Spring World 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 30, Issue 3

Full Contents Now Available!

DRJ Blogs

DRJ | The premiere resource for business continuity and disaster recovery

Understanding the Concept of Cloud Backup and Replication

IT industry has evolved a lot in a couple of years.  Cloud is really starting to gain attraction and a lot of companies have already moved their solutions to cloud. When we talk about  Cloud Backup Amazon AWS and Microsoft Azure are the two great guns in the market and cloud connects to Amazon AWS and Microsoft Azure.

Cloud services for Backup and Replications

Cloud is quite a generic term, it can have a lot of more other services but among all of them backup is the most desired Service from the Clients. Stone Fly Clients can Backup their Virtual machines, they can recover Files but they also have the option available for replications and failover for the Customer’s Business Continuity.

Replication of Data can be very useful for their clients in case of disaster recovery, Although Customers can replicate their data in the private cloud only if they have 2 sites Available at a time, But alternate scenario could be that they can avail the opportunity of the Public Cloud from the Service Providers like Amazon AWS and Microsoft assure and cloud connect to Amazon AWS and cloud connect to Microsoft Azure. Service Providers have taken the time to Build Data centers put infrastructure inside of that and then manage those data centers and make it available to their Clients thus minimizing the overheads for the Customers.

...
Continue reading
10 Hits
0 Comments

Active Directory and Single Sign On (SSO) in Business Continuity

Active Directory and Single Sign On (SSO) in Business Continuity

When we head to client sites, we listen for the key words Active Directory. This part of IT infrastructure can be a blessing for every day functionality. It can also fall apart dramatically during an incident. Before we get to the implications of what might happen if it goes down, let’s give a general explanation of what it is.

Active Directory

Active Directory (AD) is the place on the network where all of the user permissions are stored. For those end users out there who are not overly tech savvy, think of it like this. Every day you come to the office, boot up your computer, and enter a user name and password. When it opens to your home screen, you can see your email and your desktop, and the files you need to do your job.

Now think about how many people work at your company. Every person that comes to work has their own user name and password, so that when they log on to their computer they see their emails and desktops and files. In order to make sure that each person sees their emails and no one else’s, all of those user names and passwords need to be kept somewhere. AD is often where they are kept. And it automatically checks to make sure that the user name and password match, and the information the user (that’s you) sees is their own. Put in the wrong info, and it won’t let you in.

...
Continue reading
40 Hits
0 Comments

Never, say never… 

Never, say never… 

Previously we wrote about the fall-out from the Lac Megantic rail disaster – the deadliest Canadian rail disaster since 1867.  Many lessons were learned from the two-year investigation that followed.  While less catastrophic, the recent post-Hurricane Harvey Arkema plant explosion near Houston, Texas, will also reveal its own take-aways.

However, even without results from investigations into the Arkema explosions, these incidents deliver a critical lesson: ‘Never say never’.

The 'perfect storm' in Lac Megantic

At Lac Megantic, there were 18 factors that led to the rail disaster, taking 47 lives and devastating an entire town.  Each factor, considered in isolation, never would have predicted the disaster that resulted: a short-cut on an engine repair; a small engine fire; an improper brake test; insufficient brakes set; a train left unattended at the top of a hill.  While any one of these factors would have not created the disaster that resulted, unfortunately, for the community and the rail company, many of them collided on one fateful night.

...
Continue reading
74 Hits
0 Comments

3 Steps Prevention against Ransomware

3 Steps Prevention against Ransomware

Regrettably ransomware are becoming a regular occurrence. The stories of data loss, locked away data and critical operation disruption are real. With the General Data Protection Regulation (GDPR), applicable after 2018, companies are already addressing their backup and disaster recovery plans to ensure that they remain compliant with the data protection regulations. Regardless of compliance reasons, enterprises still need a reliable way of protecting themselves from ransomware.

The following three steps can prepare an enterprise to prevent the damage done by ransomware:

Step 1: Prepare

Preparation is of the utmost importance; something as grand a scale as moving to the cloud takes a great deal of it. It can be classified into these major segments: Training staff, employing security layers, removing outdated operating systems.

