DRJ Fall 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 32, Issue 2

Full Contents Now Available!

DRJ Blogs

DRJ | The premiere resource for business continuity and disaster recovery
Brandon Tanner has not set their biography yet

Three 2018 Business Continuity Predictions

Originally posted on Rentsys Recovery Services' blog.

From hurricanes Harvey, Irma and Maria to the WannaCry ransomware attack, business continuity planners around the nation had several opportunities to put their plans to the test in 2017. In 2018, three words will influence business continuity planning: community, reputation and collaboration. Here are three of our predictions for the upcoming year.

The Increase in Billion-Dollar Weather Events Will Require Businesses to Focus on Community

The 2017 hurricane season proved to be the costliest one to date. Total property losses and economic impact from Harvey and Irma alone are expected to climb as high as $200 billion. The impact of California’s wildfire season isn’t much less — $180 billion — and even before December’s wildfires, 2017 has already made a record as the costliest and deadliest wildfire season in California’s history. According to predictions by Allianz, these billion-dollar disasters will be the new normal.

...
Continue reading
1320 Hits
0 Comments

This Underutilized Group Could Save Your Business in a Crisis

Originally posted on Rentsys Recovery Services' blog.

 

...
Continue reading
926 Hits
0 Comments

Four Ways to Keep Your ePHI From Becoming a Statistic

Originally posted on Rentsys Recovery Services' blog.

Medical Provider Struck by Hackers!

Insurance Giant Suffers Massive Data Breach!

Millions of Patients Have Data Stolen!

It seems like there are new headlines about data breaches in the healthcare industry every month — if not more frequently. In the last few years, electronic protected health information (ePHI) has become the primary target for hackers, and it's easy to see why.

According to a recent report by Reuters, ePHI fetches 10 to 20 times more than credit card data on the black market. That's why organizations that handle healthcare data are prime targets for data breaches and theft. In fact, 28.5 percent of the entire U.S. population was affected by just two — Anthem and Premera — healthcare data breaches that were discovered in 2015.

Starting to feel a little overwhelmed? Don't worry. Here are five things you can do to keep your ePHI safe from prying eyes.

Encrypt Everything


In 2013, two laptops were stolen from a secure office at a hospital in California. The laptops contained ePHI such as financial information, health conditions and demographic information. Unfortunately, the data wasn't encrypted, so the hospital had to notify 729,000 individuals that their ePHI had been compromised. The hospital implemented policies and procedures to reduce risks to the patients' ePHI, but the damage was already done. Had the laptops been encrypted, the hospital could have protected the information.

recent article by Health Data Management points out that it's easy to encrypt everything, since encryption tools are embedded in current operating systems and come with nearly every device. (If a device doesn't have built-in encryption functionality, that's a sign that it's outdated and shouldn't be used to handle ePHI in the first place. We talk about that more below.) Yes, encrypting all your data costs time and money, but it's a drop in the bucket when you compare it to the cost of recovering from a breach.

...
Continue reading
1148 Hits
0 Comments

Why High Availability Solutions Shouldn’t Replace Disaster Recovery Planning

Originally posted on Rentsys Recovery Services' blog.
 
These days the cloud is no longer a no-go for critical infrastructure. In a survey conducted by Infosys last year,81 percent of respondents said they were already or were planning to use mission-critical apps in the cloud within the next two years.
 
With many cloud environments featuring capabilities for high availability, which by definition provide 99.999 percent uptime, how does that affect disaster recovery (DR) planning? If you manage all your applications in a third-party cloud environment with high availability built into the apps’ architecture, does that mean you can nix internal DR plans, procedures and tests?
 
The answer is no, and here are three reasons why.

You Need a Plan for Handling Data Corruption

DR planning is still a key component of the organization’s overall business continuity strategy. It’s important to have a high availability strategy for your critical systems and information, but if your high availability solution replicates errors, your data — while it might be available — would be useless. In that case, you’d need to fall back on your DR plan to recover that system.

Your Employees and Vendors Need a Plan to Follow

 
Even if you’ve outsourced management of critical applications, your employees still need to know what will transpire in the event of a power outage, facility loss or other incident. For instance, where will they work? How will they access the data and applications that are necessary to their job duties?

Your Cloud Provider Needs to Understand Your Environment

 
If you’re using a third party to manage your environment, it’s important to test so the vendor understands your environment. With documented and rehearsed DR plans, the vendor will be familiar with how to react during a business interruption and can do more on your behalf.
 
Although high availability is a key part of protecting your top-priority applications, it shouldn’t replace DR planning. To see what other components you should include in your DR plan,download our checklist.  
4447 Hits
0 Comments

How Do I Get My Data Back If My Cloud Provider Goes Bankrupt?

Originally posted on Rentsys Recovery Services' blog.

It’s a business continuity and disaster recovery planner’s worst nightmare: You wake up to the news that your cloud provider — the one that houses your critical data — has gone under. How do you get your data back?

