Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 30, Issue 1

Full Contents Now Available!

Industry Hot News

Industry Hot News (7039)

The battle over ad blockers has never been fiercer: Their popularity with consumers is skyrocketing across the globe. Ad blockers offer a better online experience and have become easier to use. But consumers like them as a way to protect their privacy and their data from being misused. Firms increasingly think that their best bet is to block the blockers. But a recent study has shown that this strategy is just a losing game, as it has contributed to the deep decline in traffic figures. And the problem doesn’t end there; the EU recently made its voice heard by saying that blocking ad blockers is a practice that breaches EU privacy rules.

But what about your customers? If you use ad blockers, just think of the last time you wanted to check out an article online but were asked to uninstall your ad blocker first or, possibly worse, to fill in your details to “freely” enjoy your read.



How well do you know the cloud?  What are the roles and responsibilities of the companies that provide cloud services? What part does the state or local government IT organization play when it comes to cloud technology?

These questions and others were at the center of a panel discussion at the Florida Digital Government Summit held May 12 in Tallahassee. During the 90-minute session, Florida’s Chief Technology Officer Eric Larson and two private-sector representatives weighed in on the four most important considerations and steps that need to be made before diving headlong into cloud migration.


We’re used to hearing that security is the biggest bugaboo holding back greater migration to the cloud. Internet security concerns are said to be so acute that it’s widely accepted as an axiomatic truth.

But it’s time to revise that argument.

Digital security still rates as an important issue in any discussion about whether to migrate an enterprise’s data to the cloud. But enterprises have warmed up to cloud computing to the point where their biggest challenge now is actually finding enough people who have the necessary technical backgrounds to keep their cloud systems up and running.



Thursday, 19 May 2016 00:00

Joplin Study Spawns Code Recommendations

Though building codes for schools and a range of other structures provide for protection of winds up to 115 mph, that’s not nearly enough to protect against a strong tornado like an EF4, an EF5 or even an EF3. In fact, building codes don’t even mention tornadoes unless discussing a safe room or shelter.

That has to change, and building codes and standards need to acknowledge tornadoes and the difference between straight speeds and the variables of wind presented by tornadoes. That is one of the 16 recommendations that resulted from a National Institute of Standards and Technology (NIST) study of the May 2011 tornado that killed 161 and damaged more than 7,500 structures in Joplin, Mo.

The tornado was the deadliest since the first records were kept in 1951, hence the study to determine what factors contributed most to the death and destruction. The NIST team, led by Marc Levitan, looked at four key factors that contributed: storm characteristics; building performance; human behavior; and emergency communication.



Thursday, 19 May 2016 00:00

Global Warming of Data

Eric Bassier is Senior Director of Datacenter Solutions at Quantum.

It already reached 90 degrees in Seattle this year. In April. I’m not complaining – yet – but I’m definitely a believer that global warming is happening and that we need to make some changes to address it. But this article isn’t about climate change – it’s about data. Specifically, it’s about the growth of unstructured data and the gloomy fate ahead if we continue to deny the problem and ignore the warning signs. Sound familiar?

It’s hard to argue with the evidence of unstructured data growth. Estimates and studies vary, but the general consensus is that there will be 40-50 zettabytes of data by the year 2020, and 80-90 percent of that will be unstructured.



Thursday, 19 May 2016 00:00

Building Scale into the Private Cloud

If all things were equal between the private and public cloud, few enterprises would migrate their workloads to public infrastructure. All things are not equal, however, so IT executives are constantly weighing the security and availability concerns of the public cloud with higher capital costs and lack of scale on the private side.

But while public providers have made a lot of noise touting their improved encryption and service reliability, an equally strong movement is brewing to make private cloud infrastructure more scalable, easier to deploy and less expensive.

The private cloud requires private infrastructure, of course, so deploying resources at scale remains a key challenge. (Yes, hosted is an option, too, but I’m talking about true in-house private clouds.) This is why emerging platform providers like Tintri are pushing the envelope when it comes to deploying hefty resource architectures without crushing the budget. The company’s new VMstore T5000 All-Flash Series appliance supports upwards of 160,000 virtual machines and can be outfitted with SaaS-based predictive analytics and other tools to enable advanced capacity and performance models to suit Apache Spark, ElasticSearch and other Big Data engines. And as is the company’s modus operandi, the system scales at the VM level rather than the LUN level to enable greater flexibility when matching resources to workloads.



(TNS) - With one expert calling Zika the “the virus from hell,” health officials warned state lawmakers about the spread of the Zika virus across the state and offered their insights on possible response measures in case of an outbreak.

John Hellerstedt, commissioner for the Department of State Health Services, warned that the virus is expected to begin spreading as prime mosquito season nears.

“We don’t know when and we don’t know at what level that will occur,” Hellerstedt said.

In response to the growing number of Zika cases in Texas in recent months, Tuesday afternoon lawmakers met to discuss what is being done in the state to prevent an outbreak of the virus.



Considering the number of threats that organizations face today, it may be surprising to learn that the majority of companies are not prepared for a business-affecting emergency. Unfortunately, it’s true: The Disaster Recovery Preparedness Council found that nearly three quarters of organizations worldwide aren’t properly protecting their data and systems.

The potential consequences of not having a business continuity management program are extremely grave. Consider the many risks that your company faces: network outages, natural disasters, active shooter events, data breaches and more. However, if your organization doesn’t take business continuity seriously, you’re facing even greater risks, including the following:



The Business Continuity Institute - May 19, 2016 16:57 BST

The theme for Business Continuity Awareness Week is return on investment and the discussion has mainly focussed on the investment in business continuity processes, but what about the investment in those people working in the industry? Does this provide any return? It certainly does for the individual according to the latest research by the Business Continuity Institute, which examined the salaries of business continuity professionals from across the world, and made comparisons between different demographics or factors.

The key finding from the Global Salary Benchmarking Report was that BCI certified members, those who have achieved one of the world’s leading credentials in business continuity, earned more than their non-certified colleagues by up to 30%. In Europe the figure was 30%, while in Australasia and North America it was 18%. This helps demonstrate the value of investing in your career, as ultimately those with the appropriate certifications receive greater remuneration.

The findings of the report also indicated a gender pay gap, with female business continuity professionals in Europe being paid a staggering 37% less than their male counterparts, while those in North America received 19% less. Of course there may be a number of variables that contribute to this, but the fact remains that there is a significant salary imbalance between men and women.

Patrick Alcantara DBCI, Senior Research Associate at the BCI and author of the report, commented: “The report identifies that business continuity professionals must consider the investment in their own career. By attaining the credentials relevant to their role, and investing in their education, they can improve their career prospects and reap the benefits when it comes to remuneration.

It must be noted as well that significant variations still exist between salaries for men and women. This is something that the business continuity community can help change consistent with the principle that equal work deserves equal pay.

In addition to the Global Report, the BCI has also produced reports for several countries and regions across the world, and these can be found using the links below.

Asia | Australasia | Australia | Europe | North America | United Kingdom | United States

The Business Continuity Institute - May 18, 2016 17:04 BST

The figures are well rehearsed:

  • 80% of businesses affected by a major incident close within 18 months
  • 90% of businesses that lose data from a disaster are forced to shut within 2 years

And yet it’s somehow unsurprising to find that few SMEs consider business continuity a priority.

Why do businesses avoid crucial planning?

The reasons aren’t hard to find. Apart from total disaster junkies no one particularly likes to think about crises and for most SMEs just surviving is a daily struggle. Keeping all the plates spinning in the air requires 100% attention, who is going to slice out even 1% just to consider a bunch of scary ‘what if’ scenarios?

But perhaps someone senior in your organisation feels the extra effort should be made – perhaps that person is you. What then? Well if potential crisis scenarios are scary then so is the prospect of dealing with business impact analyses, risk assessments and the whole task of writing a business continuity plan. Even the jargon is intimidating particularly for someone with little or no business continuity experience or training.

Large companies employ business continuity specialists, many have a whole dedicated department or can afford to employ outside contractors to help with writing and testing plans. Not an option for most SMEs.

In addition, resilience implies at least some form of contingency - for example a recovery site - and how many businesses can afford duplication when the boss is always trying to find ways to cut costs, not increase them.

The financial case for business continuity

The tried, tested and not always successful counter argument goes like this. If it seems like a lot of time, effort and expenditure to adopt business continuity practices, the cost of these will be as nothing compared to the cost of enduring a catastrophe and its aftermath without a plan.

It can be a persuasive argument, but so can: “Yes I agree, but right now we don’t have time for that, because just in case you haven’t noticed we’ve got 300 orders to get out, Acme Suppliers have just told me they can’t deliver until Thursday, and the wage bill needs to be met at the end of the month.” That can be a pretty persuasive argument too with the result that resilience gets kicked into the long grass.

But here’s the cruel paradox. Big businesses can often withstand a crisis; they have the money, the expertise and plans in place to deal with disruption. SMEs are far more vulnerable and business disruption, even for just a few days, can be terminal given their limited resources and manpower.

Business continuity and business as usual

So what can SMEs do to become more resilient? If the money and effort to produce and test a business continuity plan is either too much to ask or more realistically just not going to happen then what about building business continuity into business as usual? It might also lead to a more efficient workplace.

Instead of writing a BC plan, what about documenting workplace procedures, suppliers, inventories, equipment maintenance along with contact details for staff and external stakeholders? And talking of external stakeholders what about developing key stakeholder templates? Why is this person/company important to us, what services do they provide or what services do we provide them? Add contact details and names and you have a useful document that can be beneficial anytime, not just in an emergency.

Moving things forward

Inventories should include all the equipment your firm needs to get the job done and that even applies to very small businesses that operate from peoples’ homes. If you make a list of all your personal items for insurance purposes, you will likely do the same for computers and other business equipment. Have this list available so if the equipment is lost (perhaps your office is flooded) you know exactly what you need to get back up and running. Keeping that list current will also mean your list of insured items is easily updated.

Personnel changes can cause problems for small firms where far fewer people are available to fill gaps or be promoted. Staff training time will likely be limited so why not document office procedures and job descriptions including roles and responsibilities? Then if crisis strikes and key employees are not available – perhaps they are ill or on holiday – you at least have a clear indication as to what their jobs entail should other staff have to fill the vacancy or new staff are hired on a temporary or permanent basis. Once again you are streamlining office efficiency and will have information in place that will help during an emergency.

What about office security? A couple of years ago UK civil servants seemed to leave laptops on trains and in restaurants with bewildering regularity. That trend seems to have diminished but often a very light touch is displayed when it comes to information security. Once again your office document should include all the encryption and protection protocols your staff are expected to follow.

The same goes for IT back up, particularly now when even smart phones carry huge amounts of sensitive work related content. In many cases procedures for protection and storage have not kept pace with available technology. Make sure yours are up to date and documented.

Small steps with big impact

Writing a document setting out work procedures and job descriptions should not be intimidating for those involved in business. There need be no scary and little understood jargon and will not cost a fortune to produce – just the time taken by those tasked with it’s implementation. The one caveat is that this is a live document and will need constant updating - so someone will have to grasp that nettle and make sure it is reviewed on a monthly basis. If it’s well written in the first place that shouldn’t take too long.

Resilience can seem like a giant step for many small businesses, but good office management should be achievable by any dynamic and well-intentioned SME. Document it and you may not have a full blown BC plan but you’ll have the next best thing, which may well help your business run more efficiently in normal times and might just save your bacon in a crisis – now that’s what I call a return on time invested.

This email address is being protected from spambots. You need JavaScript enabled to view it." style="color:#3d9bbc">Jim Preen is a Senior Consultant at Crisis Solutions

(TNS) - In a training exercise, the Frederick County Health Department practiced distributing medication to the public last week in a scenario in which thousands may have been exposed to aerosolized anthrax.

According to Barbara Rosvold, director of public health preparedness at the county health department, the drill went smoothly.

The practice scenario involved a widespread release of anthrax through the air, though the department did not specify a pretend source for the release.

In the scenario, the anthrax was detected by a sensor in Washington, D.C., necessitating an emergency action plan in the surrounding areas, Rosvold said.



Wednesday, 18 May 2016 00:00

HDD vs SSD – which lasts longer?

Many comparisons can be made between a Hard Disk Drive (HDD) and a Solid State Drive (SSD); cost, speed, data storage capacity – there’s no end of areas to consider. However in this post, we’ll be looking specifically at the durability of HDDs and SSDs to assess if there is any difference in life expectancy between the two data storage types.

Physical failures

It’s important to firstly note that any life expectancy figures for HDDs and SSDs alike cannot be 100% guaranteed. These estimates assume manufacturer’s recommended environmental conditions and do not take into consideration extremes of temperature, humidity and physical mishandling. In fact, out of almost 2000 devices surveyed between January and March 2016, at least 30% had sustained some form of physical damage to cause the media to stop working and/or cause data loss.



Moving security operations away from your security team? This may sound counterintuitive, but it’s something that we see happening more and more. Nimmy Reichenberg explains why this is happening and highlights the advantages of the approach.

Escalating security requirements, the growing risks of breaches and outages, and the shortage of skilled and experienced security staff is forcing businesses to find new ways to make more efficient use of their security specialists. As a result, organizations are directing their security teams to focus on protecting the network from external and internal threats, and increasingly handing over operational tasks to other areas of IT.

I see this as a positive development. However, for this transition to be successful, there are certain processes and conditions that need to be in place first.



Wednesday, 18 May 2016 00:00

Plan the Test, Test the Plan

If your organization has an Emergency Notification Service (ENS) in place, it’s already taken an important step toward communicating faster and more effectively in critical situations. But, if the solution is not routinely “touched,” or better yet, tested, you could still be at risk in an actual emergency. Consider the following recommendations from Send Word Now to create a full and repeatable test cycle, ensuring your alerting readiness.

Set a regular testing schedule and stick with it – It’s important to test your ENS on a regular basis. Test your system frequently with a small group of administrators or other participants. Conduct widespread exercises at regular intervals throughout the year to ensure recipient familiarity with notifications and procedures. As a BC professional, you’ll appreciate the peace of mind that comes from knowing your solution is working and your people know what to do.



(TNS) - Wichita County officials met with local members of the American Radio Relay League (ARRL) and Texas Amateur Radio Emergency Service (TARES) to hash out some regulations about control of radio networks during emergency weather situations.

County Judge Woody Gossom said ARRL regional members decided to realign the system to have SKYWARN be the parent network of a controlled network rather than a closed one.

Local ARRL member Charlie Byars said in a previous article that a repeater is normally open to all ham radios, but is closed to unauthorized users during severe weather events. He explained that they would take a emergency report, such as a tornado sighting, and refer the information to the National Weather Service.



Business Continuity Awareness Week is upon us and this year the core focus is on a topic close to my heart – Return on Investment. This is a very important area that can be easily overlooked or lost in the activity of running your day to day business continuity or resiliency program. Having clearly defined value drivers for your program outside of the normal areas of RoI can not only help you drive awareness, but also help you gain buy in from other business units.

So how does this relate to using a mass notification platform? Put simply – give your notification system a day job. That day job can be a natural fit like the time sensitive and critical nature of IT alerting, or something less obvious – some examples of these may be:



Wednesday, 18 May 2016 00:00

FEMA: Hurricane Season Approaches

PHILADELPHIA - As the 2016 Atlantic hurricane season approaches, FEMA Region III continues to proactively work with its state, local, and federal partners to increase preparedness, coordinate response and recovery capabilities, and empower individuals to take an active role in preparing themselves, their families, and their communities.

The Atlantic hurricane season starts on June 1, 2016 and lasts until November 30; the greatest potential for storm activity is the months of August and September. A great time to begin planning for hurricane season is Hurricane Preparedness Week, designated May 15 – May 21, 2016.

Everyone should take time to ensure that their family, household, and workplace is properly prepared for a potential hurricane or tropical storm. “It only takes one storm to severely impact a community and disrupt our way of life,” stated FEMA Region III Regional Administrator MaryAnn Tierney. “We encourage everyone to prepare and plan for hurricanes and to be informed of what their risk may be.” It takes all of us, as individuals, families, communities, organizations, and as members of the whole community, to prepare for hurricanes and the potential hazards associated with them.

Residents should interact with their local emergency officials and stay informed of their risk and the potential dangers of a hurricane or tropical storm. By engaging with your local officials, citizens gain valuable insight, lend input, and develop relationships for planning and communications before a storm. 

FEMA recommends that everyone have enough supplies to last for several days. Emergency supply kits should include essential items like bottled water, a battery-powered radio, flashlight, batteries, medicines, toiletries, non-perishable food items, manual can opener, and first aid supplies.

When planning, think about the potential needs of everyone in the household during an emergency. If your household includes pets, a person with a disability, an infant, or a senior citizen, be sure to take the necessary steps to assist and make them comfortable during an emergency, in addition to having any necessary documents or medications on hand.

For more preparedness information, visit fema.gov, ready.gov, and nhc.noaa.gov.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Stay informed of FEMA’s activities online: videos and podcasts are available at fema.gov/medialibrary and youtube.com/fema. Follow us on Twitter at twitter.com/femaregion3.

(TNS) - When Ryan Blythe leased space for his glassblowing shop in Seattle’s Georgetown neighborhood, he saw a rugged industrial setting that could double as an elegant gallery.

When Seattle building officials looked at his permit application, they saw something else: the most dangerous type of structure to be in during an earthquake.

The Julius Horton building, built in 1914, is like many of its vintage. Its brick walls aren’t bolted to the floors and ceilings. It has withstood past quakes, but they have been mild compared to what seismologists expect: A magnitude 9.0 monster that hits with 2,000 times the power of Seattle’s last major earthquake, toppling walls, dropping ceilings and sending bricks flying with deadly effect.



Wednesday, 18 May 2016 00:00

Contemplating … value vs ROI

Sometimes, often actually, I get worried about the BC industry’s habit to try and redefine commonly understood business terms to mean something different.

Take ROI as an example.

It stand for “Return on Investment”. You can read about it on Wikipedia and there would be little to surprise business folks in that article.

Simply it is a measure of revenue, gain or net profit that flows from an investment. It is used as a tool to choose between different investment options.



The changing scope and scale of disasters, both natural and technological, have altered the ways in which disaster management and financing are addressed and the roles of private-sector organizations specifically. Businesses and nonprofit organizations are increasingly central to the process, offering critical support in immediate disaster response but also contributing necessary redevelopment funding that supports community recovery. Although these new expectations position the private sector as a key leader in community resilience, these responsibilities have not been fully met with established guidance or clear metrics for how and when these organizations should participate in disaster recovery and financing.

This perspective examines key issues confronting the private sector in disaster recovery financing, what roles private-sector entities have played, and where there has been successful integration or leadership of these organizations. The perspective also briefly explores challenges that the private sector faces, with particular attention to issues of information use and application, coordination in response and recovery, and timing of funding. Given continued data gaps in this field, the authors offer opportunities for research and policy analysis.



The Business Continuity Institute - May 18, 2016 12:45 BST

Mobile, social, cognitive and the Internet of Things—technologies like these are reshaping business, improving client engagement and making employees more productive, flexible, and responsive. Our growing reliance on 24/7 availability also puts us more at risk every day and increases the impacts of an outage. In this always-on, connected world, 'recovery' is no longer acceptable. We now have to think in terms of operational resiliency – which requires continuous availability – or always-on.

A few years ago, there was room for a delay in IT recovery. Businesses could operate and perform functions manually for a short period of time. With more integrated, complex systems relying solely on accurate and available electronic processes and data to perform well, that luxury has rapidly dissolved. Without systems and applications up and running, day-to-day business processes cannot be performed with growing impact to businesses across all sectors:

  • Significant Revenue Loss - A retailer’s website goes down and thousands of customers move their loyalty and ongoing purchasing to a competitor.
  • Health and Human Safety - A healthcare provider cannot access the Electronic Medical Records data required to treat a patient.
  • Regulatory Compliance - A bank is hit with a cyber attack and customer records are compromised.

The State of Disaster Recovery hasn't kept up

Today, business continuity/disaster recovery professionals are faced with increased challenges to maintain continuous availability of critical business processes - complex technologies, more interdependencies across critical systems and cyber attacks to name a few - all increasing your day-to-day business risk. At the same time, businesses are under high pressure to return ROI, improve spending on day-to-day business operations, customer services, and IT innovations, making the business case for 'disaster recovery' investment more difficult than ever.

Time for a new paradigm - Time to shift your thinking to operational resiliency

According to Gartner, operational resilience is a set of techniques that allow people, processes and informational systems to adapt to changing patterns. It is the ability to alter operations in the face of changing business conditions. Operationally resilient enterprises have the organizational competencies to ramp up or slow down operations in a way that provides a competitive edge and enables quick and local process modification.

The shift to operational resiliency requires a more holistic view of business continuity, across all levels of the business. With more complex, integrated technologies driving business operations, it requires that resiliency be built in to the day to day operations of your business - in such a way that also provides the 'recovery' elements in the event of a disruption built into the standard business process.

Three keys to operational resiliency

Operational resiliency means having an end to end resiliency program that is embedded into the enterprise, can significantly absorb risks while you innovate and reinvent the way you do business. For operational resiliency, your business must have:

  • Rapid access to data and compute capacity
  • Automated workflows and responses, moving from paper-based to automated incident recovery
  • Communications capabilities across all channels – the first line of defense to any incident is seamless, realtime communications

I don’t have to tell you that the role of BC/DR professionals is rapidly evolving – and it is an exciting time for us to create lasting and significant impact to business. To remain relevant, you must shift your thinking to operational resiliency and achieving this means exploring new technologies that build resiliency in to every level of your business. Join my webinar on the 20th May as we explore how new operational resiliency capabilities can deliver new value to your business to support both daily interruptions to business process as well as preparing you for disaster outages.

Margaret Mills is an Associate Partner at IBM Resiliency Services

The Business Continuity Institute - May 18, 2016 09:58 BST

What is the return on investment of business continuity? How do you justify to top management any investment in business continuity? It's a tough question. If a disruption does occur, then clearly having a business continuity plan will demonstrate significant value, as it will help you manage through the disruption. But what if a disruption hasn’t occurred? How do you justify the expense to someone who thinks of it purely as an overhead?

This is the theme for Business Continuity Awareness Week, and to help demonstrate the value that business continuity has to the organization, the Business Continuity Institute has published a new paper that highlights some of the added benefits. Combining a mixture of research and case studies, ‘Business continuity delivers return on investment’ explores some of the main returns including:

  • Business continuity helps organizations obtain lower premiums for business interruption and supply chain insurance.
  • Business continuity enables organizations to realise increased efficiencies which may translate to decreased business costs, avoiding costly overlaps and duplication of work as well as streamlining preparation efforts related to compliance.
  • Business continuity facilitates contract negotiations with customers and suppliers, increasing transparency and raising governance standards.

The paper makes it clear that business continuity significantly contributes towards optimising organizational performance. Indeed, it is not just an overhead, it is an investment for a better organization.

Click here to download Business continuity delivers return on investment.

Plummeting oil prices, natural catastrophes and political disruption in a borderless business environment are some of the threats to the resilience of countries that can impact supply chains, according to the 2016 FM Global Resilience Index, which aggregates data to help companies identify their key supply chain risks. The Index ranked the resilience of 130 countries to supply chain disruption based on drivers in three categories: economic, risk quality and supply chain factors.

This year’s top-rated country, Switzerland, traded places with Norway—a reflection of Norway’s drop in oil revenue at a time of falling crude oil prices. Rounding out the top 10 in the Index, in descending order, are Ireland, Germany, Luxembourg, the Netherlands, the central United States, Canada, Australia and Denmark.

The lowest-ranked country in 2016 is Venezuela (ranked 130) for the second year in a row. It is followed in ascending order by the Dominican Republic, Kyrgyz Republic, Nicaragua, Mauritania, Ukraine, Egypt, Algeria, Jamaica and Honduras.



The second, slightly subtler but possibly more important, is that employees working with their favourite devices tend to be more productive. On the other hand, mobile security issues may keep IT managers awake at night.

What might help them to sleep better is to consider that a psychological element of BYOD might be helping to improve security, instead of hindering it.

People who use their own, personal devices for work are less likely to do something ill-considered on those devices than on a device issued by their employer, according to a recent survey. After years of employers beseeching employees to treat company property “as if it were your own”, BYOD has employees doing just that, at least for computing devices.



have never let my schooling interfere with my education – Mark Twain (unverified).

Everything has its limit–iron ore cannot be educated into gold. – Mark Twain (verified)

Board members believe they know what they need to know. That is why they were asked to serve on the board. Unfortunately, like many issues today, confidence does not mean competency.

Corporate boards are increasing their focus on compliance issues. Unless a board member has prior experience in the field, the board has to be trained on compliance and has to “learn” how to oversee and monitor compliance issues. As I use the term “board,” the focus is on the specific board committee responsible for oversight of the compliance function.

The Chief Compliance Officer has an important role in this process. The CCO has to recognize the importance of the “teaching” moment. Every piece of compliance information has to be subject to a test – “what is the importance of this information” to oversight and monitoring of a company’s compliance program.



State Offers Ideal Environment for Data Centers

Texas continues to be one of the best states in the country for business. With the lowest per capita tax rates in the nation, cutting-edge infrastructure, excellent schools, and a skilled workforce, many corporations are relocating to Texas. Importantly, the unemployment rate in Texas was 4.4 percent for February 2016 and has been at or below the national rate for 110 consecutive months.

Texas’ transportation infrastructure enables easy movement of commercial goods. The state hosts 26 commercial airports, 46 freight railroads, 11 interstate highways, and 624 miles of coastline with 16 ports of call.



Late last year, Gemalto released a report that found that the health care industry leads the way in data breaches. As Healthcare IT News reported then:

The key finding is perhaps that the healthcare industry had 34 percent of its total records breached, amounting to 84 million data records compromised, the highest rate of any industry. Government accounted for the second highest rate of breaches at 77.2 million records lost, or 31.4 percent.

I bring up last year’s numbers because a new report from Ponemon Institute shows the seriousness of cybersecurity failures in the health care industry. According to the study, an overwhelming number of health care organizations  – 89 percent – admit they were the victim of a data breach, and half of those attacks are caused by cybercriminals, an increase of 5 percent from last year’s report. The other half are from the usual suspects – employee mistakes, stolen or lost devices, and third-party issues.

Also, we’re seeing that the health care organizations continue to struggle with security issues even after they’ve been breached: Seventy-nine percent of organizations claim they have been breached twice and nearly half said there have been multiple breaches.



Data center design and construction has been pushing through a number of barriers lately, a product of virtualized infrastructure and the prevalence of high-speed connectivity to remote areas of the globe.

