrastructure that gave the system its start in 1968. As of November 2014, just 152 counties in 18 states even had the capability for citizens to text to 911. And only a handful of states -- such as Iowa and Vermont -- have taken the leap to Internet-enabled 911, known as "next-generation 911."



(TNS) — Joplin, Springfield and Branson, Mo., have agreed to a set of procedures that will standardize how outdoor storm-warning sirens are activated and how they are tested.

The objective is to create a uniform standard across the region where none exists now. The adoption of the procedures by three of Southwest Missouri’s largest communities already has spurred other communities, such as Carthage, Bolivar, Pierce City and Monett, to participate in the guidelines.  

The new procedures were unveiled during a news conference on Wednesday at the Springfield-Greene County Office of Emergency Management. Officials from the communities and representatives of the National Weather Service forecast office at Springfield were on hand for the announcement.



Board members and C-suite executives across industries perceive the global business environment in 2015 as somewhat less risky for organizations than in the past two years. In “Executive Perspectives on Top Risks for 2015,” consulting firm Protiviti and the Enterprise Risk Management Initiative at the North Carolina State Univeristy Poole College of Management found that this is far from bad news for risk managers, as organizations are actually more likely to invest additional resources for risk management. Internal challenges like succession, attracting and retaining talent, regulation and cybersecurity are drawing the most attention, according to the report.

“Our survey findings indicate that operational risk issues are keeping many senior executives up at night,” said Mark Beasley, Deloitte Professor of Enterprise Risk Management and NC State ERM Initiative director. Indeed, for the third consecutive year, regulatory changes and heightened regulatory scrutiny ranked as the number one risk on the minds of board members and corporate executives, with 67% indicating that it will “significantly impact” their organizations. More than half of global survey respondents indicated that insufficient preparation to manage cybersecurity threats is a risk that will “significantly impact” their organizations in 2015, pushing cyberrisk up three spots from last year to the third-greatest risk.



If there’s one thing a lot of SMBs have a hard time outsourcing, it’s their HR operation, simply because of its critical nature. Add the notion of allowing the management of that operation to reside in the cloud, and the reluctance, for some, may increase exponentially. But to what degree is that reluctance warranted?

I recently had the opportunity to discuss that issue with Eric Sikola, general manager of TriNet Cloud at TriNet, a human resources services provider in San Leandro, Calif. As the founder of ExpenseCloud, which TriNet acquired in May 2012, Sikola is a vocal advocate of empowering SMBs with better HR options.

“I founded ExpenseCloud in 2008 because I wanted to help companies and their employees better manage their expense process,” Sikola said. “Having personally felt the pain of the old way of managing expenses, I knew there was a better way, and I wanted to help small- and medium-sized business.”

Sikola said when TriNet acquired Expense Cloud, it gained an additional level of innovation.



The data center is dead. Long live the data center.

This may be a bit premature, but if the traditional enterprise data center is not dead yet, it certainly is approaching the twilight of its years.

The latest word from 451 Research is that enterprise data center construction is essentially flat across the globe while the new crop of cloud-facing, hyperscale facilities is on the rise. Results for the fourth quarter of 2014 have the installed base growing a paltry 0.2 percent to 4.3 million facilities, propped up only by increased activity among the cloud, service provider and multi-tenant sectors. Enterprise IT still controls an overwhelming portion of the worldwide data infrastructure, some 95 percent, and maintains about 83 percent of data center square footage, according to the report. But for now at least, the trend lines are clearly pointing away from owned-and-operated data center facilities toward more cloud- and service-based activity.



Thursday, 26 February 2015 00:00

Wearables at Work: Is the Enterprise Ready?

The line between consumer and business technology has gotten increasingly blurry during the past decade. Consumer devices are almost indistinguishable from enterprise gear. But the gap between software and applications in each category is far wider.

That’s a good thing to understand as wearables become more common at work. This conversation between Jim Haviland, VoxMobile’s chief strategy officer and IT Business Edge’s Don Tennant gives a good overview of the current situation with wearables. At one point, Haviland makes clear that the real action will be on the software front:

Hardware always gets the headlines, but apps are where the value creation happens in the enterprise. We have been using the mantra, ‘the right information on the right screen at the right time,’ because the key to valuable innovation with mobility is all about application success and user experience. Wearables expand the possibilities for how and when people interact with apps and data, which can lead to more dramatic successes.



Data can really be anything, including images, geolocation figures, texts, numbers or some combination thereof.

Thanks to the Internet of Things, more of that data is actually describing a physical thing. For us sci-fi geeks, that inevitably raises the question: Can data create a virtual world to actually interact with these things?

InfoWorld reports that Space-Time Insight is exploring this idea with a pilot data project. It’s using virtual reality headsets such as the Oculus Rift as a way to interact with the data.

The company’s data has a unique physicality to it, since it’s a B2B partner for power, oil and gas, logistics and related industries. For instance, in the power industry, the company collects data about transformers. Space-Time Insight’s solution allows you to see a 3D model of a transformer, as well as any warning signals about what’s wrong. Users could even bypass another application, acting from the 3D space or calling in a work team, InfoWorld reports.



Throughout the last few years social media has become a key communications strategy for emergency managers. Whether it’s for sharing preparedness messages during blue-sky times or getting crucial information out in real time during an emergency, platforms like Twitter and Facebook are now part of nearly every agency's public-outreach plan. This evolution in crisis communications has been followed by many, and a recently released study sought to understand what affected populations, response agencies and other stakeholders can expect from tweets in various types of disaster situations.

The study, What to Expect When the Unexpected Happens: Social Media Communications Across Crises (PDF), examined tweets posted during 26 emergency situations in 2012 and 2013. With the goal of measuring the prevalence of different types of tweets during various situations, the researchers examined both the information and its source.

The tweets were classified into six categories, and researchers determined the average percentage of tweets for each: affected individuals (20 percent), infrastructure and utilities (7 percent), donations and volunteering (10 percent), caution and advice (10 percent), sympathy and emotional support (20 percent), and other useful information (32 percent). Tweets classified as other useful information varied significantly, the report says. “For instance, in the Boston bombings and LA Airport shootings in 2013, there are updates about the investigation and suspects; in the West, Texas, explosion and the Spain train crash, we find details about the accidents and the follow-up inquiry; in earthquakes, we find seismological details.”



(TNS) — When tornado sirens went off in Logan County on May 24, 2011, three Guthrie churches that had volunteered to serve as storm shelters were quickly overrun — and not just by people.

Dogs, cats and birds were packed together in church basements with residents looking to escape the tornado, said Logan County Emergency Management Director David Ball. One man showed up to a church with a boa constrictor wrapped around him, Ball said.

While everyone else was jockeying for space, the man and his snake always seemed to have plenty of room to themselves, Ball said.

Ball spoke Tuesday at the National Tornado Summit in Oklahoma City. Since the May 2011 storm, emergency managers have increasingly concluded that public shelters can do more harm than good, he said. Convincing residents to take steps to make sure their homes are safe during tornado season can be a challenge, he said, but it’s the most viable way to keep residents safe.



Thursday, 26 February 2015 00:00

CIOs worried about cyber attacks

What worries chief information officers (CIOs) and IT professionals the most? According to a recent survey commissioned by Sungard Availability Services, security, downtime and talent acquisition weigh heaviest on their minds.

Due to the increasing frequency and complexity of cyber attacks, security ranks highest among IT concerns in the workplace for CIOs. As a result more than half of survey respondents (51%) believe security planning should be the last item to receive budget cuts in 2015.

While external security threats are top of mind for IT professionals, internal threats are often the root cause of security disasters. Nearly two thirds of the survey respondents cited leaving mobile phones or laptops in vulnerable places as their chief security concern (62%), followed by password sharing (59%). These internal security challenges created by employees, lead 60% of respondents to note that in 2015 they would enforce stricter security policies for employees.

Second to security, downtime is also a leading concern for CIOs. Two in five (42%) respondents consider the testing of their disaster recovery plans vital to their organizations and also among the last line items that should be cut from 2015 IT budgets. Not only is downtime expensive, but the damage to an enterprise’s reputation far outweighs the monetary costs.

Disaster recovery testing dramatically reduces downtime (by 75%) for enterprises deemed 'best-in-class' in disaster recovery and business continuity. In addition, according to the Aberdeen Group, those that adopt strong resiliency plans can expect 90% less downtime per event compared to the industry average.

“Today CIOs are more concerned with the resiliency of their organizations and the consequences a disaster can have on an organization’s reputation and revenue stream,” said Keith Tilley, executive vice president, Global Sales & Customer Services, Sungard AS. “The implications that information security and downtime threats place on a business have evolved and become more complex in the last several years, making it a high priority for CIOs.”

It is not just CIOs and IT professionals who are concerned about the cyber threat. According to the Business Continuity Institute's latest Horizon Scan report, cyber attacks are the biggest concern for business continuity professionals as well with 82% of respondents to a survey expressing either concern or extreme concern at the prospect of this threat materialising. Data breach came third on the list with 75%.


Budding tech entrepreneurs with dreams of being the next Bill Gates should look to BJ Farmer as a shining example of how to succeed in this industry.

Listen to the entire interview click here.

While he may not be quite as successful as Gates (is anyone?), Farmer has enjoyed much more success than most people who start their own tech companies. He the founder and president of CITOC, a Houston-based IT services firm that specializes in providing premium cloud services and Microsoft 365 consulting.

CITOC recently celebrated its 20th anniversary (1995 – 2015), and in that span CITOC (an acronym for Change Is the Only Constant) has received a slew of awards, most notably winning Houston’s Microsoft Partner of the Year Award in 2013 and 2014. In addition, CITOC was listed in the 2011 rendition of Inc.com’s annual Top 5000 list (ranked #3997 for its 2010 revenue of $4.6 million), and it has also been recognized as one of the Top 50 fastest growing tech companies in the Houston metro area seven years running by the Houston Business Journal.

We previously talked to Farmer about a client prospect of his that had a rotating cycle of CIOs being hired and then soon leaving, and this was costing them a lot of money.  We wanted to catch up with Farmer on how he helped this client. 



Why are your customers using the cloud? Why aren’t others using it? As an MSP working with cloud-based file sharing, you should know what motivates your clients and prospects to either adopt or avoid the cloud.

Results from a new survey offer an interesting view into what people think of the cloud, how they use it, and what concerns you should address to bring more people into the cloud. Understanding what influences cloud sharing decisions will help you better position your services and be better prepared to handle objections.

Here are some findings from the survey that show why people either are or are not using the cloud, and how you can use that information to your advantage.



Thursday, 26 February 2015 00:00

The 2015 Cyber Risk Report

HP has published the 2015 edition of its annual Cyber Risk Report, which looks at the security threat landscape through 2014 and indicates likely trends for 2015.

Authored by HP Security Research, the report examines the data indicating the most prevalent vulnerabilities that leave organizations open to security risks. This year’s report reveals that well-known issues and misconfigurations contributed to the most formidable threats in 2014.

“Many of the biggest security risks are issues we’ve known about for decades, leaving organizations unnecessarily exposed,” said Art Gilliland, senior vice president and general manager, Enterprise Security Products, HP. “We can’t lose sight of defending against these known vulnerabilities by entrusting security to the next silver bullet technology; rather, organizations must employ fundamental security tactics to address known vulnerabilities and in turn, eliminate significant amounts of risk.”



One of the major reasons for the surge in shadow IT services in recent years is that many internal IT organizations couldn’t really provide a file sharing and synchronization capability for users of mobile computing devices, which those users naturally went out and found on their own via any number of cloud computing services. Now many of those same IT organizations are building their own private clouds, which naturally require file sharing and synchronization.

To address that need, Connected Data developed file share and synchronization appliances, two more of which the company is unveiling today.

After targeting larger enterprises with previous generations of appliances, Jim Sherhart, vice president of marketing, says the Transporter 15 and 30 appliances are aimed at remote offices and small-to-medium (SMB) organizations; the solution starts under $2,500 for 8TB of storage, 6TB of which is actually usable for storing data.



The extreme weather that has hit much of the country this winter has been labeled “historic” in many quarters, including where I live in eastern North Carolina. While the Northeast has been battered with record-breaking snowfalls, much of the South has been experiencing ice storms and single-digit temperatures for the first time in the lives of many adults. It all begs the question of the impact all of this is having on IT professionals and the organizations they’re charged with keeping up and running.

While it may well be too late for many organizations that entered this winter ill-prepared from a data protection standpoint, what this winter has taught us is that such unexpected events as the collapse of the roof of a data center due to heavy snow and ice need to be anticipated and addressed in order to be fully prepared for next winter.



Deloitte Analytics Senior Advisor Tom Davenportwarned last year that data scientists waste too much time prepping data. After interviewing data scientists, Davenport concluded that they needed better tools for data integration and curating.

Now, a Ventana Research column shows that data scientists aren’t the only ones wasting enormous amounts of time on data preparation at the expense of actual analysis.

Ventana CEO Mark Smith shares research from several reports, all of which demonstrate how much of a time suck data preparation can be without the right tools.



Tuesday, 24 February 2015 00:00

Preventing Burst Water Pipes

Unrelenting frigid weather often means frozen water pipes – one of the biggest risks of property damage. In fact, a burst pipe can cause more than $5,000 in water damage, according to IBHS research.

Structures built on slab foundations, common in southern states, frequently have water pipes running through the attic, an especially vulnerable location. By contrast, in northern states, builders recognize freezing as a threat and usually do not place water pipes in unheated portions of a building or outside of insulated areas.

