DRJ Fall 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 32, Issue 3

Full Contents Now Available!

Industry Hot News

Industry Hot News (92)

We are more connected than ever, bringing with it the joys, and risks, of our digital world. Cybersecurity is a growing concern, with attacks against business almost doubling over the last few years and is an increasingly significant threat to global stability.

Unsurprisingly, laws and regulations are rapidly being put in place to reduce these risks and protect our digital privacy. How can organizations keep on top of these requirements and protect themselves at the same time? The world’s first International Standard to help organizations manage privacy information and meet regulatory requirements has just been published.

Protecting our digital privacy is a significant business concern. According to IBM the average cost of a data breach is USD 3.6 million, and legal obligations are increasingly stringent. As we get more connected, governments all over the world are introducing various privacy regulations, such as the European Union’s General Data Protection Regulation (GDPR), which organizations must adhere to. The new ISO standards will help businesses meet such requirements, whatever jurisdiction they work in.



National Preparedness Month (NPM), is recognized each September to promote family and community disaster and emergency planning now and throughout the year. The 2019 theme is Prepared, Not Scared. Be Ready for Disasters   

2019 Weekly Themes

  • Week 1: Sept 1-7                      Save Early for Disaster Costs

  • Week 2: Sept 8-14                    Make a Plan to Prepare for Disasters

  • Week 3: Sept 15-21                  Teach Youth to Prepare for Disasters

  • Week 4: Sept 22-30                  Get Involved in Your Community’s Preparedness


  • #NatlPrep
  • #PrepareNow
  • #FloodSmart
  • #YouthPrep
  • #ReadyKids

Graphics, Videos, and Related links

For more engaging content, attach graphics that are sized appropriately for specific social media posts (i.e., Twitter & Facebook). 

National Preparedness Month Congressional Co-Chairs

Social Media Content

Week 1:  Save Early for Disaster Costs  

Web Resources

Social Media Posts

Week 2: Make a Plan

Web Resources

Social Media Posts

  • Be Prepared. Make an emergency plan today & practice it: www.ready.gov/plan #PrepareNow #NatlPrep

  • Preparing your family for an emergency is as simple as a conversation over dinner. Get started with tips from @Readygov: ready.gov/plan #PrepareNow #NatlPrep

  • It’s important to include kids in the disaster planning process. Review your family emergency plan together so that they know what to do even if you are not there: ready.gov/kids #YouthPrep #PrepareNow #NatlPrep

  • Practice your fire escape plan by having a home fire drill at least twice a year with everyone in the home. #PrepareNow #NatlPrep

  • Download a group texting app so your entire circle of family and friends can keep in touch before, during & after an emergency. #NatlPrep #PrepareNow

  • Practice evacuating in the car with your animals, so they’re more familiar if you need to evacuate in an emergency. #NatlPrep #PrepareNow

  • Be prepared. Get the @fema app with weather alerts for up to 5 locations, plus disaster resources and safety tips: fema.gov/mobile-app #NatlPrep #PrepareNow.

  • Contact your water and power companies to get on a “priority reconnection service” list of power-dependent customers if you rely on electrical medical equipment. #PrepareNow

  • Learn how to turn off utilities like natural gas in your home. ready.gov/safety-skills #PrepareNow #NatlPrep

  • Be prepared for a power outage by having enough food, water, & meds to last for at least 72 hours: ready.gov/kit #PrepareNow

Week 3: Youth Preparedness

Web Resources

Social Media Posts

  • Teach children what to do in an emergency if they are at home or away from home. ready.gov/kids#PrepareNow #NatlPrep #YouthPrep

  • Help your kids know how to communicate during an emergency. Review these topics with them: Sending text message; Emergency contact numbers; Dialing 9-1-1 for help ready.gov/kids #PrepareNow #NatlPrep #YouthPrep

  • Update school records and discuss emergency contact numbers with kids before they go: ready.gov/make-a-plan  #BackToSchool #YouthPrep

  • Add your kids’ school’s social media info to the family communication plan: ready.gov/kids/make-a-plan#YouthPrep #ReadyKids

  • Review your family emergency communications plan with kids at your next household meeting. #YouthPrep #ReadyKids

  • Include your child's medication or supplies in your family’s emergency kit. More tips visit: ready.gov/kit#YouthPrep #ReadyKids

  • Include your child's favorite stuffed animals, board games, books or music in their emergency kit to comfort them in a disaster. #YouthPrep

  • Get the kids involved in building their own emergency kit: www.ready.gov/kids/build-a-kit  #YouthPrep #ReadyKids