The scenario isn’t entirely unheard of. In 2013, cloud provider Nirvanix announced it was closing its doors and told customers they had two weeks to migrate their data to another location. This announcement, however, should not have come as a surprise to customers. According to InfoWorld, Nirvanix had been informing its customers that it was having financial difficulties and at one point informed customers and partners that they could no longer upload data to the Nirvanix cloud.
Your provider going bankrupt should not come as a surprise to you, either. Before working with a cloud provider (or any other vendor who manages your critical data), you should assess the vendor’s financial situation as part of the due diligence process. If there are any red flags, proceed with caution.
 
No matter the financial situation of the provider, the contract you sign should have provisions around what happens with your data in the event of bankruptcy, default, etc. These provisions could include arrangements for transferring the data to another cloud environment or copying your data to external media and returning it to you.
 
If a provider won’t add a contract provision that protects you in the event of a bankruptcy, consider looking at alternate vendors.
 
For more guidance on choosing the right cloud provider, check out our post "11 Questions to Include in Your IT Vendor Due Diligence."
3490 Hits
0 Comments

How Far Away Should Your Disaster Recovery Site Be?

Originally posted on Rentsys Recovery Services' blog.

The question "How far away should my primary data center be from my disaster recovery (DR) site?" has plagued DR planners for years. Companies first began seriously examining the role distance plays in DR after 9/11, when the attacks on the Twin Towers caused a large portion of Manhattan to shut down and all the recovery vendor sites filled to capacity.

Unfortunately, there’s no clear-cut answer to this question. Some suggest locating the backup site at least two FEMA-defined regions away, but most people shy away from setting firm guidelines measured in miles.

Instead, the geography should be dictated by the risks related to your organization’s business processes, data and physical location (a business impact analysis should reveal what these risks are). Once you’re aware of the risks you face, you can weigh the benefits and drawbacks of nearby and distant DR sites.

Nearby Disaster Recovery Site


A nearby DR site is beneficial for a variety of reasons. It’s within driving distance, making it easily accessible. If your DR site is nearby and is unaffected by an incident affecting your primary location, you can continue business operations more quickly than if your DR site were hundreds of miles away. In addition, the bandwidth costs are less, and you’re not as likely to experience significant system recovery delays due to latency issues.

However, the benefit of having a DR site within driving distance depends on the locale's risks. If your region is prone to hurricanes, earthquakes or floods, having a DR site in the same region can be risky. For instance, Hurricane Sandy was 1,100 miles in diameter — that’s more than a third of the continental United States. In regional disasters like this, your DR site could be affected by the same event as your primary facility, rendering it useless.

On the other hand, Spokane, WA is a geologically stable area whose biggest threats are wildfire and train derailment. Many businesses in these areas are comfortable with a nearby DR site as long as the site is on a different power grid.

...
Continue reading
5611 Hits
0 Comments

One Thing Your Cloud Provider Could Be Missing

Originally posted on Rentsys Recovery Services' blog.
 
Your cloud solution could be missing something. We’re not talking about bandwidth, security or service level agreements (though these things are all important). We’re talking about customer service. 

Often businesses evaluating potential cloud vendors are focused so much on tech specs that they don’t think about the matter of interacting with the vendor after the contract is signed. Sometimes this isn’t an issue if you’ve chosen a good provider. Other times, however, you might find that getting the support you need is like pulling teeth.
 
The following three categories can help you identify if a potential service provider will be a help or hindrance to meeting your data and application management goals.
 
Listening Skills
 
Are the cloud provider’s representatives trying to sell you services you don’t need, or are they dedicated to helping you build a backup solution that’s right for you? To get the most value out of your cloud solution, you need to make sure you’re not paying for products and services that you won’t use or that don’t do what you need them to.
 
Technical Assistance
 
What type of technical assistance does the provider offer? Support options could include self-service, phone support, on-site, in-house, outsourced or a combination.
 
It’s also important to know when assistance is available. Is the support provider — whether it be your vendor or a third party — only available during business hours? Is the company in the same time zone as you? Be sure to find out what level of support to expect and make sure you’re comfortable with it.
 
Technician Certifications
 
Knowing who will be offering your support can be almost as important as knowing the type of support you’ll receive. If you’re using a managed cloud service, are the people who will be handling your data certified engineers? Even if you manage your own data, will you have access to qualified help desk agents to resolve any issues?

Working with the right vendor can make a world of difference in how effective your cloud solution is for your business. To read more about best practices for implementing a cloud solution, read this post.
1286 Hits
0 Comments

Freight Trains and Chemical Spills: How to Prepare Your Business

Originally posted on Rentsys Recovery Services' blog.

At the beginning of this month, a train carrying the flammable, toxic chemical acrylonitrile partly derailed and caught fire near Knoxville, TN, forcing 5,000 people to vacate the area.

A few days later, July 6, marked the two-year anniversary of the oil train derailment and subsequent explosions in Lac-Mégantic, QC, which killed 47 and forced 2,000 people to evacuate their homes.