Freezing temperatures can be prevented with the installation of weather stripping and seals. This offers two major benefits: keeping severe winter weather out of a structure, and increasing energy efficiency by limiting drafts and reducing the amount of cold air entering.



Innovation has become accepted as central to competitiveness in today’s world, both in new product development and in enhancement of internal processes. Companies struggle with innovation, and there have been numerous attempts to regularize and program it. But the development of truly breakthrough ideas is difficult, and recognizing them when they do arrive can be harder still. We have processes available for vetting ideas and passing them through a series of increasingly selective gateways until they reach the point of usefulness or are discarded altogether. But we do not have good processes for stitching together new ideas and reaching that eureka moment that says a critical new idea has been found.

Some of the ways that ideas are sourced include crowdsourcing, internal suggestions, brainstorming, and the like. There are idea factories employing innovative individuals who apply diverse experience to create an “out of the box” concept. And, there are programs such as TRIZ, an innovation program developed in Russia in 1946 that seek to apply a systemic process to ideation itself, based around principles extracted from patent literature subjected to contradiction, synthesis, and new arrangement. But creation of ideas is forever thwarted by the fact that we don’t really understand the creative process and may, in fact, be generalizing a multitude of processes in a way that makes them impossible to replicate.



Predictive analytics is apparently lucrative for businesses, investors and, of course, predictive analytics companies.

In a recent Forbes column, Lutz Finger noted that predictive analytics companies are attracting multi-million dollar investment deals. Most recently, a company called Blue Yonder secured $75 million in funding from a global private equity firm, which is the “biggest deal for a predictive analytics company in Europe….”

If you’re not familiar with Finger, he’s a director at LinkedIn, an expert on social media and text analytics, and the co-founder and former CEO of Fisheye Analytics. The column shares highlights of his interview with Blue Yonder’s CEO Uwe Weiss, so it’s no surprise that it makes the case for predictive analytics as a sound investment.

It’s not a hard case to make. Gartner predicts a compound annual growth rate of 34 percent from 2012 to 2017, and estimates the market will reach $48 billion. To give you an idea of how that compares, Gartner says MDM was worth $1.16 billion last summer.



Despite your best efforts – and despite the advanced levels of security in your cloud-based file sharing solution – MSPs may eventually find themselves on the wrong end of a data breach. The key question isn’t how to prevent such an incident from happening; even the world’s most security-conscious organizations suffer breaches. Rather, the key question is how much will this inevitable data breach cost you?

Today, the cost is relatively limited and abstract for MSPs. While a data breach can certainly result in a lost customer, or time spent trying to resolve the issue, the real financial costs tend to fall on the client. They are the ones who will pay the compliance violations and lose revenue. After all, it is their data.

But as data breaches increase in both frequency and severity – and as clients rely on you for more of their critical IT functions – it’s only a matter of time before someone decides that the MSP should be held responsible when things go wrong. After all, it is your solution they are using to share data.



ContinuitySA provides advice for organizations based in areas where power supplies are unstable.

One risk that has become very real for South African businesses is load-shedding. An unstable power supply with the potential of extended periods of power outages over the next several years creates a range of risks that have to be integrated into current business continuity plans.

“We know that load-shedding is going to occur and, in order to put mitigation strategies in place, we first need to understand what the implications are,” says Michael Davies, CEO of ContinuitySA. “What are the issues that businesses should be looking at? Now is a good time to update your business continuity plans in order to assess the impact of load-shedding on your business and weigh up what your risk appetite is.”

Davies says that because electricity is now so integral to modern society, load-shedding creates a complex and interdependent set of risks over and above the task of just keeping the business’s lights on. These risks need to be understood within the context of each business's strategic plan.



Picture this. A main water pipe bursts and water begins to flood the warehouse, which is also where you happen to be, smartphone in pocket. To avert serious damage and downtime, you need to find the cut-off valve – quickly. At this point, two scenarios are possible. First scenario: you try to find out who can help by calling reception and trying to note the names they suggest and the phone numbers. Second scenario: you access a directory of resources directly from your smartphone, call the person concerned and turn the call into a video call from that person’s desktop so that you can be remotely guided to where the cut-off valve is and how to shut it. How do you get from scenario one to scenario two?



Tuesday, 24 February 2015 00:00

Our Infrastructure's Crucial Need: Resiliency

Although Washington remains stuck in partisan gridlock, there is one thing that Democrats and Republicans agree on: the need to reduce gridlock in the rest of the country by bringing America's infrastructure into the 21st century.

The basis for that rare consensus is painfully clear. The nation's infrastructure has earned a grade of D+ from the American Society of Civil Engineers, which estimates that it will cost $3.6 trillion to bring our systems to a state of good repair. Across the nation, aging and deteriorating bridges and water treatment plants pose a real threat to public health and safety and a drain on economic growth.

How and when Republicans and Democrats might find common ground to fix the problem remains to be seen. But when that does come to pass, here's another idea that should win support from both sides: Our next-generation of infrastructure must be resilient.



Many efforts to implement ERM are unfocused, severely resourced constrained, and pushed down so far into the organization that it is difficult to establish relevance. The near-term results are “starts and stops” and ceaseless discussions to understand the objective. Risk is often an afterthought to strategy and risk management an appendage to performance management. Ultimately, the ERM implementation runs out of steam and is no longer sustainable.

While there is no one-size-fits-all, the following design principles will help overcome these issues:



A new survey from identity and access management (IAM) solutions provider SailPoint has revealed there is a "clear disconnect" between cloud usage and IT controls in many businesses.

SailPoint's "2014 Market Pulse Survey" of at least 3,000 employees worldwide showed that one out of every four workers admitted they would take copies of corporate data with them when they leave a company.

Survey researchers also pointed out that one in five employees is "going rogue" with corporate data and has uploaded this information to a cloud application such as Dropbox or Google Docs with the intent to share it outside the company.

"The challenge with cloud applications is that IT organizations must now manage applications that are deployed – and accessed – completely outside the firewall," SailPoint President Kevin Cunningham wrote in a blog post. "Adding to the complexity, employees are starting to use consumer-oriented applications for work-related activities, creating a significant blind spot when it comes to risk."



As the number of platforms where enterprise IT organizations can store data proliferates, getting data in and out of those platforms quickly has become a major IT challenge.

To address that issue, Syncsort has released an update to its suite of data integration offerings that adds an “Intelligent Execution Layer” that enables users to visually design a data transformation once and then run it anywhere—across Hadoop, Linux, Windows, or Unix—on premise or the cloud.

Tendü Yoğurtçu, general manager for Big Data at Syncsort, says version 8.0 of the company’s DMX Software is designed to provide not only a consistent approach for collecting, transforming and distributing data across multiple platforms, but also one that embeds algorithms that automatically select the optimal execution path based on the type of platform, the attributes of the data and the condition of the cluster.

The goal, says Yoğurtçu, is to allow business users and data scientists to take advantage of a run-time environment that allows them to transform data in flight in a single step.



Well, it’s time to work on the Business Continuity Management (BCM) / Disaster Recovery (DR) program based on the maintenance schedule. You’ve got your plan all well laid out and people know it’s coming and are ready to participate…sometimes begrudgingly. Yet, for some reason your well-thought out plan isn’t going to plan at all.

Sometimes that because what one believes they have, they really don’t. For example, just because you have an executive buy in on the need for the BCM/DR program and what’s needed, doesn’t always translate to mean the same thing as having their support. For example, an executive may buy in to the idea that a specific initiative is needed and give the go ahead but no one really follows along as expected because the executive themselves doesn’t offer or provide support to the BCM/DR practitioner and when others see this they quickly realize that the BCM/DR is just a make-work effort and isn’t something the company executives really – and I mean really – supports.

The executive may see it as a checkbox on an audit report and wants it quickly to go away; to quickly have the golden checkmark in that tick box appear on a report so that BCM/DR goes away. Again, they see the need to do something but don’t provide the means, communication channels and support, resources (both physical and financial) or moral support to get it done.



The debate about build versus buy has raged for years. But the total cost of owning your own data center outweighs the perceived benefits, and it looks like the argument in favor of “buy” may have gained the upper hand once and for all.

Let’s talk about it, though, from the point of view of people who are considering building their own and see how their claims stand up to the current state of backup.



In all the big news about the impact of mobile technology on small to midsize businesses (SMBs), one item that stands out is that SMBs that adopt mobile strategies outperform those that do not. This data comes from a recent study on the mobile revolution by the Boston Consulting Group and Qualcomm. Another report from Juniper Research found that in 2014, SMBs contributed $630 billion to the growing mobile industry, which is nearly triple the number from four years prior.

That kind of growth proves that SMBs are not only adopting mobile technologies; they are relying on it to fuel their business growth and change the ways that business is done.



Monday, 23 February 2015 00:00

Can IT Evolve Beyond the Cloud?

Everyone in IT is anxious to see how the cloud shakes out. When all is said and done, what will the enterprise look like when cloud computing becomes the established model for IT infrastructure?

And some are looking even farther into the future, wondering what, if anything, will come after the cloud?

To be sure, there is no shortage of predictions over how the cloud will evolve over time. IDC’s most recent assessment has hybrid infrastructure heading into 65 percent of enterprises within the year and predicts that by 2017, 20 percent of the industry will be using the public cloud as a strategic resource. As well, more than three quarters of IaaS offerings will be redesigned, rebranded or phased out over the next two years as providers concentrate on more lucrative services higher up the stack.

The utility of the cloud is beyond question at this point, so while most experts can debate the merits of the various architectures, it is hard to imagine IT in the future without a significant cloud presence. NetSuite CEO Zach Nelson told the Australian Financial Review last fall that he believes the cloud to be “the last computing architecture,” because there is no way to improve upon always-on data access from any device anywhere in the world. This may be true, but it was also true in the early 1970s that computer technology was simply too expensive and too complex for the average citizen.



As your customers decide whether or not to move their cloud-based file sharing to a hybrid cloud, they will have many questions along the way. Of course, some questions are more common than others – and as their managed service provider, you should be prepared to answer them.



(Tribune News Service) -- A hiker lost in the mountains of New Mexico called 911 repeatedly, but was routed seven times to non-emergency lines.

A 911 call made by an elderly woman from her home in Texas was picked up by an emergency dispatcher in Tennessee, some 700 miles away.

And an emergency call made last month from a middle school in Delano, Calif., after a young student collapsed and later died there, was routed to a 911 dispatcher in, of all places, Ontario, Canada.

Hundreds of millions of Americans have moved rapidly from traditional land lines to relying on various forms of wireless phone services, making the 911 emergency system ever more complex, experts say, and therefore more subject to misrouted calls or misidentified locations.



Recently, we had a client pick up a new contract with a company that was escaping a relationship with a bad IT provider. The transition was a nightmare for the business. Why? Because their previous IT company had constantly kept them in the dark about the state of their technology.

How transparent are YOU with your clients?

When you say, “Honesty is the best policy,” you'd better mean it. Be as open as possible with your clients without overloading them on the technical stuff. It’s all about building trust, and you can’t do that if they think you’re keeping secrets from them. Even if something goes wrong with a bad bug or a security breach, you need to keep them in the loop. Own up to everything you do, good and bad, and if it’s bad – make it right.



In the wake of a natural disaster, about a quarter of businesses never reopen. Whether due to primary concerns like a warehouse flooding, secondary complications like supply chain disruption, or indirect consequences like transportation shutdown that prevents employees from getting to work, there are a broad range of risks that can severely impact any business in the wake of a catastrophe that must be planned for.

Planning and securing against natural disaster risks can be daunting and exceptionally expensive, but researchers have found that every dollar invested in preparedness can prevent $7 of disaster-related economic losses. Check out more of the questions to ask and ways to mitigate the risk of natural disasters for your organization with this infographic from Boston University’s Metropolitan College Graduate Programs in Management:



The widespread popularity of social media and associated mobile apps, especially among young people, has potential in public safety, a new study finds.

Use of such sites as Facebook and Twitter has become so significant that universities should strongly consider utilizing them to spread information during campus emergencies, according to a study from the University at Buffalo School of Management called Factors impacting the adoption of social network sites for emergency notification purposes in universities.

Social media not only enables campus authorities to instantly reach a large percentage of students to provide timely and accurate information during crisis situations, the study states, but sending messages through social networking channels also means students are more likely to comply with emergency notifications received.



For many people, stepping into the office can feel like stepping back in time. In an age where so many people carry around mobile computers in their pockets, employees have become frustrated at being forced to use cumbersome technologies such as VPN and FTP to remotely access files stored on an on-premises file server. As a result, many of these employees have resorted to storing more of their data in free, non-secure cloud services like Dropbox.

How do MSPs reconcile the virtues of the file server with the benefits of cloud file sync? One way is to cloud-enable the file server. Here are three ways cloud-enabling the file server keeps the file server sexy and makes your clients happy:



Leveraging Big Data for operational analytics is generating more interest these days, despite integration concerns. Companies are always looking for ways to reduce operational expenses, and Big Data promises to help.

A recent SCM World report, “The Digital Factory: Game-Changing Technologies That Will Transform Manufacturing Industry,” asked 200 manufacturers around the globe about Big Data and other new technologies. The report is available to clients only, but Forbes recently shared some key findings.

The survey revealed that 49 percent see advanced analytics as a way to “reduce operational costs and utilize assets efficiently,” Forbes notes. It’s telling, too, that only 4 percent said they saw no use case for Big Data analytics in their future.



I recently had a conversation with someone about BYOD and security. He told me that he thought that enterprise was having BYOD fatigue and there was a growing attitude that its security problems were overblown. This person wasn’t alone in his feelings. I had read some articles and heard others repeat similar complaints about BYOD. Perhaps mobile devices weren’t as bad of a security issue as once thought?