But as increased reliance on cloud computing leads to greater deployment of hyperscale infrastructure, it is hard to see how some of the more far-out designs will make a significant impact on the broader data ecosystem going forward.

Microsoft made a big “splash” (sorry) earlier this year when it deployed a submersible data center at Cal Poly Pier in the San Luis Obispo (California) Bay. The 10x7 foot capsule weighed about 38,000 pounds, according to the local Tribune newspaper, and had relatively modest computing capabilities, roughly equivalent to 300 desktops.



We now live in a data-driven world, where everything we do creates data or is based on decisions informed by data.

From the way we use the heating in our homes, through to the information pilots flying planes across the world can receive, it is omnipresent in almost everything we do. Despite this, the changes have been minimal for many in terms of their daily lives.

In the business world though, the use of data has had a huge impact, revolutionizing several industries and changing the face of many others. Below, we look at three of those that have had been impacted the most.



To remain competitive in an increasingly competitive world, it is important to continually seek opportunities to boost operational efficiency, reduce expenses and improve the bottom line. Within every corner of business, improving efficiency is a never-ending journey.

As a significant capital investment, data centers are often under the microscope when it comes to improving performance. Within the industry, there is little doubt that data centers need to run as efficiently as possible to avoid tying up valuable (and often, unnecessary) company resources. In our business, we talk to data center managers every day and hear from them about their successes and frustrations when it comes to improving data center efficiency. It is evident from these conversations that there are five key areas where improvements can be made. Most importantly, these areas don’t require a lot of internal bandwidth but if done right, will go a long way towards an optimized data center.



RIDGELAND, Miss. — Disaster survivors in Mississippi who apply for assistance with the Federal Emergency Management Agency and are referred to the U.S. Small Business Administration are advised to submit an SBA loan application to ensure that the disaster recovery process continues.

If you are a homeowner or renter and SBA determines you cannot afford a loan, you may be considered for FEMA’s other needs assistance program, which provides grants for disaster-related medical and dental care, funeral costs and vehicle repairs. Survivors may also be eligible for assistance from other organizations.

There is no requirement to take out a loan if one is offered from SBA.

Next to insurance, SBA is the primary source of funds for real estate property repairs and replacing lost contents following a disaster. Renters and homeowners alike may borrow up to $40,000 to repair or replace clothing, furniture, cars or appliances damaged or destroyed in the disaster. Homeowners may be eligible for low-interest loans up to $200,000 for primary residence structural repairs or rebuilding.

May 24, 2016, is the last day survivors can register with FEMA and apply for SBA disaster loans for physical damage.

Loan applications may be submitted online at https://disasterloan.sba.gov/ela/ or mailed to:

U.S. Small Business Administration

Processing and Disbursement Center

14925 Kingsport Rd.

Ft. Worth, TX 76155-2243

For additional information, contact the SBA Disaster Assistance Customer Service Center at 800-659-2955 or TTY 800-877-8339, email This email address is being protected from spambots. You need JavaScript enabled to view it. or visit sba.gov/disaster.

Survivors with questions regarding the FEMA application or appeal process, or who need to register for assistance, can go online to DisasterAssistance.gov or call 800-621-3362 (voice, 711 or relay service). (TTY users should call 800-462-7585.) The toll-free lines are open 7 a.m. to

10 p.m. seven days a week. Multilingual operators are available.

For more information on Mississippi disaster recovery, visit www.fema.gov/disaster/4268 and www.msema.org.


FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-3362 (voice, 711 or video relay service). TTY users can call 800-462-7585.

The U.S. Small Business Administration is the federal government’s primary source of money to help business of all sizes, private non-profit organizations, homeowners and renters rebuild and recover after a disaster. SBA low interest disaster loans repair and replace property losses not fully compensated by insurance and do not duplicate benefits of other agencies or organizations.

US data center REITs reported record leasing for the year’s first quarter, attributing their success primarily to a digital land grab by public cloud giants, who are racing to expand capacity.

The biggest data center providers are now operating in uncharted waters. The rising tide of public cloud deployments, combined with the paradigm shift in enterprise IT toward hybrid architectures, which combine cloud services with colocation, has created a perfect storm of demand for providers.

According to Equinix CEO Steve Smith on his Q1 earnings call, “Interconnection-oriented architectures represent a fundamental shift away from centralized, legacy enterprise IT models to distributed and dynamic models.”



The Business Continuity Institute - May 17, 2016 10:43 BST

Resilience professionals around the world… you are a victim of your own success! If your business is resilient (whether by effective planning or pure luck!) you will find that it becomes increasingly difficult to capture the imagination (and attention) of your boardroom.

“It’s just a shame we haven’t had a big incident recently isn’t it?”

Working in what is often considered as a loss centre is tough…I can’t count how many times I have heard that sympathetic statement from senior management when resilience isn’t getting the attention it deserves. Although I remember all too well being flavour of the month during floods, IT failures and employee walkouts. My mobile and inbox were buzzing from virtually all levels of the organisation.

Following those incidents, I would often refer back to them to reinforce the message of resilience and maintain our leadership buy in (usually until about a year later by which point the next hot topic or initiative is in full force). The business memory is incredibly short term in my opinion. You can spot the changes as they happen. The glazed look from the management during briefing sessions, the unattended meetings, and the un-responded emails. Keeping the business on board with resilience activities in peace time is for me one of my long-standing challenges. How do we go about demonstrating value and benefit?

I’ve experienced (and adopted) a few different ways when trying to promote value. Over the years I have tried to combine them all to produce a ‘resilience reporting dashboard’ which at the very least makes it a good start. However, it still feels to me like it needs to evolve to the next level. I’ve explained each approach individually below to show you how I arrived at my recent attempts.

1. The output approach

I assume like many of my peers I have this typical default approach / bad habit which often tends to focus on the overall work undertaken and the ‘effort’ involved. I would regularly report the following to leadership:

  • Number of desktop exercises undertaken
  • Number of call tree cascade tests
  • Number of work area recovery tests
  • Number of crisis management simulation events

More often than not there would be a huge amount of engagement time, document reviews, planning workshops and subsequent output for each and every one of those bullet points, literally hundreds of hours of work. However, what does that really tell the leadership? It would appear to be very little in my opinion.

2. The risk approach

I then took a slightly different approach, deciding to focus on key risk indicators (KRIs). I would regularly report to leadership and rather than highlight effort I would flag if something wasn’t done and comment on the risk of not doing it. For example:

  • Percentage of desktop exercises undertaken against monthly target
  • Percentage of call tree cascade tests undertaken against monthly target

I suppose really all I was doing here is just the opposite of activity reporting and with a monthly target installed. It is useful insofar as highlighting what hasn’t been done but it really doesn’t go any further in explaining to the business the real value.

3. The speed and efficiency approach

In another organisation I’ve tried to focus on performance to help demonstrate value (more specifically incident management with this one). I would report monthly into a senior management team on things like

  • Increasing speed of response
  • Reducing the time taken to close an incident
  • Reducing time taken to establish root cause
  • Reducing time taken to implement corrective actions
  • The leadership did seem to like this method because they like tend to like anything done fast at the best of times, however it still doesn’t necessarily capture much value.


Unfortunately, the concept of value is frequently linked to, and mistaken for ROI (return on investment). This is a widely used business term in which a calculation is made based on the overall expenditure of a product/service/system against its potential or actual financial yield. However, resilience activities are an overhead or at the very most an unofficial insurance policy. But what if it never happens? It’s just a shame you haven’t had a recent incident eh?

Ultimately anyone can report on output, efficiency and risk if you combine the above methods and you can find someone willing who is half decent at PowerPoint and Excel. However, capturing ‘value’ is an extremely difficult thing to achieve. The term itself is subjective and will often depend on your sector, the organisations risk appetite, your C-suite sponsors background and interest among many other different factors. I personally haven’t arrived at the next level but I’d be ready and willing to thrash out a few ideas with anyone who wanted to!

It’s been nearly a year since Rackspace announced Fanatical Support for Microsoft Azure, which we launched to assist customers who want to run IaaS workloads on the powerful Azure cloud, but prefer not to architect, secure and operate them firsthand.

Our launch of this offering marked an important expansion of our strategy to offer the world’s best expertise and service on industry-leading technologies, and is a natural progression of our 14-year relationship with Microsoft.

As momentum continues to build with our Azure customers here in the U.S., we’re now pleased to offer the same service and support to an even larger customer base, with the Unlimited Availability launch of Fanatical Support for Azure across our European regions: UK, Benelux and DACH.



The Business Continuity Institute - May 16, 2016 15:11 BST

This year’s Business Continuity Awareness Week theme got me thinking about what return on investment means to me. The question of what business continuity is worth to an organization has been around for at least as long as I have been practising and probably longer. When I first got into BC in 1989, the major Canadian Bank I was working for had recently concluded a huge initiative to build a second data centre, at a cost of $20 million, a tidy sum in those days. With the creation of a second site, built explicitly to house Development and provide disaster recovery for technology, the focus shifted to business recovery and the development of unit plans to address disruption of business functions.

I was not involved in the original cost benefit analysis to justify investment in a state-of-the-art, oversized data centre, featuring lots of redundancy throughout its infrastructure. But I do recall from subsequent discussions that management had no trouble convincing the Board that the outlay was well worth it, just to mitigate the obvious risk of having all systems housed in a single facility without back-up. There was no risk department in those days, so the decision to proceed was not a formal outcome from a risk assessment, just top management applying sound business judgment.

Fast forward a few years and I was now working for a new company providing data processing for multiple banks. Having started off with multiple data centres, thus providing layers of redundancy, the company’s mission was to save money by closing down as many of them as possible and achieving economies of scale to improve the bottom line. That cost benefit analysis must have seemed highly attractive, from a profit standpoint, but what went missing in the strategy was a risk-based perspective on how the downsizing initiative was progressively compromising recovery capabilities. The ultimate irony struck in 1999 when the company decided to downsize its head office staff by 10 per cent in one swipe, to provide expense relief and improve its bottom line, for its owner banks. So my whole department of three was made redundant – no more business continuity function! Simultaneously it was a humiliation and a silver lining. Who wants to work in a company with such narrow vision?

Ever onwards... a few years later still I was working for a financial utility providing clearing and settlement for the exchanges and securities industry. By now, BCM was squarely aligned with risk and top management understood. Investment in good DRP and BCP was a given and under heavy regulatory scrutiny, we were continually seeking improvements. What a joy to work in a company where 2-hour RTO and synchronous data mirroring (0 RPO) were embraced as smart business practices.

Soon after I arrived there, we experienced one of the biggest power failures ever in North America. On the 14th August 2003, an area 1,000 miles wide and a population of 50 million lost grid power on a hot summer afternoon. Happily for us, the failure occurred 11 minutes after completion of the daily settlement cycle, so $250 billion of payments were safe and sound. Two immediate observations: our diesel generators (data centre and office) did their job, so all critical equipment and key business staff remained functional. Had the failure occurred earlier, before the deadline, we would probably have been alright anyway, perhaps experiencing a minor delay in completion of the settlement.

Even though we avoided major impact from that disruptive event, thanks to smart investment in power redundancy and lucky timing, I was embarrassed years later when a Toronto newspaper published a supplement on disaster recovery and featured my experience as a lead story. Front page headline: “Rising from the Blackout.” Sub-title: “How Des O’Callaghan saved his company – and billions of dollars – in the power outage of 2003 with business continuity planning.”

In the inside article “Keeping your cool in meltdown mode,” I received undeserved plaudits for how the incident was handled. The truth is the main reasons we were unscathed were decisions previously made to invest in risk mitigation by implementing high end systems, advanced storage solutions and power redundancy. Yes, we did a good job of managing the crisis and communicating with stakeholders, but I did not actually save the organization a penny. I have come to realize that ROI on business continuity really is just the protection of an organization from unacceptable impacts of adverse events.

Investment in BCM should be viewed in the same way that we regard 'investment' in human resources, or the legal department, or technology infrastructure, or building insurance. Running a healthy, resilient enterprise requires investment based on prudent business judgment, not just financial expenditure. Should we be smart with how we spend money? Of course, but allocation of real resources to strengthen operations and mitigate risk should be considered on the same plane as other investments, such as recruitment, training, marketing and many other corporate expenses. Anything contributing to organizational resilience is a worthwhile investment.

Des O'Callaghan FBCI is one of the leaders of the BCI's Greater Toronto Area Forum and a member of the BCI's Global Membership Council

The Business Continuity Institute - May 15, 2016 19:04 BST

In mythology, the Muses were nine goddesses who symbolised the arts and sciences. Today, a muse is a person who serves as an artist’s inspiration to produce the best work they can.

Utilising this device is quite useful when I am developing and writing BC plans on behalf of organisations and departments. I find it helps to focus the plan.

Whether the organisation is one of manufacture or of service delivery, I have two muses in mind.

They are both anxious people.

The first is the person that has called and needs one of the organisation's key services or products.

The second is the person who works for the organisation and has to deliver that key service using the business continuity plan.

For me, business continuity is as simple as that, and all about people. Everything else comes from looking after the two muses. Profitability, sustainability, market share and all of the other things attached to business and services follow on from this approach.

I think that in order to get the best value and return on investment from BCM, we have to be in it for the long term. One might even call it, investing for the future.

Organisations may well see an immediate short term ROI if they face an early disruption and the BC plan comes through. Many teams would see this as a result, and be happy. However, this kind of result may well be what we are looking for in a plan, but in my view simple recovery is a superficial return, and not where the real added value lies.

So what then is the real value of BCM?

Well, a long term BCM programme can produce:

  • Social capital from the workforce
  • A loyal customer base
  • A reliable and trustworthy reputation
  • Team Confidence to face the slings and arrows of the real world
  • Customer confidence
  • Organisational strength

Now that is priceless.

John Ball AFBCI is the Business Continuity Coordinator at Sussex and Surrey Police.

Monday, 16 May 2016 00:00

BCI: More than money

The Business Continuity Institute - May 15, 2016 14:22 BST

If you could imagine, a rubber ducky inside a plastic paddling pool full of water, in an emergency control centre made during the cold war. This image might not automatically trigger thoughts of a professional business continuity exercise, however that’s exactly what it was. As a local authority our approach to business continuity is a little different; 1) because we have a statutory duty to do it and 2) because we don’t tend to focus on money and profit in the same way a private company would – but that’s not to say that we don’t still get a return on our BC investments.

Back to the rubber ducky, this scenario was part of an exercise we ran with our internal museums service to test what they would do if some of their artefacts were water damaged. (Don’t worry we didn’t actually use any real artefacts… they wouldn’t let us). It helped test practices and procedures, but most importantly it highlighted to those staff playing the importance of their BC plans for the company as a whole, and ultimately their livelihoods.

Often when people think about business continuity they tend to think about saving big bucks and less about the costs which are not monetary based. There is a phrase that habitually goes around the BC community that £1 spent on preparedness will save £8 on response, and whilst I don’t doubt that is true, often it is hard to find out whether or not that is the case.

Using the example above there was very little in regards to investment (a borrowed child’s paddling pool and a few buckets of water), however the return on investment could very well be priceless as most of the artefacts in the museum are irreplaceable. Knowing what to do, who to call and how to achieve their plans is crucial in any response and goes to show that BC really does add more value that can be recorded on a ledger.

Livelihoods is something which often doesn’t get mentioned as prominently, we focus on getting the business back up and running, but don’t appreciate that if that doesn’t occur people will lose their jobs, their houses and their ability to cope with financial pressures. During our duty officer roles here at the local authority, we come across a wide range of emergencies that often dip into the realms of business continuity.

How can you put a price on a life? More importantly how would you quantify what you have invested versus the cost of a life. I suppose the answer is that you can’t (granted that might not be what the budget holders out there want to hear). Fire emergencies have been topical across the West Midlands recently with a number of major scrap yard fires. We’ve worked closely with our fire service colleagues to help produce robust and dovetailing BC plans to help ensure that their potentially life-saving services can be maintained during disruptive events and that we can provide wider support if needed. Without the investment of time, money and expertise these plans wouldn’t have been achieved. Sure the investment may be larger here, but still not significant. Producing and maintaining a plan won’t break the bank and when the result is the continued provision of life-saving skills, ultimately the investment return is worth far more than just money.

Within local government, making money is not as high on our agenda as it is for private companies but what we do achieve is significant. The services that we provide to the people within our patch can be life changing, ranging from social housing to providing a fire fighting service and all of which requires robust BC plans, as the alternative is not worth thinking about. We work hard to strive for these plans, and can offer our expertise and time to assist those private companies so that all our communities can be resilient and prepared.

Josh Adams is the Resilience Officer, and Tom Knibbs is the Senior Resilience Officer, for the Coventry, Solihull and Warwickshire Resilience Team

The Business Continuity Institute - May 14, 2016 14:32 BST

What’s the ROI on that?” is one of the most common questions management ask when evaluating business programmes and projects. When it comes to business continuity programmes, the answer is often “Well, there’s not really any ROI unless you experience a major disaster, and we haven’t experienced one yet.

Because of this perceived lack of immediate value, budgets often get diverted away from business continuity to other projects that produce more tangible results. In fact, 49% of businesses don’t even have a comprehensive business continuity plan, leaving their entire company at risk because of the lack of an obvious ROI.

But what you may not realize is that your business continuity programme is almost guaranteed to produce ROI for the following two key reasons.

Disasters are increasing in frequency

Research from ITS reveals that floods and severe storms – such as Desmond and Katie – are increasing in frequency and have the potential to cost billions of pounds in damage. Even seemingly mundane incidents such as burst pipes have also proven disruptive to UK businesses. In July 2015, for example, a burst pipe cut power to the Royal Berkshire Hospital and caused flooding, resulting in the A&E closing to all but critical patients.

Investing in the forward planning required to cope with these incidents can save valuable time, protect the organisation’s revenue and preserve its customer base. Advance planning also gives you time to test the solutions you’ve invested in to help keep your business moving forward.

Today many businesses believe 'set it and forget it' disaster recovery as a service (DRaaS) solutions provide enough protection from disasters. However, simply moving data off-site isn’t enough to protect your IT infrastructure. To avoid wasting money on a product that doesn’t work in the face of a disaster, it’s important to work with your DRaaS provider to test the solution and have a plan for coping with power outages and other consequences of a disaster.

Business continuity planning improves your day-to-day operations

While having a business continuity programme can help you protect your revenue after a man-made or natural disaster, you don’t have to experience a disaster to reap the benefits.

The foundation of a profitable business continuity programme is the business impact analysis (BIA). During this process, you’ll assess and prioritize critical business processes, employee roles and technology. As you take a closer look at the inner workings of your business, you’re likely to discover new opportunities for cost savings or even revenue generation. If you work with a consultant who can provide an objective business continuity assessment, you’re likely to find areas for improvement within your company.

Here are just a few ways business continuity planning can help you realize ROI on a day-to-day basis:

  • Identify and phase out archaic processes, such as those involving paper-based workflows and manual data entry.
  • Shorten project and revenue cycles by eliminating unnecessary touchpoints in critical processes.
  • Decrease vendor investments by identifying products and services that can be bundled, thus reducing the number of vendors you work with.

As you can see, having a business continuity programme in place helps you protect your revenue in case you’re affected by a disaster (and the odds of being affected by one are increasing as disasters become more frequent). But business continuity planning isn’t just about preparing for disasters. An effective plan can help you make your processes more efficient, reduce revenue cycles and streamline vendor management.

You’ve been warned: skimping on your BC/DR budget might not save you the money you think it will.

Matt Kingswood is the UK Head of ITS

The Business Continuity Institute - May 13, 2016 16:23 BST

Supply chain resilience is a topic that has been debated considerably over the last few years, which has resulted in attempts by various institutions to provide guidance on or standards for discrete elements of the topic. Ensuring greater resilience in your supply chains creates a greater value for money proposition than a supply chain that is fragile and frequently creates disruptions to your business. Understanding exactly what you are paying for in terms of resilience, and using that knowledge to create appropriate levels of investment in supply chain resilience, will give you a competitive advantage.

Procurement includes the management of risk within the category of spends or market being managed by the procurement professional. Supply chain resilience is a component part of overall organisational resilience and contains within it, elements of risk management and business continuity management. Procurement includes all of these components and more, taking into consideration such components as financial resilience, human resources, health and safety, fraud, slavery, sustainability and corporate social responsibility.

For example, what is the appropriate way to analyse the current levels of resilience within your supply chain, for those you are in contractual relationships with? How will you migrate future procurement competitive bidding processes to include resilience assessed total cost of ownership?

How can you add value by exposing the costs associated with investment in resilience within your supply chains and make a calculated informed judgement as to if you are paying the appropriate costs, too much or too little.

Undertaking a more objective calculation of the risks in your supply chain to understand the onerous costs of a supply chain disruption and the cost benefit analysis associated with reducing the chance of a disruption or recovering from one.

How to utilise good practice when analysing the market and going through prequalification to achieve shortlists?

Understanding the costs associated with service level agreements for business as usual within a contractual arrangement and expectations of service during a disruption. Calculating the costs and the cost benefit of adding specific risk and business continuity terms and conditions within a request for offers be it quotations or formal tenders, public sector or private sector and how will this affect you as a bidder?

What methodology would you undertake to utilise resilience as a distinguishing factor when undertaking bid analysis, negotiations and best and final offer due diligence?

How do risk mitigations and continuity responses feature in supplier relationship management and are they embed in contractual relationships appropriately and adequately reflected in supplier relationship management information, through self -assessment or quality audits.

Finally will your internal or external auditors in undertaking an audit of supply chain resilience give you a clean bill of health on managing risk and continuity issues appropriate to your corporate objectives and corporate risk appetite? Does your corporate attitude to risk and continuity reflect the wishes of your 'Top Management' Executives and Audit Committees

David J. Window is a CIPS Senior Consultant and Head of Supply Chain Resilience. Discover more about the return on investment of supply chain resilience during David's BCAW webinar on the 16th May. Click here to register.

This country has already defended and strengthened itself over the centuries against the sea, staking out territories for habitation and farming that would otherwise be under water. The idea of the dyke, the fortification to keep the enemy out, is now being applied in the war against cyber-crime.

To a certain degree, Dutch skills in cyber-security are natural, in that the nation already has a past steeped in similar threats and skills. However, that does not mean that other, landlocked nations have to be at a disadvantage.

Although dykes, windmills, tulips and bicycles make a romantic picture of the Netherlands, the realities of Dutch cyber-defence are different. There are three key aspects that help the country stay virtually strong.



The American Society of Health-System Pharmacists (ASHP) is a leader in the pharmacy sector, providing advocacy, career services, continuing education, meetings/conferences, publishing products, and residency training accreditation. For Gregory Smith, ASHP’s CIO and vice president of Information Technology and Operations, the cloud has enabled his staff to identify what their competencies should be, and to develop those core competencies by delegating other things to the cloud.

“I empowered my team to think differently about what we do and what our core competencies should be,” said Smith, who oversees all technology, software development and integration for new products, e-commerce platforms and operational support, including customer service to members. “Initially, we were doing too much across the spectrum and, as a result, had to try to become experts in too many technologies. We’ve pushed non-core competencies out to vendors where it’s their core competency and shrunk our core to focus and increase expertise.”



Securing patient data is a critical mission for Healthcare IT Leadership. Each and every year, countless dollars, thousands of man hours, numerous programs and myriad teams are dedicated to this charter of protecting patient and privacy information.

At Citrix, we understand. You could even say that mandating data security is in our DNA. Every product that Citrix builds reflects the core mindset ‘The Secure Delivery of Apps and Data on any device, on any network, at any time!’ It’s that simple!

In this blog post, I’d like to outline both the security that is inherently built into our XenApp and XenDesktop products and the new feature sets we continue to add throughout our product releases. This is what enables us to deliver secure data where and when you, our customers, need it.



AUSTIN, Texas – Texans who suffered damage or loss from the April flooding and were referred to the U.S. Small Business Administration could lose some income-based FEMA grants if they don’t complete and submit SBA’s loan application.

Other Needs Assistance grants may cover uninsured losses for furniture, appliances and other personal property, even vehicles. Survivors will not be considered for this type of assistance unless they have completed and returned the SBA loan application.  The information on the application is used to determine eligibility for income-based assistance.

Applicants from Austin, Colorado, Fayette, Fort Bend, Grimes, Harris, Liberty, Montgomery, Parker, San Jacinto, Waller and Wharton counties should complete the SBA loan application, even if they don’t want a loan.

“If you don’t complete the SBA loan application, you could be leaving ‘money on the table’ for your recovery,” said Federal Coordinating Officer Kevin Hannes, who is in charge of FEMA’s operations in Texas. “We use that application to check eligibility for additional grants.”

Some types of Other Needs Assistance—medical, dental and funeral expenses—are not SBA dependent and completing the loan application is not required. However, it is always recommended by recovery experts.

SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property, offering low-interest disaster assistance loans to businesses of all sizes, private nonprofit organizations, homeowners and renters.

Survivors should start the loan process as soon as possible, and those who qualify for an SBA loan are under no obligation to accept it.  If approved and the loan is not accepted, the survivor may be ineligible for additional federal assistance.

Submit an SBA loan application even if you are waiting for an insurance settlement.  You may be able to begin your recovery immediately with a low-interest SBA disaster loan. The loan balance will be reduced by the settlement from your insurance. SBA loans may also be available for losses not covered by insurance.

Homeowners may borrow up to $200,000 from SBA to repair or replace their primary residence. Homeowners and renters may borrow up to $40,000 from SBA to replace personal property.

Businesses may borrow up to $2 million for any combination of property damage or economic injury. SBA offers low-interest working capital loans (called Economic Injury Disaster Loans) to small businesses and most private nonprofit organizations of all sizes having difficulty meeting obligations as a result of the disaster.

Disaster loan information and application forms are also available from SBA’s Customer Service Center by calling 800-659-2955 or email This email address is being protected from spambots. You need JavaScript enabled to view it.. Individuals who are deaf or hard‑of‑hearing may call 800-877-8339. For more disaster assistance information or to download applications, visit sba.gov/disaster. Completed applications should be mailed to: U.S. Small Business Administration, Processing and Disbursement Center, 14925 Kingsport Road, Fort Worth, TX  76155.

Texans can register online at DisasterAssistance.gov or by phone at 800-621-3362 (FEMA). Persons who are deaf, hard of hearing or have a speech disability and use a TTY, should call 800-462-7585. Those who use 711 or Video Relay Service, call 800-621-3362.Toll-free numbers are open from 7 a.m. to 10 p.m., seven days a week. Multilingual operators are available.