  • Kids can #BeAForce... by playing the online emergency preparedness "Build a Kit" game: www.ready.gov/kids/games #YouthPrep #ReadyKids

  • Speak Up! Ask your child’s teacher about the plans the school has in place for emergencies. #BacktoSchool #YouthPrep www.healthychildren.org/English/safety-prevention/all-around/Pages/Actions-Schools-Are-Taking-to-Make-Themselves-Safer.aspx

  • Your kids can become Disaster Masters with this @Readygov preparedness game: www.ready.gov/kids/games #YouthPrep

  • Are your students prepared for an emergency? Download curriculum for grades 1-12 for your classroom: www.ready.gov/kids/educators #YouthPrep

Week 4: Get Involved in Your Community’s Preparedness

Web Resources

Social Media Posts

  • Community Emergency Response Teams (CERTs) trains volunteers to prepare for the types of disasters that their community may face. Find your local CERT: https://community.fema.gov/Register/Register_Search_Programs #NatlPrep
  • Learn about the hazards most likely to affect your community and their appropriate responses. #NatlPrep #PrepareNow
  • Every community has voluntary organizations that work during disasters. Visit https://www.nvoad.org to see what organizations are active in your community. #NatlPrep
  • Encourage students to join Teen CERT so they can respond during emergencies. Learn more: www.fema.gov/media-library/assets/documents/28048 #YouthPrep
  • Your community needs YOU! Find youth volunteer and training opportunities to help your community here: www.ready.gov/youth-preparedness #YouthPrep #NatlPrep
  • Finding support from friends, family, and community organizations can help kids cope with #disasters. #YouthPrep
  • Take classes in lifesaving skills, such as CPR/AED and first aid, or in emergency response, such as CERT. #PrepareNow #NatlPrep
  • Check in with neighbors to see how you can help each other out before and after a storm #HurricanePrep
  • If you have a disability, plan ahead for accessible transportation that you may need for evacuation or getting to a medical clinic. Work with local services, public transportation or paratransit to identify accessible transportation options. ready.gov/individuals-access-functional-needs #NatlPrep

  • If you have a disability contact your city or county government’s emergency management agency or office. Many keep lists of people with disabilities so they can be helped quickly in a sudden emergency. ready.gov/individuals-access-functional-needs #NatlPrep

Tuesday, 06 August 2019 15:58

Update on 2019 National Preparedness Month

In the words of Thomas Edison, the value of an idea lies in the using of it. Yeah, I’ve used that quote a lot to talk about the value of data. Data isn’t inherently valuable. But when you use it to better understand customers or to identify bottlenecks in a process or to detect fraud or revenue leakage, then it’s valuable. More simply put, Data + Use = Value. Another quote I repeat over and over.

Yet according to our new Business Technographics Data and Analytics Survey 2019, on average, only 48.3% of decisions are made based on quantitative information and analysis as compared to other more qualitative decision factors such as experience, “gut feeling,” or opinions. That number hasn’t really moved in years. Back in 2016, survey respondents even reported that 48.9% of decisions were made using quantitative analysis. We’ve really made little progress on that front over the years.

There is a glimmer of hope, however. New survey results, and anecdotal evidence from the field, tells us that data leadership makes a big difference. Organizations with data leaders report that 50.8% of decisions are made using quantitative analysis, compared to 44% in organizations without data leaders. And, this year saw a jump in the number of firms appointing data and analytics leaders – 58% of organizations now have a Chief Data Officer, up from only 51% last year. Hail the rise of the CDO and the leadership to drive an insights-driven culture.  My upcoming infographic will illustrate many of the findings of our Business Technographics survey as well as a research survey on data and analytics leaders. Stay tuned.



The digital economy is breaking down barriers to employment by empowering tech-savvy professionals to work remotely

The gig economy is showing no sign of slowing down. Solutions like Fiverr and Upwork make it easier than ever to find the right person to swoop in and fill your company’s digital skills gap. The digital revolution means that, for many online or software-based jobs it’s no longer necessary for a candidate to be within a commutable radius. In fact, they don’t even have to be on the same continent.

More and more, companies in the US, Australia and the UK are outsourcing digital work to freelancers in developing countries. And, it’s creating fresh career opportunities that previously didn’t exist. Tech-savvy remote workers in developing nations are taking up freelance work in areas like engine optimisation, digital design, software development and computer programming.