Or maybe the threats are even worse than we realized. Some recent studies show just how much of a security risk mobile devices have become within the workplace, and this carries over into BYOD security risks as well.

First, a study conducted by Alcatel-Lucent's Motive Security Labs found that mobile malware has increased by 25 percent in 2014, and 16 million devices – mostly Androids but not exclusively – are infected. For the first time, we’re seeing infection rates of mobile devices that rival those on Windows computers. Out of the top 20 threats, six of them involved spyware meant to track location and monitor the user’s communications. The reason for all this malware, according to an eSecurity Planet article, comes down to the device owner:



It’s a terrifying but plausible scenario. You’re in an enclosed crowded place—perhaps a subway or a mall—and a terrorist organization releases lethal quantities of a nerve agent such as sarin into the air. The gas sends your nervous system into overdrive. You begin having convulsions. EMTs rush to the scene while you go into respiratory failure. If they have nerve agent antidotes with them, you may have a greater chance of living. If they don’t, you may be more likely to die. Will you survive?

Thanks to CDC’s Strategic National Stockpile CHEMPACK program, the answer is more likely to be yes.

First responders prepare for CHEMPACK training.

First responders prepare for CHEMPACK training.

CHEMPACKs are deployable containers of nerve agent antidotes that work on a variety of nerve agents and can be used even if the actual agent is unknown. Traditional stockpiling and delivery would take too long because these antidotes need to be administered quickly. CDC’s CHEMPACK team solves this problem by maintaining 1,960 CHEMPACKs strategically placed in more than 1,340 locations in all states, territories, island jurisdictions, and the District of Columbia. Most are located in hospitals or fire stations selected by local authorities to support a rapid hazmat response. More than 90% of the U.S. population is within one hour of a CHEMPACK location, and if hospitals or first responders need them, they can be accessed quickly. The delivery time ranges from within a few minutes to less than 2 hours.

The medications in CHEMPACKs work by treating the symptoms of nerve agent exposure. According to Michael Adams, CHEMPACK fielding and logistics management specialist, “the CHEMPACK formulary consists of three types of drugs: one that treats the excess secretions caused by nerve agents, such as excess saliva, tears, urine, vomiting, and diarrhea; a second one that treats symptoms such as high blood pressure, rapid heart rate, weakness, muscle tremors and paralysis; and a third that treats and can prevent seizures.”

Maintaining CHEMPACKs throughout the nation is challenging, but it is an essential part of the nation’s defenses against terrorism. The CHEMPACK team must coordinate with limited manufacturers to keep the antidote supply chain functioning. CHEMPACK antidotes are regularly tested for potency and are replaced when needed. They must be maintained in ideal locations for quick use by hospitals and first responders. But, having them available is only the first step. Personnel who may use them need to know where they are and must be trained. CDC supports state and local partners as they identify CHEMPACK placement locations and conduct trainings for their responders.

2008 map of the fielded CHEMPACK Cache Locations

2008 CHEMPACK locations across the U.S.

Terrorist nerve agent attacks are not hypothetical. The Aum Shinrikyo group in Japan used sarin gas to attack subway passengers twice: an attack in 1994 killed eight people and a second attack in 1995 killed 12. Experts agree that these attacks were amateurish and a better timed and executed attack could have killed many more people.

CDC’s CHEMPACK team is part of the rarely seen network that protects the people of the United States from unusual threats. You might not have heard much about them, but if you are ever attacked by nerve agents, they may be the reason you survive.


The harsh winter of 2015 shows no sign of letting up. It’s too late for enterprises to do much to protect themselves this year. The good news is that, though it doesn’t seem so now, the temperatures will moderate and snow will melt relatively soon.

But, with the uncertainty introduced by global warming, it is irresponsible to assume next year won’t be as bad – or even worse. Therefore, it is important to take special note of what can be done to prepare for next winter.

This prudence seems to be lacking, however. A poll commissioned by property insurer FM Global revealed the problem. It found that 32 percent of workers give their employers grades of “F,” “D” or “C” for winter storm preparedness. Fifty-two percent of full-time workers expressed dissatisfaction with their companies’ winter storm preparations.



I have recently detailed the COSO 2013 Framework in the context of a best practices compliance regime. However there is one additional step you will need to take after you design and implement your internal controls. That step is that you will need to assess against your internal controls to determine if they are working.

In its Illustrative Guide, the Committee of Sponsoring Organization of the Treadway Organization (COSO), entitled “Internal Controls – Integrated Framework, Illustrative Tools for Assessing Effectiveness of a System of Internal Controls” (herein ‘the Illustrative Guide’), laid out its views on “how to assess the effectiveness of its internal controls”. It went on to note, “An effective system of internal controls provides reasonable assurance of achievement of the entity’s objectives, relating to operations, reporting and compliance.” Moreover, there are two over-arching requirements which can only be met through such a structured post. First, each of the five components are present and function. Second, are the five components “operating together in an integrated approach”? Over the next couple of posts I will lay out what COSO itself says about assessing the effectiveness of your internal controls and tie it to your compliance related internal controls.

As the COSO Framework is designed to apply to a wider variety of corporate entities, your audit should be designed to test your internal controls. This means that if you have a multi-country or business unit organization, you need to determine how your compliance internal controls are inter-related up and down the organization. The Illustrative Guide also realizes that smaller companies may have less formal structures in place throughout the organization. Your auditing can and should reflect this business reality. Finally, if your company relies heavily on technology for your compliance function, you can leverage that technology to “support the ongoing assessment and evaluation” program going forward.



The UAE’s National Emergency Crisis and Disasters Management Authority has published an updated version of the country’s business continuity standard.

The new UAE Business Continuity Management Standard builds upon the first version, published in 2012, and aligns the standard with international best practices and guidelines. It contains three parts:

  • Specifications: sets out all the key parts and elements of the business continuity program.
  • Guidelines: interprets how the elements mentioned in the Specifications work in practice.
  • Toolkit: includes framework templates for developing a business continuity management system.

The Specifications document is available as a free PDF here. For details of obtaining the other parts of the standards contact the NCEMA

In the light of recent news showing that $1bn (£648m) has been stolen since 2013 in cyber-attacks on up to 100 banks and financial institutions worldwide Konrads Smelkovs of KPMG’s cyber security team says that it is time for financial institutions to be more proactive when it comes to information security.

Smelkovs comments:

“These attacks were unique in terms of the organization it took to execute them. However, the tools used by these cyber-crime gangs weren’t particularly sophisticated. It was the persistence and cautious approach of the criminals that netted them the prize. The banks targeted - primarily in Russia and Ukraine - suggest a selective operation in areas where tracking transactions is more complex.

“Financial institutions need to take more of a pre-emptive approach to such attacks. Playing ‘war games’ is one effective way of highlighting potential weak spots where attacks are simulated. Each organization should also look to have someone committed to defending their network, rather than someone who merely adheres to prescribed standards. The continued investment towards anti-malware technology and internal network monitoring tools remains crucial to being a step ahead of cyber criminals.”


No, there is no typo in the title. In today’s C-level world, CRO can stand for Chief Risk Officer, but can also mean Chief Reputation Officer. By definition, the Chief Risk Officer looks after the governance of significant risks (both menaces and opportunities). The Chief Reputation Officer supervises the management of an organisation’s reputation, brand and communications. Looking after risks and reputation are both vital functions for organisations. The question is whether specific job functions are to be created for one or both of them. The definitive answer will depend on different factors.



Security and compliance skills were named as the top IT skills that hiring managers will be seeking in 2015, according to a survey of 405 senior-level technology professionals conducted by Cybrary.IT from late 2014 to early 2015. And that’s good news for the fledgling cybersecurity training site, which began offering its roster of free security courses a few weeks ago.

While the majority of companies represented in the survey plan to spend the same amount on IT training in 2015 that they spent in 2014, 11 percent said they have no money for IT training at all and fewer than 25 percent spend at least 10 to 20 percent of the total IT budget on training.

Billing itself as the first and only tuition-free massive open online course (MOOC) for IT and cybersecurity training, Cybrary.IT, whose founders came out of the paid IT training space, targets “unserved and underserved” individuals and aims to transform cybersecurity training as a whole, as co-founder Ryan Corey told me upon launch. The price of training is a major issue for individuals and companies, as both attempt to keep up with rapidly changing cyber threats and the growing need for specialized security skills.



The harshness and repeated ferocity of the winter of 2015 (especially in the New England states) sent many businesses scrambling to update their Business Continuity Plans.  The earlier Ebola crisis in West Africa set off the same kind of frenzy.  As a wise Business Continuity Management (BCM) guru once said “no good crisis should go unexploited”.  What he meant was that public crises can be leveraged to stimulate interest (and funding) for BCM.

The result of the blizzard and Ebola phenomena isn’t about stimulating interest, it borders on panic – for all the wrong reasons.  An earlier blog addressed the wisdom of planning for impacts, not for events.  These recent snows and epidemics have served to reinforce that advice.

There are so many things that could happen to disrupt your organization.  Many of them are as yet unknown (those “black swans”). But are “Scenario Plans” worth the effort? Consider that the 30-day snowfall record for Boston set in January-February 2015 (90 inches) broke the previous record (59 inches) set 37 years earlier (1978).  Does it make sense to create a ‘Blizzard Plan’ – if it occurs every 30 years?  Likewise, is an ‘Ebola Plan’ really necessary when that specific virus is unlikely to spread in significant numbers beyond West Africa?



Wednesday, 18 February 2015 00:00

West Coast Ports Dispute and Supply Chain Risk

A protracted labor dispute that continues to disrupt operations at U.S. West coast ports underscores the supply chain risk facing global businesses.

Disruptions have steadily worsened since October, culminating in a partial shutdown of all 29 West coast ports over the holiday weekend.

The Wall Street Journal reports that operations to load and unload cargo vessels resumed Tuesday as Labor Secretary Tom Perez met with both sides in the labor dispute in an attempt to broker a settlement amid growing concerns over the impact on the economy.

More than 40 percent of all cargo shipped into the U.S. comes through these ports, so the dispute has potential knock on effects for many businesses.



Many businesses across the US score poorly on being prepared for severe winter weather, according to a new poll of America's workforce, commissioned by FM Global.

Nearly one third of full-time American workers (32 percent) assign their employers a grade of C, D or F when it comes to preparedness for a major winter storm, the research finds. Furthermore, more than half of US workers (52 percent) employed full time indicated they are dissatisfied with their employers' preparedness, wanting their company to be better prepared for a winter storm.

"America's feedback speaks to the need for businesses to be more proactive, and overall more resilient, when it comes to winter weather," said Brion Callori, senior vice president, engineering and research, FM Global. "Insurance won't bring back lost customers, market share or fix a damaged corporate reputation for unprepared businesses. A business continuity plan which has been well-tested and communicated to employees can address such risk and help companies avoid costly physical and financial losses."

FM Global recommends the following best practices for businesses to help prevent damage in severe winter weather conditions:



Recently, there was an online discussion where the question was raised if both Business Continuity Planning (BCP) and Disaster Recovery (DR) service and implementation can be quantified in terms of real dollar savings. I believe that to be a great question—one that anyone in those fields should be asking. And to be clear, I think the reply is a resounding “yes.”

In recent years, it would be very easy to say that dollars have become “scarce” from the standpoint of business planning and operations. Many of our clients have recently shifted their focus toward and improved cost/benefit ratio and greater overall savings in BCP and DR. This eye toward savings extends into both the tactical and—more importantly—strategic areas.



Wednesday, 18 February 2015 00:00

What Does Bad Data Cost?

For Valentine’s Day, Talend published a fun infographic, “Use Big Data to Secure the Love of Your Customers.” It lists data quality as the second leading challenge with Big Data, but perhaps more striking is the  $13.3 million annual financial impact caused by data quality problems.

I’m not entirely sure from the graphic which research group provided that stat, but a 2013 Gartner research paper put the cost higher, at $14.2 million a year.

Actually, there’s no shortage of scary statistics and numbers on the high cost of bad data. For instance, this infographic by Lemonly.com and Software AG notes that bad data:



CHICAGO – Dangerously low temperatures and bitterly cold wind chills continue to be in the forecast for much of the Midwest this week. The U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA) wants individuals and families to be safe when faced with the hazards of cold temperatures.

“Whether traveling or at home, subfreezing temperatures and wind chills can be dangerous and even life-threatening for people who don't take the proper precautions,” said Andrew Velasquez III, FEMA Regional Administrator. “FEMA continues to urge people throughout the Midwest to monitor their local weather reports and take steps now to stay safe.”

During cold weather, you should take the following precautions:

• Stay indoors as much as possible and limit your exposure to the cold;
• Dress in layers and keep dry;
• Check on family, friends, and neighbors who are at risk and may need additional assistance;
• Know the symptoms of cold-related health issues such as frostbite and hypothermia and seek medical attention if health conditions are severe.
• Bring your pets indoors or ensure they have a warm shelter area with unfrozen water.
• Make sure your vehicle has an emergency kit that includes an ice scraper, blanket and flashlight – and keep the fuel tank above half full.
• If you are told to stay off the roads, stay home. If you must drive, don’t travel alone; keep others informed of your schedule and stay on main roads.

You can find more information and tips on being ready for winter weather and extreme cold temperatures at http://www.ready.gov/winter-weather.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at twitter.com/femaregion5, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

Tuesday, 17 February 2015 00:00

Everyone Wins in a Diverse Storage Environment

For a while, it looked like enterprise storage was on a pretty stable development path: convert tape to disk, convert disk to solid state, and ultimately transition the storage array to modular infrastructure featuring server-side and in-memory solutions.