For more information on Texas recovery, visit the disaster webpage for the April storms at fema.gov/disaster/4269; or visit the Texas Division of Emergency Management website at txdps.state.tx.us/dem. Follow us on Twitter @femaregion6.

# # #

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

(TNS) — Research groups nationwide churn out hurricane forecasts as fast and furious as the spin of a tropical cyclone as the June 1 start of storm season approaches.

Already, at least four predictions have been issued, with the big daddy of all storm forecasters — the National Oceanic Atmospheric Administration — waiting until May 27 to offer its guidance.

But National Hurricane Center Director Rick Knabb, who spoke Wednesday at the Governor's Hurricane Conference in Orlando, criticized forecasts that are overly specific about how many storms will hit the U.S. and where.

His concern: People won't prepare if they believe they aren't on the hurricane hit list.



When a crisis strikes, an emergency action plan can be all that stands between a timely, orderly response and chaos. When it comes to your own plan, how prepared is your organization for the myriad of threats it faces?

Considering that nearly two-thirds of organizations report having activated their emergency communications protocols at least once in the previous year, it’s clearly important to have an actionable, up-to-date plan. Faced with a growing number of potential threats, it’s no wonder that many organizations are moving away from the traditional, hard-copy methods of emergency planning to a more advanced, technologically-savvy approach, using mobile apps as a key component for housing, updating and distributing their plans.

Before the next crisis hits, now is the time to ask yourself if your own organization would benefit from doing the same. To guide your decision, let’s take a look at some of the key benefits of moving your emergency action plan from binders to a mobile app:



Despite the doubling of data breaches in the banking, credit and financial sectors between 2014 and 2015, most IT professionals in financial services are overconfident in their abilities to detect and remediate data breaches. According to a new study by endpoint detection, security and compliance company Tripwire, 60% of these professionals either did not know or had only a general idea of how long it would take to isolate or remove an unauthorized device from the organization’s networks, but 87% said they could do so within minutes or hours.

When it comes to detecting suspicious and risky activity, confidence routinely exceeded capability. While 92% believe vulnerability scanning systems would generate an alert within minutes or hours if an unauthorized device was discovered on their network, for example, 77% said they automatically discover 80% or less of the devices on their networks. Three out of 10 do not detect all attempts to gain unauthorized access to files or network-accessible file shares. When it comes to patching vulnerabilities, 40% said that less than 80% of patches are successfully fixed in a typical cycle.

The confidence but lack of comprehension may reflect that many of the protections in place are motivated by compliance more than security, Tripwire asserts.



The Business Continuity Institute - May 13, 2016 08:41 BST

Britain’s businesses are being urged to better protect themselves from cyber criminals after research by the UK government into cyber security found two thirds of large businesses experienced a cyber breach or attack in the past year.

The Cyber Security Breaches Survey found that while one in four large firms experiencing a breach did so at least once a month, only half of all firms have taken any recommended actions to identify and address vulnerabilities. Even fewer, about a third of all firms, had formal written cyber security policies and only 10% had an incident management plan in place.

From this, it is clear to see why cyber attacks and data breaches rank as the top two threats to organizations, as highlighted in the Business Continuity Institute's latest Horizon Scan Report. The vast majority of respondents to a global survey (85% and 80% respectively) expressed concern about the prospect of these threats materialising.

Ed Vaizey, UK Minister for the Digital Economy, said: "Too many firms are losing money, data and consumer confidence with the vast number of cyber attacks. It’s absolutely crucial businesses are secure and can protect data."

Despite the flexibility that the cloud offers customers, a new survey by Microsoft and 451 Research suggests that customers are fiercely loyal to their primary service provider.

According to the survey, The Digital Revolution, Powered by Cloud, which was released Wednesday at the Microsoft Cloud & Hosting Summit in Washington, more than one-third of customers (38 percent) surveyed said they plan to increase spending with their primary cloud and hosting service provider upon contract renewal.

In an interview with The WHIR, Microsoft’s vice president, Hosting and Cloud Service Provider Business, Aziz Benmalek said that this indicates the critical role service providers play in continuing to “drive organic growth in existing customers and help them in their cloud journey.”



Virtualized infrastructure (VMs, virtual networking, software-defined storage, etc.) provides a flexible, well-understood and secure platform on top of which a diverse set of workloads can be efficiently deployed and managed. Containers, such as Docker, provide a convenient method to package, distribute and deploy applications.

Both technologies provide useful abstractions, but at different layers in the stack. By making these layers work well with each other, the overall stack can more effectively meet the needs of both application developers and infrastructure administrators.



There is no denying the success of Amazon in delivering data services as part of their public cloud. Their database as a service (DBaaS) offerings have been some of the fastest growing and widely used and stand-outs in their amazing growth. At the same time, there are some situations where other options, and in particular those based on OpenStack, can provide clear advantages.

In this article, I’ll share the current state of DBaaS on OpenStack and provide seven concrete examples of how an organization can benefit from using OpenStack Trove relative to the offerings available from Amazon Web Services (AWS). I’ll assume you understand the value of DBaaS and databases in the cloud so I won’t review those here. Let’s get started.



Modern IT platforms are designed to handle more users than ever, but what happens when these systems become the primary access point for most, if not all, users? What happens when a critical system experiences a fault or goes down entirely?

A survey by the Disaster Recovery Preparedness Council found two years ago that only 27 percent of companies received a passing grade for disaster readiness. The more we rely on data centers, the more costly data center outages become. A recent study by the Ponemon Institute and Emerson Network Power found that:

  • The cost of downtime has increased 38 percent since 2010.
  • Downtime costs for the most data center-dependent businesses are rising faster than average.
  • Maximum downtime costs increased 32 percent since 2013 and 81 percent since 2010.
  • Maximum downtime costs for 2016 are $2,409,991.
  • UPS system failure continues to be the number one cause of unplanned data center outages, accounting for one-quarter of all such events.
  • Cybercrime represents the fastest growing cause of data center outages, rising from 2 percent of outages in 2010 to 18 percent in 2013 to 22 percent in the latest study.



(TNS) — Moore Mayor Glenn Lewis is in Washington D.C. this week for a conference on Resilient Building Codes hosted by the White House. The conference focused on building codes to enhance community resilience.

“We talked about all of the things we’ve done [in Moore],” Lewis said. “I was on a panel with another mayor and an administrator from the city of New York. I guess it was productive — I’m still translating it all.”

Lewis said adopting new tornado resistant building codes in Moore made the city more competitive for disaster relief funds.

The Moore City Council made history on March 17, 2014, with the adoption of 11 recommendations by structural engineering experts for residential building codes. These code changes made new homes in Moore more likely to survive a tornado without unduly raising construction costs. The code went into effect on April 17, 2014.



(TNS) — Improving communication on when and how a tropical cyclone will impact a community is a reoccurring theme at this year's storm conferences, but the National Hurricane Center is missing a key tool to connect with today's tech-savvy world.

There's no app for that.

The National Hurricane Center doesn't have a smartphone app people can download to track a storm's progress or monitor hurricane forecast updates. Instead, the National Oceanic and Atmospheric Administration, which oversees the hurricane center, steers people to buying a weather radio.

"That's 1930s technology," said Dan Sobien, president of the National Weather Service Employees Organization. "It's something very few people have outside marine interests and farming communities. Not only do they not have a weather radio, they don't have a radio at all."



(TNS) — Florida health officials confirmed two new Zika infections in Miami-Dade on Tuesday, raising the statewide total to 109 people who have contracted the virus this year, more than any state.

In Miami-Dade, where most of Florida’s Zika cases have been reported, 44 people have been infected with the virus, said the state health department, but the disease has not been transmitted locally by mosquito bites. Broward County has reported 15 cases of Zika.
With South Florida's rainy season approaching and the numbers of mosquitoes that transmit the disease expected to rise — along with increases in international travel from Zika-affected areas, such as Brazil, which will host the Summer Olympics — Miami-Dade and state officials are preparing to combat the spread of the infectious disease.



The Zika virus, and its presumed association with serious birth defects and a paralytic neurological disorder, poses an unusual problem for business leaders and risk managers. While the virus is not currently being spread by mosquitoes in the U.S., Brazil is an important destination for many U.S. business travelers, which will only increase in the build-up to this summer’s Olympic Games. For many companies, health and safety concerns are top priorities, but travel to Brazil may be a business necessity. Before making decisions around these two opposing drives, it is vital that risk managers and business leaders weigh the facts around Zika.

The Risk to Employees

Brazil ranks in the top 10 in the business travel global rankings, making it one of the world’s largest corporate travel markets. With the Olympics, business travel to Brazil is expected to increase considerably this year, yet many Americans are worried about the threats of the virus. Consider the results of a recent survey conducted by my company, On Call International: 64% of Americans and 69% of all women surveyed, said they would cancel their travel plans because of Zika. There is, however, a disparity between these widespread concerns and the ways businesses have actually responded to the virus. A survey by the Overseas Security Advisory Council found that of the 321 businesses that responded, less than 40% are allowing female employees to defer travel to affected countries, and only a fifth are allowing men to opt out. The majority of respondents are only taking steps to inform their employees about the virus.



TORONTO, Canada – Organizations can now receive real-time, continuous updates on risk-related events to further inform and affect critical due diligence processes. OutsideIQthe leader in investigative cognitive computing, today launched a monitoring module for its DDIQ® product, which monitors the open web to discover risk events on a continuous basis, alerting compliance and due diligence professionals to any changes in a target profile on a daily basis. Any negative events found by the cognitive engine will be highlighted on the DDIQ Monitoring dashboard, where the risks can be assessed and adjudicated.

Built on an advanced cognitive computing platform, the DDIQ internet monitoring module has been trained to think and act like an investigator to reduce noise and prevent false positives.  This allows DDIQ users to receive accurate, relevant updates, rather than reviewing a full report whenever they want to have the latest information.



Cybersecurity requires a specialized skillset and a lot of manual work. We depend on the knowledge of our security analysts to recognize and stop threats. To do their work, they need information. Some of that information can be found internally in device logs, network metadata or scan results. Analysts may also look outside the organization at threat intelligence feeds, security blogs, social media sites, threat reports and other resources for information.

This takes a lot of time.

Security analysts are expensive resources. In many organizations, they are overwhelmed with work. Alerts are triaged, so that only the most serious get worked. Many alerts don’t get worked at all. That means that some security incidents are never investigated, leaving gaps in threat detection.

This is not new information for security pros. They get reminded of this every time they read an industry news article, attend a security conference or listen to a vendor presentation. We know there are not enough trained security professionals available to fill the open positions.



The Business Continuity Institute - May 12, 2016 16:52 BST

I have been involved in disaster business resilience since the 1980's. In that time, I’ve seen it go through the phases of disaster recovery, business continuity and now business resilience. Y2K (remember that?!) gave it a major boost – then nothing considerable happened. Terror campaigns in the UK and USA then the pandemic 'flu scare in 2006-7 also kept it in the C-suite's mind.

Again the number of organisations directly impacted by these were relatively small.

Then came the financial crisis of 2008 squeezing the budgets of both governments and large financial institutions who had been previously big investors in business continuity. As nothing such had happened despite the above “crises” it seems that senior management felt business continuity was an area ripe for savings.

Team sizes were slashed and investment cut. Business Impact Analyses (BIAs) were largely abandoned as expensive, resource intensive exercises that in a fast changing business world were out of date before they had written up their results. The way of identifying the benefits of investing in business continuity had been axed arguably accelerating its decline.

However, in the same period the complexity of organisations and their supporting IT systems has increased. Outsourcing/strategic alliances resulting in supply chains that span the planet are common and legacy IT systems are stitched into new, end user facing web channels. Added to this, the rate of change is accelerating as organisations try to address greater demands for flexibility from the consumer or citizen whilst fending off new entrants in the private sector or budget cuts in the public sector.

Looking around at the organisations I deal with, it seems that everywhere business resilience professionals are struggling to do more, with less. The threats are still there, events such as terrorist attacks and severe weather are happening almost weekly.

So why aren't we seeing a resurgence of investment in business resilience?

Partly I suspect that the impacts of realised threats are not widespread enough to overcome the perception that the risks are small, won't happen to 'us' and anyway they're 'someone else's problem' (such as the government or an outsourced supplier). This, coupled with a marketplace which is stagnant in many areas, means there is a reluctance to invest money in the “insurance” of business resilience.

So, how can we, as business resilience professionals, address this?

Well we have to take up the challenge of doing 'more with less'. We have to be able to tackle the increased rate of business change, increased complexity and get back to a realistic understanding of the real business needs without employing large and expensive teams to plan for and manage our way through crises.

In other areas of work, organisations have exploited automation to improve efficiency. Look at the Industrial Revolution tackling human manual work and the computer revolution of the 1950s and 1960s reducing the cost of administrative effort. When did you last see a typing pool or payroll clerk with a tabulating machine?

Sure there have been software packages to automate data gathering and the administration of the Business Continuity Management System, but is that where the costs lie?

Are there better approaches emerging that could help us with the information gathering and contextual analysis plus the more efficient handling of adverse events?

We are starting to see these come through. It's early days yet but I am sharing my thoughts on developments as well as some ideas on approaches to get investment in these made available on my Business Continuity Awareness Week webinar on the 18th May. I invite you to join today.

Tony Perry is a Senior Managing Consultant at IBM.

The Business Continuity Institute - May 12, 2016 09:44 BST

Let’s be honest, we all get annoyed at the constant challenge to justify our existence. I don’t hold with the commentators who say that business continuity is always a cost centre, insurance buy or grudge purchase. It makes me mad... but that’s not difficult.

So inevitably, we all have to talk the language of value and savings. This is a shame because incredibly important elements like safety of staff in emergencies, public perception, legal compliance and positive risk taking can all get pushed to the sidelines when there’s pressure to ‘put a figure on it’, as these softer elements are notoriously difficult to quantify. My advice is don’t pander to the bean counters and do shamelessly exploit the soft targets too as part of any justification. But that’s a different conversation to this one - So if you do need some hard numbers then read on...

Here are a few ideas for ‘fingertip figures’ - one for each finger if you will, to amaze your colleagues and turn the discussion into one about how you are really indispensable, in case they hadn’t realised. These are taken from the coal face of real life and incidents… the experiences that your executives may not have seen and from which they are cocooned by their middle managers. Move that discussion on from mere expense to pure savings, losses avoided and returns.

I don’t bother with the reason for the disruption here: fire, flood, and supplier issue, whatever… you add that bit based on your own organisational aims, risks and recent experiences. And don’t allow anyone to tell you it can’t happen here… make sure you sell the function long and not short! Don’t be shy in ‘annualising’ any figures based on the incident rates as well as also using the single incident or ‘spot’ figures.

  1. Reputation reputation reputation: It’s a reputation thing... what’s 5% of your capital and share value on the markets? What if you lost that 5% due to losing the trust of your customers or badly disappointing them and having to pay them reparation or compensation? What could that compensation amount to? Remember Mitsubishi and BMW!
  2. Customer is king: What’s the value of one day of lost sales from customers not being able to contact you through all those whizzy new channels - web, chat, twitter, email … I could go on… and I haven’t even mentioned the humble telephony call centre. It’s all blended now! Unified Communications it’s called …. make sure you know both how and through whom your customers talk to your business and an averaged value of business written in one day. Then, which days are the hot spots?
  3. Recovery royalties: What’s the value of the losses avoided because you were able to recover that business process much faster with a pre-tested plan? Any time saved = costs saved and avoided... direct and indirect. Heck, you are so good that you actually managed to avoid the disruption happening in the first place, or growing to a full blown event, because the Recovery Team met as soon as the potential arose... you ‘headed it off at the pass’... what was the value of that bigger event not landing?
  4. Crystal ball: Your predictive powers are legendary! How many times did the exercise scenario you facilitated suddenly become prescient when the real thing threatened or landed later? The team knew immediately what to do and who to involve, saving time in the recovery and avoiding larger damages and impacts. Remember; don’t let anyone say ...’it can’t happen here’.
  5. Contract creative: What did you save on that review of the off site recovery contract this year? Get a fixed price for three years? Knocked out the unnecessary seats and systems because your Impact Analysis is so good? What’s the difference from standard market rates for the contract life? [Incidentally - did the last time you used the off site recovery for real actually pay for itself? Yes? Good – then make sure you tell that story. How many days use would do that? What do you think would be a good figure for this? Two days, three, five, more?]
  6. Resource reasonable: Remember the costs saved on IT Systems resources and availability and resilience measures: due to the business owner accepting a longer but reasonable RTO after your intervention - instead of living with ‘I can’t do without it ‘or ‘I need it in two hours’. Did you align your business process RTOs to IT System RTOs or vice versa and save on costs?
  7. Champions on the field: So you’ve embedded the BC lifecycle using champions for analysis and plan maintenance etc. out there in the business - they understand their business activities intimately. What would that equivalent work cost in full time employees or contractors?
  8. Love your neighbours: Those local mutual aid arrangements with neighbours - and cross unit relocation plans - how much is that worth in the alternatives - off site service costs and welfare costs during any emergency? Over one day, two days?
  9. Analysis anticipation: Your BIAs are awesome - How many operational risks did you uncover during your BIAs - which are now on the organisation's Risk and Governance Register for effective treatment so they never materialise? You pointed out some rather embarrassing holes in the operation! What if they had landed: did they have an annual probability value of 1 = certain? What costs avoided here? Halve this number for a probability of 0.5, i.e. once every two years etc.
  10. Brilliant value: Now compare the annual total of all the above with the gross salary of your BC Team – one is peanuts in the comparison - and it won’t be the sum saved! And I bet no one would agree to pay you an annual bonus based on 10% of savings either! If anyone has tried this tack, I really want to hear from you!

Discuss: I hope some of these sound at least familiar, or prompt you to look again at the good work you naturally do, for which you can then express a value. I’m certain you have your own golden keys to the justification debate – share them!

Neil Wainman MBCI is the Business Continuity Manager at E.ON.

There are a multiplicity of trends simultaneously altering our collective vision of what a data center is, and what it is becoming. And those trends are not necessarily acting in concert. We thought software-defined networking would make it easier for data centers to stage workloads more efficiently on a Layer 3 that was more effectively decoupled from Layer 2. But then NFV came along, and suddenly telcos are introducing the rest of the world to a completely new way to envision the role of the data plane in SDN.

It’s not as easy to predict where data center technology is going when all the trends converge. At the OpenStack Summit in Austin, Texas, a few weeks ago, network functions virtualization stole the show. Attendance at sessions that had the slightest relationship to NFV was as much as two orders of magnitude higher than those dealing with ordinary OpenStack administration. IT professionals are curious as to whether this new methodology for workload orchestration will have any impact, directly or indirectly, upon data center architecture.

NFV came about as a result of the common need among communications providers to automate the provisioning of customer services when deployed on common, commodity servers. Virtualization was essentially the means to an end; NFV’s initial goal was automation. What makes NFV attractive to data centers outside of telcos is that high-level automation aspect. What makes it risky is the degree to which NFV would reform data centers to make this automation feasible.



Considering the scope of possible crises, it’s no wonder the final draft of the newly minted Chatham County, Ga., Hazard Mitigation Plan runs to a hefty 211 pages. Drought and flood; extreme heat and winter storms; hurricanes and rising sea levels; and in this latest plan, add terrorism to the catalog. Granted, the county won’t likely see all of these at once. But still, you have to plan for all hazards.

That’s what the county mitigation plan does, and it’s been no small feat to craft the document.

“There is a lot to keep up with, a lot of documentation from a lot of government entities, along with FEMA guidelines, state guidelines,” said Margaret Walton, a senior planner in Land Planning at Atkins North America. She consulted with the Chatham Emergency Management Agency (CEMA) on the plan, which covers the county as well as seven municipalities and the Savannah metro area, population 527,106 according to the 2014 Census Bureau estimate.



Impact Forecasting has published the latest edition of its monthly Global Catastrophe Recap report, which evaluates the impact of the natural disaster events that occurred worldwide during April 2016.

The report highlights the two major earthquakes which struck southern Japan during the month, causing massive devastation and killing at least 66 people, with more than 4,000 others injured. Total economic losses, including physical damage to residential and commercial structures, vehicles and infrastructure, and business interruption, were expected to exceed JPY 1.12 trillion (USD 10 billion).

The General Insurance Association of Japan reported that nearly 70,000 non-life claims had been filed, as total insured losses were expected to breach JPY 225 billion (USD 2.0 billion).

Meanwhile, a major magnitude 7.8 earthquake struck Ecuador's northwest coast on April 16th, killing at least 660 people and injuring more than 17,638 others. According to government figures, the total economic cost for the damage and reconstruction was expected to be above USD 3.0 billion. Given low insurance penetration levels, the insured loss was set to be a fraction of the overall financial cost.



A lifelong Atlanta Braves fan, Forrester Senior Analyst Joseph Blankenship longs for the mid-1990’s with respect to his baseball team, but we promise that he looks to the future as he advises his clients on current and emerging security technologies. He covers security infrastructure and operations, including security information management (SIM), security analytics, and network security, and his research currently focuses on security monitoring, threat detection, operations, and management. Joseph has presented at industry events, been quoted in the media, and has written on a variety of security topics.


Joseph’s over 10 years of security experience includes marketing leadership and product marketing roles at Solutionary (NTT), McAfee (Intel Security), Vigilar, and IBM (ISS), where he focused on managed security services, consulting services, email security, compliance and network security. As a marketing leader, Joseph helped to align client needs with marketing strategy, messaging, and go-to-market activities while educating users about security strategy. His background also includes extensive experience in the IT, telecommunications, and consulting industries with Nextel, IBM, Philips Electronics, and KPMG.


Listen to Joseph’s conversation with VP, Research Director Stephanie Balaouras to hear about Joseph’s biggest surprises since starting as a Forrester analyst, his most frequent client inquiries, and the topics he’s excited to research in the coming year:



BATON ROUGE, La. – If you’re a survivor of the Louisiana storms and flooding that struck the state March 8 through April 8 and you’ve received an application for a U.S. Small Business Administration low-interest disaster loan, you should complete and return it as soon as possible.

Obtaining a low-interest disaster loan may be the solution to your recovery needs by providing you the funds you need for home repair, rebuilding and property loss. Returning the application also may lead you to Federal Emergency Management Agency disaster recovery grants that do not have to be repaid.

While no survivor is obligated to accept a loan, you will be considered for other federal disaster assistance only if you return the SBA loan application.

There are important reasons for you to file the loan application (even if you don’t think you currently need a loan):

  •     Your insurance settlement may fall short. As you began to recover from the effects of your personal disaster, you may discover that you were underinsured for the amount of work required to repair or replace your home. An SBA low-interest disaster loan can cover the gap.
  •     SBA will work with you to provide a loan that fits your personal budget. If you already have a mortgage on damaged property, SBA specialists can help with a low-interest loan you can afford. In some cases, that may mean your current mortgage loan could be included in your SBA loan which could give you one overall, affordable loan payment on your home.
  •     Don’t know how you’ll replace household contents or vehicles? SBA may be able to help.  Homeowners may borrow up to $200,000 for the repair or replacement of real estate. Both homeowners and renters may borrow up to $40,000 to repair or replace clothing, furniture, cars or appliances damaged or destroyed in the disaster.
  •     What about businesses that were damaged? If you’re a business owner, you may be able to borrow up to $2 million for physical damage and economic injury.
  •     By submitting your SBA loan application, you keep the full range of disaster assistance available as an option. If SBA does not approve a loan, you may be offered a FEMA grant or grants to replace essential household items, replace or repair a damaged vehicle, cover storage expenses or meet other serious disaster-related needs.

SBA Loans have Low Interest Rates.

Interest rates for loans for homeowners and renters can be as low as 1.813 percent. For private nonprofit organizations rates can be a low as 2.625 percent. For businesses rates can be as low as 4 percent.

Even if you qualify for an SBA loan, you are under no obligation to accept it.

Refinancing and relocation loans may be available on a case-by-case basis. Survivors are encouraged to speak with an SBA representative for details.

For more information, call the SBA at 800-659-2955 (800- 877-8339 TTY). Homeowners, renters and businesses may visit SBA’s secure website at disasterloan.sba.gov/ela to apply online for disaster loans.

Although it’s not required to register with FEMA to apply for an SBA loan, you are strongly urged to do so as grants could be available to you from FEMA.  

Register with FEMA for help or information regarding disaster assistance: call 800-621-FEMA (3362), register online at DisasterAssistance.gov or fema.gov/disaster/4263. Help is available in many languages. Cuando llame al 800 621-3362 (FEMA) marque el 1 y escuche las instrucciones en español.
Disaster applicants who use TTY should call 800-426-7585. Those who use 711 or Video Relay Service should call 800-621-3362. Lines are open 7 a.m. to 10 p.m. local time, every day.


We urge everyone to continue to use caution in areas where floodwaters remain. Monitor DOTD’s 511la.org website for updated road closure information. Look for advisories from your local authorities and emergency managers. You can find the latest information on the state’s response at emergency.la.gov. GOHSEP also provides information at gohsep.la.gov, Facebook and Twitter. You can receive emergency alerts on most smartphones and tablets by downloading the new Alert FM App. It is free for basic service. You can also download the Louisiana Emergency Preparedness Guide and find other information at www.getagameplan.org.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). If you are deaf, hard of hearing or have a speech disability loss and use a TTY, call 800-462-7585 directly; if you use 711 or Video Relay Service (VRS), call 800-621-3362.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at https://twitter.com/femaregion6 and the FEMA Blog at http://blog.fema.gov.

FEMA offers a number of free online resources for home and property owners. To get started, go to fema.gov/safer-stronger-protected-homes-communities or fema.gov/louisiana-disaster-mitigation

The U.S. Small Business Administration (SBA) is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling (800) 659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it., or visiting SBA’s website at SBA.gov/disaster Deaf and hard-of-hearing individuals may call (800) 877-8339.

The threat of cyber crime has created a significant increase in interest on the topic of cyber security, with organizations spending billions of dollars to protect themselves against a fast evolving array of current and potential future threats. Many spend heavily on monitoring, surveillance and software; however, they often neglect the risk exposure created by their own people – and, in this digital age, by their customers.

Like bank robbers of yore, cyber criminals target “where the money is,” and that often means banks and financial institutions. With many decades’ experience in protecting themselves against crime, banks and insurance companies typically have reasonably sound physical and technical cyber security defenses in place. The concept of currency has changed, however, and now, rather than trying to cart off bills and coins, cyber thieves seek to steal valuable information.



AUSTIN, Texas – Texans affected by the April storms and flooding can get their questions answered in many languages by accessing the FEMA booklet “Help After a Disaster: Applicant’s Guide to the Individuals & Households Program.”