By Dave Bermingham, Technical Evangelist at SIOS Technology

High availability and disaster recovery protections both require redundant resources configured to minimize or eliminate single points of failure. Because failures sometimes occur on a large scale, a best practice is to put some geographical distance between some of these resources. Amazon Web Services meets this need by offering multiple Availability Zones and Regions to facilitate business continuity during all likely failures—from a single server crashing to a widespread natural disaster.

This article provides practical guidance to help database and system administrators tasked with protecting SQL Server databases running in the AWS cloud. The high availability (HA) and disaster recovery (DR) provisions available with the AWS cloud and the SQL Server software are covered first in separate sections. This is followed by a third section outlining how these provisions can be used in a cost-effective configuration that combines HA and DR protections in a failover cluster spanning multiple AWS Availability Zones and Regions.

Multiple Availability-Zones and Regions in the AWS Cloud

Fully protecting applications, including those with SQL Server databases, from all possible outages requires recognizing the differences between “failures” and “disasters” because those differences determine the different provisions needed for HA and DR. Failures are short in duration and small in scale, affecting a server, rack, or the power or cooling in a datacenter. Disasters have more widespread and enduring impacts, affecting multiple facilities, including offices and datacenters alike, in ways that preclude rapid localized recovery.

The most consequential difference involves the location of the redundant resources (systems, software and data), which can be local—on a Local Area Network—for recovering from a localized failure. By contrast, the redundant resources required to recover from a widespread disaster must span a Wide Area Network. For database applications that require high transactional throughput performance, the ability to replicate the active instance’s data synchronously across the LAN enables the standby instance to be “hot” and ready to take over immediately and automatically in the event of a failure. Such rapid response should be the goal of all HA provisions.

Because latency inherent in the WAN would adversely impact on the throughput performance in the active instance when using synchronous replication, data is usually replicated asynchronously in DR configurations. This means that updates being made to the standby instance always lag behind updates being made to the active instance, which makes the standby instance “warm” and results in an unavoidable delay during the manual recovery process.

AWS Availability Zones (AZs) offer the best of both by combining the synchronous replication available on a LAN with some geographical separation previously possible only in the WAN. AZs connect multiple datacenters within an AWS region via a low latency, high throughput network that facilitates synchronous commit with negligible impact on database performance. In many regions, the latency across AZs is less than one millisecond, which has made the use of multi-zone configurations a new best practice for HA failover clusters.

For additional protection against major disasters that could affect multiple Availability Zones, AWS operates multiple Regions throughout the world. Amazon employs encrypted Virtual Private Cloud (VPC) peering among Regions to deliver highly reliable and secure communications. As expected, replicating data across AWS Regions will need to be done asynchronously for SQL Server databases, and to ensure minimal or no data loss, the recovery will need to be performed manually. The resulting delay in DR provisions is tolerable, however, because Region-wide disasters are rare.

SQL Server’s Always On Availability Groups and Failover Cluster Instances

SQL Server offers two of its own options for HA and DR protections: Failover Cluster Instances (FCIs) and Always On Availability Groups. FCIs have two notable advantages: The feature is included in the less expensive Standard Edition; and they protect the entire SQL Server instance, including user and system databases. A major disadvantage is the requirement Windows Server Failover Clustering (WSFC) has for shared storage, such as a storage area network (SAN), as a means to replicate (or actually share) data between the active and standby instances. The problem is: Shared storage has not historically been available in the AWS cloud, or in any other public cloud.

The lack of shared storage in the cloud was addressed in the Datacenter Edition of Windows Server 2016 with Storage Spaces Direct (S2D), which also received concurrent support in SQL Server 2016. S2D is software-defined storage that creates a virtual SAN, enabling data to be shared between multiple instances. S2D requires that the servers reside within a single datacenter, however, making it incompatible with Availability Zones. For this reason, using FCI for HA and/or DR protections across multiple AWS AZs and Regions requires using a third-party solution for data replication.

The other SQL Server option is Always On Availability Groups. This option is more capable than FCIs for both HA and DR, and it possesses some other notable advantages, such as readable secondaries (with appropriate licensing) and no restrictions on the size of databases. But it requires licensing the more expensive Enterprise Edition, and that makes this option cost-prohibitive for many database applications. Another limitation is that only the user database is replicated, creating the need for separate provisions to protect the entire SQL Server instance.

Using an application-specific HA/DR solution like Always On Availability Groups has another disadvantage: Separate HA and/or DR provisions will be needed to protect all other applications, including those using a different database. Having multiple HA/DR solutions can substantially increase complexity and costs for licensing, training, implementation and ongoing operations. This is yet another reason why both database and system administrators increasingly prefer to use general-purpose failover clustering solutions.