...
Continue reading
643 Hits
0 Comments

BCP Headaches you can Avoid by Using Shield: Part 3

BCP Headaches you can Avoid by Using Shield: Part 3

Solve BCP Headaches

Welcome to the third and final installment of our series on how SHIELD can solve BCP headaches.  Last week we talked about how SHIELD helps the newcomer to business continuity get started on the plan development process.  This week we’re going to look at what challenges that come up after you finally have that plan written.

Updating contact information is so time consuming!  Isn’t there a better way?

Keeping contact information up to date is one of the most challenging and yet important parts of a business continuity plan.  Just keeping personnel information current is challenging enough but what about all those vendors you need to be able to reach out to if disaster strikes?  You don’t want to be editing information in two different places.

If you’re a SHIELD user there is a simple way of importing information from other data sources into SHIELD.  With an extract from your HR database or your vendor management system, Shield has import and merge functions that allow you to pull new information into SHIELD with just a few clicks.  No more editing row after row.  Simply choose your method of importing and SHIELD will do the work for you.

...
Continue reading
125 Hits
0 Comments

The Impact of Cyber Activity on Traditional Resiliency Programs

Traditional resiliency designs are most often predicated upon the ability to restore an IT environment to a point whereby the business can resume operations. Reducing the amount of down time, along with being able to minimize data loss (measured using Recovery Time and Recovery Point Objectives) are the keys to a successful resilience program.

These objectives have held up over time in defining the actual techniques required to resume the IT function in support of overarching business objectives. When applied to a full recovery at an enterprise level, this approach has proven sound and is acknowledged across the industry as the optimal way to design and implement a resiliency strategy and overall program.

Recent changes in the dynamics of a potential outage, primarily being driven by a growing set of threats in the form of cyber activity, have demanded a rethinking of how a response should be handled. More specifically, evolving threats are now focused on potentially smaller targets with greater levels of impact that can prevent a company from conducting business that look to damage or worse yet hold for ransom critical information within the firm. This increased level of compromise requires not only that an expedited response be in place but likewise necessitates that more complete, accurate, and protected systems and information be always available to immediately resume business processing.

...
Continue reading
1836 Hits
0 Comments

BCP Headaches You Can Avoid by Using Shield: Part 2

BCP Headaches You Can Avoid by Using Shield: Part 2

We hope you enjoyed last week’s blog post on how KingsBridge Shield can solve some of your Business Continuity Planning (BCP) information security headaches.  This week, part two of our series focuses on how Shield can cure the headaches of the BCP newbie.  Has management assigned you the responsibility of heading up the company’s BCP program but you don’t know where to begin?   At KingsBridge, our motto is Keep It Simple and Straightforward.  Our Shield software has everything the newcomer needs to resolve their BCP headaches.  Here are a few examples:

I’m brand new to this.  Starting BCP on the right foot.

Starting BCP can seem like a daunting task, knowing where to begin can be the hardest part.  Often senior management assigns business continuity plan development to an employee with no experience or resources to complete the job.

At KingsBridge, our Shield software takes that first step for you.  Out of the box, Shield comes with hundreds of pages of template content for every type of recovery team you can imagine.  We also have specialized templates for credit unions or for those who want to follow the FEMA format.  But that’s not all, the Shield content also includes recommendations for exercising and getting you started on your Business Continuity Management Program.  Shield doesn’t just house your plan, it writes a lot of it for you.

...
Continue reading
156 Hits
0 Comments

Trends Dominating Disaster Recovery Industry In 2017

Trends Dominating Disaster Recovery Industry In 2017

More than any other time in the past, today, digital information occupies a very central part in any business, and has become one of the 21st century business’ most valuable assets. For this reason, businesses can no longer stay on the sidelines and watch as their data wiped out when a disaster strikes.

Every effort must be made to ensure digital information is secure regardless of the magnitude of the disaster that hits the business organization. Businesses across various industries have invested quite heavily in Big Data solutions that ensure their digital information is accurate, uncorrupted and up to date.

Preference given to DRaaS vendors

The emergence of Disaster Recovery as a Service has made it possible for businesses to use redundancy protocols to replicate their physical and virtual servers via the cloud as a way of mitigating possible data losses. Given how complex, expensive and time-consuming it is to develop a disaster recovery strategy from scratch, many companies, especially small and mid-sized businesses choose available solutions in the DRaaS niche.