The guide provides information on the types of assistance available and how survivors in the disaster-impacted area might qualify for housing assistance and other grants and essential needs. It also explains the types of eligible losses covered by the program and information about insurance settlements and uninsured, disaster‐related necessary expenses. Applicants must meet specific eligibility requirements to qualify for help.

The guide, fema.gov/help-after-disaster, is available in English, Spanish, Arabic, Urdu, Vietnamese, Chinese and many other languages.

In Texas, federal disaster assistance is available to residents of Austin, Colorado, Fayette, Grimes, Harris, Parker, Waller and Wharton counties who suffered damage from the April 17-24 storms.

Survivors in the affected counties are urged to register for assistance the following ways:

  • online at DisasterAssistance.gov;
  • phone (voice, 711 or video relay service) 800-621-3362 (FEMA), TTY 800-462-7585. Toll-free lines are open 7 a.m. to 10 p.m. local time, seven days a week. Multilingual operators are available.
  • by visiting any disaster recovery center in the disaster-impacted counties.

# # #

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

(TNS) — The Department of Homeland Security is testing airflow inside the city’s subway system this week as a way to predict what would happen in a possible chemical attack.

The week-long study poses no risk to the public, the Department of Homeland Security said.

From May 9 through May 13, DHS said officials will be releasing harmless, non-toxic gases inside several subway stations in Manhattan, including Penn Station, Grand Central Terminal and at Times Square.

“This study is part of the department’s ongoing commitment to preparedness and the shared responsibility of protecting the nation’s critical infrastructure,” DHS S&T program manager Dr. Donald Bansleben said in a statement. “The results of this study will provide us with a greater understanding of airflow characteristics, informing the research and development of next generation systems that continue to ensure the safety and security of the general public.”



Zika Prevention KitsThe first thing that comes to mind when people think about the Strategic National Stockpile (SNS) is probably a big warehouse with lots of medicines and supplies. What many do not know is that even when the SNS does not have the specific medicines or supplies needed to combat a public health threat, SNS experts can play a key role in working with medical supply chain partners to locate and purchase products during an emergency response.

The involvement of the SNS in the Zika virus response is a perfect example of this little-known, but significant, role. Zika is spread to people primarily through the bite of an Aedes aegypti mosquito infected with Zika virus, although Aedes albopictus mosquitoes may also spread the virus. Recent outbreaks of Zika in the Americas, Caribbean, and Pacific Islands have coincided with increased reports of microcephaly and other birth defects as well as Guillain-Barré syndrome. As a result, the Centers for Disease Control and Prevention’s (CDC) response is focused on limiting the spread of Zika virus. Prevention is key for Zika control, because there is no vaccine or medicine for Zika virus. This is where the SNS comes in.

Controlling mosquito populations is key to prevention

Zika prevention kit

During a public health emergency, CDC can deploy the SNS for medicines and supplies or can use SNS’ contracting abilities to access materials and services that can be used to prevent or treat diseases that threaten U.S. health security. Controlling the mosquito population and addressing other known routes of infection are important to limit the spread of Zika virus in U.S. territories. The SNS is providing immediate vector control services and preventive supplies for pregnant women to protect themselves from mosquito bites. Pregnant women are particularly vulnerable because they can pass Zika virus to their fetuses, which can cause microcephaly and other brain defects.

Before the Zika virus outbreak, the SNS did not stock or purchase medicines or supplies to respond to illnesses spread by mosquitoes, ticks, and other insects. In response to this outbreak, SNS staff are working with CDC procurement experts to award and implement immediate, short-term contracts to deploy materials and services to control the mosquito populations responsible for Zika transmission. These contracts allow CDC to work with territorial public health jurisdictions to treat areas where mosquitoes breed and live, as well as areas where pregnant women live.

Zika Prevention Kits help pregnant women protect themselves

Zika prevention kit bags

The SNS is creating Zika Prevention Kits for pregnant women in U.S. territories. These kits are being distributed as an effort to help prevent Zika infection in pregnant women and to reduce the number of babies born with birth defects caused by Zika, such as microcephaly and other brain defects. Through donations from the CDC Foundation and its partners and by purchasing products, the SNS has obtained materials for the kits – including insect repellent, larvicides, mosquito netting, condoms to prevent sexual transmission of Zika, and educational materials.  The SNS is rapidly assembling these materials in reusable bags that can be given to pregnant women.

The SNS has sent nearly 7,000 kits to affected areas, and more are planned. Each U.S. territory is identifying the best way to get the kits to pregnant women. In Puerto Rico, local public health officials have partnered with clinics that are part of the Special Supplemental Nutrition Program for Women, Infants, and Children (WIC) so they can reach expectant mothers. WIC already interacts with this population through its healthcare and nutritional services for low-income women, infants, and children. Local obstetrician offices are also being used to distribute these kits.

In the past, the SNS primarily focused on warehousing products and deploying those products for public health threats related to bioterrorism, pandemics, and natural disasters. With every emergency response, it has become more evident that the SNS can play a much larger role, especially when specialty products, products in high demand, and medical countermeasures are needed to secure the nation’s health. As one of the federal government’s leading groups of medical supply chain and logistics experts, the SNS at CDC has the ability to coordinate with industry partners to rapidly procure and transport medicines and supplies and serve specific populations in a public health emergency.

The Business Continuity Institute - May 11, 2016 16:09 BST

“To expect the unexpected shows a thoroughly modern intellect.”
Oscar Wilde, Irish playwright, novelist, essayist, and poet. 1854-1900

Preparing for the 'unexpected' is not a new idea. Over the last 50 years, the business continuity industry has grown out of the need to protect businesses from the unexpected and expected interruption. However, when we stop and think about the threats business continuity professionals must mitigate in today’s business continuity (BC) plans versus 20, 10 or even 5 years ago, all agree there is a new threat landscape. Threats that are making the 'unexpected' drastically different today and unimaginable tomorrow.

Protecting an organization from an 'IT outage' is where most BC plans originated. Yet, even IT outages today have taken on a new level of complexity. We live in an 'Always on world' where complex, global infrastructures and open-source code systems join with the Internet of Thing’s 9 billion possible entry points to capture more and more data to the Cloud every minute. On top of that, we 'Bring (Y)our Own Devices' (BYOD) then capture and analyze Big Data to enable a ‘cognitive’ world. As BC planners we are asked to protect our businesses from interruptions caused by these many factors and do it faster, cheaper and with less staff to help solve the problem.

Moreover, there is now increased pressure from outright criminal activity. Yes, cybercrime. Our most precious business resource, our differentiating factor that is our competitive advantage - our intellectual property and personal information - is under sophisticated, malicious, criminal attack 24 hours a day, every day.

Linda LaunBy the end of 2014, some estimates indicated more than one billion leaked personally identifiable information, think emails, credit card numbers, and passwords, was reported stolen1. An organization of 15,000 employees can expect to see 1.7 million security events in one week. However, typically only 1 out of every 100 security compromises actually are detected. So add two zeros to the 1.7 million and you get the picture2.

With this new threat landscape, what truths can BC Planners hold onto today?

Linda LaunWell we know the principles of BC, like the laws of physics, never change. However, what must change is how we apply and adapt these principles to new threats. In this world of rising crises, incidents, and organized cyber-attacks, how we apply the tried and true BC techniques we’ve practiced over dozens of years brings real benefits when teamed with security to win in this war against cybercrime. According to the 2015 Cost of Data breach Study by the Ponemon Institute and IBM, Business Continuity Management (BCM) involvement in data breach response can reduce the associated costs by $14 per affected record and reduce the time to contain the data breach by 41%3.

When business continuity and security team we apply three waves of defense: Frontline, Response, and Containment. Security prevents as much as possible with implemented frontline security services like strong security policies, passwords, encryption and personnel awareness training. Should, or when the attack comes, BC’s deep experience in incident response adds command and control, measured incident response and the 'who' needs to be involved. Lastly, if the worst happens and records are lost, our company’s reputation is protected through containment by implementing BC plans for IT outage and personnel depletion scenarios.

What would BCM and Security teaming look like in the real world?

First, establish joint representation where Security and BCM work as members of each other’s teams building the response plan. Work on each other’s teams, include BC in the response team, and involve the Chief Information Security Officer (CISO) throughout.

Second, BCM and Security work together to align cyber incident response and participate in joint testing with simulated exercises. Teams work together to validate the planned actions and educate all participants on their roles as well as the unique attributes of a cyber response.

Third, appoint crisis management representatives to coordinate BC and Cyber security efforts during and after the breach. Cyber response like BC response requires clear roles, responsibilities and communication. Joint roles defined in a communication plan delineate who can answer the tough questions.

Yes, threats are changing every day and cyber is just one of the many threats from which we must protect our businesses. Now, you are armed with hard evidence and three simple actions to start, or strengthen your BCM program from a cyber event and realize real value for your organization.

Linda Laun is the Chief Continuity Architect at IBM Global Business Continuity. During Business Continuity Awareness Week, she will be hosting a webinar on the same subject giving you the opportunity to ask questions. The webinar is in Monday 16th May and you can register for it by clicking here.

1IBM X-Force Threat Intelligence Report 2016, pg. 2
22014 Cost of Data Breach Study, Ponemon Institute and IBM
32015 Cost of Data Breach Report, Ponemon Institute and IBM

Data centers worldwide are energy transformation devices. They draw in raw electric power on one side, spin a few electrons around, spit out a bit of useful work, and then shed more than 98 percent of the electricity as not-so-useful low-grade heat energy. They are almost the opposite of hydroelectric dams and wind turbines, which transform kinetic energy of moving fluids into clean, cheap, highly transportable electricity to be consumed tens or hundreds of miles away.

But maybe data centers don’t have to be the complete opposite of generation facilities. Energy transformation is not inherently a bad thing. Cradle-to-Cradle author and thought leader William McDonough teaches companies how to think differently, so that process waste isn’t just reduced, but actively reused. This same thinking can be applied to data center design so that heat-creating operations like data centers might be paired with heat-consuming operations like district energy systems, creating a closed-loop system that has no waste.

It’s not a new idea for data centers. There are dozens of examples around the globe of data centers cooperating with businesses in the area to turn waste heat into great heat. Lots of people know about IBM in Switzerland reusing data center heat to warm a local swimming pool. In Finland, data centers by Yandex and Academica share heat with local residents, replacing the heat energy used by 500-1000 homes with data center energy that would have been vented to the atmosphere. There are heat-reuse data centers in Canada, England, even the US. Cloud computing giant Amazon has gotten great visibility from reuse of a nearby data center’s heat at the biosphere project in downtown Seattle.



Information is critical to our businesses. We cannot make good decisions without it. We identify the cause of issues based on it. In a crisis, without information, we may be making decisions or trying to contact appropriate parties like a myopic without his glasses.

What is the information that may be required during a crisis?

  • The severity of the impact to business processes
  • How long the crisis may last
  • Internal contact lists
  • External contact lists
  • Crisis & Recovery Team members and responsibilities
  • Recovery plans and checklists
  • Business processing requirements
  • Manual processing procedures
  • Information on business risks



Today, many Fortune 500 companies are enlisting a hybrid cloud approach that uses a patchwork of on-premises, private cloud and third-party, public cloud services to allow workloads to move between clouds to meet the ever-evolving demands of computing needs and cost expectations. In turn, these companies benefit from greater flexibility and more data deployment options.

However, Tom Gillis, founder of startup Bracket Computing, quickly realized that this approach, with server hardware, software applications, storage capacity, and networking services spread across data centers and multiple service providers, invites operational complexity and introduces an opportunity for error. Gillis decided there was an unmet need for a new virtualization technology; one that could secure multiple cloud environments by creating a container for infrastructure so that an enterprise could move data out on the public cloud, while still maintaining the control it wanted.

On his mission to create a virtualization technology that could provide one set of infrastructure across multiple clouds, Gillis was met with a technical challenge: when sticking a hypervisor on top of a hypervisor at the cloud, the technology was incredibly slow and performance was being cut in half. To overcome this challenge, a lot of trial and error, fine-tuning and tweaking was needed to get the technology—Bracket Computing Cell—to a point that Gillis refers to as “lightning fast.”



Tuesday, 10 May 2016 00:00

What Is Poor Data Quality Costing You?

Your data is a valuable asset. Especially in today’s world of faster consumers, your data needs to be in tip-top shape to target, engage, and convert prospects. If not properly maintained, you risk any number of lost opportunities, decreased efficiency, and a negative impact to your bottom line.

Marketing data has become so important that 97% of companies feel driven to turn their data into insights, according to the 2015 Data Quality Benchmark report by Experian. According to the research, the top three drivers include:

  • 53% - Wanting to understand customer needs
  • 51% - Wanting to find new customers
  • 49% - Wanting to increase the value of each customer
  • Chart reason for maintaining high-quality data



The increase of ransomware has been discussed in great length over the past year. In my 2016 security predictions round-up, I noted that we should expect to see substantial growth in ransomware attacks, quoting Stu Sjouwerman, founder and CEO of KnowBe4:

Current estimates from the Cyber Threat Alliance put the damage caused by CryptoWall ransomware at $325 million, up 1800 percent since the FBI's report in June 2015.

And I’m not the only one who had ransomware on the mind. Others also were concerned about the rise of ransomware. For example, CSO had this to say:



(TNS) -- A new microwave backup to the region's 911 emergency telephone service will add a layer of reliability in case of violent storms or an accidental slicing of a fiber-optic cable.

The South East Texas Regional Planning Commission will spend about $3.3 million to erect 12 towers and equip five existing towers with the technology, said Pete De La Cruz, director of the commission's 911 program.

Although it could become the primary system for Jefferson, Hardin and Orange counties sometime in the future, for now it's designed as a backup, De La Cruz said.

Recently, a contractor in Lumberton building a new dentist's office sliced through a fiber-optic cable bundle in the ground.

The bundle contained the cable that connected to the Hardin County Sheriff's Office 911 dispatchers at the courthouse in Kountze.

No emergency calls were missed because all the Hardin County calls were routed to the Silsbee Police Department, the second location for incoming emergency calls in Hardin County.

But it did demonstrate a vulnerability of the 911 system, De La Cruz said.



Tuesday, 10 May 2016 00:00

Emergency Leader: Dual Helping Careers

(TNS) - When an emergency strikes in the Flathead Valley, Mary Granger may or may not be physically present at the scene, but it is very likely that Granger somehow has a hand in keeping folks safe.

Granger retired as the Flathead County Emergency Medical Services manager in April. The six-year stint was a second career for Granger after working 33 years as a school teacher.

“I’ve been on this adventure since 1980 when I took a first-aid class and this is really the culmination of that adventure,” Granger said of her retirement.

Granger was one of the founding members of the Lakeside Quick Response Unit. At the time there was no first responder program in Lakeside, which sometimes meant waiting a long time for emergency personnel to arrive from Kalispell or Polson.

After the first-aid class, Granger was hooked.



Early next month, FEMA Region X, in cooperation with local, state and tribal entities in the Pacific Northwest, will lead on a three day emergency operations test scenario that includes a 9.0 magnitude earthquake along the Cascadia Subduction Zone (CSZ) with a resulting tsunami -- the most complex disaster scenario that emergency management and public safety officials in the Pacific Northwest could face in the future.

Several days earlier, my own neighborhood organization that covers roughly 300 homes will perform its own first earthquake disaster drill.  We’re organized by zones, with homes pre-identified as care and shelter centers or first aid centers.  We’ve purchased and stored emergency supplies in each of our zones.  But we’ve never tested our search and rescue or communications capacities, or the protocols we plan to follow, including ham radio communications with the city’s emergency operations center.

Working on either exercise always brings up the same questions:  what should my family have on hand in the way of an emergency supply kit?  How will our family communicate if we are spread out around the city when such a disaster strikes?  How long will we be without help?



Data is finding its way into just about every type of modern product and service. As a result, some companies are necessarily rethinking their business models, product strategies, customer engagement strategies, and supply chain strategies. Meanwhile, entrepreneurs and intrapreneurs are discovering entirely new solutions to age-old problems.

"Our traditional business model, the way we provide products and services, is being disrupted because people -- especially Millennials -- do not look at a big book of codes," said Nataniel Lin, analytics and strategy lead at the National Fire Protection Association (NFPA), in an interview. "We're in the process of becoming a 120-year-old startup. Essentially, we're leveraging all the data that's available out there and aggregating data to create unique value and solutions that up until today were not possible."

In NFPA's case, data is flowing in from connected IoT systems in homes and commercial buildings, insurance companies, and other sources. Lin is working with 26 different property and casualty insurance companies with the goal of anonymizing and aggregating data in a way that benefits all of the companies without exposing them to privacy or security risks. That way, the companies can have a more objective view of revenue, profitability, and risks than would be possible using only their own data.



To some, cloud computing and IT security do not intersect. The results are often disastrous. Considering the huge amount of press that cloud computing receives when breaches occur, it's easy to understand why they believe that. But if you look at IT security from a wider lens, you'll see that cloud computing technologies are actually helping to propel IT security at rates never seen before.

Indeed, some of the advancement of security mechanisms and architectures such as end-to-end encryption can be traced back to public and private cloud security breaches where sensitive data was stolen for profit or fun.

This brought the topic of encryption to the forefront of conversation in CIO circles around the globe. It also likely contributed to the recent skyrocketing adoption rates for encryption. According to a recent Ponemon Institute study that polled more than 5,000 IT and business managers from various parts of the world, 41% said that encryption has been adopted extensively in their organizations, an increase from 16% in 2005.



(TNS) - At Ipswich, locking the front doors to the school is only a screen tap away.

Superintendent Trent Osborne said he has an app on his phone that gives him the ability to quickly lock the school's main entrance. It's the only door at the school that's open during the day, he said, and that's because visitors walk straight into the school office.

Last week, the front door to Ipswich was locked. Osborne said it wasn't a lockdown incident, but the district was dealing with a family situation. No threats were made, he said, he just locked the door as a precaution.

Visitors to Aberdeen public and private schools will note intercom systems in place at the main entrances that allow entry into the schools. Aberdeen public school Superintendent Becky Guffin said installation of the systems started in 2013.



(TNS) - It's been an educational year for Capt. Christopher White.

Before he was promoted to the head of Corpus Christi Police Department's Animal Care Services and Vector Control, it never crossed his mind that he would have to learn the correct temperature to make puddle conditions perfect for mosquito breeding.

But in the battle against the pesky insects that knowledge — 83 degrees, by the way — means snaring a strategic advantage.

"I got tired of trying to explain everything I was learning about mosquitoes during staff meetings, so I made these," White said as he pulled out two packets. One he dubbed "Mosquito 101" and the other details Corpus Christi's management policy in varying mosquito risk levels.



It’s been a common information security event in the news for all too many business enterprises —- e.g. yet another large publicly traded company is the recent victim of a data breach.

The situation is worsened, when not only business information is breached but also millions of customer’s personal and financial information records are compromised.

Who is winning this cyber-security war?  That answer is far too complex to deal with in this short article.  Nonetheless, this article will hopefully give our readers a stronger sense of urgency to pay more attention to risk assessment and risk management when developing their corporate cyber-security related strategic goals and objectives.

With every passing year, the role of technology in business continuity only grows. From social media coordination, disaster-relief apps, “micromappers” and Google People Finder to computer models designed to predict where the next crisis will occur, technology is enabling us to make huge improvements to the ways we handle business continuity.

For many organizations, the newest, most practical business continuity software technology is an app that enables companies to house their crisis plans “in the cloud,” and then disperse them to each end user through mobile devices. Employees and other stakeholders are empowered with anywhere, anytime access to crisis plan details, which helps to streamline emergency response, better protect people and physical assets, and encourage a faster, more effective return to normalcy.

If you feel your organization could benefit from a mobile business continuity solution, consider the best ways to implement it into your business. You can either build the app in-house, use a vendor solution, or outsource it to a third-party developer. There are several key factors to consider when weighing a build vs buy decision:



(TNS) — Soon enough rainy season will begin drenching Southwest Florida with its annual average rainfall of 55 inches.

Standing water, even a capful in a plastic bottle top, can be a breeding ground for mosquitoes that transmit the Zika virus.

The Collier County Mosquito Control District is upgrading its laboratory to start testing for the mosquito species that carries the virus.

"This allows us to gets the results back in a matter of hours instead of days," Patrick Linn, executive director of the district, said.



The Business Continuity Institute - May 06, 2016 16:08 BST

Return on investment… a dilemma for business continuity practitioners. How to demonstrate the value of something that is designed for events which (hopefully) never occur? How to access, then budget, resources, organizational importance and leadership, as this ROI is potentially a part of the 'beauty contest' with resource competing disciplines? Providing concrete numbers is obviously challenging… so what could be the solutions?

Understanding the budget approving audience is a major prerequisite. What are current business and/or personal requirements and agendas? How would you concretely respond when being asked “what is in there for me” by this audience?

Important to know: the behavior of human beings can be influenced best with personal, immediate, certain, positive consequences… respective innovation and adaption considering the psychological background are therefore the key for designing the 'right' (personal) ROI strategy (mix).

Potential ROI types:

The emotional ROI

It requires the generation of emotions in particular fear of significant and specific events where a BC program could return a 'better sleep' or the avoidance of any form of reprimand or career impact.

And it works… however usually for a small time window only utilizing the post-event felt urgency for action, and with limited success over time. Human beings tend to normalize scenarios and fall back to the 'will not happen to us' and 'business as usual' reflex especially when the projected apocalypse does not occur in their own backyard. As a matter of fact, the dose of bad news has to be increased over time for achieving a constant attention level. At a certain point credibility may be impacted as a function of the risk appetite. This ROI approach should be used therefore economically and selectively.

The competitive ROI

BC Intelligence means collecting consistently concrete data on external incidents, good practices, business strategies, and BC activities and benefit, in particular concerning explicitly the same industry or major business competitors. Data is consolidated and illustrated provoking a 'why don`t we' reflex by generating the perception of a competitive disadvantage when not implementing a similar or even superior BC program. The return is a (perceived) competitive advantage with respective business consequences (market share, revenue etc) which may be qualitatively illustrated for supporting the ROI design.

The monetary ROI

Concrete numbers are challenging, however an indirect approach could work. BC should not be limited to the classical disastrous event role, but the view should be expanded to regular incidents by taking the discipline out of the fateful special and rare event corner. Joining forces with incident management and/or business functions in the frame of a resilience approach could facilitate the collection of respective and concrete data.

There is a variety of direct and indirect costs linked to incidents which could be (examples):

  • Event management, alternative resource, recovery
  • Product / service / process incl. for downstream - rework / penalties
  • Clients / contracts - fines / reputation
  • Revenue / billing / investment
  • Cash flow / discounts / credit rating

Cost aspects should be formally recorded, if possible quantitatively (or at least estimated or qualitative statements if not). Taking all eventual costs into consideration may lead to surprising findings setting the breeding ground for BC ROI illustrations.

Records should then be explicitly checked for potential BC support aspects. Could, or have, plans, plan parts or linked action, the mapping of processes and business impact (BIA), interface processes (like crisis management, emergency response, and crisis communication) directly or indirectly mitigated the cost impact? If yes, to what extent? What is needed for optimizing this? What are quick wins? These findings are consolidated and illustrated bearing in mind the interests and requirements of those assigning resources. Found 'bright spots' could be used for driving change. Costs could be defined as a certain form of 'loss' which links the ROI to popular business strategies e.g. 'lean'. For tailoring this a sound understanding of business initiatives in particular of those dragging currently the interest of the budget and resource approving audience is beneficial.

To summarize…

Resource competition games require usually ROI strategies. The rules are set directly or indirectly by the business and budget owners, and apply to all disciplines competing for the resource pool. Practitioners need to be able to sell the BC value to those in the driver`s seat for budget and resources approval by tailoring innovative language, communication channels and ROI scenarios according to personal and business requirements and capabilities. Joining forces via a resilience approach might facilitate the designing of business cases.

Thomas Schildbach MBCI Ph.D. is the Risk and Business Continuity Manager at Post Technologies

Friday, 06 May 2016 00:00

Understanding Cyber Security Threats

In 2014, the federal government was the victim of 61,000 cyber security breaches. If the government is so vulnerable, what are the cyber security risks for businesses, whether large or small? Revisit the cyber security threats facing modern businesses to learn how to best protect your business from threats. 

Cyber Security Threats Facing Businesses

Businesses in all industries face a growing range of cyber security threats. Companies must understand the barrage of threats coming from attackers in order to implement a comprehensive security plan that addresses their vulnerabilities. Pressing concerns for small and large businesses include:



The BCI has announced that Lorraine Darke is to stand down as Executive Director of the Institute after 12 years in the post. Applications are being invited for her replacement. 

BCI Chairman, David James-Brown FBCI, commented: “Since Lorraine’s appointment in 2004, the Institute has been through a dramatic period of growth and modernisation, and we are now seeking an experienced and inspirational leader to drive the BCI forward in the next stage of its development. We will be appointing a new Executive Director who has a thorough understanding and experience of the challenges facing contemporary professional bodies, and the skills necessary to triumph in this competitive environment. The successful candidate will be a dynamic, energetic and enthusiastic leader, with excellent people skills and the ability to engage and develop lasting, positive relationships with a range of stakeholders.  They will have proven capabilities in identifying and capitalising on commercial opportunities through original solutions.” 

For more details about the role click here.

(TNS) - Pittsburgh public safety officials have promised to review and seek improvements to how they handle all major events hosted by the city in the wake of two events that generated complaints from the police union.

Two recent events — the mid-April Donald Trump rallies and Sunday’s Pittsburgh Marathon — created concerns about the public safety department’s preparedness to handle major events and will be the subject of reviews.

“We’ll be doing more after-actions on every type of event, whether it’s a scheduled event, whether it’s an unexpected event,” city Public Safety Director Wendell Hissrich said Wednesday. “There will be after actions across the department of public safety to include EMS, fire and police, not to hang anybody, but to figure out how we can make the improvements down the road.”



When laying down the foundation for employee safety and communication, one of the most essential resources to establish within your organization is a secure emergency phone number. A reliable place where your employees can go to hear pertinent information, retrieve updates, and understand how the information on the other side of the phone affects their well-being, their day, or their job. A number your employees can call or text to report information, raise concerns, present questions in one centralized place for the employer.

In 1967, the President’s Commission on Law Enforcement and Administration of Justice worked to implement a universal phone number nationwide for anyone reporting emergencies. That’s why 9-1-1 exists today, so we can report emergencies relating to crime, accidents, and medical issues, and request assistance.