Consolidating HA and DR Protections in a SANless Failover Cluster

The lack of shared storage in the cloud has long been addressed by third-party failover clustering solutions purpose-built for HA and DR protections in private, public and hybrid cloud environments. These solutions are implemented entirely in software to enable creating, as their designation implies, a cluster of servers and storage—sans SANs—and with rapid, automatic failover to assure high availability at the application level.

Versions for Windows Server are designed to work seamlessly with WSFC by providing real-time block-level data replication both on-premises and in a cloud-based SANless environment. A major advantage with SQL Server is support for FCIs without imposing any need to compromise availability or performance. These solutions usually overcome another limitation, this one imposed by the Standard Edition of SQL Server, of being able to configure only two FCI nodes in a failover cluster. As will be shown in the example below, the ability to have a two-node cluster spanning Availability Zones, along with a third instance in a different Region, affords mission-critical HA/DR protections in a single configuration.

Versions for Linux, which lacks a fundamental clustering capability equivalent to WSFC, must provide a total HA/DR solution that includes data replication, continuous application-level monitoring and configurable failover/failback recovery policies. Linux is becoming increasingly popular for SQL Server databases and other enterprise applications, and third-party failover clustering solutions now make configuring HA/DR protections nearly as easy as it is for Windows Server. Without such a solution, administrators would be forced to struggle making open source software work dependably in full, application-specific HA/DR stacks. It is for this reason that only the very largest organizations have the wherewithal (skill set and staffing) needed to even consider taking on such ongoing efforts.

While specific to the operating system, most failover clustering software is application-agnostic, enabling administrators to have a single, universal HA/DR solution. Most such solutions also offer a variety of value-added capabilities. Examples include data compression and other forms of WAN optimization to reduce bandwidth utilization in multi-region clusters, minimalist “warm” standby configurations that also reduce costs, and manual switchover of active and standby instances to facilitate planned maintenance and routine backups with minimal disruption to the applications.

“Undersizing” standby instances can afford considerable savings. Because the standby instance rarely runs a production workload, it is possible to reduce costs by allocating minimal resources (e.g. CPU, memory and network bandwidth) while it functions in its normal standby mode. The tradeoff is that, in the event a failover, the allocation will need to be resized before the instance can become the active node. This extra step adds to the recovery time because it requires a reboot. There are other factors to consider, as well, such as I/O requirements and the storage limitations of smaller instance types. But when viable, the cost saving can be significant.

Additional savings is afforded by compressing the data that transverses the WAN, especially in hybrid cloud configurations. The higher the compression, the higher the CPU utilization, so some tweaking is usually needed to achieve the optimal balance.

The diagram shows a popular AWS configuration that provides both HA and DR protections in a VPC that distributes three SQL Server instances across multiple Availability Zones and Regions. For clusters spanning multiple Availability Zones within a single AWS Region, the data replication is synchronous, enabling rapid automatic failovers from all localized failures. For clusters spanning multiple AWS Regions, the data replication must be asynchronous to avoid adversely impacting on throughput performance, and failovers will need to employ manual processes to minimize the potential for data loss.

SIOS AWS Multi ZoneRegion 190726

This popular SANless failover cluster configuration consists of a two-node HA cluster spanning two AWS Availability Zones, along with a third instance deployed in a separate AWS Region to facilitate a full recovery after a widespread disaster.

It is also possible to have two- and three-node configurations in a hybrid cloud environment for HA and/or DR purposes. One such three-node configuration is a two-node HA cluster located in an enterprise datacenter with a third instance located in the AWS cloud for DR protection—or vice versa.

Confidence in the AWS Cloud

As of this writing, AWS has 61 Availability Zones deployed in 20 Regions, making the AWS Global Infrastructure eminently capable of providing carrier-class HA/DR protection for SQL Server databases. But with a purpose-built failover clustering solution, such carrier-class high availability need not mean paying a carrier-like high cost. Because SANless failover clustering software makes effective and efficient use of all AWS compute, storage and networking resources, while also being easy to implement and operate, these solutions minimize ongoing costs, resulting in robust HA and DR protections being more affordable than ever before.

The security, agility, scalability and high availability made possible by overlaying SANless failover clusters atop multiple, geographically-dispersed Availability Zones and Regions should give even the most risk-adverse administrators the confidence needed to migrate mission-critical SQL Server databases and other applications to the AWS cloud.