That plan is starting to crumble, however, as developments across multiple storage media are increasing the flexibility of previously staid solutions and even causing some to question storage’s actual role in the emerging virtual data ecosystem.

IBM's James Kobielus, for one, is backing off earlier predictions that 2015 would be a tipping point for SSDs in the enterprise. He still sees SSD dominance as inevitable, but continued investment in hard disk development is doing wonders for storage density and cost-per-bit. So while Flash solutions will likely dominate emerging applications like data mobility and the Internet of Things, tried and true magnetic media still has a lot to offer the old-line functions that many enterprises will continue to rely upon even in a cloud-dominated universe.



(TNS) — When Summer Fowler goes to sleep, the Cranberry mother of three knows computer hackers around the world are working through the night to undo the defenses she spends her days building.

Fowler, 37, is deputy technical director for cybersecurity solutions at CERT, the nation's first computer emergency response team, at Carnegie Mellon University's Software Engineering Institute. She works with Pentagon soldiers, intelligence directors and corporate titans to help them identify key electronic assets, secure them from cyberattacks and plan for what happens if someone steals them.

But at the end of the day, once her children are tucked into bed, Fowler wonders what the impact would be from a real cyber 9/11 attack on the United States.



The derailments this week of two trains carrying crude oil have raised new questions about the adequacy of federal efforts to improve the safety of moving oil on tank cars from new North American wells to distant refineries.

A 100-car, southbound CSX train derailed Monday in a West Virginia river valley, destroying a home and possibly contaminating the water supply for downriver residents. A thundering fireball rose hundreds of feet above the community amid an intense winter storm.

On Sunday, an eastbound oil train derailed in Ontario, Canada, near the city of Timmins, engulfing seven cars in an intense fire and disrupting passenger service between Toronto and Winnipeg.

The most recent accidents follow a long string of crashes that have occurred amid an exponential increase in the amount of crude being transported by rail, as energy production booms across the U.S. and Canada.




Cyber-attack is the top threat perceived by businesses, according to the fourth annual Horizon Scan report published today by the Business Continuity Institute (BCI), in association with BSI. Supply chain disruption is reported as the fastest rising threat, up 11 places since last year.

The annual BCI Horizon Scan assessed the business preparedness of 760 organizations worldwide and shows that three quarters (82%) of Business Continuity Managers fear the possibility of a cyber-attack, with 81% worried about the possibility of unplanned IT outages and 75% data breaches similar to that suffered by Sony in 2014. A recent industry report(i) highlights the annualized cost of cyber-crime per global company now stands at $7.6 million, a 10.4 per cent year-over-year increase.

Concerns over supply chain disruption were the fastest rising threat, climbing to fifth place in this year’s report, up from 16th in 2014. Almost half of those polled (49%) identified increasing supply chain complexity as a trend, leaving their organization vulnerable to disruption from conflict or natural disasters.

This year’s global top ten threats to business continuity are:

  1. Cyber-attack – up 1
  2. Unplanned IT and telecoms outages – down 1
  3. Data breach – static
  4. Interruption to utility supply – up 1
  5. Supply chain disruption – up 11
  6. Security incidents – up 1
  7. Adverse weather – down 3
  8. Human illness – up 3
  9. Fire – down 3
  10. Acts of terrorism – down 1

Despite growing fears over the resilience of their firms, the report records a shock fall in the use of trend analysis by business continuity practitioners, with a fifth of firms (21%) failing to invest in protective discipline. A similar proportion (22%) report not employing trend analysis at all, making it a blind spot for organizations. Globally business preparedness shows variations with 8 out of 10 (82%) organizations in the Netherlands utilising trend analysis, while just 6 in 10 firms in the Middle East and Africa do so (63%).  Small businesses, evaluated for the first time in this year’s report, are seen to lag behind industry best practice with just half currently applying international standards for business continuity management.

Howard Kerr, Chief Executive at BSI, commented: “Globalization has brought the world’s conflicts, epidemics, natural disasters and crime closer to home. It is of real concern that this year’s report shows that businesses are not fully utilising information to identify and remedy blind spots in their organizational resilience strategies. Tracking near and long-term threats provides organizations of all sizes with an objective assessment of risks and how to mitigate them. Failing to apply best practice leaves organizations and their employees, business partners and customers at risk.”

The report provides the strong recommendation that the rising costs of business continuity demand greater attention from top management. Encouragingly, adoption of ISO 22301, the business continuity standard, appears to have reached a tipping point with more than half (53%) of organizations now relying upon this, up from 43% last year. Almost three quarters of firms (71%) intend to better align their activities with ISO 22301 over the next 24 months.

Lyndon Bird FBCI, Technical Director at the BCI, commented: “The world faces diverse problems from cybercrime and political unrest to supply chain vulnerabilities and health hazards. This report shows the vital importance of business continuity professionals understanding such trends. No longer can those working in the field believe they can resolve all their problems themselves. As an industry we must work together with our fellow practitioners to deal with the complexity of these threats.”

Click here to download your free copy of the Horizon Scan. If you would like to know more about the report, or perhaps ask some questions, Patrick Alcantara (BCI) and Lorraine Orr (BSI) will be hosting a webinar on Tuesday 24th February at 2pm (GMT) where they will be discussing some of the findings. Click here to register for the webinar.

Tuesday, 17 February 2015 00:00

How to define your recovery time objectives

By Charlie Maclean-Bristol FBCI FEPS

Defining the recovery time objectives (RTO) for your activities is one of the most critical things the business continuity manager will carry out. Get them wrong and the whole basis for your recovery strategy is flawed. Often, rather than being an objective assessment, the RTO is driven by internal politics and by managers wanting their part of the organization (and hence themselves) to be seen as important.

For a long while I have wondered if there was any scientific way, or even a rule of thumb, for defining your RTOs but I have never come across one. A while ago I reached out to the BCMIX LinkedIn Group to ask how members went about defining their RTOs. I got lots of explanations of the process for defining them but no set rule. Most people said that defining RTOs was a combination of common sense, knowledge of the organization, and experience. These are all very good but how is a beginner going to get that experience?

In the absence of any set method of defining RTOs here are my thoughts on the subject:



Luke Bird reflects on career progression opportunities in business continuity and how the profession could improve in this area.

As a kid growing up all I ever wanted to be was a sailor in the navy and once I got to the right age there was no one going to tell me otherwise. So off I went, hell bent on passing through basic training and finally getting to wear that shiny uniform. Well done me I thought to myself…

However, it wasn’t until the Monday morning after my big passing in parade and following a weekend of celebrations with my family and friends that it finally hit me. I had absolutely no idea what I wanted to do with my career beyond that point.

It’s really only now at this stage of my career in business continuity and over 10 years later that I can draw some interesting parallels. Much like my experience during basic training in the Navy, my career as a junior professional in business continuity has often involved those long 18-hour days, those difficult superiors (occasionally) and that regular feeling of being a deer in the headlights. However, the greatest parallel I can draw from this collective experience is the way I’m feeling right now: trying to decide on my future.



Tuesday, 17 February 2015 00:00

BCI publishes its annual Horizon Scan report

The Business Continuity Institute has published its fourth annual Horizon Scan report. This year’s report has been published in association with BSI.

The BCI Horizon Scan assessed the business preparedness of 760 organizations worldwide and shows that the top three threats that business continuity managers are concerned about are:

  • Cyber-attack (82 percent are concerned about this threat);
  • Unplanned IT outages (81 percent);
  • Data breaches similar to that suffered by Sony in 2014 (75 percent).

Supply chain disruption is seen as the fastest rising threat, climbing to fifth place in this year’s report, up from 16th in 2014. Almost half of those polled (49 percent) identified increasing supply chain complexity as a trend, leaving their organization vulnerable to disruption from conflict or natural disasters.

Despite growing fears over the resilience of their firms, the report records a shock fall in the use of trend analysis by business continuity practitioners, with a fifth of firms (21 percent) failing to invest in this protective discipline. A similar proportion (22 percent) report not employing trend analysis at all, making it a blind spot for organizations. Globally business preparedness shows variations with 8 out of 10 (82 percent) organizations in the Netherlands utilising trend analysis, while just 6 in 10 firms in the Middle East and Africa do so (63 percent).

Adoption of ISO 22301, the business continuity standard, appears to have reached a tipping point with more than half (53 percent) of organizations now relying upon this, up from 43 percent last year. Almost three quarters of firms (71 percent) intend to better align their activities with ISO 22301 over the next 24 months.

You can read the full Horizon Scan report after registration here.

The more IT pervades businesses, the more IT-based tools hackers have to exploit vulnerabilities. If you want your company to stay safe, you may need to ‘attack’ yourself to find out where the weak points are and fix them to prevent others from breaking in. The following list of hacker tools and techniques will give you an idea of the range of resources readily available over the Internet. Remember also that hackers may be plying their trade every day of the week. By comparison, some organisations may not have the time to run checks more once or twice a month. If you’re strapped for internal resources, consider other options like third party services to check or boost security.



Oil is hovering around $50 per barrel. For most of the US economy this drop in oil price has provided a much-needed economic boost. One piece on the NPR website, entitled “Oil Price Dip, Global Slowdown Create Crosscurrents For U.S.”, said “economists have suggested the big drop in oil prices is a gift to consumers that will propel the economy.” Liz Ann Sonders, who is the chief investment strategist at Charles Schwab, was quoted as saying “The U.S. economy is 68 percent consumer spending, so right there you know that falling oil prices is a benefit.” Another economist said the positive effects could be “worth $400 billion” for the US economy as a whole.

But in the energy space, particularly in the city of Houston, Texas, this plunge has been devastating. It is so bad that in this past week’s issue of the Houston Business Journal (HBJ), it provided a ‘Box Score’ for energy company lay-offs. And that was before Halliburton announced a 10%-15% reduction and Hercules Offshore announced that it had laid off some 30% of its work force since last October. Nationally, for the energy industry, it will be just as bad. In the NPR piece, David R. Kotok, of Cumberland Advisors, said, “cuts in production and energy company payrolls will cost the U.S. economy up to $150 billion.” The Houston Chronicle headlined it was a “Bloodbath”.

I thought about what this plunge in the price of oil could mean for the compliance function in energy and energy related companies going forward. Many Chief Compliance Officers (CCOs) and compliance practitioners struggle with metrics to demonstrate revenue generation. Most of the time, such functions are simply viewed as non-revenue generating cost drags on business. This may lead to compliance functions being severely reduced in this downturn. However I believe such cuts would be far from short-sighted; they would actually cost energy companies far more in the short and long term.



As an IT professional, what would you say are the top three concerns that keep you awake at night? According to the results of a recent survey, your peers listed security, downtime (disaster recovery), and talent management, in that order.

The survey was commissioned by Sungard Availability Services, a cloud computing, disaster recovery, and managed hosting services provider based in Wayne, Pa. I had the opportunity to discuss the findings with Ric Jones, CIO at LifeShare Blood Centers, a blood donation services provider in Shreveport, La., that’s a Sungard AS customer. Jones ranked disaster recovery ahead of security on his own list of concerns, but he indicated that the two are inextricably linked.

“Disaster recovery is extremely important to the success of LifeShare Blood Centers. If the primary datacenter in Shreveport experiences downtime for even a few hours, it disrupts the nonprofit’s ability to collect the data needed to gather and distribute critical, life-saving blood supply,” Jones explained. “Security couples up with disaster recovery, as data breaches are occasionally the cause for a disaster or unplanned downtime. This not only impacts an organization’s reputation, but also their ability to do business efficiently. LifeShare Blood Centers houses private information from donors, and it’s vital to our nonprofit we keep their information protected and out of hackers’ hands.”



Agile methods allow developers to create dependable applications with repeatable results. The same type of practice can also be applied to database development to promote proper data management, which in turn reflects in successful application creation. Efficient data governance is one key toward achieving well developed software more quickly.

However, it seems that for many enterprises, there has always been tension between the development groups and those who manage the data. Developers often lament that issues with data management prohibit quick, adaptive software creation. On the other hand, data management staff feels that the tenets of Agile methodologies don’t consider the needs of data asset management. The clash isn’t new, but today’s business cycles demand software that’s created even more quickly and effectively than ever. This is why Agile development has become so important.

To help your organization achieve a tighter relationship between development and data management, author Larry Burns offers his book, “Building the Agile Database.” In his book, Burns explains the business case behind efficient data management via Agile methods. He also takes time to identify the usual stakeholders involved in application development and database development. Burns gives a detailed view of the financial stakes behind the software development process and ties that to the importance of good data management.



(TNS) — When an ice storm hit Augusta, Ga., on Feb. 11, 2014, and lasted into the next morning, the city lacked disaster assessment teams to survey storm damage and had no unified effort to coordinate volunteer help. Nearly half the 57 locations approved for emergency shelter use by the American Red Cross were without backup generators or an alternate power supply.

The city’s debris removal plan was an “incomplete draft” that listed Traffic Engi­neering and Solid Waste as the departments in charge.

A year later, Fire Chief Chris James says Augusta’s Emergency Management Agency has overhauled its operations to address the problems it encountered.



Data breaches can be terrifying; they can cost a business millions of dollars and cause long-lasting damage to a company's reputation, too.

And it often seems like no matter what companies do, data breaches are unstoppable. But is this really the case?

Let's find out...



By Jenny Gottstein

Last August, I embarked on a cross-country train trip to explore  how games might be used for disaster preparedness.