...
Continue reading
333 Hits
0 Comments

5 Top ransomware exploits that you should know

We used to call the Internet the “information super-highway” back in the day, when connections were slow, bulletin boards and gopher were about as techie as it got. Those days are long gone, but something of the ‘highway’ has remained, like a bad smell, one that has come back to haunt us in 2017… The highway robber!

The person who went about their villainy on the trade routes and highways of the world, extorting money and valuables from unsuspecting travellers with a simple threat –– ”your money or your life” –– reinforced of course with the trademark flintlock pistol and sabre.

Today’s highway robber is a lot more sophisticated and savvy. They take far less risk and turn to the latest technology to extort you out of your money by threatening your valuables. In this case your data, your technology and most probably your computing ability.

...
Continue reading
248 Hits
0 Comments

BCP Headaches you can avoid by using KingsBridge Shield

BCP Headaches you can avoid by using KingsBridge Shield

Welcome to the first in our three-part series on business continuity planning headaches and how you can use the KingsBridge Shield solution to resolve them.  Today "BCP plan access" is the focus.  Making sure those that need it have it, while also ensuring that access to sensitive information remains restricted.

BCP Headache - #1 Keeping current copies of the plan in the hands of those that need it. 

Access to a business continuity plan is critical when disaster strikes.  To ensure this, many companies periodically print and distribute their plans to their recovery team members.  A wide plan distribution is great to make sure everyone has the information they need.  There is risk however, when old copies of the plans remain in circulation.

Shield’s web-based solution eliminates the risk of those old, stale copies floating around while ensuring that users have access to the latest and greatest plan information.  All plan changes are immediately reflected in the plan for all users with access to view them.  No need to print and distribute.

...
Continue reading
194 Hits
0 Comments

This Underutilized Group Could Save Your Business in a Crisis

Originally posted on Rentsys Recovery Services' blog.

 

...
Continue reading
202 Hits
0 Comments

Secure Documents with Shield

Secure Documents with Shield

As covered in our last post, Records Management for BCP, one of the most challenging and yet critical elements of your business continuity plan (BCP) is records management. In this follow-up post, we’ll look at how KingsBridge Shield helps you to secure documents that are most critical to your business’ recovery.

Safe and Secure Documents Storage

When it comes to business continuity, documents needed to help recover the business have to be safely and securely stored.  Many of our clients initially put a lot of faith in their IT department’s backups.  They know the data is backed up and therefore feel that having a copy stored elsewhere is unnecessary.  However, backup does not mean instant access.  Recovery of electronic document storage takes time.  Once documents are recovered, user access may be limited due to connectivity with the recovery location.

Shield provides a secure, web-based solution that supports the storage of critical documents independent of your company’s servers.  The Shield mobile application syncs with the web application placing an additional off-line copy of these documents on your phone.  No internet?  No problem.  Your phone will have all the documents you need.

...
Continue reading
317 Hits
0 Comments

OWASP Top 10 - Combating Data Security Breach in Web Applications

Most of the organizations are now developing and using web applications to do their business online. This shift in the style has undoubtedly eased the way to do the business, but at the same time has exposed critical business and customer data to security threats. Recent report of Verizon Data Breach Investigation (2017) suggests that a good percentage of breaches were associated with web applications.

Some of these threats have now been addressed by various automated scanners which provide a robust detection of security vulnerabilities. However, it is still important to understand such vulnerabilities before we can resolve the danger posed.

Open Web Application Security Project (OWASP) is a group that works towards defining security recommendations, specifications, and explanations in key areas. This group was initially created as a project to define testing standards for web applications security. The specialized project concluded that purchase of dedicated software tools can make the web application immune to security breaches. Apart from this, OWASP published and drafted ‘Top 10 Security Vulnerabilities List’ for any web application.

...
Continue reading
264 Hits
0 Comments

Disaster Recovery Planning: Who Needs A Seat At The Table & Why

Whether you’re implementing or just refining your disaster recovery (DR) process, one of the most important things to consider is your team. Depending on the people at the helm, your efforts will either be thorough and coordinated, or incomplete and disjointed. To start off on the right foot, you’ll need to assemble a knowledgeable group whose areas of expertise cover all the necessary bases.