As mobile people living among an increasing population, subsequently producing a rising number of incidents, the methods of reporting and responding to incidents are changing. The resources to keep people informed and connected are becoming smarter, more useful. The technology to monitor, communicate, and resolve a situation faster is readily available to us.



Thursday, 05 May 2016 00:00

Small Business Interrupted

Every business comes with a certain amount of risk. Although difficulties and challenges can’t be avoided, they can be mitigated with the proper precautions, planning and insurance coverage.

In support of National Small Business Week (May 1-7) and to help business owners understand insurance, the Insurance Information Institute (I.I.I.) developed this infographic that focuses on business interruption insurance which is also posted on the I.I.I’s Business Pinterest Board.

Did you know that after a catastrophe or other disaster 40 percent of businesses do not reopen and another 25 percent fail within a year?



Technology is forcing fundamental changes in business landscape, and the data center is at the core of these changes. New levels of user mobility, the pace and style of application delivery are revolutionizing how businesses compete and stay ahead. Your data center is now the driving force behind your business, and as its role evolves, it too must change.

There needs to be a better way to deploy powerful, scalable systems that are integrated and easy to manage. To address this need, a new type of platform has emerged: hyperconverged infrastructure.

First, let’s define the concept. It’s important to note that there are a number of similarities between hyperconverged and converged infrastructure. Both are deployed as blocks, and both converge critical resources to deliver higher density. The biggest difference is in how these environments are managed. In hyperconverged infrastructure, the management layer – storage, for example – is controlled at the virtual layer. Specifically, it incorporates a virtual appliance that runs within the cluster. This virtual controller runs on each node within the cluster to ensure better failover capabilities, resiliency, and uptime.



Thursday, 05 May 2016 00:00

How to Appeal a FEMA Decision

RIDGELAND, Miss. – Some survivors, who registered for federal disaster assistance after the March storms and flooding, may have received a letter from the Federal Emergency Management Agency that says they are ineligible. However, the reason for the decision may be something that can be easily fixed, such as providing insurance documents or new contact information.

Applicants can appeal any FEMA decision.

The first step is to look at the specific reason the letter was sent. If it isn’t clear, or more information is needed, a specialist at the FEMA helpline at 800-621-3362 (voice, 711, video relay service) can help. TTY users can call 800-462-7585. The toll-free lines are open 7 a.m. to 10 p.m. seven days a week. Information is also available online at DisasterAssistance.gov.

Appeals must be made in writing and sent by mail or fax to FEMA within 60 days of receiving the letter.

Mail appeals to:

National Processing Service Center
P.O. Box 10055
Hyattsville, MD 20782-8055

Appeals and documents can be faxed to 800-827-8112.

Information on how and where to file an appeal is included with the letters and in the "Help After a Disaster" booklet, which can be downloaded at FEMA.gov/help-after-disaster.

Effective appeal letters should follow these procedures:

  • In the first paragraph, list the applicant's full legal name used on the aid application, along with Social Security number and the FEMA case number. Include a personal phone number as well as a back-up phone number where the applicant also can be reached, in addition to a correct mailing address.
  • Write an explanation of events that provides evidence to support the appeal. Summarize changes in circumstances or needs, additional damage to property discovered after the registration was filed or higher-than-anticipated costs for repairs.
  • Include photocopies of receipts for materials and labor as well as up to three written bids for repair work if those costs exceed the award amount. Submitting repair estimates, receipts, statements or invoices is recommended.
  • Keep a copy of the appeal letter and supporting documentation as a record.


FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-3362 (voice, 711 or video relay service). TTY users can call 800-462-7585.

(TNS) - Florida health officials confirmed three new Zika virus infections on Tuesday, including one pregnant woman and one new case in Miami-Dade, as U.S. Sen. Bill Nelson, a Democrat, held a press conference in Coral Gables urging Congress to fund a $1.9 billion emergency appropriation requested by President Barack Obama to combat the disease.

Zika virus has impacted Florida more than any other state, with a total of 102 people affected since February, including at least 40 in Miami-Dade, the county with the most cases. Included in the statewide total are seven pregnant women, though the health department does not disclose their counties of residence because of privacy concerns.

With Zika cases on the rise and the rainy season at South Florida’s doorstep, Nelson called a media conference with University of Miami Health System infectious disease experts and a Miami-Dade mosquito control manager to press Congress for additional funding.



(TNS) - Tracey Herrera suspected she had a bout of food poisoning and would be out of the Langley Health Services clinic in a few minutes with a prescription for antibiotics and some encouragement to get well.

Jerry Azevedo thought that he and Herrera had picked up a flu-like, bacterial infection during their mission work in the Republic of Sierra Leone, in west Africa, a few weeks before.

“I'm vomiting blood. I feel pretty bad,” he said. “Imagine the worst flu you've ever and multiply it by 10.”

They walked into the Ocala clinic on Magnolia Avenue at 9 a.m. together. They were pale and shivering, and between coughing fits managed to tell the clinic's the receptionist they had been out of the country and were now sick. Clinic staff immediately took them into a quarantine room and contacted Munroe Regional Medical Center that they suspected the two were infected with the highly contagious and deadly Ebola virus.



Guesswork is often the enemy of those responsible for data center design, operations, and optimization. Unknown variables lead to speculation, which inhibits predictability and often compromises success. In the world of storage, many mysteries still remain, unfortunately, with block sizes being one of the most prominent. While the concept of a block size is fairly simple, its impact on both storage performance and cost is profound. Yet, surprisingly, many enterprises lack the proper tools for measuring block sizes, let alone understanding them and using this information to optimize data center design.

Let’s look this topic in more detail to better understand what a block is and why it is so important to your storage and application environment.



The buzz at yesterday’s inaugural Cyber Investing Summit – held on Wall Street at the New York Stock Exchange – was that most CEOs and board members don’t get cybersecurity.

Cybercrime is on the rise — to the tune of $2.1 trillion by 2019, according to Juniper Research. The Verizon 2016 Data Breach Investigations Report (DBIR) states that no location, industry or organization is immune from attack. A DBIR executive summary — described as the C-level guide to what they need to know — is chock full of information that most CEOs will struggle to understand. For instance, ‘the median traffic of a DoS attack is 1.89 million packets per second — that’s like over 113 million people trying to access your server every minute.’ Huh?

Make no mistake, Verizon’s report is an invaluable resource and recommended reading for business leaders. A skim through is certain to heighten awareness around cyber risks — even if it leaves a CEO scratching her head trying to figure out what all the technical terms mean — including patching, change monitoring, SLAs for DoS mitigation, CMS plugins, two-factor authentication, tamper evident controls, and all the rest.



(TNS) - Mark Michalk was in Rockport on April 18 when the water rose into his Katy home.

He had been out of town to help his aunt repair her summer home. When he reached his house on Y Street and Avenue D three days later, Michalk stood shocked at damage from 1-foot-deep water in the building.

"We have to gut my house, tear the Sheetrock out of the walls at least 4 feet up," said Michalk, who has lived in his downtown Katy home more than 10 years. "All the damages will probably cost $80,000 to $90,000 to repair. I have no flood insurance."



In the first part of our “Workplace Violence” blog series, we discussed this troubling and increasingly prevalent issue of workplace violence, along with highlighting the importance of being prepared for a very real yet unpredictable violent scenario taking place in your workplace. Which begs the question: How do you plan for something you can’t anticipate? The fact is that you can, and it all starts with the formation of a proactive crisis management team.



By asking the CEOs of some of the most successful and influential companies in the world, such as GE and Google, a clear definition of innovation manage­ment emerges. The definition addresses the need to quickly and effectively implement organizational goals and objectives to remain competitive and the desire to strengthen advantages through the adoption of innovative ideas, products, processes, and business models.

Enterprises facing increasing competition and the pressure of techno­logical innovation are beginning to realize that to drive organic business growth and maintain a competitive advantage, they need to discover and imple­ment innovation quickly and with great care to ensure maximum value. One-off innovations are moderately easy to take advantage of, but to create a pipeline of innovative ideas that materially impacts the growth of an organization, it is critical to nurture an innovation management proc­ess that can be sustained and that can remain flexible and adjustable to accommodate changes in the competitive environment. Today’s enterprises need to manage and govern the process of innovation; it is a crucial facet of a company’s overall function.



BSI CAR/1 (Continuity and Resilience Standards Committee)

I have been a member of CAR/1 representing the Berkshire Business Continuity Forum since 2006, when it was known as BCM/1.  CAR/1 mirrors ISO TC/292 and CEN TC/391.  The British Standards landscape (at April 2016) includes:



The Business Continuity Institute - May 05, 2016 11:29 BST

As we take a look at our organizations during Business Continuity Awareness Week, perhaps one of the most consistent challenges has been the business case. The definition of value is the cornerstone for clear communication with senior management, and continues to be a quandary.

The struggle for definitions; value, resilience, ROI in BC, must have us ask: “What is the value of business continuity?

The search for the value of business continuity is not of models, but of philosophy; not of others, but our own. The history of BC grew from DR, preparing systems and processes for recovery, and evolved toward resilience with the addition of emergency management and response. But the ability to handle brand management has been awkward, and garners less credibility, due to the ill-balance of upside and downside risk management.

Senior management primarily focuses on creation of opportunity; wealth, innovation, resources, and acquisitions. BCM has an opportunity to be directly involved in the creation of efficiencies in these areas, and is strategically placed within Operations Management, which is the costliest area of an organization. The ability of BCM to streamline new and current revenue streams, is unique. By mitigation of risk, and determination of upside risk capacity, it is one of the few areas where substantive change can be made, due to constraints.

There are those who argue business processes are not under the purview of business continuity, but suppliers, technology, SLAs, are part of processes. We are already involved, and the resultant optimization of systems, risk mitigation of upside risk for better decision-making in the innovation life cycle, and reduction of response time during breaches increases value.

A balanced scorecard: strategic value creation

The Poneman Institute states business continuity shortens response times to breaches by 100 days, and losses by 66%. One of the ways to know if we have generated influence, is if there is insight between departments. In a different Poneman report, cyber resilience was placed in the CIO’s hands in most organizations, but several in the information space are main influencers. BCM is at the bottom of the pile.

On the flipside, business continuity planning is seen as critical, with 70% stating it is one the most important aspects of resilience. Many have stated a:

  • Lack of metrics
  • Lack of leadership connection of resilience to revenue
  • Lack of knowledge of their own resources

This is also troublesome, as metrics, specifically a balanced scorecard, would join the strategic goals and objectives in an iterative fashion. This creates accountability, which is elusive, in resilience. This is where Operations Management can offer its experience in making the intangible, tangible. When an organization establishes an audit process, senior management believes it has value.


  • This is the opportunity to become the SME of the organization
  • Information security states, reputation and revenue were of little importance to them
  • Business continuity is the balance, as internal and external stakeholders cannot be left out of the decision-making process

The question lately has been: “Why isn’t anyone listening?” Perhaps the query should be: “Are we listening?” Business drivers are innovation and new technology, which increases upside and downside risk, and revenue. In that case, we must be there to vet new technology, because it increases competitive advantage. Understand the drivers of new business, and you can reach senior management, establish value, and create the need for business continuity.

For BCM, it is crucial to create an identity which is part of the business culture of an organization. It is not enough to build a plan from the mission statement. This means disaster recovery must a universally independent entity. Business continuity must understand resilience is not based in the processes alone, but future investments, the supply chain, sustainability, innovation, and people.

Value is more than a number, which is only a symbol, an expression. Return on investment is dependent upon the value business continuity and the business place upon one another. Similarly to a marriage, the effort to learn value can be a simple, 'why?'


So, where are we now, and where do we go from here? As a great professor once stated: “It is neither good, nor bad, just a different idea of what people believe is worth the effort.” Perhaps, value is better measured in the long-term, where events regress to the mean, and reached after we have agreed upon definitions for 'returns', and 'success'.

Radhika Murali is an MS student at Boston University, in Business Continuity, Security, and Risk Management. She has her ABCP, ten certifications with FEMA, and twelve years of experience in supply chain, as well as independent research in organizational resilience.

Thursday, 05 May 2016 00:00

BCI: Educating the educated educator

The Business Continuity Institute - May 04, 2016 16:11 BST

This year’s theme for Business Continuity Awareness Week is 'return on investment'. As someone who has worked in business continuity in both the public and private sector for over six years I am seeing that the investment in building robust, easy to use and readily available business continuity plans is essential, but nowhere more so than throughout the world of education in the United Kingdom with the Conservative Government slowly but steadily guiding all Local Authority maintained schools towards an academy status.

The ability to manage everything down to what is spent on what and when is now making the academies much more business focussed than they ever were before, and this self-sufficiency of course means that they want to get more bang for their buck.

But they still need to understand their primary function... to provide education, and what it is that they need to continue doing that... whatever.

Case studies

Major incidents in schools and academies can be much more disruptive than lost PE tops, grazed knees or spilled paints. Look at the total rebuild of Crockerne School in Pill due to a contractor's asbestos incident, or the total loss of Leyland School where teenagers set the school alight days before a new term.

Who pays?

Actually both were covered by Local Authority insurance providers at the time but now the academies need to convince the insurers that they too can cope with the disruption and have a plan.

Where’s the saving?

I have been working with many schools, academies and governing bodies over the last four years ensuring that they have an easy to use document that is fully exercised, which allows them to understand what they need to do during and after a disruptive event. I am now seeing the questions arise from Insurance providers. "Can we have sight of your business continuity/DR plans?" There will of course be several reasons for this but mainly the insurance provider wants to know that the school or academy is taking responsibility and has the ability to recover quickly and effectively, these insurance companies are also in a very competitive world themselves, trying to keep premiums down for their customers to protect their business and provide future growth in their own industry. Schools and academies can take advantage of this in their negotiations.

Of course education is just one example but it is a very good one. From a management perspective it has changed massively over the last few years and will continue to do so. The education pot is not a bottomless one, schools and academies need to make their budget stretch a long way to ensure that the children get the education they should in a safe and secure environment. But, through careful planning and preparation and quality time spent in areas such as business continuity that budget may just stretch a little further. 

The Business Continuity Institute - May 04, 2016 10:20 BST

If you’re an SME, you’re busy making money and keeping daily business under control. The last thing you need is another task, creating something that you may never need to use. But there are many immediate benefits and important reasons for creating a business continuity plan (BCP). Here are six that will more than justify the effort of creating one:

1. Stay out of legal trouble

A number of industries require their players to have a BCP, either due to Government regulations or contractual obligations. Typical examples of regulated industries are the financial industry (through the Central Bank Business Continuity standards), certain time-critical Government functions, as well as supply chain driven industries such as the oil and gas sector and the manufacturing industry. This means that if you operate in any of these industries, having a tried and tested BCP is a ‘must’ if you do not want to risk losing your customers and/or your license to operate.

2. Gain competitive advantage and increase your revenue

Having a well developed and tested BCP can mean you get the business instead of a competitor.

Many regulatory standards and commercial agreements now include a ‘third party business continuity’ requirement. This means that an organisation’s critical suppliers need to have a BCP. So even if you’re a catering supplier, a construction company, a transport supplier or a cleaning company, you can be critical to your customers. And they will be keen to review your risk management capability and disaster response options. So be smart and proactively communicate your continuity ability on your website and in your business proposals.

And BCPs are not just valuable to businesses whose customers are other businesses (B2B). Even consumers can be interested in your ability to continue providing products and services ‘no matter what happens’. Imagine you’re operating a small tourism business and entire families join you on your trips. Why not proudly tell them about your alternate guides, drivers, communication tools, emergency health provisions, accommodation options and transport facilities in case any of a disruption. Why not use the existence of your BCP to convince your customers that they (and their kids) are in good hands? This strategy can be applied to numerous sectors, in particular those where health and wellbeing are at stake, such as private hospitals, food suppliers, security providers and utilities.

3. Appeal to investors

Investors are concerned about your business being sustainable and your ability to continue to operate should adverse events occur.

One of the tools you can use to convince investors that you will stay ‘afloat’ in the event of a flood or other disruption, is a properly developed and tested business continuity plan. In fact, the U.S. Securities and Exchange Commission prescribes asking for a BCP by any investment advisers as a compliance requirement (see footnote 22). Hedge Fund investors have been pushing for years for business continuity plans to be in place prior to a fund’s launch.

4. Reduce your insurance premiums and/or get better coverage (or any coverage at all!)

According to a survey amongst brokers and insurers by the British Insurance Brokers Association (BIBA), 61.6% of interviewed insurers and brokers confirmed that companies, by having a BCP, will benefit from getting additional types of insurance, and as a result, comfortably opening new markets. If an SME, for example, is looking to include larger clients in its portfolio, it is required to show strength and seriousness in their management processes to the insurer (e.g. its ability to deliver on any obligations arising from larger contracts), so the insurer will cover them for related risks.

The BIBA survey also shows that 55.7% of the responding insurance firms offer discounts on premiums, if a client has a BCP. Additionally, they pointed out the unacceptable risk of not having a BCP when wanting to access insurance products. In total, 83.3% of the respondents said they would either offer a discount or improvement of the terms of business interruption policies, if companies had a BCP.

5. Be prepared for the big disaster, therefore also for the small disasters

Having detailed plans in place for the ‘big bang’ makes you stronger against the far more regular, minor mishaps of everyday life. Your responsiveness to small incidents will improve exponentially, considering your staff will have a stronger ‘what if’ mindset, making themselves and the company more resilient. Plus, having your contingency procedures kept updated and accessible from one central place (i.e. your BCP), will enable you to get ready quicker in the event of such smaller, regular mishaps without having to hunt around for the relevant response procedure.

6. Fill the gaps left by your insurance policy

Most businesses care about their people and about the future of their business. Not knowing what threats are around the corner (and not knowing in what forms they may present themselves) can be very stressful. Knowing that your insurance policy covers you for some unforeseen circumstances can partially alleviate that stress. But not every risk is insurable!

For example:

  • Your SME has certain assets, tangible or intangible, that are not covered by any insurance, simply because there are no policies for every single threat or every single asset (for example, your reputation).
  • Insurance policies often include force majeure clauses, meaning that for certain threats the insurer doesn’t pay.
  • Long waiting periods and/or ‘no claim’ requirements limit your ability to insure your business from day one,
  • It takes ages before the approval occurs and/or the physical pay-out hits your bank account.

By having a business continuity plan, arrangements can be made before a disaster hits that would minimise its adverse impact. These arrangements might include having reciprocal arrangement in place with a business who can service your customers while you recover, or who can provide you with the tools and equipment you need. You might also look at ensuring the key information you need to continue your business is accessible in the event of an IT disaster, such as storing a copy of your customer details and order information offsite or ‘in the cloud’.

Setting up and running a business is not easy. After surviving the avalanche of getting licenses, paying for the set-up of equipment, allocating roles and responsibilities, marketing the products/services and establishing systems required to run business functions, SMEs face new challenges, pressures and deadlines every single day.

Even more reason to protect your business and ensure its survival and make sure you didn’t waste all that time, effort and money. Especially if your business is part of a supply chain, or customers can choose between you and your competitors, or if the business is taking off and growing. You need to have a plan. One that will help you even if you don’t experience a disaster.

Rinske Geerlings MBCI is the Founder, MD and Principal Consultant at Business As Usual.

Tuesday, 03 May 2016 00:00

BCI: Business Continuity and Shoes!

The Business Continuity Institute - May 03, 2016 16:50 BST

Q. How can you develop robust business continuity and still have enough budget left for a pair of shoes?

Within the heart of every business there is a hole that only business continuity can fill.

I would like to present a low cost, continuous improvement model that has proved successful in providing business continuity management to a large organisation and an additional capability that it did not have before.

Generally speaking we develop or employ one expert, who is trained to a recognised standard and responsible for BCM across the organisation. In some cases BCM is combined with emergency planning and risk under the title of 'Resilience Manager'. Personally I think that putting three jobs into one is not ideal, however I understand that organisations have to 'cut their cloth' according to the pressures they face.

Whatever the setup, and depending on the budget, the BC programme will be delivered via a project team, a single manager, or a manager guiding a number of BC representatives (in addition to the day job) that receive training as they go along. These are all tried and tested processes, the result of which sees us where we are today. Many organisations aspire to align with ISO22301, and consequently the BC programme is driven along those lines.

It is important that BC managers should be trained to a high level of expertise. This is a necessary, yet expensive process, but brings with it a measurable return on investment in the form of continued service delivery. In addition, I think that those members of staff who are given the BC plan to develop or update should also be given some formal training to assist them. In my own organisation this training took the form of a two day fundamentals course, which was delivered by an outside trainer. This was very successful and properly equipped staff, (with some guidance) to produce BC plans for their area of work.

This approach worked well for the first year, but because of staff moving post, we found that the following year we needed to repeat the process. Again, no bad thing, because those that had moved on, took with them a basic knowledge of BC into the organisation. At year three, we decided that the training costs were becoming prohibitive, but still necessary. Consequently, I gained a teacher training qualification at night school, wrote a fundamentals and plan development course aligned to ISO22301 and the Good Practice Guidelines 2013, which I now deliver to our staff annually.

Senior and middle managers that have attended this course have found that it has improved their knowledge and understanding of BC, allowing them to give the correct level of support to staff that are tasked with developing their plan.

The development of a BC response also creates an additional capability that can be called upon in times of high demand. For example, by activating the communications room fall-back procedure and staffing the now vacated room with minimum staffing, we produced an additional capability to deal with high volume calls. Working the organisation on the failover server, frees up the main one for maintenance and repair without loss of performance. It should be understood that this type of use of the BC plan cannot be sustained for very long, and utilised carefully, but it does work.

The costs associated with this course are minimal, and break down as follows; in house training venue, "on costs", staff salary, two days away from day job and the price of two BC text books given to each student.

  • The benefits to the organisation include:
  • Significant cost savings on outside training
  • Staff trained to a consistent standard
  • Widespread promotion of organisations core values and objectives
  • Continuous improvement of BC awareness within the organisation
  • Identifies future experts in BC who understand the organisation and how it works
  • Provides a capability that can boost production or service delivery at little or no cost

Generally the best time to deliver training of this kind, particularly if you need a working budget to buy books for example, is between January and March. I have found over the years that almost all departments have money that they are looking to spend before the end of March, or face losing it from the following year's budget.

I can already hear finance shouting “it’s not like that anymore”, well, my experience is that either departmentally or organisationally there is very often some money around. Spending some of it on in house staff BC training is a low cost option that will develop staff, and produce long term benefits for the organisation, and maybe still have enough for shoes.

John Ball AFBCI is the Business Continuity Coordinator at Sussex and Surrey Police.

Tuesday, 03 May 2016 00:00

Why Compliance Must Not Fit In

My upbringing was a little different to that of my friends. I was a young teenager in the ’80s, when hair was backcombed high and shoulder pads were “in.” My mum was constantly being confused as the pop star Cher. With her similar hair, makeup, heels and great outfits, people would stop her and ask for her autograph. She certainly did not fit in to any type of normal mother mold I saw around me. I’m proud to say, she is now 67 and still does not fit in to what the average woman her age should look like or do.

Years later, I realized the wisdom of her stance against “fitting in.” Having worked in the ethics and compliance field for 20 years, I now understand how much compliance is not about “fitting in.” Indeed, it’s the exact opposite. Unfortunately, we live in a world where the “norm” in many countries would be seen as unscrupulous to many. We have seen it with the politicians in Brazil recently with Petrobas case. We have seen it on our own doorstep with the Panama papers, in which almost every country you can think of seems to have been touched. And we see it everyday with the prosecutions by the numerous regulators around the world. Fitting in does not work.

NOT fitting in means being unreasonable. Compliance needs to stand out and rebrand itself. Many of my clients tell me that they are queuing up to make their training/communications/projects front of house. They have to stand in line behind safety, security, sales, innovation and the countless other serious and important issues a company needs to address. That’s why it’s important NOT to fit in.



The Weather Company estimates that weather is perhaps the single largest external factor affecting business performance, to the tune of nearly $1 trillion lost annually in the US alone. Combining weather data with business data can improve decision-making for a wide range of companies. The company's work earned it the No. 2 spot on the 2016 InformationWeek Elite 100.

The Weather Company and its project to modernize its data collection, storage, and forecasting platform won recognition in last year's Elite 100, coming in at No. 5.

So it's no big surprise that, a year later, The Weather Company is in the top 5 again as the company continues to build on its previous success. Its expanded ambitions involve its new parent company, IBM, and a plan to apply Watson cognitive computing to the Internet of Things (IoT).



Michael Dell today revealed the new names, and yes we are talking multiple names, for the artist formerly known as the Dell-EMC deal. EMC will be deprecated for the main branding Dell Technologies, but will live on for the enterprise brand Dell EMC while the client services business will be called Dell, Inc. according to multiple reports.

Confused? I’m sure you’re not alone, but Dell was reportedly very excited about the new brands as he spoke about them on stage at EMC World in Las Vegas today. I suppose when you spend $67 billion, a few extra names makes sense — more names for your buck. Other brands like VMware, Virtustream, RSA and Pivotal will also reportedly live on.

If you aren’t familiar with the deal, it has gone through some twists and turns, but last October Dell surprised the world by announcing it was buying EMC for $67 billion in what’s believed to be the largest technology acquisition in history. It involves a mountain of debt, approximately $40 to $50 billion, depending on which reports you believe, and it will likely require selling off pieces of both companies to pay the deal.



Today, MetricStream, the market leader in governance, risk and compliance (GRC) apps, has released the results of a survey which reveal the maturity of Regulatory Compliance Management (RCM) in North American and European businesses, having surveyed more than 100 compliance professionals. Identifying the factors that impact the effectiveness of RCM, which is essential for monitoring for regulatory changes and ensuring compliance, the survey analyzes the processes in place, number of dedicated employees and departments in charge. The results indicate that, despite being well staffed to manage RCM, many businesses are still unaware of or unable to invest in appropriate technology and tools; key findings include:



Growth forecasts for data center storage capacity show no signs of slowdown. Cisco expects that by 2019, 55 percent of internet users (2 billion) will use personal cloud storage — up from 42 percent in 2014. By 2019, a single user will generate 1.6 Gigabytes of consumer cloud storage traffic per month — up from 992 megabytes per month in 2014. Finally, data created by devices that make up the Internet of Things, which Cisco calls “Internet of Everything,” will reach 507.5 Zettabytes per year by 2019 — up from 134.5 ZB per year in 2014.

Needless to say, that’s a lot of data, which will require a lot of storage, and Google is proposing a fundamental change to the way engineers think about and design data center storage systems, a rethink that reaches all the way down to the way optical disks are designed.



