02
Aug 17

IT World – 7 things your IT disaster recovery plan should cover

Enterprise networks and data access can be knocked out without warning, thanks to natural and man-made disasters. You can’t stop them all from happening, of course, but with a good disaster recovery plan you can be better prepared for the unexpected.

Hurricanes. Tornadoes. Earthquakes. Fires. Floods. Terrorist attacks. Cyberattacks. You know any of these could happen to your business at any time. And you’ve probably got a disaster recovery (DR) plan in place to protect your enterprise’s data, employees and business.

But how thorough is your DR plan? When was it last updated and tested? Have you taken into account new technologies and services that can make it easier to recover from disaster? The following are 7 things your IT disaster recovery plan should include.

1. An analysis of all potential threats and possible reactions to them

Your DR plan should take into account the complete spectrum of “potential interrupters” to your business, advises Phil Goodwin, research director of data protection, availability and recovery for research firm IDC. (IDC is part of IDG, which publishes CSO.)

More of the IT World post from James A Martin


14
Jul 17

Continuity Central – Reasons to Eliminate the Business Impact Analysis

Adaptive BC, a website established to develop and promote a new approach to business continuity, has been calling for the elimination of the BIA. In this article David Lindstedt, one of the founders of Adaptive BC, explains why.

The business impact analysis (BIA) has been a staple of business continuity for decades. In that time, the BIA has grown, expanded, and become rather nebulous in its scope, objectives, and value. By exploring both its initial purpose and current implementation, we can conclude that early benefits gained from the BIA no longer outweigh the disadvantages, and that practitioners ought to eliminate the use of the BIA as much and as soon as feasible.

Part one: genesis

What was the BIA when it came into use? The original intent of the BIA was to estimate the impact that a significant incident would have on the business. More accurately, it was to estimate the different types of impact that a significant incident would have on different parts of the business. As the BCI DRJ Glossary states, even today the BIA is defined simply as the, “Process of analyzing activities and the effect that a business disruption might have on them.”

More of the Continuity Central article


13
Jul 17

Continuity Central – DNS attacks are posing an increasing threat to businesses

EfficientIP has published the results of a survey that was conducted for its 2017 Global DNS Threat Survey Report. It explored the technical and behavioural causes for the rise in DNS threats and their potential effects on businesses across the world.

Major issues highlighted by the study, now in its third year, include a lack of awareness as to the variety of attacks; a failure to adapt security solutions to protect DNS; and poor responses to vulnerability notifications. These concerns will not only be subject to regulatory changes, but also create a higher risk of data loss, downtime or compromised reputation.

According to the report, carried out among 1,000 respondents across APAC, Europe and North America, 94 percent of respondents claim that DNS security is critical for this business. Yet, 76 percent of organizations have been subjected to a DNS attack in last 12 months and 28 percent suffered data theft.

More of the Continuity Central post


07
Jun 17

TechTarget – Building an IT resiliency plan into an always-on world

The concepts of recovery point objectives and recovery time objectives are becoming increasingly obsolete. Today’s highly connected world has forced most organizations to ensure IT resiliency and make their resources continuously available. More importantly, the cost of downtime continues to increase and has become unacceptable and even unaffordable for many organizations.

A 2016 study by the Ponemon Institute estimated the total cost of data center downtime to be about $740,357 per hour — a little higher than a similar 2015 study by cloud backup and disaster recovery-as-a-service provider Infrascale. The study also indicated that downtime can be so expensive, it calculated data center outages cost businesses an average of $8,851 per minute.

For large companies, the losses can be staggering. One 2016 outage cost Delta Air Lines $150 million.

The study went on to state that it takes, on average, 18.5 hours for a business to recover from a disaster. Given the hourly price of an outage, the cost of recovering from a disaster can be staggering. So it is hardly surprising the IT industry is transitioning from legacy backup and recovery planning in favor of disaster recovery or business continuity planning.

More of the TechTarget article from Brian Posey


31
May 17

IT Business Edge – Ensuring IT and Legal Are on the Same Page

As I’ve mentioned lately, cybersecurity is dependent on humans. Much of that revolves around human behavior and how cybercriminals prey on our mistakes, laziness, and dedication to multi-tasking. Yet, there are other areas where humans directly affect cybersecurity; one is communication.

I sat in on a session at the Enfuse 2017 conference called “Can I Get a Translation?” The discussion centered around the need for legal departments and the IT or security teams to speak the same language when talking about cybersecurity.

