Replicating the production security infrastructure at a disaster recovery site can be a problem: Professor Avishai Wool looks at how organizations should approach security policy management in their disaster recovery planning.
When it comes to downtime and cybersecurity attacks, despite many high profile incidents in the past year many businesses are still stuck in the mind-set of ‘it won’t happen to me’ and are ill-prepared for IT failures. And with IT teams facing a broad range of unpredictable challenges while maintaining ‘business as usual’ operations, this mind-set places organizations at serious risk of a damaging, costly outage. Therefore, it’s more important than ever to have plans for responding and recovering as quickly as possible when a serious incident strikes. As the author Franz Kafka put it, it’s better to have and not need, than to need and not have. In short, effective disaster recovery is a critical component of a business’ overall cybersecurity posture.
Most large organizations do have a contingency plan in place in case its primary site is hit by a catastrophic outage – which, remember, could just as easily be a physical or environmental problem like a fire or flood, as well as a cyberattack. This involves having a disaster recovery site in another city or even another country, which replicates all the infrastructure that is used at the primary site. However, a key piece of this infrastructure is often overlooked – network security – which must also be replicated on the disaster recovery site in order for the applications to function yet remain secure when the disaster recovery site is activated.
More of the Continuity Central postCon
We’re reaching a point of maturity when it comes to cloud computing. Organizations are solidifying their cloud use-cases, understanding how cloud impacts their business, and are building entire IT models around the capabilities of cloud.
Cloud growth will only continue; Gartner recently said that more than $1 trillion in IT spending will, directly or indirectly, be affected by the shift to cloud during the next five years.
“Cloud-first strategies are the foundation for staying relevant in a fast-paced world,” said Ed Anderson, research vice president at Gartner. “The market for cloud services has grown to such an extent that it is now a notable percentage of total IT spending, helping to create a new generation of start-ups and ‘born in the cloud’ providers.”
More of TheWHIR post from Bill Kleyman
On a day when a blizzard was pasting Maine and Northern California faced a dire flooding threat, several of the National Weather Service’s primary systems for sending out alerts to the public failed for nearly three hours.
Between 1:08 p.m. and 3:44 p.m. Eastern time Monday, products from the Weather Service stopped disseminating over the Internet, including forecasts, warnings, radar and satellite imagery, and current conditions.
Updates to the Weather Service’s public-facing website, Weather.gov, ceased publishing.
In an email to staff on Tuesday, David Michaud, the director of the Weather Service’s Office of Central Processing, said a power outage had triggered the outage and characterized the impacts as “significant”. The cause of the outage was under review, a Weather Service spokesperson said.
“[I] want to ensure you that everyone involved is working hard to avoid these outages in the future and find ways to better communicate to employees across the agency in real time when outages occur,” Michaud’s email said.
More of the Washington post article from Jason Samenow
At the 8th Annual Cloud Security Alliance (CSA) Summit at RSA in San Francisco, Skyhigh Networks unveiled its ‘Custom Applications and IaaS Report 2017’ report.
Conducted in partnership with the CSA, the report is based on a broad survey of software development, IT administration, IT security, operations and devops professionals across the Americas, EMEA and Asa Pacific, involved in developing, deploying and securing custom applications. While respondents forecast rapid IaaS adoption, they at the same time expressed numerous unresolved concerns about the security and compliance of their custom applications in IaaS platforms.
“Custom applications are a core part of how our business operates, and moving these to the cloud provide IT an opportunity to ‘start fresh’ with the right visibility, controls and overall security, without getting in the way of business operations,” said Stephen Ward, CISO, TIAA. “Meeting our security requirements for our applications, as well as our IaaS environment, is absolutely critical to accomplishing our business goals for cloud and overall software programs.”
Some of the key findings from the survey include:
Every company is a software company. Every company has developers writing custom code to improve engagement with employees, partners and customers.
More of the Continuity Central post
Rachel Botsman has spent over a decade thinking about the “sharing economy.” As an an author and a visiting academic at the University of Oxford, Saïd Business School, who researches how technology is transforming trust, she’s an authority on the subject. She’s also one of Fast Company’s Most Creative People. She is currently writing a book, due out next fall, about the new decentralized economies and how that has changed trust.
I recently chatted with her about what this means for the future of leadership. What follows is a transcript of our conversation. It has been edited for space and clarity.
Can you talk a bit about your current project and its background?
In 2009, I wrote What’s Mine Is Yours about the so-called sharing economy.
