Jun 17

TechTarget – Building an IT resiliency plan into an always-on world

The concepts of recovery point objectives and recovery time objectives are becoming increasingly obsolete. Today’s highly connected world has forced most organizations to ensure IT resiliency and make their resources continuously available. More importantly, the cost of downtime continues to increase and has become unacceptable and even unaffordable for many organizations.

A 2016 study by the Ponemon Institute estimated the total cost of data center downtime to be about $740,357 per hour — a little higher than a similar 2015 study by cloud backup and disaster recovery-as-a-service provider Infrascale. The study also indicated that downtime can be so expensive, it calculated data center outages cost businesses an average of $8,851 per minute.

For large companies, the losses can be staggering. One 2016 outage cost Delta Air Lines $150 million.

The study went on to state that it takes, on average, 18.5 hours for a business to recover from a disaster. Given the hourly price of an outage, the cost of recovering from a disaster can be staggering. So it is hardly surprising the IT industry is transitioning from legacy backup and recovery planning in favor of disaster recovery or business continuity planning.

More of the TechTarget article from Brian Posey

May 17

IT Business Edge – Ensuring IT and Legal Are on the Same Page

As I’ve mentioned lately, cybersecurity is dependent on humans. Much of that revolves around human behavior and how cybercriminals prey on our mistakes, laziness, and dedication to multi-tasking. Yet, there are other areas where humans directly affect cybersecurity; one is communication.

I sat in on a session at the Enfuse 2017 conference called “Can I Get a Translation?” The discussion centered around the need for legal departments and the IT or security teams to speak the same language when talking about cybersecurity.

One of the problems is that IT and legal have different interests, the panel explained. Legal, for example, is looking for potential smoking guns in the data, but that’s not IT or the security team’s goal. But if that data isn’t stored or protected correctly, you know which department is going to get blamed, right?

More of the IT Business Edge article from Sue Marquette Poremba

May 17

ZDNet – Cloud and the New CIO

Cloud changes everything, and never more so than the role of the CIO, as the recently-released State of the CIO 2017 report[1] reveals.

As the report points out, CIOs still perform the delicate balancing act “between crafting technology strategy and driving business innovation while overseeing routine IT functional tasks such as cost control, vendor negotiation, crisis management, and operational improvements.”

However, although not explicitly stated, it is implicit that cloud services will continue to play a large part in making the CIO more efficient. For example, cloud computing is now the default way for enterprises to deliver new services, whether or not they are officially sanctioned by and acquired through the IT department. This plays to the LOB manager’s need to ‘just get things done’ because convenience and speed will – as so many commentators have already pointed out – always trump security and process. We’ll return to this point a bit later.

More of the ZDNet article from Manek Dubash

May 17

Continuity Central – How personal biases can affect business continuity decisions

Managerial biases such as overconfidence and myopia can explain many failures in business decisions but new research shows how personal biases can be used to improve decision making.

Conventional approaches to eliminating biases focuses on ‘changing the mind’: if people can be trained to recognise their biases and think more logically, better outcomes are likely. However, increasing evidence suggests that such a de-biasing approach is not enough for effective decisions, because it only deals with our conscious half – what Daniel Kahneman famously called System 2. Our automatic half – Kahneman’s System 1 – also plays a role in determining a decision and it is sensitive to our surrounding environment. Even contextual factors, such as the weather being sunny or cloudy, can significantly influence the decisions made.

More of the Continuity Central article

Mar 17

ITWorld – Why DRaaS is a better defense against ransomware

Recovering from a ransomware attack doesn’t have to take days

It’s one thing for a user’s files to get infected with ransomware, it’s quite another to have a production database or mission-critical application infected. But, restoring these databases and apps from a traditional backup solution (appliance, cloud or tape) will take hours or even days which can cost a business tens or hundreds of thousands of dollars. Dean Nicolls, vice president of marketing at Infrascale, shares some tangible ways disaster recovery as a service (DRaaS) can pay big dividends and quickly restore systems in the wake of a ransomware attack.

Quickly pinpointing the time of infection

With a cloud backup, it takes a while to determine if your application has been corrupted. Admins must download the application files from the cloud (based on your most recent backup), rebuild, and then compile the database or application.