Below is a list of roles that, in our view, are instrumental to the success of disaster recovery planning. Note that in your organization these roles may not be clearly defined yet (there may not be anyone who currently holds the title Disaster Recovery Coordinator, for example), but these roles should be assigned before the process begins.

Key Roles & Responsibilities For The Disaster Recovery Planning Team 

Your disaster recovery planning team should consist of the following:

Management Steering Committee

Executive team members who oversee the process are involved at a high level, which means they may not technically need a seat at the table—but they should be standing in the room. They play an important role when it comes to approvals for things like budgetary issues, policy considerations, strategic direction, and overcoming roadblocks or intradepartmental issues. These individuals might be part of an existing business continuity oversight committee, or form a separate disaster recovery steering committee, depending on the organization.

...
Continue reading
292 Hits
0 Comments

Records Management for BCP

Records Management for BCP

Records management is an ongoing struggle for many businesses, especially when it comes to Business Continuity Planning (BCP). Every time we go to a client site we get asked about what to do with all of the information the business generates. Where should it be stored? How should it be accessed, and by whom? And how do we know it’s up to date? In this post we are highlighting a few tips and tricks for records management to help your business easily survive the next disaster. 

What is a record?

Let’s start with the basics. What are we actually talking about when we say ‘record’? Most often a record is a set of printed documents that are kept in file folders or binders. But don’t be fooled! Records also include anything written in employee notebooks, or post-it notes at people’s desks. In short, anything written down for your company is a record. And that’s just hard copy.

There are also electronic records. Most often people think of anything that is generated in any of the Microsoft Office suite of programs (like Word, Excel, PowerPoint, etc.). These records also include pictures, any emails sent or received to the company email address (and yes, attachments too), as well as anything sent or received in instant message programs used by your business.

...
Continue reading
616 Hits
0 Comments

The 4 Ps of Incident Management 2.0 - Ramesh Warrier

Plans should not be the only goal of Business Continuity Management (BCM) programs.  The true end-state of BCM should be to assure that your organization can successfully manage itsresponseto any disruption, the goal of Incident Management.

An Incident Management focus has 4 components:

Planning– More than just BIAs and Risk Assessment, planning is the process of gathering, analysis and presentation of data crucial to Incident Managers’ and senior executives’ Decision Support.  These include: assessment of current capabilities, vulnerabilities, gaps, single points of failure, process and IT services critical resources, RTO’s and RPO requirements.

...
Continue reading
508 Hits
0 Comments

4 years later… what we can learn from the Lac Mégantic rail disaster

4 years later… what we can learn from the Lac Mégantic rail disaster

What can we learn from Lac Mégantic

In July of 2013, the deadliest Canadian rail accident since 1867 occurred in Lac Megantic, Quebec.  A series of errors resulted in a train carrying crude oil to roll downhill before derailing in the town of Lac Megantic.  The accident resulted in:

  • 63 derailed rail cars
  • 47 deaths
  • 2000 people forced from their homes
  • 4200 people impacted
  • 30 buildings destroyed
  • multiple criminal charges
  • $460 million dollars in settlements (and ongoing legal battles)

While it might be tempting to assume an accident of this magnitude is the result of a single large error or mechanical failure, this was not the case.  Investigators identified 18 causes and contributing factors that led to the disaster.  Here are a few common, but potentially dangerous assumptions, that were made by the rail company and are often heard in the emergency response and business continuity arena:

  • We've trained our staff in all safety procedures. The rail engineer in the Lac Megantic disaster received training.  Despite this, he did not conduct a proper brake test to ensure the locomotive was secure.  The engineer applied 7 handbrakes, yet investigators estimate that the operator should have applied at least 17 brakes to secure the train.  Investigations revealed that training, testing and supervision were insufficient.  Safety training is important, but regular reviews and testing are just as critical.  Management needs to be sure that staff are always following procedures accurately and consistently.
  • We have written procedures for our staff to follow. In the rail disaster, personnel mislabeled the oil cars with the wrong type of crude oil and did not follow brake procedures.  Just because procedures are written down doesn’t mean staff will always follow them.  We can learn from the checklist approach used in the airline industry and now adopted in operating rooms as well.  Mandatory checklists require the pilot/surgeon to physically check off that required procedures are followed, every time.
  • We’ve evaluated the situation and decided it’s too costly to fix so we’re going to accept the risk. Eight months before the Lac Mégantic rail disaster the lead locomotive was in for repair.  Due to the costs associated with a standard repair and the pressure to return the locomotive to service as quickly as possible, the company took short cuts using an epoxy-like material instead of performing the standard repair.  This material caught fire the night of the disaster and was a significant contributing factor to the events that led to the derailment.  Businesses make cost-benefit decisions everyday but we need to be sure we’re fully recognizing all the costs.  The railway is now in bankruptcy protection because of the event.
  • We are regulated and regularly inspected so we’re confident that we’re following all required procedures. Prior to the rail disaster, reports documented a pattern of repeat problems.  Despite these reports, Transport Canada did not always follow up to ensure the company was addressing the underlying conditions that led to these recurring problems. Lack of oversight left gaps that contributed to the disaster.  While many regulations exist, regulators often do not have sufficient resources to verify that companies are following the rules.  Do not confuse compliance with safety.  Companies need to do their own due diligence.

These are just a few of the excuses we hear companies use to make themselves feel comfortable that they’re meeting safety and business continuity obligations. These are also some of the same issues that led to the Lac Megantic disaster.  Don’t assume you are meeting your obligations.  Test, retest, and ensure you have tools and plans in place to ensure the safety of your operations.

...
Continue reading
316 Hits
0 Comments

7 Emerging Trends in Disaster Recovery Industry

7 Emerging Trends in Disaster Recovery Industry

For most business executives, finding a way to keep their businesses running even in the event of a disaster cannot be overstated. In fact, disaster recovery and business continuity are fast becoming the most important IT conversation that business leaders are having to discuss with their staff as well as train them on the protocols to follow when a disaster strikes. On average, business organizations take 1-9 hours to recover from a disaster. Each hour costs an average of $700,000.

In any disaster recovery procedure, the first few minutes and hours after a business system crashes are extremely crucial. For most enterprises, the rest of the recovery process is determined by how well events unfold in the period immediately after the disaster hits the business process.

Failure to be adequately prepared for a disaster has the potential to wreak havoc on the reputation and financial standing of the organization. What’s more, a poorly managed disaster can scare customers away. A Business Continuity Institute poll conducted by risk experts found that 85% of the people who took part in the survey had concerns that their businesses were at risk of a cyber-attack within a period of 12 months from the time the poll was conducted.

...
Continue reading
1081 Hits
0 Comments

Emergency Response, Disaster Recovery and Business Continuity: Putting Incidents in Context

Emergency Response, Disaster Recovery and Business Continuity: Putting Incidents in Context

You’ve likely heard the terms before and may have a vague idea of their definition, but how do emergency response, disaster recovery and business continuity really work together during an incident? This blog post will walk you through these phases.

 

Putting Incident in Context

You are sitting in your office building and the fire alarm goes off. Following health and safety procedures, you head outside and smell smoke. You can see flames coming from the top two floors of the building. The fire department has arrived and is setting up to put the fire out. Your colleagues are moved away from the building, and anyone who is hurt is treated. You are left to wonder when, if ever, you’ll be able to come back to work.

Within three days your IT group has you set up with a laptop so that you can work remotely. You and your colleagues work together online and through conference calls. Eventually, after the damage to the office is fixed, you get a notice that everyone can return to work as normal.

...
Continue reading
373 Hits
0 Comments

Hyperlink your way to a successful BCP

At KingsBridge our primary focus is developing simple and straightforward business continuity software (our flagship tool Shield). However, we also believe strongly that to develop a useful tool, you need to be using it everyday, just like our customers do. To make this happen, we also do consultingwriting plans, exercising plans and performing gap analyses on existing plans. The gap analysis is always an interesting experience because we see how other organizations have structured their business continuity plans. We can receive hundreds of pages of content to perform our analysis. When the documentation arrives, our first thought is often, how do they find anything in here? They must be flipping pages forever to find the content they need when the plan is activated.

Easy plan navigation is critical to writing your business continuity plan. It’s one thing to ensure your plan includes all the critical plan elements and it is kept up to date. It’s quite another to ensure that everyone can find the information that they’re looking for. How do we manage this in Shield? Hyperlinks!  [READ MORE...]

...
Continue reading
402 Hits
0 Comments