ATLANTA – The Federal Emergency Management Agency (FEMA) recognized Louisville-Jefferson County, Ky as a premier participant in the National Flood Insurance Program’s (NFIP) Community Rating System (CRS). With additional steps the community has taken, Louisville-Jefferson County is now the first community in Kentucky, and only the second in the eastern US, to receive a CRS Class 3 rating. Jesse Munoz, FEMA Region IV mitigation division director, presented Metro Council President David Yates a plaque recognizing Louisville-Jefferson County’s achievement at the April 14 Metro Council Meeting.

The CRS rewards communities that voluntarily take steps to reduce flood risks beyond the minimum requirements of the NFIP, such as increasing flood protection and implementing preparedness and mitigation activities. As a result, property owners and renters in CRS-participating communities enjoy a reduction in flood insurance premiums.

“Louisville-Jefferson County is the only community in the commonwealth and among only a handful of communities nationwide that has achieved Class 3, which is a notably high rating,” said Gracia Szczech, regional administrator for FEMA Region IV. “I am pleased that we can recognize Louisville-Jefferson County for taking steps to make their community safer, more resilient and save their residents money.”

Policyholders in Louisville-Jefferson County first began receiving flood insurance discounts under the CRS program in 1991. Currently, there are more than 5,194 flood insurance policies in force in Louisville-Jefferson County, representing more than $880 million in flood insurance coverage. Policyholders located in the high risk areas of flooding, or Special Flood Hazard Areas, can now receive a 35 percent discount on their policy premium, which is an average savings of $505 per policy. Some policyholders in the lower risk areas are eligible for a 10 percent discount. In total, policyholders realize an annual savings of $2,054,687 because of the community’s participation in the CRS program.

For more information on the NFIP’s CRS program visit https://www.fema.gov/national-flood-insurance-program-community-rating-system. For more information about the NFIP, a program administered by FEMA, visit www.floodsmart.gov.


FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Tuesday, 03 May 2016 00:00

Planning for the Data Center Future

The future of the data center is quickly evolving into the question of the day as changes to technology, business processes and the economy itself spur the reconsideration of long-held design precepts up and down the data stack.

Existential angst over the data center is no different from what philosophers have been pondering for millennia – “Who am I? Where am I going? What does it all mean?” – but in this day and age, plans for the future, and not even the very long-term future, are having direct consequences on decisions being made in the here and now. So amid the mad rush to get on the cloud, deploy Big Data and remake all that the IT department holds dear, it’s worth it to stop and think where we want to be in a few years.

According to Rakesh Kumar Singh, lead tech of data center technologies at Juniper, the future data center will focus heavily on client-facing and analytical workloads, with the overarching goal being to maintain and even extend a competitive edge in an increasingly cut-throat economy. The best way to approach this is to upend the age-old practice of constantly seeking out and deploying the latest and greatest technologies to instead focus on business priorities and work out the infrastructure from there. As IDC noted in its most recent FutureScape study, half of all infrastructure investment by 2018 will foster greater engagement, insight and action rather than systems maintenance, while 45 percent of the installed base will employ automation and even autonomy to improve performance, lower costs, and provide the agility and scalability to remain relevant in the coming years.



One of the highest-value services MSPs offer customers is protecting their data with automated backup and recovery. However, often neglected in the conversation with customers is the need for business continuity planning.

When you get right down to it, the ultimate goal of any BDR strategy should always be to keep the business running, no matter how serious a calamity it suffers. To achieve that level of readiness, BDR technology is essential, but there is more to business continuity planning than backing up data.

MSPs, therefore, should not only provide BDR technology, but also take on the role of business continuity consultant. In this way, you add value for the client by addressing a critical need while creating consulting revenue opportunities. Of course, helping clients stay in business through a catastrophe also helps protect your future income.



A growing trend in law enforcement today is the use of social media and technology as a valuable resource to agencies and residents. The acronym LESM (Law Enforcement Social Media) is becoming a common term across Twitter, podcasts, and a focus among law enforcement agencies. Agencies are adopting LESM to stay current with today’s technologies as well as connecting with the community in the most effective way.



The Business Continuity Institute - May 03, 2016 10:27 BST

The Business Continuity Institute's recent Horizon Scan Report identifies that cyber attacks are still perceived as the top threat by businesses. Also within the top 10 is concern about supply chain disruption, especially as they are becoming increasingly complex and often transgress international borders. Other sources of anxiety include a data breach and, for the first time this year, concerns over the availability of talent and skills. So how does business continuity help with these very real issues for businesses operating today?

The need to understand your business

Taking what is termed a 'granular approach' to your business and investing time to understand the various processes and roles within your organisation will probably provide one or two revelations. You may discover that there is duplication of processes or an incompatibility in how contact details are saved e.g. product names versus name of supplier. Could this be causing unnecessary delays or confusion between your own departments? Would the purchasing department have a plan in place if a key supplier suddenly fails? Do HR and departmental managers allow themselves the time to think about what actions may be required in the short, medium and long term if a key member of staff is unexpectedly going to be absent? Is this key person's knowledge accessible for whoever may have to fill their post on a temporary basis? Being aware of these things may improve both the efficiency of your internal systems and as a consequence the quality of service provided to other departments. So often businesses spend time worrying about the customer experience but many often ignore the fact that 'customers' i.e. people or persons requiring a product or service, exist within their own organisation, and that getting those departmental customer interactions right, can make a huge contribution to the bottom line. Gaining a better understanding of the interactions within your organisation is just one supplementary benefit of thorough business continuity planning.

Data management often comes under scrutiny during a disaster recovery (DR) programme initiative. A business that really thinks about its data will often discover the diversity and value of information that it has acquired and stored, though one aspect of this that is often overlooked or not fully appreciated is the system's ability to ‘de-duplicate’ this data. Much of the data on your organisation's live system will be copied time and time again. For example, when you cc an email to other people in the business the same data is saved multiple times across the business. With a modern DR system only one version of the email will be stored. At its most effective, this de-duplication system can deliver a staggering reduction in data storage of up to 65 percent!

What other questions should you be asking?

When planning business continuity the first question is, 'What are the vital assets without which my business can't function?' Relocating staff is inconvenient but not impossible, buildings are a shell housing your business and can be replaced. It is the records of contacts, contracts, transactions and communications that represent years of trading, and the associated applications that have been developed to manage and evaluate this knowledge and intelligence, that are the unique asset that needs protecting. Maintaining reliable and secure access to this information is key to ensuring the continuity of your business. With this in mind take some time to assess your current situation; ask yourself; ‘Am I as protected as I can be?'

Consider the following:

  • Can you access your data remotely?
  • Have all sources of information (data) been identified
  • Is it backed up and accessible off site?
  • Are staff able to work remotely, with access to relevant files?How long would it take to get alternative services up and running?
  • Have you considered moving processes away from a dedicated IT infrastructure to hosted capacity and applications, delivered over the Internet?

If you answered ‘yes’ to the last question there are some supplementary points you should consider checking with your provider:

  1. What guarantees are within the Service Level Agreement (SLA)?
  2. Where is my data? Check where your data is being housed, UK, Europe, America…

Choosing a Cloud provider should be done with business continuity and due diligence in mind. Should the unthinkable happen and your day-to-day business is compromised you will need to get to that all important data so the first thing you need to ask is, “How do I get my data out?”’How do I get my data out?’

Future proofing your BC plan

A BC (business continuity) plan needs to be adaptable to Cloud technologies and these are constantly changing and improving. Your BC plans should not define how to operate with a Cloud vendor but should allow for the relationship to evolve and respond to your business' growth and evolution and that of the technology. Many Clouds are provided ’as is’ with no recourse, as long as you know that and accept the risk you can plan for it. Where there is a service level agreement, this needs to be understood and reflected in your own BC planning and may cover elements such as the speed and amount of data restored. This is where taking the time to think about your business can really improve the efficiency of your BC plan. You will need the phone numbers and emails of your suppliers and customers within the first few hours of any incident occurring, in order to keep them informed about progress should your business be compromised. What you won't need with quite the same urgency, if ever, are the photos from the last staff Christmas party!

Having the right recovery time should be decided by the business, with careful consideration around which applications should be given priority and the maximum outage period. Having near instant restores will cost more than an eight hour recovery option, but not all business functions need to be restored at the same rate and every business is different.

So to conclude, don't approach business continuity planning as another process to follow through mechanically. Embrace it as an opportunity to review, refine and reinvigorate your business and not only will you sleep at night with the knowledge that you have a backup plan, you may even find new opportunities and ideas that bring new life to you, your staff and your customers.

Russell Cook, managing director at SIRE Technology has long been an advocate of business continuity and not just because it makes sense to make a contingency plan in case of the unexpected. No longer is business continuity just about backing-up your IT systems; if implemented and maintained in a professional manner, business continuity planning becomes a valuable business tool in its own right.

An increasingly digital world is resulting in companies across all industries reassessing how they approach risk management. Thanks to the connectedness of devices brought about by the Internet of Things (IoT), executives have much more information at their disposal for assessing risk than before.

IoT is a network of devices that collect and exchange data—think back to the classic example of your fridge ordering fresh milk before it runs out. This is quickly becoming a fact for businesses that rely more and more on being connected to remote devices for competitive advantage.

For risk managers, IoT boils down to introducing a layer of technology on top of the business. Operations do not have to be reinvented. This provides organizations that are reliant on managing risks with an indispensable tool.



Ransomware is everywhere. I’ve talked at length about the ransomware attacks that have literally shut down health care computer networks. That’s just the tip of the iceberg. A TV station out of Oklahoma reported the rise in ransomware attacks targeting police departments, and PC World told of a toy maker that has been hit by a new ransomware called CryptXXX.

As Vadim Kotov, senior security researcher with Bromium, told me in an email:

Ransomware is not going anywhere. It’s a perfect crime tool, with black market logic -- easy to implement, high ROI. We’re going to have to learn how to live with it, so backing up data to external drives on a regular basis must become everybody's habit.



In last month’s column, we introduced five common risk management failures along with indicators of each:

  • Poor governance and “tone at the organization”
  • Reckless risk-taking
  • Inability to implement effective enterprise risk management
  • Nonexistent, ineffective or inefficient risk assessment
  • Not integrating risk management with strategy-setting and performance management

The warning signs provided for each of the above failures provide a diagnostic for the Board and management to check the health and vitality of their organization’s risk management.

Below we detail five more common risk management failures, along with warning signs for each. As with the first five failures discussed last month, we separate the warning signs for these additional failures into organizational, process and behavioral indicators.



Information security is paramount in the healthcare industry, requiring compliance with some of the strictest privacy and storage standards. Even so, healthcare companies still face risks for data loss and security gaps—often making headlines for breaches affecting millions of patient records, with the average time to discovery more than 200 days.

MEDHOST helps more than 1,100 hospitals, behavioral healthcare organizations and rehabilitation facilities across the nation manage their facilities and provide medical care with financial and clinical solutions, as well as consumer engagement software and services. William Crank, chief information security officer at MEDHOST, is devoted to keeping patient health records and other secure data safe without impeding the business.

Hired as the company’s first fully dedicated security professional four years ago, Crank recalled the environment requiring “security discipline and maturity” upon his arrival. “The challenge that I had to overcome was visibility. The key to any security program meeting its goals is having visibility of all of the activities within the organization’s network,” recalled Crank. “I can’t protect what I don’t know or don’t see.”



ATLANTA – Five years after tornadoes devastated the southeast and resulted in four federal disaster declarations in five days, hard-hit communities are building back stronger. To date, assistance to residents and communities in Alabama, Georgia, Mississippi and Tennessee from the Federal Emergency Management Agency totals more than $504 million.

“The success of community recovery comes through strong partnerships at the local, state and federal levels. Together we have focused on rebuilding communities that are stronger and more sustainable for the future,” said Gracia Szczech, FEMA’s Region IV Regional Administrator.

Alabama by-the-numbers:

To date, assistance to Alabama’s residents and communities from the Federal Emergency Management Agency totals more than $361 million.

In Alabama, 88,229 individuals and families received $77,332,325 in Individual Assistance grants. More than $70 million was provided within a year of the storms, giving residents a helping hand in rebuilding their lives and restoring livelihoods.

The state and FEMA provided $343,990 in Disaster Unemployment Assistance to 333 survivors who lost jobs as a result of the tornadoes.

FEMA provided $4,810,399 to fund crisis counseling programs to help adults and children deal with the trauma and stress of surviving and recovering from the tornadoes.

Through collaborative efforts, FEMA and the state of Alabama provided temporary housing units to 307 families.

More than $202 million has been obligated as federal share reimbursements through FEMA’s Public Assistance program to state and local governments, and eligible private nonprofit organizations; and more than $1.36 million was obligated as part of these Public Assistance projects to build stronger, safer, more resilient communities and mitigate against future damage. To date, nearly 96 percent of the projected repair and replacement costs under the Public Assistance program have been disbursed to the State.

Some 4,492 residential and community tornado safe rooms have been approved to be built with $76.8 million obligated through FEMA’s Hazard Mitigation Grant program. Mitigation forms the foundation of a community's long-term strategy to reduce disaster losses and break the cycle of disaster damage, reconstruction and repeated damage.

The U.S. Small Business Administration provided $114,494,500 in low-interest disaster recovery loans to help businesses of all sizes, homeowners and renters in Alabama rebuild.

Tennessee by-the-numbers

Tennessee residents and communities have received more than $70.8 million from the Federal Emergency Management Agency.

Nearly $8.6 million in Individual Assistance grants were provided to 8,845 individuals and families. More than $8.28 million of the total was provided within a year of the storms.

FEMA provided more than $690,000 to fund crisis counseling programs to help adults and children deal with the trauma and stress of surviving and recovering from the tornadoes.

More than $52 million has been obligated as federal share reimbursements through FEMA’s Public Assistance program to the state and local governments, and eligible private nonprofit organizations. To date, more than 96 percent of the projected repair and replacement costs under the Public Assistance program have been disbursed to the state.

FEMA obligated nearly $8.7 million to Tennessee through its Hazard Mitigation Grant program. Projects include eight safe rooms.

The U.S. Small Business Administration provided more than $10 million in low-interest disaster recovery loans to help businesses of all sizes, homeowners and renters rebuild.

Mississippi by-the-numbers

Mississippi’s residents and communities have received more than $38.9 million from the FEMA.

More than $10.7 million in Individual Assistance grants were provided to 7,259 individuals and families. More than $9.9 million of the total was provided within a year of the storms.

More than $24.3 million has been obligated as FEMA’s share reimbursements through the Public Assistance program to the state and local governments, and eligible private nonprofit organizations. To date, more than 96 percent of the projected repair and replacement costs under the Public Assistance program have been disbursed to the state.

FEMA, MEMA and local jurisdictions also considered the safety of residents in the future. With more than $3 million in FEMA assistance through its Hazard Mitigation Grant program, communities across the state are using the funds to implement safe and smart building practices.

The U.S. Small Business Administration provided more than $10 million in low-interest disaster recovery loans to help businesses of all sizes, homeowners and renters rebuild.

Georgia by-the-numbers

FEMA provided Georgia’s residents and communities more than $12 million in recovery assistance.

Individual Assistance grants of nearly $5.6 million were provided to 5,461 individuals and families. More than $5 million of the total was provided within a year of the storms.

FEMA provided $350,807 to fund crisis counseling programs to help adults and children deal with the trauma and stress of surviving and recovering from the tornadoes.

More than $21 million has been obligated as federal share reimbursements through FEMA’s Public Assistance program to the state and local governments, and eligible private nonprofit organizations. To date, more than 91 percent of the projected repair and replacement costs under the Public Assistance program have been disbursed to the State.

FEMA has obligated more than $4 million through its Hazard Mitigation Grant program for communities across the state to become more resilient from disasters.  

The U.S. Small Business Administration provided $8,492,000 million in low-interest disaster recovery loans to help businesses of all sizes, homeowners and renters rebuild.


FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Earlier this year 38-year-old Cedric Larry Ford killed four and wounded 14 others in a chaotic workplace shooting spree in Kansas. Investigators at the time were unclear of the shooter’s motive—only that there were "some things that triggered this particular individual." While it’s easy to push aside news of these incidents with the justification, “It can’t/won't happen here,” the fact is that workplace violence can and does happen to unsuspecting organizations—and often for no immediately discernable reason.

With this blog, we’re debuting a comprehensive, four-part series aimed at shining the light on this frightening—and increasingly common—issue. This inaugural entry takes a closer look at the risks of workplace violence, along with the consequences of failure to plan and prepare for threatening incidents.



(TNS) - This decade has seen Boulder and surrounding communities faced with profound dangers posed by wildfire, flood and even a degree of social upheaval as its residents struggle to cope with quality of life factors sometimes not in their control.

In response to a range of potential threats, the city of Boulder on Thursday released a draft of its first Resiliency Strategy, promoting a series of 15 steps to be taken with the goal of surmounting challenges such as climate change, social cohesion, disaster recovery and more.

Boulder's action comes as the most concrete manifestation of its work to date through participating in the 100 Resilient Cities program, pioneered by The Rockefeller Foundation.



The International Standards Organisation has issued the Draft for Public Comment (DPC) for its new standard covering Organizational Resilience - Principles and Guidelines | ISO 22316.

The closing date for comments is 13 Jun 2016.  Comments can be made through the BSI Draft Review System (DRS). 

This International Standard provides guidance to enhance organizational resilience for any size or type of public or private organization and is not specific to any industry or sector. It can be applied throughout the life of an organization.



Digital Realty has pre-leased the entirety of its first data center in Japan. The anchor tenant who signed the lease is a major hyperscale cloud provider whom the data center company did not name.

There’s currently a wave of high demand for large chunks of data center space in top markets around the world as the biggest cloud providers race to increase the scale of their infrastructure and win share of the quickly growing enterprise cloud market. This wave has fueled a boom for wholesale data center providers like Digital Realty.

It’s difficult to deduce which of the hyperscale cloud providers has signed the multi-megawatt lease in Osaka, but the top players in this category are Amazon, Microsoft, and Google, as well as IBM and to a lesser degree Oracle. Some Software-as-a-Service providers, such as Salesforce, could also be considered hyperscale.



In the early years of the internet, it was often recommended, when addressing the question of security in the net, to disconnect the connected computer to the Internet from the rest of the working processes. That way, the malware from the net would not corrupt the data of the companies. It used to be a simpler and more efficient suggestion, obviously no longer practicable in the current era of almost total connections: rarely can a firm avoid having a computer network. However, the constant connection to the Internet – also from mobile devices – makes these nets easily vulnerable and this is why sensitive data must be more and more protected.

What are the threats?

Cybercriminals use unprotected web protocols to launch their attacks. These protocols are responsible for the exchange of data between computers and net providers, the most popular being the TCP/IP protocol. Under an insufficient protection, what is known as man-in-the-middle attacks can be started. If an attacker has obtained access to a computer network he or she can stand between two communication partners without being noticed. That way the intruder can hear – or rather read – the whole communication content, impersonate one of the communication partners or intercept confidential data.



When Joseph Latouf was in high school, a challenge sparked his curiosity. His algebra class was informed that if anyone could come up with a prime number generator, they would win a $100,000 reward. Latouf got fast at work, and after some intense analyzing and deliberating, uncovered a clever method of creating a prime number generator. A professor at a nearby university was called in to prove that his prime number generator worked—and indeed, it did. Sadly, however, there really wasn’t a $100,000 prize.

Latouf said he tucked away the fruits of his labor in his back pocket, hoping that it would someday lead to something of value. After all, he knew that a prime number generator was important, since it holds the keys for encryption.

Fast forward many years later, when Latouf was wrestling with the idea of security and encryption and feeling uneasy about the fact that if he had a prime number generator, others likely do too. And, that meant that there were people out there who can crack encryption.



Friday, 29 April 2016 00:00

The Demands for Cyber Security

We’re under attack and to say organizations across the board are slow to respond is an understatement. On average, it takes the Enterprise anywhere from nine to eighteen months to identify that a security breach has occurred.

How much data do you think the bad guy is able to exfiltrate in that period of time? All of it!

The demands for Cyber Security amid the ever-increasing pressures in the enterprise for bigger, better, faster and yesterday, have become a huge challenge for any administrator and/or security professional.

Within the plethora of technologies, demands from users and compliance, keeping the organization’s most prized assets – their data – safe is a highly complex task. Time and again, the age old problem perpetuates a weakened security posture. Is this Groundhog Day reality, the result of highly sophisticated and innovative threats? Are attackers all of a sudden much smarter and more coordinated?



Friday, 29 April 2016 00:00

My Technical Learning Curve: Encryption

Resilience professionals, particularly those from a non IT background, really need to step up and develop their overall understanding of technology, especially focusing on how we all communicate with one another in the modern age. I mean, how else are you going to be able to fully appreciate the magnitude of risks potentially facing your business?

I hear you say “my IT guy will tell me” but even then beyond the tech descriptions you’re only ever getting their individual perspective. How confident are you of their awareness of the business process that’s using the technology? or the impact to customer experience? Or how it might affect the long term leadership strategy as to why you have that technology in the first place? In my experience, very technical employees are often very skilled in one particular area of focus and tend to think in a very linear way. I therefore think it’s vital that resilience professionals who face off to senior management and leadership need to have a basic understanding of how some of it actually works.

Oh and by the way I’m not just talking about all the buzzwords you see coming out from half-baked vendor blogs repeatedly referencing cool words like “Brute Force,” “Spear Phishing” or “Whaling” or “Social Engineering.”



When I started in this business more than 30 years ago, it took a supercomputer to do what a laptop can do today, and networks were in their infancy in places like Stanford. Storage is a lot more complicated these days, and storage architects and administrators need to be on top of a whole lot more than they used to. So with a nod to the now-retired David Letterman, here is my list of the Top 10 things storage architects and admins need to be monitoring and doing.



Friday, 29 April 2016 00:00

A Generation that Speaks Up

It is becoming more common to see the integration of millennials in the workforce. Many people assume this population of workers to be young kids fresh out of college. However, that is not the case. The higher ladder of millennials are already holding roles in management, leadership and even executive positions. Companies are seeking out millennials because they are a generation of visionaries and bring new perspectives. It is estimated that by the end of 2016, millennials will be the largest generation in the workforce.

A key characteristic of these young workers is their ability to speak up and take a stand. They have been socially trained to look at the bigger picture and ask necessary relevant questions that will take your organization to the next level. Given their go-getter mentality, millennials want to grow and that includes growing out of your company if they don’t see the promise of personal benefit or growth.



In today’s corporate world, most organizations have a crisis management plan in place. However, many of these plans are out of date or not truly actionable, leaving businesses vulnerable to a wide range of threats.

In a recent Deloitte survey, researchers found that after a crisis more than 70 percent of organizations took up to three years to fully recover their reputation and operations. Many of these companies even had a plan in place—but it simply didn’t get the job done.

Is your crisis plan operational? If a crisis strikes tomorrow, would your stakeholders be prepared to react accordingly to protect themselves and mitigate damage to the company? Or would you still be cleaning up the mess three years later?



To say that the software-defined data center (SDDC) is different than traditional data centers is putting it mildly. The term “sea change” is more like it.

Indeed, Forrester Research has said that the potential impact of SDDC products is immense, “offering an integrated architecture merging legacy architectures, cloud computing, and workload-centric architectures into a single automation domain.”

To begin to gauge the impact that SDDC can have on MSPs and their customers, it’s important to understand some of the inherent differences between the SDDC and traditional data centers.



I was invited to sit in on the reveal of the 2016 Verizon Data Breach Investigations Report (DBIR), which was formally released today. In the past, the DBIR had some real groundbreaking findings; I believe it was the DBIR that showed just how serious the insider threat was. This year, I don’t think the report contains anything that news making. Instead, what jumped out at me is how we continue to struggle against long-time threats.

For instance, one of the findings in the 2016 DBIR is that old vulnerabilities continue to be leveraged. According to the report, 85 percent of the malicious traffic seen targeted the top 10 vulnerabilities, most of which are more than a year old.

Passwords also continue to plague security efforts, as 63 percent of breaches involved weak or lost/stolen passwords. Marc Spitler, senior manager at Verizon Security Research, and co-author of the report, told Dark Reading that he thought that percentage was “startling” and went on to say:



Thursday, 28 April 2016 00:00

Migration Services Help Simplify the Cloud

The cloud is fast becoming an indispensable component of modern data infrastructure, and many organizations are working feverishly to unite their public and private clouds into a unified hybrid entity.

But it is becoming clear that while building clouds is challenge enough, the complexity really kicks into high gear during the migration process. Not only do you have to move large volumes of data back and forth, but you must maintain consistent management and policy enforcement across disparate infrastructures and provide this in such a way that business users, not IT, can oversee the process. This is not as easy as it sounds given that applications behave differently on internal and external infrastructure, even if they are based on the same cloud platform.

This is what makes migration so stressful and frustrating, says Bill Carolan, of New Jersey-based systems integrator SHI International. The assessment and planning stages alone are enough to slow a cloud program to a crawl, as these steps require a thorough review of local infrastructure, particularly networking, followed by tests, trial runs, the inevitable re-evaluation of the migration process, then more tests… And even after a successful launch, migration must be continually monitored and adjusted to meet changing workload requirements and business objectives. All the while, there is constant user and admin training and retraining, plus a host of considerations when it comes to the disposal of unnecessary hardware.



(TNS) - A line of severe thunderstorms plowed through North Texas Tuesday night leaving a wake of damage from hail, high winds, and tornadoes.

National Weather Service Meteorologist Steve Fano said there was at least one confirmed tornado that touched down about five miles west, northwest of Bells at about 10:10 p.m. A 90 mph wind gust blew through Sherman at 10:13 p.m. and more high winds caused damage across Grayson County.

“We won’t know any specifics on if there were any more tornadoes until tomorrow,” Fano said on Tuesday night.

Fano said most of the wind gusts that hit the county were between 60 and 70 mph, but they were damaging. In Whitesboro, an apartment and office building had damage reported to roofs. A vehicle was blown off the road three miles southwest of Gordonville. Power lines were reported as down, and tree limbs blocked multiple roadways across the county.



(TNS) - Around the country, 911 telecommunicators are a calm voice when there’s a call for help.

“Woo-woo-woo-woo-woo! Orange County 911. What’s the address of the emergency?”

The voice on the line might be Jimmy Summey – an 18-year telecommunicator and Efland Fire Department volunteer – or Jessica Slaughter – a young mother with two years under her belt – or any of the other two dozen people behind the scenes.

They’re the “unseen heroes” backing up law enforcement, firefighters and EMS workers, interim Emergency Services director Dinah Jeffries said.