About the Author

David Bermingham is Technical Evangelist at SIOS Technology. He is recognized within the technology community as a high-availability expert and has been honored to be elected a Microsoft MVP for the past 8 years: 6 years as a Cluster MVP and 2 years as a Cloud and Datacenter Management MVP. David holds numerous technical certifications and has more than thirty years of IT experience, including in finance, healthcare and education.

Safety signs are essential for preventing accidents and injury. Symbols that are internationally agreed and globally used in safety signs ensure clarity and consistency, regardless of language, culture or setting. The ISO standard that is a reference for safety signs has just been updated to incorporate new safety signs that are in use around the world.

Graphical symbol: Fire extinguisherFrom no-go areas on construction sites to emergency exits, ISO 7010, Graphical symbols — Safety colours and safety signs — Registered safety signs, prescribes safety signs for the purposes of accident prevention, fire protection, health hazard information and emergency evacuation.

It features the shape and colour of the sign as referenced in ISO 3864-1, Graphical symbols — Safety colours and safety signs — Part 1: Design principles for safety signs and safety markings, and the design of the symbol is according to ISO 3864-3, Graphical symbols — Safety colours and safety signs — Part 3: Design principles for graphical symbols for use in safety signs.



Hindsight is 20/20; it’s easy to look back on past mistakes and identify ways to prevent them from reoccurring, especially when it comes to breaches reported on the Office for Civil Rights’ (OCR) “wall of shame.” To better serve our healthcare provider clients, we recently looked back at the past year of Health Insurance Portability and Accountability Act (HIPAA) settlements and identified what went wrong in 10 of the reported breaches, then pulled key takeaways for other healthcare providers to learn from. Our analysis is summarized in the just-published “Lessons Learned From The Latest HIPAA Security And Privacy Incidents,” available to our clients today.

What did we learn?

Hacking Incidents Were The Top Cause Of HIPAA Breaches In 2018

Healthcare security teams have worked hard to improve their security fundamentals, prompting increasing security budgets and adoption of basic security tools. In the past, device loss and theft were top causes of HIPAA settlements, but this is no longer the case as healthcare providers mature their security practices (see figure). We now see hacking/IT incidents as the top cause of breaches leading to HIPAA investigations.



The end of an emergency is often the beginning of a longer phase of crisis management and business recovery. In today’s post, we’ll talk about seven things you should do after the most acute phase of an emergency is over.

Related on MHA Consulting: Crisis Response in Today’s Breakneck World

In my previous post, I talked about The 6 Tasks Every Emergency Plan Should Address. Today, I’d like to address the things you should segue into doing as the most intense part of the emergency starts winding down.

Sometimes an emergency ends right away with small impact and no long-term consequences. Other times it can be the beginning of a very challenging period as the company struggles to get back to normal operations.

The two big problems we see, in terms of the post-emergency phase:



Cybersecurity risk rating solutions are a polarizing topic for security leaders. We meet promoters and detractors in roughly equal measure in the customers that we speak to.

Positive client sentiment cites the ability to continuously monitor their third parties, and the simplicity of the quantifiable risk score is popular. Security leaders tell us it is an easy vehicle for starting a discussion about a vendor or their organization’s security posture.

Less positively, we speak to frustrated customers and third parties that find themselves dealing with inaccurate ratings that fail to depict the true picture of the organizational security posture. This does not apply to all, but we hear the following two complaints most frequently:



World-class innovation delivery requires weaving together three foundational realities:

  • “Software is eating the world.” Marc Andreessen famously said this in a 2011 essay in The Wall Street Journal. It was true then, and it’s all the more true today. Whether your firm is disrupting markets or playing catch-up, every major business activity and strategy requires software. Furthermore, changing the business requires changing software, and historically, software has been difficult to change.
  • “Culture eats strategy for breakfast.” Forbes traced this quote to Ford executive Mark Fields, who attributed it to Peter Drucker. Poor culture degrades software success at multiple levels. With poor collaboration between business and tech teams, you build the wrong thing. Poor collaboration among tech teams slows delivery and introduces defects. And business leaders that don’t understand software will underinvest in it, creating pressures that stifle collaboration.
  • “Constant innovation” drives corporate longevity. Marcus Wallenberg, chairman of 160-year-old SEB, says “the owners, board, and top management” of a firm have a “strong duty to foster a culture of constant innovation that drives its own creative destruction on the inside.”Wallenberg pulls Joseph Schumpeter’s notion of “creative destruction” inside the boardroom, placing responsibility for it squarely on the laps of top leadership.

Put together, what do these mean?