DRJ Fall 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 32, Issue 2

Full Contents Now Available!

Industry Hot News

Industry Hot News (327)

One of the biggest decisions companies face in conducting a Business Impact Analysis (BIA) is what use, if any, they will make of software in doing it. In today’s post we’ll look at the main software options available for doing BIAs, discuss which work best for which types of organizations, and share some tips that can help you succeed no matter what approach you take to using software.


In broad terms, there are five approaches companies can take in using software to do their BIAs.

As a reminder, a BIA is the analysis organizations conduct of their business units to determine which processes are the most critically time sensitive, so they can make well-informed decisions in doing their recovery planning.



CISOs must consider reputation, resiliency, and regulatory impact to establish their organization's guidelines around what data matters most.

Today's CIOs are the stewards of company data, responsible for its health and performance as well as maintenance of the availability, speed, and resiliency their stakeholders expect. CISOs, however, sometimes serve as emergency room doctors for their company's data. Their role is to think about worst-case scenarios, diagnose the severity of incidents, and jump in when incidents happen or are likely. Their first priority is to keep patients alive, but keeping them healthy is worth bonus points.

Like ER doctors, CISOs need rapid prioritization tied to the health of the business to effectively triage incidents. To establish each organization's guidelines around what data matters most every CISO must consider reputation, resiliency, and regulatory impact.



Friday, 17 May 2019 16:24

The Data Problem in Security

The recent merger of CloudBees and Electric Cloud is a sign of the times in the world of DevOps as integrated DevOps solutions come back into vogue. Not too recently, this would have been looked down upon as a step in the wrong direction when it comes to innovation and providing value to developers. But why is that? What’s wrong with an integrated toolchain, and why is it taking so long for vendors and users to come around to them or for vendors to offer them? After all, DevOps as a term itself has been around for about 10 years, so what’s the sticking point?

The Dawn Of The Integrated Toolchain

To understand these questions, we need to set the Wayback Machine to the decade of the ’90s, when the full stack developer automation toolchain was being born. Source code repositories certainly existed, but the automation of continuous integration, unit test, and deployment did not. Those types of automata would come later in the early 2000s as teams from HP, IBM, Micro Focus, and Microsoft created full stack automation tools that managed source code integration, executed unit tests, automated functional tests, and packaged software in a manner that was ready for production. This all sounded great on paper, but it was expensive, not extensible, and captive — meaning once you bought into this toolchain, there was no easy way to get out. Proprietary standards and integration points made it difficult at best to variate from the prescribed toolchain. These tools were also designed to be managed by IT administrators and not their users, the developers writing and building the code.



Shuffling resources, adding administrative process, and creating a competition and incentive system will do little to grow and mature the talent we need to meet the cybersecurity challenges we face.

The recent Executive Order on America’s Cybersecurity Workforce is intended to bolster public sector cybersecurity talent and improve our ability to hire, train, and retain a skilled workforce. Unfortunately, it ignores the real challenges we face in securing our public infrastructure: high turnover, outdated models, and an excess of administrative processes. Instead, the EO focuses on a series of relatively superficial initiatives seemingly designed to get people more excited about cybersecurity. These include:

• A cybersecurity rotational program
• A common skill set lexicon/taxonomy based on the NICE framework
• An annual cybersecurity competition with financial and other rewards for civilian and military participants 
• An annual cyber education award presented to elementary and secondary school educators
• A skills test to evaluate cyber aptitude in the public sector workforce

While it's great to see the continued focus on addressing our substantial national cyber challenges, this Executive Order is an attempt to address a severe talent shortage by shuffling resources, adding administrative process, and creating a competition and incentive system that will do little to grow and mature the cyber labor force. 



Back in November, Forrester outlined its 2019 predictions for a set of hot emerging technologies. We identified which markets were likely to command big investments in the new year and even predicted that GE would turn a corner this year. Let’s see how we did so far with a few of them.

Additive manufacturing will save General Electric. 2019 has delivered glimmers of hope for GE: Investors have started showing faith in the company’s new leadership. GE’s stock price is up 42% year-to-date, and optimism is building in GE’s aviation unit. With a pipeline of over 60 proprietary 3D-printed parts, they hope to literally “reinvent” the engine. Manufacturing these parts with additive methods allows GE to cut out some of its traditional suppliers and win contracts previously held by its competitors. To show off the technology, GE even produced a set of 3D-printed gowns at this year’s Met Gala, which resulted in the most positive press it received in quite some time. Things also look good for the additive manufacturing market, as it blew past its entire 2018 investment total in the first quarter of this year with $445M.