...
Continue reading
1740 Hits
0 Comments

11 Questions to Include in Your IT Vendor Due Diligence

Originally posted on Rentsys Recovery Services' blog.

Outsourced IT is nothing new, but as Verizon Wireless’s recent report "Better Outcomes for IT Outsourcing" points out, digital transformation is changing the face of outsourcing. Customers want flexible service delivery models, ways to improve inefficient processes and spending models based on opex versus capex.

But with the rise of cybersecurity issues, tightly wound supply chains and customer expectations for always-on service, you need to make sure that any vendor with access to your data and systems is fully vetted. Before you involve any third party in your IT processes, make sure you know the answers to these questions:

...
Continue reading
2404 Hits
0 Comments

Cloud Vaulting Doesn’t Always Equal Disaster Recovery

Originally posted on Rentsys Recovery Services' blog.

One of the key benefits of cloud services is that they enable faster and more cost-effective disaster recovery (DR). So once you've selected a cloud vaulting service and your data is tucked safely into the cloud, you can check DR off your to-do list, right? Not necessarily. 

While cloud vaulting solutions can lend themselves to a DR strategy, simply sending your data to the cloud isn't enough. There are a few components you need to look for to ensure your cloud solution has what it takes to meet your DR goals.

...
Continue reading
1640 Hits
0 Comments

Why the Desktop-as-a-Service Market Is Growing

Originally posted on Rentsys Recovery Services' blog.

Xaas cloud solutions are infiltrating the tech world: infrastructure-as-a-service, software-as-a-service, platform-as-a-service, desktop-as-a-service (DaaS) and so on. Of these, DaaS probably spends less time in the spotlight than its counterparts, but it's nevertheless gaining in popularity.

Last year, according to 451 Research, the market for virtual desktop infrastructure (VDI), which is the foundation for DaaS, grew 30 percent in the span of a year. It's expected to repeat that growth pattern through 2017. 

...
Continue reading
3011 Hits
0 Comments

Backing up Your Files for Disaster Recovery Isn’t Enough

Originally posted on Rentsys Recovery Services' blog.

If you’re not an IT person but are involved in business continuity and need to be familiar with your business’s disaster recovery (DR) plan, how do you know if your organization is using the right data backup and recovery solution? The specific answer will vary based on your organization’s size and industry, but one thing holds true for all organizations: You need a solution that can back up your environment, not just your files. We’ll explain why.

File-Sharing Services

...
Continue reading
2519 Hits
0 Comments

Compliance Concerns Are Rising - Here's What You Can Do About It

Originally posted on Rentsys Recovery Services’ blog.

According to Accenture's 2013 Global Risk Study, regulatory requirements rank as a top-five risk category for financial, government, insurance and other industries. In fact, 30 percent more companies plan to increase their compliance efficiency.

The rising concern with compliance stems from both changes in legislation (such as Basel III and Dodd-Frank) and tighter corporate governance requirements.

...
Continue reading
1790 Hits
0 Comments

Best Practices for Implementing Cloud Recovery

By Eric Thompson, solutions architect for Rentsys Recovery Services, Inc. Originally posted on Rentsys Recovery Services' blog

Today, almost every newspaper or tech magazine you pick up is either singing the praises of the cloud or pointing out its shortcomings. The challenge is transitioning from talking about cloud to actually implementing a cloud-based solution so you can judge its usefulness for yourself. 

If you're ready to take the cloud plunge, follow these three steps to be best prepared. 

...
Tags:
Continue reading
1793 Hits
0 Comments

How to Get a Passing Grade on DR Preparedness

Originally posted on Rentsys Recovery Services' blog

Earlier this year, the Disaster Recovery Preparedness (DRP) Council released the results of an annual benchmark survey that graded businesses worldwide on their state of DR preparedness using a scale of A (best) to F (worst). The report revealed some disturbing news: 3 in 4 companies are at risk due to incomplete or nonexistent disaster recovery plans. Fortunately, the DRP Council offered this nugget of encouragement: We're starting to identify DR best practices. Specifically, the survey results showed that businesses that scored an A or B had three things in common:

  • They built detailed DR plans.
  • They defined specific DR metrics for RTOs and RPOs.
  • They tested DR plans more frequently. 

The report is very clear that these goals are key to being a good student of DR preparedness. Now let's take a look at what solutions you can use to get a passing grade on your business's DR plan. 

...
Continue reading
2085 Hits
0 Comments

Bankers As Buyers: 2014 Tech Trends for Disaster Recovery

Originally posted on Rentsys Recovery Services' blog

Every year the William Mills Agency releases a Bankers As Buyers report containing essential information and statistics about the technology trends that are popular in the U.S. financial services industry.

In this year's report, we found three key takeaways that your firm should keep in mind as you update your 2014 disaster recovery (DR) plan.

...
Continue reading
2152 Hits
0 Comments