More of the Fast Company article from Cale Guthrie Weissman
You are probably already familiar with the Net Promoter Score (NPS), a metric used to gauge the health of the customer relationship. Although it is widely used by companies, most people don’t know that it actually has three serious problems. First, the “research” behind the NPS claims is flawed. Second, the calculation of the metric (a difference score) results in an ambiguous score that is difficult to interpret. Third, the NPS is insufficient in measuring the multidimensional nature of customer loyalty.
In 2003, the Net Promoter Score (NPS) was formally introduced by Fred Reichheld, and, today, it is used by many of today’s top businesses to monitor and manage customer relationships. Fred Reichheld and his co-developers of the NPS say that a single survey question, “How likely are you to recommend Company Name to a friend or colleague?”, is the only loyalty metric companies need to grow their company.
More of the Customer Think post from Bob Hayes
Another week, another major airline is crippled by some kind of software glitch.
If you feel as if you’re hearing about these incidents more often, you are—but not necessarily because they’re happening more frequently.
Delta Air Lines Inc. suffered an IT outage that led to widespread delays and 280 flight cancellations on Jan. 29 and 30, a problem the carrier said was caused by an electrical malfunction. A week earlier, United Continental Holdings Inc. issued a 2 1/2-hour ground stop for all its domestic flights following troubles with a communication system pilots use to receive data.
These two shutdowns were the latest in what’s been a series of computer crack-ups over the past few years, including major system blackouts that hobbled Southwest Airlines Co. as well as Delta for several days last summer—affecting tens of thousands of passengers.
More of the WHIR post from Bloomberg
Although not mentioned in this article, enterprise cloud providers like Expedient are often a key player in the multicloud mix. Enterprise clouds deliver VMware or HyperV environments that require little or no retraining for the infrastructure staff.
Enterprises need a multicloud strategy to juggle AWS, Azure and Google Cloud Platform, but the long-held promise of portability remains more dream than reality.
Most enterprises utilize more than one of the hyperscale cloud providers, but “multicloud” remains a partitioned approach for corporate IT.
Amazon Web Services (AWS) continues to dominate the public cloud infrastructure market it essentially created a decade ago, but other platforms, especially Microsoft Azure, gained a foothold inside enterprises, too. As a result, companies must balance management of the disparate environments with questions of how deep to go on a single platform, all while the notion of connectivity of resources across clouds remains more theoretical than practical.
Similar to hybrid cloud before it, multicloud has an amorphous definition among IT pros as various stakeholders glom on to the latest buzzword to position themselves as relevant players. It has come to encompass everything from the use of multiple infrastructure as a service (IaaS) clouds, both public and private, to public IaaS alongside platform as a service (PaaS) and software as a service (SaaS).
More of the SearchCloudComputing article
Ninety-three percent of companies’ security operation centers admit they’re not keeping up with the volume of threat alerts and incidents, putting them at risk.
Despite a growing focus on cyber-security—along with gobs of money and staff time thrown at the task—things just seem to get worse. According to a December 2016 report from McAfee Labs, 93 percent of organizations’ security operation centers admit that they are not keeping up with the volume of threat alerts and incidents, putting them at significant risk of moderate to severe breaches.
Altogether, 67 percent of the survey respondents (more than 400 security practitioners spanning multiple countries, industries and company sizes) reported an increase in security breaches. Yet, on average, organizations are unable to sufficiently investigate 25 percent of security alerts.
More of the CIO Insight article from Samuel Greengard
That blank stare from the CMO doesn’t mean she’s an idiot. It means you need to translate your tech speak into business speak.
I was talking with the head of research and development for a major medical device company, and he was really frustrated. “Anett,” he said, “my leadership team doesn’t understand what we’re doing. We’re not just a back-office function supporting the company—we’re building our products!” He felt like his team was getting trampled on and disregarded—he just didn’t know how to get his message across.
People in STEM (science, technology, engineering, and math) fields are used to getting blank stares and being asked dumb questions when they talk about their work. But it’s not that everyone else is stupid—it’s just that you know a lot more about the technical details than they do.
In other words, it’s a communication challenge: You need some better ways to present your solutions, discoveries, or obstacles to everybody else in your organization—to translate them from tech speak into business speak. So whether you’re a recent engineering grad just entering the corporate world, or a mid-career IT manager hoping for that big promotion, here are four tips to help you explain what you do and why it matters.
More of the FastCompany article from Anett Grant