More of the ITWorld post from Ryan Francis

Mar 17

Continuity Central – Security policies matter for disaster recovery

Replicating the production security infrastructure at a disaster recovery site can be a problem: Professor Avishai Wool looks at how organizations should approach security policy management in their disaster recovery planning.

When it comes to downtime and cybersecurity attacks, despite many high profile incidents in the past year many businesses are still stuck in the mind-set of ‘it won’t happen to me’ and are ill-prepared for IT failures. And with IT teams facing a broad range of unpredictable challenges while maintaining ‘business as usual’ operations, this mind-set places organizations at serious risk of a damaging, costly outage. Therefore, it’s more important than ever to have plans for responding and recovering as quickly as possible when a serious incident strikes. As the author Franz Kafka put it, it’s better to have and not need, than to need and not have. In short, effective disaster recovery is a critical component of a business’ overall cybersecurity posture.

Most large organizations do have a contingency plan in place in case its primary site is hit by a catastrophic outage – which, remember, could just as easily be a physical or environmental problem like a fire or flood, as well as a cyberattack. This involves having a disaster recovery site in another city or even another country, which replicates all the infrastructure that is used at the primary site. However, a key piece of this infrastructure is often overlooked – network security – which must also be replicated on the disaster recovery site in order for the applications to function yet remain secure when the disaster recovery site is activated.

More of the Continuity Central postCon

Jan 17

Harvard Business Review – Research: Family Firms Are More Innovative Than Other Companies

Family firms aren’t typically thought of as particularly innovative. More often, they’re viewed as risk averse, traditional, and stagnant.

However, many family-owned businesses are among the most innovative in their industries. Consider Herr’s Potato Chips and Enterprise Rent-A-Car. There are countless other examples of family firms that have brought innovations to market. We wanted to determine how family firms actually compare to their nonfamily counterparts when it comes to being innovative. Our research, conducted with Patricio Duran and Thomas Zellweger, suggests the answer is not simple.

More of the Harvard Business Review article from Nadine Kammerlander and Marc van Essen

Jan 17

ComputerWeekly – Disaster recovery testing: A vital part of the DR plan

IT has become critical to the operation of almost every company that offers goods and services to businesses and consumers.

We all depend on email to communicate, collaboration software (such as Microsoft Word and Excel) for our documents and data, plus a range of applications that manage internal operations and customer-facing platforms such as websites and mobile apps.

Disaster recovery – which describes the continuing of operations when a major IT problem hits – is a key business IT processes that has to be implemented in every organisation.

First of all, let’s put in perspective the impact of not doing effective disaster recovery.

Estimates on the cost of application and IT outages vary widely, with some figures quoting around $9000/minute.

More of the ComputerWeekly article from Chris Evans

Dec 16

Harvard Business Review – How Loss Aversion and Conformity Threaten Organizational Change

To achieve true transformational change, CEOs must have more than a strategic plan. To effect actual change, they need to understand how biases — their own, and their employees’ — can shape behaviors and decisions, and prevent them from achieving what they set out to achieve.

CEOs need to be especially aware of how the subtle forces of bias can operate in our subconscious and influence our choices. Let’s take a look at the two I see most often: loss aversion and conformity.

Loss Aversion
Picture a management team, composed of highly accomplished individuals with long tenures at the company, gathering at the annual planning meeting. The CEO has been in place for five years, business performance has been strong and Wall Street has rewarded shareholders handsomely.

More of the Harvard Business Review article from Sean Ryan

Nov 16

CIO.com – The long, slow death of private cloud continues

This article offers great perspective on in-house private cloud, not IaaS private cloud.

I must have touched a nerve with my last post, as I was contacted by two vendors that wanted to share their perspective on private cloud computing. Even though I don’t consider myself an analyst and therefore typically avoid “briefings,” I thought it would be interesting to see what they had to say.

Both vendors covered what I consider well-trod ground: Organizations use private clouds for reasons of security/compliance, data sovereignty, data gravity (i.e., there is lots of data on-premises and it would be very difficult to migrate it to a public cloud provider), application inflexibility, and so on.

However, one also identified another reason that organizations choose to use private clouds: cost. This vendor asserted that IT organizations can operate a cloud environment less expensively than what a public cloud provider charges for the same capability.

More of the CIO.com post from Bernard Golden