“It’s kind of a compliment, in a way, but (people) think of 911 as the entire thing. You forget this voice that’s behind the scenes, and they’re the ones that actually coordinated this for you,” she said. “They do a heck of a job, and it is a difficult job.”



One of the most common questions we hear is: what is the return on investment that can be expected when purchasing XenApp? To help answer that question objectively, Citrix recently commissioned Forrester Research to conduct a Total Economic Impact (TEI) study to learn more about the ROI that customers experience when deploying XenApp.

Forrester set out to understand the benefits, costs and risks associated with an individual XenApp deployment. They interviewed IT managers from a large manufacturing company[1] that have been using XenApp for several years and applied Forrester’s Framework and Methodology to determine the total economic impact. They learned that their business was primarily benefitting from XenApp in three ways:

  1. Reduced costs of access to enterprise applications
  2. Consolidating licenses of legacy applications
  3. Providing secure access of applications to third parties

Let’s take a closer look at the results.



Thursday, 28 April 2016 00:00

Why Bad Breaches Happen To Good Companies

Although it’s early into 2016, according to the Identity Theft Resource Center, there have already been more than 200 data breaches this year, and that number is only going to rise.

Why do data breaches keep happening? Surely by now everyone knows how to prevent them. Except, it seems, that they don’t.

Every day at work, I watch more companies fall prey to security threats and think about what they could have done to protect themselves. Our research team at Malwarebytes is constantly discovering new attacks targeting companies and organizations around the world. Three consistent, preventable problems lead me to believe that businesses will continue to be victims of more of these attacks for the foreseeable future if they do not change the way they operate.



Emergencies are, by definition, unexpected occurrences — but one Florida county has a new 911 system that aims to remove some of the guesswork by putting data in the hands of decision-makers who can make smarter choices about emergency response.

In Manatee County, Fla., an aging legacy 911 center kicked off conversations about how to improve emergency services, and late last year, officials launched the city's new, more efficient next-generation 911 call center. The upgrades give dispatchers modernized communication tools and will allow for multimedia communications, but perhaps most significant is that officials now have the necessary ammunition to make life-saving decisions: data analytics.

Public Safety Director Bob Smith said that hard data has allowed for more precision in staffing first responders on the streets and on the county’s barrier island, which is connected to the mainland by two bridges.



The global reach of the Business Continuity Institute

In its 22 year history, the Business Continuity Institute has grown to become a truly global organization, and this is clearly reflected in the Institute’s membership demographics which show that now only 40% of members come from the UK where the organization was founded.

It is also reflected in the latest CBCI Online course which began earlier this month, with eleven different nationalities represented within a single class. This is testament to the Institute’s efforts to make the CBCI credential available to everyone, regardless of location.

Nicky Tramaseur, Senior Education and Events Manager at the BCI, commented: “We have always said that we want the BCI experience to be available to everyone, and I am delighted we are able to use the latest technology in order to achieve this. Disruptions occur all across the world, so it is vital that people from all across the world are properly trained to help their organizations manage through these disruptions.

Getting your CBCI credential is an important step to developing a career in business continuity, but attending a course venue or taking a week off work is not always an option. This is why the BCI developed the CBCI Online course as a new way of learning. Created in partnership with Bucks New University, it allows each student to take the course wherever they can get online, whether that is at work, home or perhaps even in a coffee shop.


As revealed by the results of a recent survey of IT pros, moving some parts of an organization’s infrastructure to the cloud is a priority, but one that presents a challenging management scenario. But server and application management in the cloud doesn’t have to be a daunting prospect. IT professionals can better equip themselves to manage—or prepare to manage—servers and applications in a hybrid IT environment by addressing several key considerations as well as leveraging certain best practices for an optimized data center.

To start, one of the most important things to remember in the hybrid IT era is that the cloud is not for everything. Too many companies begin implementing hybrid IT environments without first considering which workloads make most sense for which environments. While it’s tempting to look at the growing popularity and benefits of cloud computing and say, “Let’s move some of our applications to AWS and see how it works,” without a fundamental understanding of all your workloads and what they require for optimal performance, you will more than likely hinder your organization’s efforts to generate cost savings, greater performance and agility, or any other anticipated benefit of cloud computing.



Cloud adoption in government is increasing, and the reasons are many: Adopting cloud services can lend an organization greater flexibility and agility, and save it dollars. But for those C-level executives who aren’t adopting, it's not because they're being stubborn or encountering significant barriers to adoption: A new study suggests that the "barriers" encountered may primarily be psychological, as the technology is catching up to business need.

The survey from HyTrust, called the State of the Cloud and Software-Defined Data Center (SDDC) 2016, was given to 500 C-level and vice president executives who lead medium- and large-sized organizations, mostly in the private sector, and found that 70 percent of respondents believe cloud services will see increased adoption over the next year. In addition, 60 percent of respondents see that adoption being deployed more quickly than it has been in the past.



As part of an effort to make it possible for applications to have more granular control on wide area network (WAN) connections, Riverbed Technology today unveiled a Riverbed SteelConnect platform managed via the cloud that unifies control of extended networks.

Josh Dobies, senior director of product marketing for Riverbed, says Riverbed SteelConnect is an instance of a software-defined WAN that ties together orchestration of application delivery and network connectivity.

Riverbed SteelConnect can be deployed as a virtual appliance on top of existing infrastructure or deployed as a physical appliance acquired from Riverbed. A SteelConnect Manager portal hosted in the cloud then provides the management plane through which IT organizations can construct a hybrid network using Riverbed switches and access points spanning both on-premise and data center and cloud service providers such as Amazon Web Services (AWS). In addition, Riverbed will add support for Microsoft Azure later this year.



Comprehensive survey of senior IT and business executives reveals predictions of increased adoption, faster deployment and security less of an obstacle

MOUNTAIN VIEW, Calif. – We’ve long been moving toward cloud-based and virtualized infrastructures, but in some ways 2016 might just be the year in which the software-defined data center (SDDC) really becomes a fixture in corporate America. There will be increased adoption of this dynamic trend and faster deployment of the technologies and processes involved, leading to greater tangible benefits and a clear return on investment. In fact, there’s almost unanimous belief that optimal SDDC strategies and deployment can quantifiably drive up virtualization ratios and server optimization, thus noticeably benefiting the bottom line. All this because even though data breaches will surely happen, concerns over security and compliance will be far less an obstacle.



(TNS) – How prepared is Iowa when it comes to dealing with a natural disaster or public health scare?

According to a study by the Robert Wood Johnson Foundation, it’s more prepared than most.

The National Health Security Preparedness Index tracks the nation’s progress in preparing for, responding to and recovering from disasters and other large-scale emergencies.

The index combines measures from more than 130 individual capabilities to determine the preparedness of health security surveillance; community planning and engagement; information and incident management; health care delivery; countermeasure management; and environmental and occupational health.



Hail claims are making headlines following multiple springtime hailstorms in Texas, including one in the San Antonio region that is expected to be the largest hailstorm in Texas history.

While the estimated insured losses from the storms—$1.3 billion and climbing from two storms that hit the Dallas-Fort Worth region in March; as yet not estimated (but expected to be worse) insured losses from a third storm in the Dallas-Fort Worth region April 11; plus a further $1.36 billion early estimate of insured losses from the San Antonio storm April 12—may seem high, property insurers are well-prepared to handle such events.

In a new briefing, ratings agency A.M. Best says it expects limited rating actions to result as affected property/casualty insurers are expected to maintain sufficient overall risk-adjusted capitalization relative to their existing financial strength ratings.


Wednesday, 27 April 2016 00:00

CDC: 10 Ways to be Prepared

Mom, dad, and child with blueprints for house.

To mark the National Day of Action, there are hundreds of little steps you can take to be better prepared at home, in your community, and on the go. Here are a few quick action steps you can take today!

10 Ways to be Prepared

Sign up for local alerts and warnings. There are different types of alerts and warnings that you can receive about weather conditions and other emergency situations. Check with your local health department or emergency management agency to see how they share emergency information, whether it is through emergency texts, phone calls, digital road signs, social media, or sirens. You can even download an emergency app from FEMA, The Red Cross, or the Weather Channel.

  1. Create and test communication plans. Have a discussion with your family before a disaster strikes and make a plan for how you will connect to each other.
    • Complete a contact card for every member of your family. Make sure to keep these cards with you at all times
    • Choose an emergency contact. Keep in mind that it might be easier to reach a friend or relative who lives out of town.
    • Identify a meeting place in your neighborhood and your city or town where your family could gather if there is an emergency.
    • Batteries, radio, candles, and flashlight
  2. Build an emergency supply kit. Make sure you have at least a three day supply of food and water for each person in your family. Also include health supplies, personal care items, safety supplies, electronics, and copies of important documents.
  3. Safeguard documents. Identify financial and legal documents, medical information, household identification, and key contact information you might need after a disaster. Use this helpful checklist to take an inventory and not forget to safeguard any critical documents.
  4. Document and insure property. Different types of insurance cover different types of damage after a disaster. Make sure you understand your insurance policies and minimize potential losses.
  5. Make your property safer. Make property improvements to reduce damage to your property during a disaster and prevent potential injuries from different types of emergencies.
  6. Conduct a drill. Practice emergency response actions for disasters that might happen in your community.
  7. Conduct an exercise of a disaster scenario. Use mock scenarios for different types of disasters to review and improve your emergency plan. You might consider participating in a community-wide tabletop exercise for different emergency situations. In your home, you can practice a fire drill, tornado drill, or earthquake drill.
  8. Plan with neighbors. Many people rely on their neighbors after a disaster. Make sure you start the conversation about preparedness before a disaster strikes. Know the needs of your neighbors and be ready to help in an emergency.
  9. Participate in a class, training or discussion. Contact your local emergency management agency to see what trainings are available in your community, or consider enrolling in a first aid or CPR course at your local Red Cross.
Tuesday, 26 April 2016 00:00

Data Tower: a Data Center for Saruman

While Microsoft’s infrastructure researchers investigate how deep they can sink a data center pod in the ocean, two Italian architects propose trying to push the limits in the opposite direction.

One of the three designs to win this year’s skyscraper design contest by the eVolo Magazine is a 65-story cylindrical data center that looks like something Saruman the White would have built to keep his data in. The Data Tower, created by architects Marco Merletti and Valeria Mercuri, is a radical new take on the use of space, energy efficiency, and elegance in data center design.

The architects have imagined a tower where server-filled pods are lifted up to take their spots automatically, coming down when needed for technical work. The pods with IT gear sit outside of the tower, while the inside acts as a giant chimney, where they exhaust hot air that gets pulled from outside. A massive fan at the top expels some of the hot air, while the rest of it gets recycled for comfort or greenhouse heating.



One of the problems with Dropbox and indeed all cloud storage is the way they have implemented how you view your cloud storage on your local drive. If you want to access your cloud file system in your local file management tool, you literally need to have it stored on your drive, which really defeats the idea of having cloud storage in the first place — especially on devices with smaller hard drives.

Alternatively, you could open Dropbox.com and navigate to your files in a separate interface, an approach just about everyone dislikes.

Dropbox wants to change that.



Tuesday, 26 April 2016 00:00

Guns on Campus

In the aftermath of high-profile shootings on college campuses, college administrators are considering whether to allow guns on campus. Administrators are divided, with some seeing guns as a way to keep students and faculty safe and others worried that more guns would only increase levels of violence on campus. Explore current law regarding guns on campus in America to get a more informed understanding of how state laws affect university policies regarding firearms.

Concealed Weapons on Campus

While all 50 states allow individuals to carry concealed weapons if they meet certain requirements, 19 states prohibit concealed weapons on college campuses. The following states do not allow concealed weapons on campus at all: California, New Mexico, Nevada, Nebraska, Wyoming, Tennessee, Missouri, Louisiana, Georgia, Florida, Michigan, Illinois, Ohio, South Carolina, North Carolina, North Dakota, New Jersey, New York and Massachusetts.



For Michael Skaff, chief operating officer and privacy officer at the Masons of California, the cloud is more than just an enabler of technology. It’s an enabler of IT innovation.

The 55,000-member Masons of California primarily leverages public cloud systems, but is also utilizing a hybrid cloud to meet certain business needs. The organization is also considering private cloud for a few uses, according to Skaff.

“As long as the solutions are well-designed, and the associated contracts and integrations carefully managed, cloud-based services offer an unprecedented opportunity for IT to shift its primary focus from building technology to delivering business value,” said Skaff.



Microsoft saw one of the biggest spikes in data center spend in company history in the last quarter.

It invested $2.3 billion in capital during the three-month period, which included a 65 percent increase in data center spend year over year, Microsoft CFO Amy Hood said on the company’s fiscal third quarter earnings call on April 21. “As planned, we accelerated our data center and cloud services investments to meet growing global demand,” she said.

During the quarter, Microsoft saw a 66 percent year-over-year spike in capital spending, its second-largest since the third quarter of fiscal 2007, according to data compiled by Bloomberg. The largest was an 86 percent increase in the second quarter of 2014.



Tuesday, 26 April 2016 00:00

Cybercrime as Big Business

Cybercriminals are on a mission. They want to take advantage of point of sale (PoS) technology as much as possible before it totally switches over to chip technology. Even though the EMV card payment system came online late last year, many businesses and credit card issuers have been slow to migrate to the new PoS technology. FireEye recently identified one such group of cybercriminals, calling it FIN6, which is stealing credit card numbers from the old PoS terminals and selling them through underground channels. Bloomberg explained:

Malware such as GRABNEW, which captures login credentials, can come as an e-mail attachment, FireEye said. FIN6 either sends that malware or pays others for the credentials.

Once FIN6 gets into a company’s network, it uses software vulnerabilities to move around and locate card numbers. One FIN6-linked case resulted in 20 million cards, mostly from the U.S., in the online shop, selling for about $21 each, Milpitas, California-based FireEye said.



The volume of data generated today is growing at an astonishing rate, and demand for data center space has reached an all-time high, consistently outpacing supply in the top markets. Many organizations are struggling to develop effective data center strategies, frequently facing the familiar question: build or lease?

A decade ago the answer was easy: build. At that time, colocation services were not an ideal solution. Fraught with concerns over technology deficiencies and adoption roadblocks, there was too much risk associated with colo to make it a viable part of the data center strategy for many companies. But times have changed and today colo solutions have overcome many of the real and perceived roadblocks. There are, however, still scenarios where it makes sense for a company to consider hosting its own data.

There are a number of strategic factors that can influence these decisions, which generally fall into four buckets: capital; application purpose and requirements; control; perception of security and risk. While many of the factors are analytical in nature (such as financial savings), there are also cultural preferences within companies that influence the strategy.



(TNS) - The tally of flooded homes in Harris County reached 6,700 on Sunday, surpassing the total from last year's Memorial Day flood.

An additional 300 homes were damaged in Waller County. The assessments are preliminary and numbers are expected to continue to rise.

In unincorporated Harris County alone, surveyors estimated $43 million in residential losses and $13 million in commercial losses by Sunday night, said Francisco Sanchez, spokesman for the county's emergency management office. The estimates are required before the region can be designated a federal disaster area, allowing victims to apply for money from the Federal Emergency Management Agency.

But residents don't have to wait for food, housing or clothing. Anyone who needs immediate help should call 211, Sanchez said. The same applies to Waller County.



(TNS) - Morgan County has been active in adding community shelters in the nearly five years since the April 27, 2011, tornadoes, but Decatur has added none.

Eight public shelters have been built in Morgan County and another is in the final stages of construction after one of the worst tornado outbreaks in U.S. history hit central and north Alabama.

Morgan County Commission Chairman Ray Long said the shelters are a significant safety net for residents.

“It’s good to have a shelter you can get 100 or more people in,” he said. “They’re a lot safer.”

The fifth anniversary of the outbreak that killed 234 Alabamians, including 14 in Lawrence County and four in Limestone County, is Wednesday. Morgan County had plenty of damage but no deaths.



Tuesday, 26 April 2016 00:00

Q&A: Nobles County Emergency Management

(TNS) - The following is part of a series of Q&As with Nobles County, Minn., departments to educate the public on the services provided. This one with Emergency Managment Director Joyce Jacobs

Q What are the primary responsibilities of the Emergency Management department?

A The Emergency Management Department is responsible for developing, coordinating, promoting and evaluating programs to ensure emergency preparedness in Nobles County. The Nobles County Emergency Management Director administers a county-wide emergency management program with the goal of preparing the county to respond to and recover from major disasters. Disasters can be natural (typically weather related) or man-made.



Responding to the resilience challenge

Following the previous paper by the Business Continuity Institute's UK 20/20 Group on the resilience challenge for the business continuity profession, a new paper has been published outlining how individuals and organizations should rise to this challenge.

In ‘Responding to the resilience challenge’, it is shown how business continuity practitioners can use their unique understanding of value creation within an organization to influence governance and promote informed decision making. In these uncertain times, BC can push organizations to become more agile in dealing with emerging risks, while taking a clear role in crisis leadership when risks materialise into disruptions.

The paper explains how BC practitioners should use their background as a foundation for understanding other management disciplines, as resilience practice is expected to grow into a highly technical role that will require practitioners to bridge academic knowledge and professional experience. Practitioners will also be expected to address the gap between existing technical expertise among management disciplines to decision making at the top.

Bill Crichton FBCI, Chairman of the BCI 20/20 UK Group, commented: "For those business continuity practitioners who don't have a good understanding of resilience, they should consider whether they need to enhance their skills to provide the opportunity for them in the future to lead the resilience capability within their organization."

Download your free copy of 'Responding to the resilience challenge' by clicking here.

It seems active shooter incidents have become an all-too-frequent story on the local news. According to A Study of Active Shooter Incidents Between 2000-2013 conducted by the FBI, 160 active shooter incidents occurred within this time frame, and that number has continued to rise since.

The key to ensuring that you and your staff remain safe during an active shooter incident is preparation. At least 65 (40%) of the 160 incidents between 2000-2013 ended before law enforcement arrived, so it is crucial that active shooter preparedness be a priority in every workplace.



Yesterday, Mike Cohen’s post Networking Containers: Policy Finally Comes of Age appeared on the Open Networking User Group blog site.  He talks about the tremendous interest among application developers to use Linux containers to develop, deploy, and operate applications.  Containers and microservices simplify complex application development into smaller, less risky software components with the benefits of portability and speed.

Like cloud and big data, containers and microservices will transform the traffic in your data center infrastructure.  As applications are disaggregated into many component services, each service now becomes an endpoint to be accessed and shared across the network.

Moving to a container-based microservices architecture will increase the number of addressable endpoints in the data center by an order of magnitude or more.  (See “The Impact of Containers and Microservices” below)



Monday, 25 April 2016 00:00

Elephants in your datacentre

ep, there is you know, big, grey and imposing (not yellow and cuddly like this fella!)… OK, not literal elephants of course… well if there is you may have some different challenges to the ones I’m looking to address in this post, may I suggest the nearest zoo!

What do I mean then with this figurative elephant?

Data is the lifeblood of our businesses and in the modern business world we all discuss its management and protection endlessly. There is however an elephant in the room. One we choose not to discuss because it is getting increasingly more difficult to control and we are unsure as to what to do about it.

I think the above quote is a pretty accurate summation of the problem, data is a big complex beast and Nellie aside, how do we go about tackling it.



Monday, 25 April 2016 00:00

The Rise Of The Citizen Data Scientist

The data skills gap is a well-publicized issue, and true data scientists are a relatively rare species. One way that organizations are attempting to solve the issue is by empowering all employees with some data skills - whether this be a math or social science degree - to analyze the data themselves. These are known as citizen data scientists.

Gartner defines a citizen data scientist as ‘a person who creates or generates models that leverage predictive or prescriptive analytics but whose primary job function is outside of the field of statistics and analytics.’ They have predicted that by 2017, the number of citizen data scientists will have grown five times faster than their highly trained counterparts. According to Shawn Rogers, Chief Research Officer at Dell Statistica, ‘I think that 2016 could be the year of the citizen data scientist because users throughout the business want a more democratized approach to Big Data and analytics. Not every company can afford a data scientist, which is a big reason why citizen data scientists will become a big part of the data ecosystem as it evolves.’

Data is now at the heart of any operations, and its importance to decision making and innovation is only going to grow. By 2018, over half of large organizations worldwide will be using advanced analytics and proprietary algorithms to compete, while by 2020, companies will be spending 40% of their net new investment in business intelligence and analytics on ’predictive and prescriptive analytics.’ Fundamentally, this means that everyone in the organization needs to be able to leverage the data to some degree, and it cannot simply be left to one highly trained individual sitting at the top of the firm dishing out insights as they deem fit.



Everybody loves a hardware upgrade, be it a smartphone, a tablet, a laptop or even a smart new server. It’s something shiny and new.

When we talk about upgrades or data migration though, it’s often more of a ‘must-do’ than a ‘nice-to-have’, whether it’s updating back office ERP systems, moving users from desktops to laptops or simply introducing a new back-up system.

So while not the most exciting part of an IT team’s workload, data migration is a necessary part of day-to-day maintenance and management. It is also not without its risks, including loss of data.



With the recent White House order of a federal data center construction freeze, government agencies are now forced to do even more with less, including complying with growing regulation and accountability. The new Data Center Optimization Initiative mandates stricter goals and rules meant to reduce the government’s sprawling data center inventory and the money it takes to maintain it.

All too often, IT leaders find themselves constrained by legacy in-house data centers and connectivity options that fail to deliver required reliability and uptime, while meeting the mission’s budget.

Successful government agencies employ enterprise data center services to ensure mission-critical IT needs are met:



There is something special about round tables. It gets people to open up, collaborate, and talk to everyone that sits at the table. Be it at home, in political discourse or in business, round tables help to solve problems, and foster the open exchange of ideas and thoughts.  It eliminates side or siloed conversations at the other end of the table. This is especially important when you put top experts together on a topical, and sometimes, a controversial subject.

It was with this spirit in mind that we accepted the Robert Frances Group (RFG) offer to join “The Rounds”, a new series of industry experts from users and vendors collaborating with RFG in the development of Open Cloud frameworks. Cisco has embraced open conversations, the sharing of ideas and participation in industry bodies and forums for a long time. As such, “The Rounds” was a perfect fit – so when RFG invited to join in, we gladly accepted.



AUSTIN, Texas – Disaster recovery experts today urged applicants for federal assistance to complete a disaster loan application from the U.S. Small Business Administration. Taking a loan is not required; completing the application can open the door to all federal assistance, including possible additional grants from the Federal Emergency Management Agency. If approved, and a survivor does not accept the loan, it may make them ineligible for additional federal assistance.

Many Texans who register for disaster assistance with FEMA will receive an automated call from SBA with information on how to complete the loan application process. These low-interest SBA loans are the major source of funding for disaster recovery.

SBA provides low-interest loans to businesses of all sizes (including landlords) and to homeowners, renters and eligible private nonprofit organizations that sustained disaster damage. There is no cost to apply for a loan.

Assistance from FEMA is limited to help jump-start the recovery; it may not cover all damage or property loss. Completing the SBA loan application may make FEMA assistance available to replace essential household items, replace or repair a damaged vehicle, or pay for storage costs.

Interest rates can be as low as 4 percent for businesses, 2.625 percent for private nonprofit organizations and 1.813 percent for homeowners and renters with terms up to 30 years.

  • Eligible homeowners may borrow up to $200,000 for home repair or replacement of primary residences, and eligible homeowners and renters may borrow up to $40,000 to replace disaster-damaged or destroyed personal property, including a vehicle. 
  • Businesses of all sizes can qualify for up to $2 million in low-interest loans to help cover physical damages.
  • Small businesses and most private nonprofits suffering economic impact due to the severe weather and flooding can apply for up to $2 million for any combination of property damage or economic injury under SBA’s Economic Injury Disaster Loan program.

Applicants may apply online using the Electronic Loan Application via SBA’s secure website at DisasterLoan.sba.gov/ela.

Disaster loan information and application forms are available online at SBA.gov/disaster, from SBA’s Customer Service Center by calling 800-659-2955 or emailing This email address is being protected from spambots. You need JavaScript enabled to view it.. Individuals who are deaf or hard of hearing may call 800-877-8339. Meet with an SBA representative at a Disaster Recovery Center to learn more about disaster loans, the application process or for help completing an SBA application.

Completed applications should be mailed to:

U.S. Small Business Administration

Processing and Disbursement Center

14925 Kingsport Road

Fort Worth, TX  76155


People with storm losses, who still need to register with FEMA, can go online anytime at DisasterAssistance.gov. Survivors also can register with FEMA by phone (voice, 711 or video relay service) at 800-621-3362, TTY 800-462-7585. The toll-free lines are open 7 a.m. to 10 p.m. local time, seven days a week. Multilingual operators are available.

Federal disaster assistance is available to residents of Erath, Gregg, Harrison, Henderson, Hood, Jasper, Limestone, Marion, Newton, Orange, Parker, Shelby and Tyler counties that suffered damage in the severe storms, tornadoes and flooding, March 7-29.

Microsoft’s mad-scientist data center research crew appears to have liked the results they’ve seen after submerging a relatively small underwater data center pod somewhere off the coast of California last year as a test. The team has stepped up its underwater data center ambitions, the project’s lead told a conference in New York Wednesday.

While still in preliminary planning stages, the next underwater deployment may be about four times the size of the first pod, or about the size of a shipping container, Ben Cutler, the project’s manager, said, according to Data Center Frontier.

The first pod, a 10-by-7-foot cylindrical shell that contained a single rack of servers, went underwater around August of last year. The Project Natick team pulled it out and brought it back to the Microsoft headquarters in Redmond, Washington, in December to collect experimental data.



While space elevators and colonies on the moon are still squarely in the realm of science fiction, developed countries like the United States heavily utilize satellites, so-called space infrastructure, to facilitate and support communication functions, entertainment systems, weather forecasting, search-and-rescue functions, global positioning systems and national defense elements.

As of 2015, there were more than 1,000 active government and private satellites in space with an additional 2,600 devices that no longer function. These nearly 3,700 items range in size from a few pounds to as big as a school bus. More than 15 countries and hundreds of private companies own these satellites. Of the active satellites, there are 502 active American, 188 Russian and 116 Chinese. 

These man-made objects are not the only things in space. In fact, the United States Surveillance Network estimates that there are more than 21,000 objects larger than 10 centimeters (about 25 inches) orbiting the Earth, with an additional 500,000 smaller pieces. All natural and man-made space objects travel at extraordinary speeds even if they are geospatially maintained in many cases. As these items continue to increase in number and interaction, there is a risk to the critical infrastructure systems discussed earlier that are maintained through the multitude of satellites.