Companies promising the safe return of data sans ransom payment secretly pass Bitcoin to attackers and charge clients added fees.

A new report sheds light on the practices of two US data recovery firms, Proven Data Recovery and MonsterCloud, both of which paid ransomware attackers and charged victims extra fees.

ProPublica researchers were able to trace four payments from a Bitcoin wallet controlled by Proven Data to a wallet controlled by the operators of SamSam ransomware, which caused millions of dollars in damages to cities and businesses across the US. Payments to this wallet, and another connected to the attackers, were banned by the US Treasury Department due to sanctions on Iran, explained former Proven Data employee Jonathan Storfer to researchers.

Proven Data claims to unlock ransomware victims' data using its own technology. Storfer and an FBI affidavit say otherwise: The company instead paid ransom to obtain decryption tools. MonsterCloud, another data recovery firm that claims to employ its own recovery practices, also pays ransoms — without telling the victims, some of which are law enforcement offices.



Mobile apps have become the touchpoint of choice for millions of people to manage their finances, and Forrester regularly reviews those of leading banks. We just published our latest evaluations of the apps of the big five Canadian banks: BMO, CIBC, RBC, Scotiabank, and TD Canada Trust.

Overall, they’ve raised the bar, striking a good balance between delivering robust, high-value functionality and ensuring that it’s easy for customers to get that value with a strong user experience. The top two banks in our review, CIBC and RBC, both made significant improvements to their app user experience (UX) over the past year by focusing on streamlining navigation and workflows. But our analysis also revealed ways all banks can — and should — improve, such as:

Banks should give customers a better view of their financial health. Banks we reviewed don’t provide external account aggregation, and they put the burden on the user to stay on top of their monthly inflows and outflows. They don’t offer useful features such as an account history view that displays projected balances after scheduled transactions hit the account — something leading banks in other regions of the world (like Europe and the US) do offer.



Learn about some of the latest findings on the devastation from a hurricane, and how to prepare your business to withstand this natural catastrophe. Read this infographic by Agility Recovery.

Agility HurricaneInfographic

Thursday, 16 May 2019 16:06

The Biggest Hurricane Risk?

What will happen to the plastic bag you threw away with lunch today? Will it sit in a landfill, clog a municipal sanitation system, or end up in your seafood? Concern over this question has helped spur the rise of the new and rapidly growing cultural trend of people aiming to live ‘Zero Waste’. The momentum of this movement has been fueled in part by an international recycling crisis between the United States and China, as described in this slightly grim article, Is this the End of Recycling?

Seeing images of injured marine animals or aerial footage of the Great Pacific Garbage Patch, shows us just how much damage this unsolved problem can cause. We can collect data from events that are occurring today to predict trends in consumption and waste reduction. We can track pilot programs of composting and trash reduction and honestly evaluate the results.

All of this sounds negative, but there is a lot of good news! More and more people are prepared to take drastic action to solve the waste and recycling problems that our country will face in the future. Like business strategies used in Business Continuity and Disaster Recovery, the Zero Waste movement tries to anticipate a future problem and attempt to mitigate its effects before they happen. To do this, we must rely on tracking real data as it occurs and test our solutions, before they become critical to operations.



City living is on the rise, having gone from 751 million of the world’s population in 1950 to 4.2 billion in 2018. What’s more, it’s expected to reach 6.7 billion in 20501. How can cities adapt and prepare to ensure they provide adequate resources and a sustainable future? They can’t improve what they can’t measure. The latest in the ISO series of standards for smart cities aims to help.

The ISO 37100 range of International Standards helps communities adopt strategies to become more sustainable and resilient. The newest in the series and just published, ISO 37122, Sustainable cities and communities – Indicators for smart cities, gives cities a set of indicators for measuring their performance across a number of areas, allowing them to draw comparative lessons from other cities around the world and find innovative solutions to the challenges they face.

The standard will complement ISO 37120, Sustainable cities and communities – Indicators for city services and quality of life, which outlines key measurements for evaluating a city’s service delivery and quality of life. Together, they form a set of standardized indicators that provide a uniform approach to what is measured, and how that measurement is to be undertaken, that can be compared across city and country. The standards also provide guidance to cities on how to assess their performance towards contributing to the United Nations Sustainable Development Goals, the global roadmap for a more sustainable world.



Page 1 of 2