In each city I met with first responders, Red Cross chapters, disaster management agencies, and community leaders. The goal was to identify ways to increase resilience through interactive games. The trip was fascinating, and exposed some core truths about our country’s relationship with disasters.

Here is what I learned:

1)  The coastal cities generally feel vulnerable and unprepared.  By contrast, the states in the middle of the country feel much more confident and capable. For example, everyone I spoke to in Montana was certified in some sort of disaster training, had survived 20 different avalanches or snow storms, and had impressive stockpiles of food and supplies. In other words, Montana is ready.

2)  Different regions are facing different challenges in the effort to become more resilient. In Seattle, disaster preparedness professionals need help communicating safety messages to high school and college students. In Milwaukee, the main fear is extreme weather and water contamination. In New York, preparedness resources have to be translated to a population that speaks over 800 different languages. My job was to determine how game mechanics might be applied to overcome these hurdles.

3)  Socio-economic factors play a huge role in the severity and impact of disasters. Therefore we can’t take a “one size fits all” approach to preparedness. Building a resilient community doesn’t start and end with emergency kits. We have to tackle larger issues of transportation, housing, and resources way before disasters happen.

Woman demonstrating how to perform CPR

4)  Despite major disparities across the country, two things remain true for every individual: Confidence and kindness are essential qualities during a crisis. We might be thrown into unprecedented scenarios, but the first step is having confidence in our ability to respond, and the second step is, quite simply, to be kind to others. Kindness can go a long way in de-escalating a crisis. Which presents an interesting challenge: how do we teach this concept through gaming?

5)  I’ve heard many people blame our country’s lack of preparedness on apathy. How else would you explain the fact that people still don’t have Go Bags or basic emergency plans for their family? But I don’t think “apathy” is the issue. I believe disasters are so enormous and terrifying, that people simply block them out. It is too big, it is too inaccessible. Therefore the problem isn’t apathy, it is paralysis.

6)  The act of “getting prepared” can be isolating and boring. Would I rather go to the hardware store and pick out flashlights for a crisis that is too scary to think about, or spend time with my family and friends? The latter, obviously.

7)  Finally, there is one thing that was true in every place I visited on my trip, one thing that united everyone in these incredibly diverse regions: people are more interested and responsive to emergency preparedness messages that are fun and engaging rather than messages focused on motivating people through fear.

So by creating interactive games, we can offer people a different entry point – an opportunity to tackle disaster preparedness in a way that is social, memorable, and fun. We can make something that is boring and isolating and turn it into something engaging and social. We can turn something that is paralyzing, into something that is accessible. We can design games that are entertaining and thought-provoking, without trivializing the disaster experience.

Over the next few years I’ll be exploring these nuances, and designing games as tools for resilience. If you find this interesting, please join me!

Jenny  Gottstein_small_headcrop

Jenny Gottstein

Jenny Gottstein is the Director of Games and a senior event producer for Go Game. Jenny has led interactive game projects, creativity trainings and design workshops around the world. Click here to read more about Jenny’s trip.


NEW ORLEANS—While it may seem counterintuitive at an event that also has an expo, one speaker at the International Disaster Conference today argues that a lot of the “preparedness” products on the market are not worth the price tag—and may even work against public safety.

According to the graduate research of disaster management expert and firefighter paramedic Jay Shaw, dikes and levies reduced people’s preparedness levels by 25% for all hazards including flooding. About three quarters of respondents in his research had experience with a major flood, and 75% felt prepared for a flood. Yet 65% felt unprepared for any other disaster, and 46% did not have any emergency kit, plan or supplies. The dikes in their town, Shaw found, led to a sense of security against flooding risk, and left many unaware of other risks and how to best prepare for them.

Nationally, a 2009 FEMA study found that 57% of people claim to be prepared for a disaster for 72 hours. Under further review, however, 70% of these individuals did not know the basic components of an emergency go-bag or emergency plan.



Thursday, 12 February 2015 00:00

When Automated Business Continuity Breaks Down

Computers are typically robust and reliable. When it comes to doing the same thing over and over again at scheduled times, they leave human beings far behind. That makes IT automation an attractive proposition for many business continuity routines or processes. Where people might forget or botch a data entry because of the monotony of a task, computers remain unaffected. They will check the status of all your branch servers every hour on the hour without fail. They will monitor manufacturing stocks and supply chains and send alerts when any out of bounds situation occurs. What could ever go wrong? Two things at least that human beings still have to help computers sort out.



The analytics capabilities exist for Internet of Things (IoT) data — it’s the integration of systems and lack of interoperability that will challenge organizations, warns Deloitte Consulting.

Deloitte predicts that the “Analytics of Things” will be one of the top analytics trends in 2015, but also predicts that organizations may have trouble leveraging the data due to proprietary solutions and APIs.

“There needs to be more interoperability, more interconnectivity, more integration of all these devices, otherwise we’re just going to have these competing standards, competing formats and I think you’ll have disappointed customers in the end,” John Lucker, Deloitte Consulting principal and global advanced analytics and modeling market leader, said in a recent interview with IT Business Edge.



Thursday, 12 February 2015 00:00

Shingled Drives for Re-roofing Your Storage?

In the last several years, there have been an increasing number of storage options. Initially we had just magnetic hard drives with a single rotational speed. Then they started to come in several varieties. Now we have a range of drive speeds starting at 15,000 rpm at the top end, followed by 10,000 rpm drives, then the ubiquitous 7,200 drives, and slower drives with speeds such as 5,900, 5,400, 4,500 and even variable speed drives.

The rotational speed of the disk drive is strong indicator of performance, price, capacity and power usage. Typically the higher the speed, the more expensive the drive. And usually high-speed drive has a smaller capacity, better performance and higher power consumption. As the drive speed comes down, the drive price decreases, the capacity increases, the performance decreases, and the power usage decreases.

There are other sources of drive variation, for example, drive cache size and physical drive size (2.5" and 3.5"). There is also the drive communication protocol such as SATA, SAS or Fiber Channel. There are also protocol speed differences such as 6 Gigabits per second (Gbps), 3 Gbps and slower (although these are older drives).



Thursday, 12 February 2015 00:00

Dealing with the loss of data


Whether you've forgotten to press save, a file has become corrupted or perhaps due to something more malicious, I'm sure we've all suffered the frustration of losing data at one time or another. A new study from Kroll Ontrack has now shown just how common this is by revealing that over a 12 month period from 2013 to 2014, one in four (25%) UK workers interviewed as part of their research lost work data due to malfunction or corruption of technology. This is up from 19% just over two years ago. The report also highlights that only 68% of this data was recovered, meaning that almost a third of all work related data lost was irrecoverable.

Paul Le Messurier, Programme and Operations Manager at Kroll Ontrack commented: “The business environment is now, more than ever, data driven and digital first. It is therefore extremely alarming that data loss is on the up. If we see this trend continue to build, there is a risk that we will continue to see large scale data disasters as well as negative impacts on the provision of service level agreements to customers. Organisations must prepare for potential data disasters by developing a robust business continuity plan that includes a back-up plan, education for employees and a data disaster strategy if all else fails.”

Additional findings by Kroll Ontrack highlight that one in three UK employees (33%) used personal devices or cloud services to store work-related data in the last 12 months. Recovery rates of lost work-related data among these devices are low. One in five users successfully recovered from home desktops (19%), just 8% from personal mobile devices and 17% from laptops and tablets.

Le Messurier continued: “With the rise of BYOD the lines between personal and work-related data are being blurred. As such, organisations have to take extra considerations when devising a disaster recovery plan. This includes a full audit of what devices are holding work-related data and ensuring that these devices are being used responsibly. It is also important that businesses understand what data is critical on the device and what is not to ensure that only work related data is backed up to company servers – ignoring personal apps and music.”


No matter what your stance on the cloud and its role in supporting critical vs. non-critical workloads, it should be clear by now that any data infrastructure that remains in the enterprise will be dramatically different from the sprawling, silo-based facilities of today.

Retaining key workloads in-house will likely be a priority for some, but that does not mean the data center isn’t ripe for an upgrade that improves data-handling while lowering capital and operational costs. And the strategy of choice at the moment is convergence.



Enterprise apps are a hot item. I wrote a recent feature that cited research from appFigures, Kinvey and Frost & Sullivan that, in a variety of ways, pointed to the growth in interest on the parts of both developers and their clients.

QuinStreet Enterprise, which publishes IT Business Edge, has released survey research that reveals an important finding: The user interface (UI) and related ease-of-use features are very high (if not at the top) of the list of important elements in the success of an enterprise app. The survey, “2015 Enterprise Applications Outlook: To SaaS or not to Saas” (free download with registration) said that the key features for enterprise users are easy implementation, smooth integration with existing technology and good security.



(TNS) — What would you do with a few seconds or minutes of warning before an earthquake strikes?

When late-night comedian Conan O’Brien considered the question recently, the result was a laugh-out-loud segment with people stampeding into walls, snapping risqué selfies or cranking up the boom box for one last dance.

A more sober — and useful — range of options will be on the table next week, when a small group of businesses and agencies embark on the Northwest’s first public test of a prototype earthquake early warning system.

“Up until now, we’ve been running it and watching the results in-house only,” said John Vidale, director of the Pacific Northwest Seismic Network at the University of Washington.



(TNS) — When Paul Allen picks a cause, he usually takes his time.

The Microsoft co-founder likes to convene brainstorming sessions, consult experts and recruit advisers before making major philanthropic gifts.

But when Ebola flared in West Africa last summer, Allen was among the first private donors to step up. As the toll from the disease soared, he quickly raised his commitment to $100 million — the largest from any individual and double the amount contributed by the Bill & Melinda Gates Foundation.

Now that the epidemic seems to be slowing, Allen is still moving fast.



(TNS) — Commissioners and emergency officials in Pennsylvania are calling for reform for what they say is an outdated emergency telephone services law.

The law, enacted in 1990, doesn’t sufficiently address cellphones and other wireless devices and is adversely affecting funding for 911 systems, they say.

“This is the top priority for the (County Commissioners Association of Pennsylvania) this year,” Somerset County Commissioner Pam Tokar-Ickes said.

Tokar-Ickes also is a directors board member of the statewide organization.

“Since 1990, there have been significant changes because of technology — a lot more people using wireless devices — and the legislation is a piecemeal collection.”



NEW ORLEANS—At the first day of the International Disaster Conference and Expo (IDCE), one of the primary topics of areas of concern for attendees and speakers alike was the risk of pandemics and infectious diseases. In a plenary session titled “Contagious Epidemic Responses: Lessons Learned,” Dr. Clinton Lacy, director of the Institute for Emergency Preparedness and Homeland Security at Rutgers, focused on the recent and ongoing Ebola outbreak.

While only four people in the United States were diagnosed with Ebola, three of whom survived what was previously considered a death sentence, government and health officials cannot afford to ignore the crisis, Lacy warned.

“This outbreak is not just a cautionary tale, it is a warning,” Lacy said. “Ebola is our public health wakeup call.”

A slow start by the Centers for Disease Control, inadequate protective gear in healthcare facilities, and inadequate planning for screening quarantine and waste management were some of the key failings in national preparedness for Ebola. And all were clearly preventable. A significant amount has been done to improve preparedness, Lacy said, but there is still a significant amount yet to do as well.



Wednesday, 11 February 2015 00:00

Big Data and the Mirror of Erised

“This mirror will give us neither knowledge or truth.”

So says Dumbledore in J.K. Rowling’s book, Harry Potter and the Sorcerer’s Stone, commenting on a mirror that shows us what our most desperate desires want us to see.

This is an apt analogy when describing the analytics available in big data solutions. When you suddenly have all the data you could want and can quickly analyze it anyway you like, unencumbered by extraneous effort that we have historically had to endure, what happens? Being human beings with a tendency to confirm what we so want to have happen or to relive what felt so good in the past, managers often drift into self-sealing and circular analysis that at first doesn’t seem so wrong. Big data has to poke through the subtle and instinctual responses of data denial.



Anthem recently said hackers were able to illegally access the health insurance company's IT system, along with personal information from up to 80 million current and former members. And as a result, Anthem landed at the top of this week's list of IT security newsmakers to watch, followed by TurboTax, Trend Micro (TYO) and Avast.

What can managed service providers (MSPs) and their customers learn from these newsmakers? Check out this week's list of the biggest IT security stories to find out:



NEW ORLEANS — Edward Gabriel, principal deputy assistant secretary for preparedness and response for the U.S. Department of Health and Human Services, told a gathering of emergency managers that every incident they respond to is in some way related to health and medical and he revealed a couple of secrets.

Gabriel delivered a keynote address at the International Disaster Conference and Expo in New Orleans on Feb. 10, and talked about some of the work his office is doing to develop resiliency to catastrophic events.

“There are things that we know that you should be aware,” Gabriel told the crowd. He was hinting at some of the dangers that could affect the U.S. regarding biological and nuclear attacks. Those threats are treated as possibilities in the offing by the Biomedical Advanced Research and Development Authority (BARDA) under his watch.



Here’s the quick version. Hackers operating in the same cloud server hardware as you can steal your encryption keys and run off with your data/bank codes/customers/company (strike out items that do not apply – if any). Yes, behind that mouthful of a title is a scary prospect indeed. Until recently, this kind of cloud-side hacking possibility had been discussed but not observed. Now a team of computer scientists have managed to recover a private key used by one virtual machine by spying on it using another virtual machine. Therefore a hacker could conceivably do the same to your VM from another VM running on the same server. How worried should you be?



Tuesday, 10 February 2015 00:00

Expect Shadow IT to Be a Long-Term Problem

Last week, CipherCloud revealed the results of a survey regarding the use of shadow IT. The study found that of the 1,100 cloud applications used in an enterprise setting, 86 percent of those are being used without authorization of the IT department.