One of the problems is that IT and legal have different interests, the panel explained. Legal, for example, is looking for potential smoking guns in the data, but that’s not IT or the security team’s goal. But if that data isn’t stored or protected correctly, you know which department is going to get blamed, right?

More of the IT Business Edge article from Sue Marquette Poremba


08
May 17

ZDNet – Cloud and the New CIO

Cloud changes everything, and never more so than the role of the CIO, as the recently-released State of the CIO 2017 report[1] reveals.

As the report points out, CIOs still perform the delicate balancing act “between crafting technology strategy and driving business innovation while overseeing routine IT functional tasks such as cost control, vendor negotiation, crisis management, and operational improvements.”

However, although not explicitly stated, it is implicit that cloud services will continue to play a large part in making the CIO more efficient. For example, cloud computing is now the default way for enterprises to deliver new services, whether or not they are officially sanctioned by and acquired through the IT department. This plays to the LOB manager’s need to ‘just get things done’ because convenience and speed will – as so many commentators have already pointed out – always trump security and process. We’ll return to this point a bit later.

More of the ZDNet article from Manek Dubash


04
May 17

Continuity Central – How personal biases can affect business continuity decisions

Managerial biases such as overconfidence and myopia can explain many failures in business decisions but new research shows how personal biases can be used to improve decision making.

Conventional approaches to eliminating biases focuses on ‘changing the mind’: if people can be trained to recognise their biases and think more logically, better outcomes are likely. However, increasing evidence suggests that such a de-biasing approach is not enough for effective decisions, because it only deals with our conscious half – what Daniel Kahneman famously called System 2. Our automatic half – Kahneman’s System 1 – also plays a role in determining a decision and it is sensitive to our surrounding environment. Even contextual factors, such as the weather being sunny or cloudy, can significantly influence the decisions made.

More of the Continuity Central article


02
Mar 17

ITWorld – Why DRaaS is a better defense against ransomware

Recovering from a ransomware attack doesn’t have to take days

It’s one thing for a user’s files to get infected with ransomware, it’s quite another to have a production database or mission-critical application infected. But, restoring these databases and apps from a traditional backup solution (appliance, cloud or tape) will take hours or even days which can cost a business tens or hundreds of thousands of dollars. Dean Nicolls, vice president of marketing at Infrascale, shares some tangible ways disaster recovery as a service (DRaaS) can pay big dividends and quickly restore systems in the wake of a ransomware attack.

Quickly pinpointing the time of infection

With a cloud backup, it takes a while to determine if your application has been corrupted. Admins must download the application files from the cloud (based on your most recent backup), rebuild, and then compile the database or application.

More of the ITWorld post from Ryan Francis


01
Mar 17

Continuity Central – Security policies matter for disaster recovery

Replicating the production security infrastructure at a disaster recovery site can be a problem: Professor Avishai Wool looks at how organizations should approach security policy management in their disaster recovery planning.

When it comes to downtime and cybersecurity attacks, despite many high profile incidents in the past year many businesses are still stuck in the mind-set of ‘it won’t happen to me’ and are ill-prepared for IT failures. And with IT teams facing a broad range of unpredictable challenges while maintaining ‘business as usual’ operations, this mind-set places organizations at serious risk of a damaging, costly outage. Therefore, it’s more important than ever to have plans for responding and recovering as quickly as possible when a serious incident strikes. As the author Franz Kafka put it, it’s better to have and not need, than to need and not have. In short, effective disaster recovery is a critical component of a business’ overall cybersecurity posture.

Most large organizations do have a contingency plan in place in case its primary site is hit by a catastrophic outage – which, remember, could just as easily be a physical or environmental problem like a fire or flood, as well as a cyberattack. This involves having a disaster recovery site in another city or even another country, which replicates all the infrastructure that is used at the primary site. However, a key piece of this infrastructure is often overlooked – network security – which must also be replicated on the disaster recovery site in order for the applications to function yet remain secure when the disaster recovery site is activated.

More of the Continuity Central postCon


29
Jan 17

Harvard Business Review – Research: Family Firms Are More Innovative Than Other Companies

Family firms aren’t typically thought of as particularly innovative. More often, they’re viewed as risk averse, traditional, and stagnant.

However, many family-owned businesses are among the most innovative in their industries. Consider Herr’s Potato Chips and Enterprise Rent-A-Car. There are countless other examples of family firms that have brought innovations to market. We wanted to determine how family firms actually compare to their nonfamily counterparts when it comes to being innovative. Our research, conducted with Patricio Duran and Thomas Zellweger, suggests the answer is not simple.

More of the Harvard Business Review article from Nadine Kammerlander and Marc van Essen