In the weeks since the revelation of the Panama Papers, the world of the rich and powerful has been reeling. A single cyberattack against Mossack Fonseca, a quiet Panamanian law firm, has sent a tsunami around the world, toppling one world leader so far, with more turbulence to come.

The attacker absconded with a vast trove of information, consisting of millions of documents, emails, and other information – so much information, in fact, that journalists and other investigators have been poring through it for over a year.

Still a mystery: the identity or identities of the attackers. Perhaps an insider with access to secret passwords? Or maybe a skilled attacker, well-versed in the intricacies of cyberespionage?



Historic flooding has left the Houston metropolitan area inundated once again this week, killing at least seven people, flooding 1,000 homes and causing more than $5 billion in estimated damages in Harris County alone. Gov. Greg Abbott declared a state of disaster for nine counties in and around the Houston area. The widespread nature of the disaster prompted the city of Houston to call this the largest flood event since Tropical Storm Allison, which devastated southeast Texas in 2001, causing $9 billion in damage and $1.1 billion in insured losses.

According to Harris County Judge Ed Emmett, about 240 billion gallons of rain fell on the Houston area this week. That’s the equivalent of 363,400 Olympic-size swimming pools, CNN reported. After 10 inches of rainfall fell in six hours Sunday night into Monday, powerful, slow-moving thunderstorms had paralyzed the region Monday, but storms continued through Wednesday.

Having some of the hardest rainfall overnight helped a bit to mitigate the dangers this week. While this made it difficult to predict, it allowed people to better make choices about going out, as opposed to last year’s floods around Memorial Day, Emmett told the Houston Chronicle. Nevertheless, emergency crews made more than 1,200 high-water rescues, many residents had to evacuate to shelters, and for those who were able to shelter in place, 123,000 homes had no power at the height of the flooding. Officials have also expressed concern about two local dams that have been rated “extremely high risk and are at about 80% capacity, but they are not in immediate danger of failing.



The fight between Apple and the FBI brought the concept of using backdoors to break encryption to the mainstream. The initial battle may have ended with the FBI hiring someone to hack into the phone (and I have to ask – was anyone surprised that an outside hacker was able to do the deed?).

The battle from Apple’s point of view also drew a lot of support from tech companies and IT professionals. A new study from Spiceworks provides some insight as to why IT pros are concerned about backdoors, encryption and overall security. In general, IT pros believe the existence of backdoors, whether they are there for government agencies, law enforcement, or anyone else, puts their company at greater risk of a cyberattack or data breach. The reason, according to the survey, is simple: Hackers are already very good at outsmarting security systems, and if backdoors are provided as a way to help solve legal and national security concerns, it is only a matter of time until hackers are using them for their own nefarious goals. Backdoors, the IT pros believe, put personal and financial data at greater risk.

The survey revealed something else that I found more surprising. Although 57 percent said that they believe encryption actually helped prevent a data breach, encryption isn’t as widely adopted as a security layer as one would think, as the Spiceworks report stated:



RIDGELAND, Miss. – All applicants receive letters from FEMA explaining the status of their applications and whether or not they are eligible for assistance from FEMA. Some may receive text messages about their application.

Take the time to read the document thoroughly. Sometimes people do not immediately qualify for financial help and the reason may be fixed simply. The following are some common reasons for not qualifying:

  • The applicant did not sign the required documents;

  • Proof of ownership or occupancy was not supplied;

  • No proof the damaged property was the primary residence at the time of the disaster.

  • Someone else in the household may have applied and received assistance.

  • No paperwork showing the damaged property was the primary residence at the time of the disaster.

If questions arise, call the FEMA helpline (voice, 711 or relay service) at 800-621-3362. (TTY users should call 800-462-7585.) The toll-free lines are open 7 a.m. to 10 p.m. seven days a week. You also can take the letter to a visit a disaster recovery center and talk with staff individually. To locate the nearest center, visit FEMA.gov/DRC or call the FEMA helpline.

FEMA can never duplicate insurance benefits or other government sources, but if insurance is not enough to cover all the eligible damage, FEMA’s initial determination of ineligibility may change.

Every applicant has the right to file an appeal. The original letter provides an explanation of what steps need to be taken to appeal FEMA’s decision. Bring the letter to a disaster recovery center for help with the appeals process or call the FEMA helpline. Appeals must be filed in writing within 60 days of the date of the determination letter. The letter must explain why the initial decision was wrong and provide any new or additional information.

Appeals can be mailed to:

FEMA – Individuals & Households Program

National Processing Service Center

P.O. Box 10055

Hyattsville, MD 20782-7055

For more information on Mississippi’s disaster recover, visit FEMA.gov/Disaster/4268 and MSEMA.org.


FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). If you are deaf, hard of hearing or have a speech disability loss and use a TTY, call 800-462-7585 directly; if you use 711 or Video Relay Service (VRS), call 800-621-3362.

The U.S. Small Business Administration is the federal government’s primary source of money to help business of all sizes, private non-profit organizations, homeowners and renters rebuild and recover after a disaster. SBA low interest disaster loans repair and replace property losses not fully compensated by insurance and do not duplicate benefits of other agencies or organizations.

Friday, 22 April 2016 00:00

BCI: Cyber Resilience Survey

How does your organization perceive the cyber threat? Have you suffered from some form of cyber security incident during the last year, and what impact did it have on your organization? Do you feel you have adequate measures in place to deal with such an event, and perhaps just as importantly, do you have the backing of senior management to put measures in place to deal with them?

These are the questions the BCI is asking as part of its latest research project – the cyber resilience survey – which will inform a new report to be published later this year.

Please do take the time to complete the survey. It will only take a few minutes and each respondent will be in with a chance of winning £100 of Amazon vouchers.

Find the survey here: https://www.surveymonkey.co.uk/r/BCI-Cyber-Resilience-Survey-2016

An interesting “separation of church and state” conundrum is bubbling up in the software industry. While the new public cloud model demands developers to take ownership of security, there’s still room and reason for security controls to become an entity handled on their own—separate and transparent from the developer.

Historically developers have focused on developing software, not on configuring a security posture, but that model has changed of late. In today’s dev-ops world, everything has converged. The software developer has become responsible for many operational aspects, including security. A lot of this change stems from the rise of the self-service model. Developers go to AWS and they’re on their own; nobody else is in charge of security. Therefore, software developers have to think about security—how do I set up access control, how do I set up security groups, and how do I encrypt data, or not? Security controls are built into the developer workflow.

As I see the world evolving, I believe IT needs will drive us back to a paradigm where security controls are independent of developer activity. There’s a strong appetite on the part of customers to have a set of controls that are managed independently of developers and operations. I think that’s a good thing.



What do you think when you hear Hybrid IT?   Does your mind go to a 3rd kind of not quite private, not quite public cloud that your team needs to build?

Fear not.  Hybrid IT is not another type of cloud but rather a strategy for your organization to quickly and cost-effectively deploy technology across multiple platforms.  It is a service delivery strategy that places the right workload into the right environment based on business need.  That need could be speed of deployment, performance, cost, or security.  The essence of hybrid IT can be summarized in the following quote from EMC World last year:

“I want to be able to tell our business units, if you want to stand up services on the private cloud, go ahead.   We have the technologies and operating processes to do that.  And when it’s time to move appropriate workloads to a public cloud, we have the technologies and operational processes to do that too.” – Eric Craig, CTO, NBC Universal



Moore’s Law may well be coming to an end with respect to microprocessors, but if the speed of processing power is to continue to develop (especially in today’s digital world of Big Data), other areas of computing need to be examined if it is to progress and improve.

Drawing on vast numbers of crunching resources in the cloud is one of the main ways that computing can continue to advance. By sharing computer capacity, processing capability improves which enables businesses to be more effective and innovate.

I am old enough to remember SETI (Search for Extra-Terrestrial Intelligence) when it was big in the ’90s. It was software that you could download so when you were offline your computer capacity could be shared with systems around the world and mine massive data to search the universe for extra-terrestrial intelligence. This is one of the first examples of cloud – using shared resources.



This perspective provides an overview of the Business Continuity Institute’s Professional Practice 5 (PP5) – Implementation, which is the professional practice that “executes the agreed strategies and tactics through the process of developing the Business Continuity Plan (BCP)”. As part of the business continuity planning lifecycle, Implementation activities continue following strategy selection in PP4, with the goal of documenting business continuity plans that aid the organization in recovery at the strategic, tactical, and operational levels.


PP5 provides the business continuity practitioner with guidance on two topics specific to documenting the organization’s business continuity plans. First, the Good Practice Guidelines (GPGs) provide a detailed description of a business continuity plan, including general principles, as well as concepts and assumptions for documenting plans. Second, PP5 provides guidance on developing a business continuity plan, as well as managing the plan after creation. Let’s take a deeper dive into each area.



Edge data centers have been a hot topic since about two years ago, fueled by the grand expansion ambitions data center providers that chose to go after the edge market had.

Companies like EdgeConneX, whose expansion ambitions were the grandest (it went from zero data centers to 20 in a period of two years), and vXchnge, which also expanded quickly, primarily by buying existing facilities (in one deal last May, for example, it acquired eight SunGard facilities), have gone after the demand for data center space outside of the top markets.

An edge data center, essentially, is a facility where long-haul network carriers interconnect with local ISPs and internet content providers who cache their data in the facility so that they don’t have to pay to transport it from the big cities. The effect is described as extending the internet’s edge, “edge” meaning the last stop from where content is delivered to the consumer.



It’s your job to walk into a conference room full of Board directors and, in a short presentation, convey a holistic, accurate picture of all the information technology risks across your entire organization. Now, imagine you were expected to prepare for this make-it-or-break-it meeting, which may involve delivering negative and expensive news to executives, using only email and spreadsheets. Ready? Go!

Communicating risk posture and assessments to the highest levels of an organization is a demanding and increasingly pivotal responsibility in businesses that rely on information technology—in other words, almost every business. In a world where business and infrastructure run on digital technology that is vulnerable to highly skilled hackers, protecting those technology assets is quickly becoming Job #1.

In fact, a recent survey showed that, of IT professionals who responded that security was their main focus, 34 percent spend most of their time on IT risk management and 25 percent primarily spend time on regulatory compliance. IDC projects that by 2018, the financial services sector will spend more than 18 percent ($96 billion) of their total IT dollars on risk management technology and services.



Friday, 22 April 2016 00:00

Incident Management – The New Frontier

Compliance programs are required to create and manage case investigation systems to handle potential misconduct, investigate allegations of wrongdoing and then dispense discipline. Lessons learned from these investigations are valuable sources of information to improve compliance programs.

Chief compliance officers play a critical role – either supervising the internal investigation system or coordinating with other functions in the organization to monitor internal investigations. Along the way, companies have built effective hotlines, triage protocols, investigation policies and practices processes to evaluate and dispense discipline. CCOs regularly report to the board on the major investigations and the overall investigation system, including nature of complaints, time to resolve complaints and conduct investigations, and handling of whistleblower concerns.

I like to label all of the above as a company’s effort to promote organizational justice. Within the system itself, principles of a judicial system apply with equal force – fairness, transparency, and consistency. Like our country’s judicial system, the company’s judicial system can be judged on very similar criteria.



Rice University civil engineering professor Philip Bedient is an expert on flooding and how communities can protect themselves from disaster. He directs the Severe Storm Prediction, Education and Evacuation from Disasters Center at Rice University.

Starting late Sunday night, the Houston area began experiencing major rainfall. By Monday afternoon, rainfall totals in some parts of region had exceeded 15 inches in 24 hours. It’s an event many are comparing to to 2011’s Tropical Storm Allison, which devastated the region.

Bedient is hoping to make those type of flood events less devastating. He designed the Flood Alert System – now in its third version – which uses radar, rain gauges, cameras and modeling to indicate whether Houston’s Brays Bayou is at risk of overflowing and flooding the Texas Medical Center.

In an interview with Urban Edge editor Ryan Holeywell, conducted after the Memorial Day floods of 2015, he said more places need those types of warning systems.



Data security is not optional. Organizations owe it to their clients to protect sensitive client data. And market forces in the form of reputation damage, revenue loss and hefty fines (for regulated data) ensure that there is plenty of incentive to do so.

As organizations move to address increasingly sophisticated security threats, they are often caught off guard by the many hidden costs of security and compliance, realizing (too late) that safeguarding data from current and future threats is more resource-intensive than first imagined—and is growing more so with each passing day.

In part 1 of this series, I’ve outlined five hidden costs of security and compliance that organizations often encounter when embarking upon data integration and management projects.



Many BCM practitioners talk about BCM standards, but few walk the walk. I write this blog as this subject continues to boggle my mind in today’s risk-filled environment.

I recently presented to two groups: one at a major conference in Orlando and the second at a leading continuity group in Nebraska. We spoke to a total of about 140 practitioners regarding standards and compliance. The attendees were all from mid-level to very large companies – some regulated, some not. Experience levels ran from beginner to advanced.

The first question I asked both groups was: How many of you have adopted a standard to drive your enterprise BCM program?

Want to guess what percentage had adopted a standard?  1%? 25%? 50%?  Less than 10% of the 140 had adopted a standard—a dreadfully low number.



Two earthquakes within a few days may seem like a lot for one region of a country to withstand, but in the case of the insurance and reinsurance industry early indications suggest the impact of the Japan quakes will be manageable.

A magnitude 6.5 earthquake struck the Kumamoto prefecture of Japan last Thursday. Just 28 hours later a magnitude 7.3 quake struck the region. So far, Japanese officials have confirmed 46 fatalities and more than 1,000 people injured.

Reports appear to show significant property damage in the region, but it’s too soon to know what insured losses will be.



Backup is broken. Anyone who has had to work with enterprise backup knows this to be the case. Gartner, in fact, published a report six years ago titled, “Best Practices for Addressing the Broken State of Backup.” One would think that, given how awful the state of backup was in 2010, the situation would have improved by now. But, unfortunately, the broken state of backup is actually getting worse, not better.

For example, a global survey of CIOs and IT pros in 2015 showed that, on average, an organization experienced 15 unplanned downtime events that year. This compares to the average of 13 reported in 2014. In addition, unplanned mission-critical application downtime length grew 36 percent from 1.4 hours to 1.9 hours year over year, and non-mission-critical application downtime length grew 45 percent from 4 hours to 5.8 hours. These outages cost the average organization $16 million a year, up 60 percent over 2014.

The central problem is that backup cannot provide what organizations really need: availability. After all, when a mission-critical application is down or the file server has crashed beyond repair, it’s cold comfort to have a backup of the data somewhere across town on a tape in an underground vault. The enterprise is undergoing a digital transformation in which executives, employees, customers and partners expect to have 24/7/365 access to data.



Wednesday, 20 April 2016 00:00

Preparing for the Disruption of the IoT

The Internet of Things (IoT) promises to cause disruption in almost every industry. Companies need to examine how they can take advantage of connected products and services and plan for the significantly increased data workloads that will likely come with the deployment of sensor-enabled products. However, an expected surge in product innovation also means that companies should carefully consider how they will deal with the potential rise of new, more agile competitors whose business models will be based primarily on IoT products and services. Here are some points about the IoT I’ve been discussing with colleagues that organizations may want to consider.



It's up to those in the resiliency profession to help companies be in a position to continuously deliver their services.

In the cognitive era, organizations are using technology to process data more quickly than ever and correlate results that could be difficult to imagine in the past. These capabilities are crucial for resiliency.

Cognitive computing is changing how industries do business by providing access to data that enables critical decision-making, reduces time frames for key business deliverables, and ensures products get to market efficiently and effectively.



Oracle is beefing up its services to marketing and advertising-focused customers with the acquisition of an Israeli company that tracks how users engage with advertising and media.

Oracle announced that it will buy Crosswire, a provider of machine-learning based cross-device data that can help marketers track cross-device advertising, personalization, and analytics.

Oracle did not disclose the conditions of the deal, but press reports say Oracle paid approximately $50 million for the venture-funded startup founded in 2013.



(TNS) - It has been nearly a year since heavy storms and rains in late spring of 2015 brought widespread damage and flooding to the region. With the floods on Father’s Day, which saw high water in areas not known for flooding, still a recent memory to many, city officials are looking for ways to prevent similar events from occurring again.

City officials are currently working on updates to Denison’s Flood Damage Prevention Ordinance, which presents guidelines for development about how to prevent flooding issues at the site and further downstream.

“Our goal is to reduce the probability of flood damage happening around our drainage areas,” City Manager Jud Rex said on Thursday, referring to drainage ditches, culverts and other features designed to handle runoff from storms.



Virtualisation continues to grow in popularity as it offers different ways of backing up our data, in addition to being able to ensure that business-critical systems remain online in the event of an emergency.

Some people have even hailed virtualisation as the next frontier of computing. But do you know what is computer virtualisation and how can you or your clients benefit from it? Let’s take a step back and first review what virtualisation is and how it works.



After a billion dollars and many years spent deploying a state-of-the-art earthquake warning system, there are still important lessons to be learned from the Tohuko and Kumamoto earthquakes.

The Kumamoto Prefecture, located in the center of Japan’s southwestern Kyushu island, was recently struck by two sizable earthquakes. As of this writing, more than 40 people have been reported dead, with at least 11 missing. The damage sustained has been quite severe for earthquakes of this magnitude (6.4 followed by 7.3), which may, to some extent, be associated with older building stock that was constructed before modern seismic building codes were implemented. Some of the damage can be seen on the Japan Times website.

A number of people (including Emily Chang on Bloomberg West) are wondering how our earthquake warning capability compares to the Japanese system. I might summarize these concerns as:



Over the next four years, 35 percent of the core skills you have today will change. As a storage engineer, what do you think these changes might be?

I recently had an interesting meeting with storage engineers who were considering a move to a commodity type storage infrastructure with little or no data management capabilities.

They were so enamored by the technical specifications of the new equipment that they said they were quite comfortable giving all of the data management capabilities that were inherent in their existing storage array up to the virtualization layer or to the applications themselves. Basically all of the value that used to be offered like data management, data protection, and replication capabilities were going to be given to other teams in the organization.



Will the cold storage data center of the future include a DNA synthesizer? According to a new research paper by the University of Washington and Microsoft, it’s a strong possibility.

Today, we generate data faster than we can increase storage capacity. The volume of digital data worldwide is projected to exceed 16 zettabytes sometime next year, the paper’s authors wrote, citing a forecast by IDC Research. “Alarmingly, the exponential [data] growth rate easily exceeds our ability to store it, even when accounting for forecast improvements in storage technologies,” they said.

A big portion of the world’s data sits in archival storage, where the densest medium currently is tape, offering maximum density of about 10 GB per cubic millimeter. One research project has demonstrated an optical disk technology that’s 10 times denser than tape.



Pivotal kills its own Hadoop distribution. Google uses machine learning to help you reach your goals. Dell updates Statistica to make it easier for so-called citizen data scientists. Workday enhances its analytics -- and more in this week's Big Data Roundup.

This time let's start with Workday. This cloud-based HR software application provider -- or human capital management (HCR) as it's called today -- this week announced a new set of enhancements to its analytics capabilities. The company unveiled new finance and workforce-related scorecards and dashboards that enable customers to gain insight into real-time transactional data and predictive analytics, the company said in a statement announcing the news.

Specifically, Workday said, the new dashboards and scorecards will let customers predict and manage their customer collections. For instance, organizations can use the predictive capabilities to determine the likelihood of an invoice being paid on time. Workday said this can help revenue managers address accounts receivable issues and do a more accurate job of forecasting revenue.



(TNS) - As they so often do, 911 calls came fast and furious on a recent weekday afternoon. A residential burglary. A business burglary. A person with a gun. They all happened at once, in different Evansville neighborhoods.

Amy Worthington was on top of it. Seated in the City-County Dispatch Center, with four computer screens in front of her and her headset in place, Worthington navigated Evansville Police Department officers to each event.

Officers were stretched so thin at the time that Worthington had to send two patrol units that normally work the South Sector out of their jurisdiction to one of the burglaries. It was such a busy few minutes that at one point, only three EPD cars were freely patrolling the city.



Monday, 18 April 2016 00:00

Making sense of enterprise security

Until recently, I knew nothing about enterprise security beyond some of the more widely publicized breaches in the United States.

That said, after spending most of 2016 immersed in the space, I’ve come to appreciate just how challenging and broad an issue security has become to enterprises.

I’ve also come to believe that our best hope for solving security is by understanding humans — the perpetrators and victims of cyberattacks — and, as a result, I’m convinced that security is fundamentally a human identity problem.



(TNS) - Japan was intensifying search and rescue operations on the southern island of Kyushu Friday amid a series of aftershocks, after a 6.5-magnitude earthquake killed at least 9 people and injured about 1,100, the government said.

The government deployed more than 3,000 people to Kumamoto prefecture, the hardest-hit region in Thursday's quake, as Prime Minister Shinzo Abe vowed to make its utmost efforts in the operations.

"We will do our best to ensure the safety of residents," Abe told reporters.

Walls and houses collapsed in Mashiki, a rural town of 33,000 residents, 900 kilometres south-west of Tokyo, when the quake struck at 9:26 pm Thursday (1226 GMT) at a depth of 11 kilometres, local officials said.



(TNS) - Boyd County 911 will begin a transition from Nixle alerts to more specific updates through AlertSense.

Boyd 911 Director Sandy Ott said the new system will feature geo-locating capabilities and voice dialing to landlines so alerts can not only be more specific, but also reach those who do not have access to text messaging or computers.

Administrative training will begin this summer and Ott hopes the new system can launch as soon as June 1.

Ott explained that AlertSense will allow government agencies to post from the same source so that users will not have to sign up for individual alerts.



Monday, 18 April 2016 00:00

Building a Successful Hybrid Cloud

There is a lot to be said for the hybrid cloud. It blends local control and security with scale-out resources and operational flexibility, all of which are emerging as crucial factors as organizations make the transition to digital business models.

Indeed, if the hybrid cloud were not so effective, no one would give it a second thought. But this does not mean it is trouble-free. And the further along the enterprise goes in the transition to cloud-based infrastructure, the more glaring the deficiencies become.

At the moment, of course, the benefits outweigh the risks in the eyes of most enterprise managers. According to a global survey of 500 IT decision makers, the vast majority say the hybrid cloud is crucial in maintaining a competitive advantage and lowering the cost of data infrastructure. This is manifesting itself in a number of ways, including improved collaboration between IT and line-of-business managers and increased self-service resource provisioning so knowledge workers don’t succumb to the lure of shadow IT. The challenge, however, is to ensure that resources and data sets can be integrated across local and distributed infrastructure, while at the same time building up internal skillsets to oversee this new form of infrastructure and to ensure it does not get bogged down with overly complex management and security systems.



Google is reimbursing Google Compute Engine users up to 25 percent of their monthly charges after an outage that impacted instances across all regions on Monday.

The outage lasted 18 minutes, and did not affect Google App Engine, Google Cloud Storage, or other Google Cloud Platform products. While 18 minutes may not sound like a lot of time, in the cloud world it is. And because the outage impacted multiple regions, it meant clients couldn’t failover to a new region in order to mitigate the impact of the outage.

According to a lengthy and apologetic post mortem on the Google Cloud Platform status page on Wednesday, the issue began when engineers removed an unused GCE IP block from its network configuration and instructed its systems to propagate the new configuration across the network.



JACKSON, Miss. – Floodwaters have receded from the severe storms that hit beginning March 9, but they are leaving behind the perfect damp environment for mold and mildew to thrive, advises state health officials.

According to the Mississippi State Department of Health (MSDH), mold can be identified by its musty, earthy odor and its fuzzy growth or discoloration on hard surfaces, furniture and carpeting. But it is not always visible – it can spread through cooling/heating ducts as well as wall insulation. It can cause coughing, sneezing, wheezing and asthma that should be treated by a doctor.

Mold should be cleaned up as soon as possible or it may create health hazards, especially among the elderly, the very young and those with compromised immune systems, allergies or asthma.

MSDH recommends a two-step cleaning process. First, clean all hard surfaces, such as metal, glass, solid wood, plastic and other nonporous materials with a non-ammonia detergent and hot water. Then, disinfect all cleaned surfaces with a 10-percent household bleach solution (one-and-a-half cup of bleach in one gallon of water).

Then dry or air dry by opening windows and doors, and turning on ceiling fans for more ventilation.

Do not mix bleach with ammonia or other cleaners. Wear protective gear including rubber boots and gloves, goggles and an N-95 mask while cleaning.

According to the health department, the general rule for porous materials is if you cannot wash it, throw it away. Throw out all moldy items that cannot be thoroughly cleaned, such as carpets, mattresses, upholstered furniture, stuffed animals, pillows, wall coverings and all paper products. Remove drywall or insulation that has been dampened by floodwater. Allow the wall studs to dry before installing new insulation and drywall.

For areas of mold clean-up larger than 30 square feet, please consult a professional mold remover.


FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

(TNS) - A year and a half ago, the Hunter brothers of Vallejo were not sure there would be a light at the end of the tunnel created for them by the so-called South Napa Earthquake.

The Mare Island building, which housed their successful business, was badly damaged in the Aug. 24, 2014 temblor, forcing them to move and they weren’t sure where they were going to go.

The last part of that process — moving Western Dovetail’s offices into the firm’s new Mare Island building — was recently completed, and everyone is letting out a collective sigh of relief.



Emergency communication planning has become a key element of many businesses, but a surprising number of organizations are still completely unprepared for a potential crisis. According to the Business Continuity Institute, 14 percent of businesses do not have an emergency communications plan, and 68 percent of those organizations would only create one if they experienced a business-impacting event.Of course, having a plan does not necessarily mean you are prepared for the next big crisis. When was the last time you truly assessed your communication plan?

For quick and effective response during an emergency, you should be testing your business communication plans on a regular basis, as well as any time there is a significant change in your company. This might include newly-hired departmental heads or executives, business expansion or the use of new technology platforms.

Of course, there are several ways to ensure that a crisis communication plan is up to date and performing as intended. Here, we look at four ways to test your organization’s plans and make sure they are getting the right message across:



A new study out from CloudPassage — a cloud security firm based in San Francisco — concludes that the American higher-education system is failing at preparing students for careers in cybersecurity.

CloudPassage hired a third party consultant to analyze computer science programs at 121 universities listed on three rankings which included U.S. News and World Report’s Best Global Universities for Computer Science, Business Insider’s Top 50 best computer-science and engineering schools in America, and QS World University Rankings 2015 – Computer Science & Information.

The University of Michigan (ranked #12 on the U.S. News & World Report’s list) is the only program in the top 36 which requires a cybersecurity course for graduation.