Fellow IT Business Edge blogger Arthur Cole believes that, despite the high use of shadow IT within the workspace, the practice’s decline is inevitable. He wrote:

Now that the cloud has taken a firm hold in the enterprise, shadow IT will diminish naturally as internal resources gain the flexibility and availability that knowledge workers require. In fact, you could argue that shadow IT is a net positive for the enterprise because it creates the impetus to shed aging, silo-based infrastructure in favor of a more flexible, dynamic environment. And ultimately, this will allow many organizations to abolish their IT cost centers entirely in order to focus resources on more profitable endeavors.



Telecommunications networks are huge users of energy. The cable industry, for instance, relies upon millions of servers, amplifiers and other network devices throughout vast networks. These all need to be powered. In homes, set-top boxes, gateways and other gadgets need juice, as well.

Cable and telcos, and the companies that support them, are taking steps to control this usage, at least in the home. In 2012, companies connected with the pay television industry entered a voluntary agreement to cut energy use in set-top boxes (STBs). Late last summer, D&R International, Ltd. on behalf of the group, published a report on the impact of the initiative on usage during 2013.

The report, according to Switchboard, the National Resources Defense staff blog, suggests very strongly that the agreement is having the desired effect. Energy use decreased 5 percent during the year and saved about $168 million. Usage of energy by STBs was 14 percent less than devices installed in 2012. The story points out that the next wave of voluntary requirements will increase savings to $1 billion annually when they are implemented in 2017.



(TNS) — New Mexico hasn’t had its first zombie infection yet, but if that happens, Nick Generous and others on a Los Alamos National Laboratory team will probably map it on their new Biosurveillance Gateway website.

All epidemics — whether ebola, measles or zombie apocalypses — begin with patient zero.

“In the earliest stages of outbreak, there’s this critical period of time that officials can enact certain interventions to minimize and prevent the spread,” said Generous, a molecular biologist who helped develop the Biosurveillance Gateway. “So, how do you decide what to do?”

Quarantine, vaccinate or, in the case of that nasty zombie, just shoot its head off?



(TNS) — As earthquakes continue to rattle Oklahomans after a record-setting year, state officials are trying to coordinate their responses and soothe fears.

Secretary of Energy and Environment Michael Teague said Friday his office will develop a website to help keep the public informed of various agency actions on earthquakes. He said it will be modeled after the Oklahoma Water Resources Board’s drought page, drought.ok.gov.

The state had 585 earthquakes greater than a 3.0 magnitude in 2014, up from 109 in 2013. Some studies have linked wastewater injection wells from oil and gas development to increased seismic activity.

“We recognize we have a problem,” said Teague, who heads the Governor’s Coordinating Council on Seismic Activity. “There’s something going on. But the science is not completely settled.



Friday, 06 February 2015 00:00

Is Your CEO Next? The Data Ticking Time Bomb

This morning, I read the news that Anthem Insurance had a massive data breach and that Amy Pascal, who led Sony pictures as co-chairman, was stepping down as a result of Sony’s breach.

I’d just been sent a Varonis study, written by the Ponemon Institute. “Corporate Data: A Protected Asset or a Ticking Time Bomb?” couldn’t be more timely. The danger in not taking data security seriously is growing.

Let’s talk about this report against those events this week.



The Internet of Things is among the trends driving companies to invest in data virtualization, according to Suresh Chandrasekaran, senior VP for data virtualization vendor Denodo.

Data virtualization isn’t normally something you hear in Big Data discussions. I asked Chandrasekaran what problem data virtualization solved for IoT and other Big Data projects. Sensor data is generally pooled in a data repository or data lake, he explained, but it’s useful without context.

Data virtualization allows you to leverage sensor and other Big Data and add context using other data sources. For instance, if you’re using sensors to monitor vehicles, you might want to combine that with maintenance records to predict when parts need to be changed.



I was watching one of my favorite news shows late last night when the host came back from commercials with a breaking news story: Health-insurance company Anthem had been breached. The show’s host provided a couple of details of what the breach entailed; he said that it was personal information of customers and employees, their addresses, birthdates, Social Security numbers (emphasis was the host’s).

After that, I knew exactly what I was going to be waking up to this morning: an inbox filled with commentary on this latest high-profile breach and a topic right at hand for today’s blog post.

Much of that commentary applauded Anthem for its quick response to the breach, like this comment from Lee Weiner, SVP of products and engineering with Rapid7:



Friday, 06 February 2015 00:00

Federal Flood Risk Management Standard

WASHINGTON – On January 30, the President issued an Executive Order 13690, “Establishing a Federal Flood Risk Management Standard and a Process for Further Soliciting and Considering Stakeholder Input.” Prior to implementation of the Federal Flood Risk Management Standard, additional input from stakeholders is being solicited and considered on how federal agencies will implement the new Standard. To carry out this process, a draft version of Implementing Guidelines is open for comment until April 6, 2015.

Floods, the most common natural disaster, damage public health and safety, as well as economic prosperity. They can also threaten national security. Between 1980 and 2013, the United States suffered more than $260 billion in flood-related damages. With climate change and other threats, flooding risks are expected to increase over time. Sea level rise, storm surge, and heavy downpours, along with extensive development in coastal areas, increase the risk of damage due to flooding. That damage can be particularly severe for infrastructure, including buildings, roads, ports, industrial facilities and even coastal military installations.

The new Executive Order amends the existing Executive Order 11988 on Floodplain Management and adopts a higher flood standard for future federal investments in and affecting floodplains, which will be required to meet the level of resilience established in the Federal Flood Risk Management Standard. This includes projects where federal funds are used to build new structures and facilities or to rebuild those that have been damaged. These projects make sure that buildings are constructed to withstand the impacts of flooding, improves the resilience of communities, and protects federal investments.

This Standard requires agencies to consider the best available, actionable science of both current and future risk when taxpayer dollars are used to build or rebuild in floodplains. On average, more people die annually from flooding than any other natural hazard. Further, the costs borne by the federal government are more than any other hazard. Water-related disasters account for approximately 85% of all disaster declarations.

The Standard establishes the flood level to which new and rebuilt federally funded structures or facilities must be resilient. In implementing the Standard, agencies will be given the flexibility to select one of three approaches for establishing the flood elevation and hazard area they use in siting, design, and construction:

  • Utilizing best available, actionable data and methods that integrate current and future changes in flooding based on climate science;
  • Two or three feet of elevation, depending on the criticality of the building, above the 100-year, or 1%-annual-chance, flood elevation; or
  • 500-year, or 0.2%-annual-chance, flood elevation.

Prior to implementation of the Federal Flood Risk Management Standard, additional input from stakeholders is being solicited and considered. To carry out this process, FEMA, on behalf of the Mitigation Framework Leadership Group (MitFLG), published a draft version of Implementing Guidelines that is open for comment. A Federal Register Notice has been published to seek written comments, which should be submitted at www.regulations.gov under docket ID FEMA-2015-0006 for 60 days.  Questions may be submitted to This email address is being protected from spambots. You need JavaScript enabled to view it..

FEMA will also be holding public meetings to further solicit stakeholder input and will also host a virtual listening session in the coming months. Notice of these meetings will be published in the Federal Register.  At the conclusion of the public comment period, the MitFLG will revise the draft Implementing Guidelines, based on input received, and provide recommendations to the Water Resources Council.

The Water Resources Council will, after considering the recommendations of the MitFLG, issue amended guidelines to provide guidance to federal agencies on the implementation of the Standard. Agencies will not issue or amend existing regulations or program procedures until the Water Resources Council issues amended guidelines that are informed by stakeholder input.

FEMA looks forward to participation and input in the process as part of the work towards reducing flood risk, increasing resilience, cutting future economic losses, and potentially saving lives.


FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

Data security has become an even bigger topic in the last year following several high-profile data breaches at consumer companies. And much of the focus been protecting against the breaches themselves. But are there other ways to protect data? MSPmentor recently took a deeper look at a technology called data masking. Here's what we found.

Many banks, government agencies, hospitals, insurance companies and other organizations that manage highly sensitive information are using a technique to hide their data from cybercriminals – data masking. The technique camouflages the real data that you want to protect by interspersing other characters and/or data with it. So the data hides in plain site, but it cannot be seen or discovered.



Despite increasing attention to cybersecurity and a seemingly constant stream of high-profile data breaches, the primary security method used in businesses worldwide remains the simple password. According to a recent study, the average person now has 19 passwords to remember, so it is not surprising that the vast majority of passwords are, from a security perspective, irrefutably bad, including sequential numbers, dictionary words or a pet’s name.

A new report by software firm Software Advice found that 44% of employees are not confident about the strength of their passwords. While many felt their usage was either extremely or very secure, the group reported, “our findings suggest that users either remain unaware of the rules despite the hype, do not believe them to be good advice or simply find them too burdensome, and thus opt for less secure passwords.”

Among the biggest password sins employees commit:



(TNS) — Colorado Springs is making a pitch to host a new state-funded center for fire research, a technology hub that could help propel Colorado to the forefront of revolutionizing how wildfires are fought.

The Colorado Springs Regional Business Alliance plans to submit a report this week detailing why El Paso County, twice victim of catastrophic wildfire, should be the new home for the fire research center.

While the public eye may have been trained on the Colorado Firefighting Air Corps created last year, a lesser-known aspect of the Centennial-based fleet — the Center for Excellence for Advanced Technology Aerial Firefighting — has been on the wish list for some Colorado Springs leaders for months.



(TNS) — While many coastal communities in the Tampa Bay area have been spared a catastrophic spike in flood insurance rates for now, local city leaders say they’re preparing for the worst over the long haul.

In Belleair Bluffs on Tuesday, the Florida League of Cities hosted the first in a series of meetings throughout the state to encourage city governments to invest more in flood mitigation programs that can reduce the risk of storm damage and lower federal flood premiums for local residents by an average of 20 percent.

Cities can increase those savings for nearly all residents who carry flood coverage by improving storm-water drainage, enhancing building codes, moving homes out of potentially hazardous areas and effectively communicating about storm danger and evacuation routes.



Thursday, 05 February 2015 00:00

Another Mega Data Breach

In what is being described as potentially the largest breach of a health care company to-date, health insurer Anthem has confirmed that it has been targeted in a very sophisticated external cyber attack.

The New York Times reports that hackers were able to breach a company database that contained as many as 80 million records of current and former Anthem customers, as well as employees, including its chief executive officer.

Early reports here and here suggest the attack compromised personal information such as names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data.



Thursday, 05 February 2015 00:00

Cloud adoption and risks

With faster time to market, massive economy of scale, and unparalleled agility, the cloud is entering enterprises at an unprecedented rate. As a result, hundreds of high risk cloud applications are commonly used across North American and European organizations, says a CipherCloud report. The report details the results of a comprehensive study of cloud usage and risks, compiled from enterprise users in North America and Europe.

‘Cloud Adoption & Risk Report in North America & Europe – 2014 Trends’ includes anonymised data of cloud user activity collected for the full 2014 calendar year, spanning thousands of cloud applications.



Thursday, 05 February 2015 00:00

Selfie-Sticks and Risk Assessments

Greetings from Venice and a big thanks to Joe Oringel at Visual Risk IQ for allowing my to post his five tips on working with data analytics while I was on holiday in this most beautiful, haunting and romantic of cities. While my wife and I have come here several times, we somehow managed to arrive on the first weekend of Carnivale, without knowing when it began. On this first weekend, the crowds were not too bad and it was more of a local’s scene than the full all out tourist scene.

As usual, Venice provides several insights for the anti-corruption compliance practitioner, whether you harbor under the Foreign Corrupt Practices Act (FCPA), UK Bribery Act, both, or some other such law. One of the first things I noticed in Venice was the large number of selfie-sticks and their use by (obviously) tourists. But the thing that struck me was the street vendors who previously sold all manner of knock-off and counterfeit purses, wallets and otherwise fake leather goods had now moved exclusively to market these selfie-sticks. Clearly these street vendors were responding to a market need and have moved quickly to fill this niche.



Thursday, 05 February 2015 00:00

What’s ‘Good Enough’ Data Quality?

When you dig into data quality—and more of you are—you’ll hear a lot about “good enough” data quality. But what the heck does that mean? And how do you know if you’ve achieved it?

Data folks have long understood that data quality is a continuum. Data quality comes with an associated cost and, at some point, that cost is not worth paying to further “perfect” the data; hence, the concept of “good enough” data quality.

That may have made sense in a relational database world, but now … it’s complicated. The data isn’t just being used for reporting, but is also being leveraged in BI and analytics systems. Data has left IT and is being used to drive decisions across the organization. What’s more, data looks different—it’s now social data, sensor data, external data, Big Data.



Thursday, 05 February 2015 00:00

The Inevitable Decline of Shadow IT

Sometimes it seems as if the enterprise is so caught up in preparing for the future that it fails to notice what is happening in the present.

The cloud is a prime example, with most top data executives enamored by visions of limitless, federated infrastructure able to do anyone’s bidding at the touch of a few mouse clicks. In the meantime, however, few are overly concerned by the unorganized spread of data across external cloud platforms, the so-called shadow IT, despite the significant loss of control it represents.

According to CipherCloud, about 86 percent of enterprise applications are now tied to shadow IT, especially those involved in publishing, social networking and career-based functions. This should be of particular concern to the enterprise considering the increasing sophistication of mobile malware and the ongoing spate of massive data breaches. However, many organizations are not even aware of the scope of the problem: One major enterprise in the survey claimed to have only 15 file-sharing apps in use when in reality it was nearly 70.



Thursday, 05 February 2015 00:00

12-Step Program for Emergency Managers

There are 12-step programs for many personal issues, so I figured there should be a 12-Step Program for Emergency Managers. I’ve written about our addiction to Department of Homeland Security grants that are administered by FEMA. Therefore it is only natural that we look for ways to escape our addiction and gain control over our individual programs. Getting out of addictive behavior can be difficult. 

Generally the concept of 12-step programs is to acknowledge a higher power and give everything over to its control. The only “higher power” that emergency managers have is FEMA, so we are in a bit of a Catch-22 in that we are trying to escape its grant clutches while at the same time giving our lives over to its control. We should at least try this 12-step program that I’ve adapted from Alcoholics Anonymous.



Thursday, 05 February 2015 00:00

Building the Agile Database

Is fast development the enemy of good development? Not necessarily. Agile development requires that databases are designed and built quickly enough to meet fast-based delivery schedules - but in a way that also delivers maximum business value and reuse. How can these requirements both be satisfied? This book, suitable for practitioners at all levels, will explain how to design and build enterprise-quality high-value databases within the constraints of an agile project.

Starting with an overview of the business case for good data management practices, the book defines the various stakeholder groups involved in the software development process, explains the economics of software development (including "time to market" vs. "time to money"), and describes an approach to agile database development based on the five PRISM principles.




In the past we have often heard that people got involved with business continuity through another career, perhaps drifitng in to it from facilities management or IT security. Now we are finding that more and more people are starting off in a business continuity role; the industry has developed into a career opportunity in its own right and people are joining it straight from school, college or university. In order to develop the industry further and take it forward, we need to inspire and encourage the right people to become business continuity professionals, and where better to do this than in schools.

To meet this aim, the Business Continuity Institute has formed a new partnership with Inspiring the Future, a free service where volunteers pledge one hour a year to go into state schools and colleges and talk about their job, career, and the education route they took. Already to date, over 7,500 teachers from 4,400 schools and colleges and over 18,500 volunteers have signed up.

Everyone from Apprentices to CEOs can volunteer for Inspiring the Future. Recent graduates, school leavers, apprentices, and people in the early stages of their career can be inspirational to teenagers - being close in age they are easy to relate to; while senior staff have a wealth of knowledge and experience to share. Your insights will help to inspire and equip students for the next steps they need to take.

Inspiring the Future is currently running a campaign called Inspiring Women with the aim to get 15,000 inspirational women from Apprentices to CEOs signed up to Inspiring the Future, to go into state schools and colleges to talk to girls about the range of jobs available, and break down any barriers or stereotypes.  For further information click here

Why volunteer in a local school or college?

  • Going into state schools and colleges can help dispel myths about jobs and professions, and importantly, ensure that young people have a realistic view of the world of work and the routes into it.
  • Getting young people interested in your job, profession or sector can help develop the talent pool and ensure a skilled workforce in the future.

To sign up to Inspiring the Future as a BCI member, simply click here and follow the steps. In the ‘My Personal Details’ section, under the heading ‘My memberships of Professional Association …’ please write Business Continuity Institute and it will appear for you to select.

By signing up, you make it easy for local schools and colleges to get in touch to see if you can help them help their pupils make better decisions about the future.  You might be asked if you could take part in a careers’ fair, in career networking (speed dating about jobs) or do a lunchtime talk to sixth formers about your job and how you got it. 

Volunteering for Inspiring the Future is free, easy, effective and fun. Volunteers and education providers are connected securely online, and volunteering can take place near home or work as employees specify the geographic locations that suit them. Criminal Records Bureau checks are not needed for career insights talks, as a teacher is always present.

Inspiring the Future is a UK initiative but if you know of a similar scheme in another country then get in touch and let us know. Our aim is to inspire people to become business continuity professionals all across the world.




By Leon Adato

In the corporate environment, end users and, more worryingly, the occasional IT pro, are the first to point the finger of blame at the network when an application is sluggish, data transfer is too slow or a crucial Voice over IP (VoIP) call drops, all of which can have a wider impact on the bottom line.

Issues arise when the IT department looks to blame the network as a whole, rather than work to identify problems that are caused by an individual application running on the network. Poor design, large content and memory leaks can all cause an application to fail, yet IT departments can be slow to realise this.

Many companies are reliant on applications to drive business-critical processes. At the same time, applications are becoming increasingly complex and difficult to support, which puts additional pressure on the network. So, the question remains, when there’s an issue with application performance, is it the network or is it the application? How do you short-circuit the ‘blame game’ and determine the root-cause of an issue so it can be solved quickly and efficiently?



Enterprises are scrambling to come up with ways to scale their infrastructure to meet the demands of Big Data and other high-volume initiatives. Many are turning to the cloud for support, which ultimately puts cloud providers under the gun to enable the hyperscale infrastructure that will be needed by multiple Big Data clients.

Increasingly, organizations are turning to in-memory solutions as a means to provide both the scale and flexibility of emerging database platforms like Hadoop. Heavy data loads have already seen a significant performance boost with the introduction of Flash in the storage farm and in the server itself, and the ability to harness non-volatile RAM and other forms of memory into scalable fabrics is quickly moving off the drawing board, according to Evaluator Group’s John Webster. In essence, the same cost/benefit ratio that solid state is bringing to the storage farm is working its way into the broader data infrastructure. And with platforms like SAP HANA hitting the channel, it is becoming quite a simple matter to host entire databases within memory in order to gain real-time performance and other benefits while still maintaining persistent states within traditional storage.



Tuesday, 03 February 2015 00:00

DDoS attacks proving costly for businesses


According to a study conducted by Kaspersky Lab and B2B International, a Distributed Denial of Service (DDoS) attack on a company’s online resources might cause considerable losses – with average figures ranging from $52,000 to $444,000 depending on the size of the company. For many organizations these expenses have a serious impact on the balance sheet as well as harming the company’s reputation due to loss of access to online resources for partners and customers.

According to the study, 61% of DDoS victims temporarily lost access to critical business information; 38% of companies were unable to carry out their core business; 33% of respondents reported the loss of business opportunities and contracts. In addition, in 29% of DDoS incidents a successful attack had a negative impact on the company’s credit rating while in 26% of cases it prompted an increase in insurance premiums.

DDoS attacks are not just costly, they are also becoming more frequent and more complex. In a different study, one carried out by Arbor Networks, it was revealed that 38% of respondents to a survey experienced more than 21 attacks per month compared to just over 25% in 2013. It was also noted that we are now experiencing much larger attacks, sometimes over 100Gbps and even up to 400Gbps. Ten years ago the largest attack was 8Gbps.

With this as a backdrop, it is perhaps no surprise that cyber attacks have consistently been one of the top three threats for business continuity professionals according to the Business Continuity Institute’s annual Horizon Scan report.

“A successful DDoS attack can damage business-critical services, leading to serious consequences for the company. For example, the recent attacks on Scandinavian banks (in particular, on the Finnish OP Pohjola Group) caused a few days of disruption to online services and also interrupted the processing of bank card transactions, a frequent problem in cases like this. That’s why companies today must consider DDoS protection as an integral part of their overall IT security policy. It’s just as important as protecting against malware, targeted attacks, data leak and the like,” said Eugene Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab.



Many CEOs tend to see business continuity management purely within the context of complying with governance codes. But, says Leigh-Anne van As, business development manager at ContinuitySA, CEOs also need to see how business continuity management can help them answer three key strategic questions.

Van As argues that CEOs need to be able to answer ‘yes' to three key questions:

  • Do you know which products and services offered by your company are vital to ensuring its strategic objectives can be met?
  • Is your organizational structure aligned to the company's strategic objectives?
  • Do you know exactly which resources (including human resources) are required for the company to achieve its strategic objectives?

"Companies typically offer a multiplicity of products and services, but CEOs and their immediate teams need to understand which ones are absolutely vital to the company's ability to meet its strategic targets. They also need to understand exactly which resources are essential to delivering those products and services," she explains. "Once they have the answers, CEOs and their teams can allocate investment and attention appropriately, and optimise the company's operations."



A survey of New South Wales Shires and Councils has looked at risk management, business continuity, and internal audit practices and identified a number of gaps in some critical areas. Over 50 percent of NSW councils participated in the survey, which was conducted by InConsult.

“The high number of responses has provided data that we believe to be valid and paints a good picture of the current state of risk management in NSW councils” says InConsult Director Tony Harb.

“Overall, we have seen improvements across the board in risk management practices, such as developing formal risk management policies and strategies, formal risk appetite statements and maintaining comprehensive risk registers. More Councils now class their risk management in the ‘proficient’ category of risk management maturity.



Don’t think you are vulnerable to an insider threat? You might want to have a conversation with your IT department, then. According to Vormetric's 2015 Insider Threat Report, 93 percent of IT personnel think their company is at risk from an insider threat. Also, 59 percent of respondents worry about privileged users or employees who have high-level access to very sensitive data, who are considered to be the company’s greatest threat.

Thanks in part to the recent Sony hack, insider threats and the dangers they pose are getting a lot more attention than they have in the past. But as Eric Guerrino, executive vice president of the Financial Service Information Sharing and Analysis Center, was quoted in eSecurity Planet, insider threats have been a problem for a long time and a top focus area for security concerns. It’s just that now those beyond IT and security staff are beginning to grasp the severity of the issue.



Tuesday, 03 February 2015 00:00

Measles and the Risk of Infectious Diseases

If you’re reading about the rising number of measles cases in California, you may also be thinking about pandemic risk.

First, let’s look at the status of measles cases and outbreaks in the United States.

The CDC notes that from January 1 to January 28, 2015, 84 people from 14 states were reported to have measles. Most of these cases are part of a large, ongoing outbreak linked to Disneyland in California.

On Friday (January 30, 2015), the California Department of Public Health released figures showing there are now 91 confirmed cases in the state. Of those, 58 infections have been linked to visits to Disneyland or contact with a sick person who went there.

At least six other U.S. states – Utah, Washington, Colorado, Oregon, Nebraska and Arizona—as well as Mexico have also recorded measles cases connected to Disneyland, according to this AP report.

What about last year?



When he speaks of that Thursday, Nov. 6, 2014, Dan Hoffman’s memory is a blur. Details come back in hazy pieces. His first recollections flash back to a headache, a throbbing pain that drove him into an afternoon nap. Next he recalls the sensations of heat, waking to a baking swelter. Next the glow of flames, a black canopy of smoke above, coughs shaking his lungs, the fire alarm shrieking, attempting to stand, to breathe, to reach for his cellphone and dial 911.

“My instinct was to get out,” Hoffman said.

He stumbled from the bedroom, to the bathroom, to the living room of his family’s home in Traverse City, Mich. The voice of a dispatcher must have spoken to him through his cellphone. He doesn’t recall it though. He only remembers listening to his own voice. He said the word “help” twice. It was the last thing he heard before collapsing, falling unconscious as his house continued to burn.



A growing hazard has emerged in the cloud security space that is threatening organizations from inside of their own physical and virtual walls. As employees across multiple industries continue to adopt ‘shadow cloud’ services in the workplace, organizations and managed service providers (MSPs) need to carefully monitor its effects on security and cloud-based file sharing.

The Cloud Security Alliance’s (CSA), official definition of “shadow cloud” services is “cloud applications and services adopted by individual employees, teams, and business units with no formal involvement from the organization’s IT department.”  The threat of this unsanctioned cloud usage is a potential security risk to both individuals and enterprises, alike, as the services are less protected and secured.



Monday, 02 February 2015 00:00

A Strange Diagram

I found this – and have never seen it before:


It’s a strange thing as it appears to begin at the top of the cycle with ‘Corporate responsibility’.  While I understand the definition (here’s one : Corporations have a responsibility to those groups and individuals that they can affect, i.e., its stakeholders, and to society at large. Stakeholders are usually defined as customers, suppliers, employees, communities and shareholders or other financiers. (Financial Times Lexicon)) – is it something that should be at the core of the diagram rather than part of a security management cycle?  I’m not splitting hairs here – it is about separation of process from strategy I think.  Further – shouldn’t ‘Understand the Organization’ come first?  It does for me – unless we understand the organization how can we meet our responsibilities – corporate, security or otherwise?



If you’ve ever wondered whether your data governance committee is covering the right issues, then you’ll want to read Joey Jablonski’s recent column, “12 Step Guide for Data Governance in a Cloud-First World.”

Despite the title, five of the steps are actually a great strategic discussion list for any data governance group. Jablonski says organizations should cover each of the following:



Most actuaries know about projections that go awry, so we have quite a bit of sympathy for the weather forecasters who missed the mark early this week, says I.I.I.’s Jim Lynch:

Weather forecasts have improved dramatically in the past generation, but this storm was odd. Usually a blizzard is huge. On a weather map, it looks like a big bear lurching toward a city.

This storm was relatively small but intense where it struck. On a map, it looked like a balloon, and the forecasters’ job was to figure out where the balloon would pop. They were 75 miles off. It turned out they over-relied on a model – the European model, which had served them well forecasting superstorm Sandy, according to this NorthJersey.com post mortem.



Friday, 30 January 2015 00:00

Public apathy in the path of preparedness

Responses to winter storm Juno seem to show that you cannot please the public when it comes to preparedness. In this article Geary Sikich asks whether business continuity and emergency planners are missing something when it comes to communicating preparedness with the public.

I was supposed to be in Boston presenting at ‘The Disaster Conferences’ on 28 January 2015. Well, the weather just put us out to 19 March 2015 for the now rescheduled Boston conference. I guess that they are still feeling the effects of this week’s blizzard, now named ‘Juno’; that left Boston with over 24 inches of snow. According to the Weather Channel Winter Storm Juno pounded locations from Long Island to New England with heavy snow, high winds and coastal flooding late Monday into Tuesday. The storm is now winding down. The National Weather Service has dropped all winter storm and blizzard warnings for Juno.

Snow amounts in New York have ranged from 9.8 inches at Central Park in New York City to 30 inches on Long Island. The snippets from the Weather Channel and from other news sources barrage us with the details of this latest storm:

  • In Massachusetts, up to 36 inches of snow has been measured in Lunenburg, while Boston has seen 24.4 inches. Juno was a record snowstorm for Worcester, Massachusetts (34.5 inches). Incredibly, 31.9 inches fell in Worcester on Jan. 27, alone!
  • Thundersnow was reported in coastal portions of Rhode Island and Massachusetts late Monday night and early Tuesday.



What worries chief information officers (CIOs) and IT professionals the most? According to a recent survey commissioned by Sungard Availability Services information security, downtime and talent acquisition weigh heaviest on their minds.

Information security
Due to the increasing frequency and complexity of cyber-attacks, security ranks highest among IT concerns in the workplace for CIOs; as a result more than half of survey respondents (51 percent) believe security planning should be the last item to receive budget cuts in 2015.

While external security threats are top of mind for IT professionals, internal threats are often the root cause of security disasters. Nearly two-thirds of the survey respondents cited leaving mobile phones or laptops in vulnerable places as their chief security concern (62 percent), followed by password sharing (59 percent). These internal security challenges created by employees, lead 60 percent of respondents to note that in 2015 they would enforce stricter security policies for employees.



Friday, 30 January 2015 00:00

10 Expert Tips for Better Data Storage

Better data storage means different things to different people. For some it is all about speed, for others cost is the primary factor. For many it is about coping with soaring data volumes while for some, simplicity and ease of install/use are top-of mind elements.

Whatever your opinion of what better data storage is, here are a few tips on how to improve storage in the coming year.



Robin Murphy is a leader in the field of disaster robotics, having started working on the topic in 1995 and researching how the mobile technologies have been used in 46 emergency responses worldwide. She has developed robots that have helped during responses to numerous emergencies, including 9/11 and Hurricane Katrina. As director of the Center for Robot-Assisted Search and Rescue at Texas A&M University, Murphy works to advance the technology while also traveling to disasters when called upon to help agencies determine how robots can aid the response. The center’s first deployment was in response to 9/11, which also was the first reported use of a robot during emergency response.

Emergency Management: Since 9/11, how have you seen the use of robots in disasters change?

Robin Murphy: We started out in 2001 and up until 2005 you didn’t see the use of anything but ground robots. Everything was very ground-centric, and I think that reflected the state of the technology. For years we had bomb squad robots, which were being made smaller and smaller for military tactical operations so that gave them a tool that was pretty easy to use. Starting in 2005, we saw the first use of small unmanned aerial vehicles that were being developed primarily for the military market and those were very useful. Those have really come up and, in fact, since 2011, I’ve only found one disaster that didn’t use an unmanned aerial vehicle and that was the South Korea ferry where they used an underwater vehicle. So we went from ground robots dominating to about 2005 and then we started shifting toward unmanned aerial vehicles. In about 2007, it became much more commonplace to see underwater vehicles being used. Then starting in about 2011, I think if you have a disaster and you’re an agency and you haven’t figured out a way to use a small unmanned aerial system, it’s kind of surprising.



Is there anything that can’t be connected to the Internet? For example, where I once wore a $10 pedometer clipped to the waistband of yoga pants, I now wear a $130 fitness tracker on my wrist. In the past, I just took a look at the numbers on the pedometer to see how many steps I’d taken; now I need to log onto an app on my smartphone to see how far I’ve walked and how many calories I’ve burned and even how well I’ve slept. Or, if I wanted to, I could turn on any light in the house from the comfort of my couch rather than get up and do so manually. And that’s just a small scratch on the surface of the phenomena that is known as the Internet of Things (IoT).

However, if we know that virtually everything can now be connected to the Internet, we have to recognize its corollary statement: everything that can be connected to the Internet can be hacked. That fitness tracker I’ve come to depend on? Most of the information transmitted isn’t done securely and the apps have been known to have vulnerabilities. According to Symantec, this could make my movements easy to track and make my login details easy to steal. Those smart light bulbs, according to Slate, have insecure transmitters that could share too much information. And what about the home security system you have … you know, the one you turn on and off with your smartphone?



The Business Continuity Institute is pleased to announce the launch of its new Careers Centre, providing those working in the industry with the support they need to further their career by highlighting the job opportunities available. The BCI Careers Centre will also allow recruiters to find the perfect candidate for them by offering a CV search facility.

If you’re looking for a new job in business continuity or resilience then look no further than the BCI Careers Centre. Powered by JobTarget, the Careers Centre pulls in advertised vacancies from global recruitment sites, as well as those advertised directly with the BCI, and allows users to search by position or location. The system also allows users to set up a job alert so they can be the first to see new vacancies.

If you’re a recruiter then post your job within the Careers Centre to make sure it can be seen by a wide selection of desired candidates. If you’d rather seek people directly then search through the CVs uploaded by business continuity professionals to find the one who is suitable for you, or perhaps a selection that you would like to shortlist. The BCI Careers Centre is an open site with business continuity and resilience specialists from around the world encouraged to register for vacancies.

As the Careers Centre is specifically designed to focus on roles in the business continuity and resilience industry, it might be helpful to know what industry memberships or credentials a potential employee has. If you're a member of the BCI or hold a BCI credential then this will be clearly identified on your profile. It will also be clearly identified if you are on the BCI's CPD scheme.


Big Data will bring new challenges to data governance. Succeeding will require organizations to simplify, prioritize and above all adapt as Big Data use matures.

Yesterday, I shared four Big Data governance challenges:

  • Changing data roles
  • Broader business involvement
  • Business buy-in
  • Technical challenges

Let’s look at how those success principles can be applied to the first two Big Data governance challenges.

- See more at: http://www.itbusinessedge.com/blogs/integration/a-three-step-strategy-for-tackling-big-data-governance-challenges.html#sthash.ewxFgvwx.dpuf

Big Data will bring new challenges to data governance. Succeeding will require organizations to simplify, prioritize and above all adapt as Big Data use matures.

Yesterday, I shared four Big Data governance challenges:

  • Changing data roles
  • Broader business involvement
  • Business buy-in
  • Technical challenges

Let’s look at how those success principles can be applied to the first two Big Data governance challenges.

- See more at: http://www.itbusinessedge.com/blogs/integration/a-three-step-strategy-for-tackling-big-data-governance-challenges.html#sthash.ewxFgvwx.dpuf

Big Data will bring new challenges to data governance. Succeeding will require organizations to simplify, prioritize and above all adapt as Big Data use matures.

Yesterday, I shared four Big Data governance challenges:

  • Changing data roles
  • Broader business involvement
  • Business buy-in
  • Technical challenges

Let’s look at how those success principles can be applied to the first two Big Data governance challenges.

- See more at: http://www.itbusinessedge.com/blogs/integration/a-three-step-strategy-for-tackling-big-data-governance-challenges.html#sthash.ewxFgvwx.dpuf



Business continuity and cloud file sync services provider eFolder, has announced the release of its production version of Cloudfinder for Box, a dedicated cloud-to-cloud backup, search and restore service for Box. The company rolled out the production version of the offering following Box’s (BOX) long-anticipated initial public offering last week.

The production version of Cloudfinder for Box builds on a Freemium version that was available last year.  eFolder completed its acquisition of Cloudfinder in Q3 of 2014.



(TNS) —When disaster strikes in Palm Beach County, Fla., a team of volunteers trained by county emergency managers can be deployed as the first line of defense, helping their communities with everything from search and rescue to basic first aid to putting out small fires.

They can also be called upon to distribute or install smoke alarms, hand out disaster education materials or replace smoke alarm batteries in the homes of the elderly, according to a brochure about the program.

But there's no requirement that they be subject to any kind of criminal background check.

That could change after a concerned Boynton Beach resident complained to the Florida Division of Emergency Management's Inspector General. In a report released last week, the inspector recommended that background checks be a condition of the grants doled out for the program.



Thursday, 29 January 2015 00:00

REAL ID Act Catches Up with States

(TNS) — Lawmakers are scrambling to fix a problem that could result in Idaho driver's license holders being denied entry to federal facilities nationwide by the end of the year.

The issue arose last week, when the Idaho National Laboratory began enforcing the REAL ID Act.

The act, adopted in 2005, was a response to the Sept. 11, 2001, terrorist attacks. It tries to limit the availability of false driver's licenses and identification cards by imposing detailed security requirements on states for issuing such cards.

Idaho is one of nine "non-compliant" states, meaning the U.S. Department of Homeland Security isn't satisfied with its efforts to implement the act.

Consequently, Idaho licenses and ID cards can no longer be used to gain entry to nuclear power plants, to restricted portions of the Homeland Security headquarters building or - as of Jan. 19 - to INL and certain other federal facilities (see related story, at right).



Were most of the data breaches that occurred in the first half of last year preventable? According to the Online Trust Alliance (OTA), a nonprofit organization that provides businesses with online security best practices, 90 percent of these incidents "could have easily been prevented."

And thanks in part to its recent findings, the OTA sits atop this week's list of IT security newsmakers to watch, followed by Adobe (ADBE) Flash Player, Kaspersky Lab founder Eugene Kaspersky and St. Peter's Health Partners.



Marshall Goldsmith, an executive coach to the corporate elite, is the author of the very popular book called What Got You Here Won’t Get You There. And while the title may be true as it relates to your individual career path, I have news for C-suite executives everywhere: it is not true when it comes to adopting new technology. In fact, what got you here – to your current state of success – is precisely what will get you to the next level. The problem is, as Chief Information Officers (CIO) and IT professionals, we sometimes allow ourselves to be pressured into acting contrary to what we know is the right thing to do.

Here’s what happens. A CEO approaches a CIO and says (in a nutshell), “What’s our cloud strategy? We have to get everything into the cloud.” The CEO has read the analysts, seen the marketing materials, been to the trade shows, and talked to peers. Is it any wonder that he or she comes to the CIO with an urgent “let’s-move-it-all-before-we-get-left-behind” deliverable? The cloud is the newest, latest, greatest, sexiest thing out there. It has benefits galore. Let’s get in on this. Now.



It was an unprecedented step for what became, in New York City, a common storm: For the first time in its 110-year history, the subway system was shut down because of snow.

Transit workers, caught off guard by the shutdown that Gov. Andrew M. Cuomo announced on Monday, scrambled to grind the network to a halt within hours.

Residents moved quickly to find places to stay, if they were expected at work the next day, or hustle home before service was curtailed and roads were closed.

And Mayor Bill de Blasio, whose residents rely upon the transit system by the millions, heard the news at roughly the time the public did.

“We found out,” Mr. de Blasio said on Tuesday, “just as it was being announced.”



There has been innovation in every aspect of how individuals prepare for major snow storms – everything from funky new snow removal devices to new ways of pre-treating road surfaces for anti-icing before the onset of a major storm. Now, the real promise is in taking some of Silicon Valley’s hottest technologies — the Internet of Things, artificial intelligence, crowdsourcing, renewable energy and autonomous vehicles — and using them to improve the way cities respond to blockbuster snow events such as the Blizzard of 2015:



Wednesday, 28 January 2015 00:00

Big Data: Four New Governance Challenges

Before you move forward with Big Data, you’ll need to evolve your approach to data governance, experts say.

By now, most organizations are familiar with the basics of data governance: Identify the data owner, appoint a data steward, and so on. While those concepts are still essential to data governance, Big Data introduces new challenges that will require new adaptations.

“The arrival of Big Data should compel enterprises to re-think their approach to conventional data governance,” writes Dan O’Brien for Inside Analysis. “Everything about Big Data – its context, provenance, speed, scale and ‘cleanliness’ – extends data governance far beyond traditional, rigid databases, where it’s already an issue.”

Here’s a look at the new challenges Big Data introduces:



Tuesday, 27 January 2015 00:00

The New Reality of Weather Risk

What do you do when you are responsible for the safety of town, county or state residents and forecasts call for drastic weather conditions? Risk professionals can come under criticism if they are overly cautious, yet under-reacting can mean lives are at stake.

Take the current situation here in New York, New Jersey and Connecticut. Predictions called for one- to three-feet of snow and blizzard conditions over a wide swath of the tri-state area and states of emergency were declared. Governor Andrew Cuomo of New York yesterday called for a full travel ban in 13 counties, beginning at 11:00 p.m. Those breaking the ban were subject to fines of up to $300, he said.

“With forecasts showing a potentially historic blizzard for Long Island, New York City, and parts of the Hudson Valley, we are preparing for the worst and I urge all New Yorkers to do the same – take this storm seriously and put safety first,” Gov. Cuomo said.



(TNS) — Gov. Jerry Brown’s office is urging state emergency and law enforcement agencies to take advantage of a system that uses cellphone towers to pinpoint and send alerts.

Established in 2012 through a collaboration between the Federal Emergency Management Agency, the Federal Communications Commission and the wireless industry, the Wireless Emergency Alerts system is meant to complement existing alert systems.

“The Wireless Emergency Alerts are just one addition,” said Lilly Wyatt, an Office of Emergency Services spokesperson. “It’s an additional tool that local agencies can use for public messages.”

Of the 58 counties in California, only 24 have signed up to send alerts through the system.