All the latest Articles, Features and Resources

COVID19 – Business Recovery Phase

The following is a summary of the status updates and actions in preparing for the Recovery Phase and addressing new risks which have been identified since the COVID-19 Pandemic outbreak.  We have now entered into the Business Recovery Phase, which is estimated could now last until the end of the 2020 calendar year, and businesses need to know how to prepare…

Decommissioning is Part of Disaster Recovery Planning

More moving parts mean more chance of failure. Replace “moving parts” by “comatose IT servers” and the adage still holds true. You may be tempted to reply that 1) there aren’t many of this kind of server anyway, and that 2) comatose servers may not be doing any good, but as such they are not…

Adapt or Die – A Darwinian Take on Business Continuity

Most businesses experience change constantly. Markets, technologies, regulations and strategies all evolve. Enterprises that stand still get left behind and disappear, one way or another. While we have business continuity theories, principles and tools galore, it’s worth revisiting one of the most fundamental concepts from time to time – that of Darwin’s idea of evolution,…

How’s Your User Experience for Your Disaster Recovery?

It may sound strange to talk about “touchy-feely” stuff like user experience in the context of IT disaster recovery. After all, the priority is on getting systems up and running again within recovery time and recovery point objectives, rather than sitting around in focus groups discussing feelings and opinions. The only UX that many IT…

Towards Set-It-And-Forget-It Business Continuity

Few activities and operations are truly set it and forget it. Lights-out factories like the showcase installation run by technology company Siemens are proof of concept, but still the exception. Business continuity in most cases requires periodic adjustment because environments and conditions are constantly changing. However, here’s a thought that could change that. The idea…

Why Stop at Just Disaster Recovery with Your DRP?

Do more with less. Who hasn’t already heard that in business? And just because something – like disaster recovery planning and management – is vital to ensuring enterprise survival does not mean that you cannot leverage your investment to get more out of it. The more DRP and DRM can help you increase profits or…

COVID19 – Business Recovery Phase

The following is a summary of the status updates and actions in preparing for the Recovery Phase and addressing new risks which have been identified since the COVID-19 Pandemic outbreak.  We have now entered into the Business Recovery Phase, which is estimated could now last until the end of the 2020 calendar year, and businesses…

Decommissioning is Part of Disaster Recovery Planning

More moving parts mean more chance of failure. Replace “moving parts” by “comatose IT servers” and the adage still holds true.

Insiders, Still One of IT Security’s Biggest Problems

The enemy is (largely) within, when it comes to the security of information and information systems. Knowing how and why insider threats materialise is a big step towards dealing with them.

Adapt or Die – A Darwinian Take on Business Continuity

Most businesses experience change constantly. Markets, technologies, regulations and strategies all evolve. Enterprises that stand still get left behind and disappear, one way or another.

Why the Internet is an Elephant

Proverbially at least, elephants never forget. Neither does the Internet. Once information is out there, you must assume it will always be out there, and that deleting it at its source may make no difference.

Towards Set-It-And-Forget-It Business Continuity

Few activities and operations are truly set it and forget it. Lights-out factories like the showcase installation run by technology company Siemens are proof of concept, but still the exception.

Why Stop at Just Disaster Recovery with Your DRP?

Do more with less. Who hasn’t already heard that in business? And just because something – like disaster recovery planning and management – is vital to ensuring enterprise survival does not mean that you cannot leverage your investment to get more out of it.

How’s Your User Experience for Your Disaster Recovery?

It may sound strange to talk about “touchy-feely” stuff like user experience in the context of IT disaster recovery. After all, the priority is on getting systems up and running again within recovery time and recovery point objectives, rather than sitting around in focus groups discussing feelings and opinions.

Steering a New ITSM Course with Container Management

IT service management changed a few years ago with the introduction of containers. They helped usher in the concept that a data centre was no longer a place with computers, but that the data centre itself was the computer.

Time to Get Your Disaster Recovery Plan Straight?

Time is money, as they say, and it is also a key factor in IT disaster recovery. Take, for instance, the well-known recovery time objective or RTO, which defines how fast you should get back to normal operations after an IT incident.

Training Can Be Double-Edged in Business Continuity

Imagine taking your car to the garage for an urgent repair, only to be told that you’ll have to wait for week because the garage mechanics are off on a training course.

Mind Your Language in Your Disaster Recovery Planning

Military precision? Business descriptions? No fluff? All these qualifications have a bearing on a disaster recovery plan, but with certain conditions.

IT Systems Management and the 5 S’s

We may live in a digital age, but much of the concepts from the previous industrial era still carries through. We have virtual cloud data factories and production lines, just like their physical counterparts for making cars, furniture, aircraft and so on.

Where Does a Business Continuity Plan Fit with Emergencies, Contingencies and Disasters?

The bigger an organisation gets, the more the plans multiply. There may be plans for dealing with contingencies, crises, disasters, emergencies, pandemics, risks and who knows what else, all in addition to your business continuity plan.

Cyber Security and the Legal Sector

It’s commonplace to see articles and discussions about cyber security and the law, but this article is not about that. It is about cyber security and law firms, those august institutions with their lawyers, barristers, and attorneys.

AI in Your DR – Should You, or Shouldn’t You?

Artificial intelligence is finding its way into many applications and systems, so why not disaster recovery? The advantages are multiple.

Business Continuity and Volcanoes – So Far, and Yet So Near

The Agung volcano in Indonesia has been in the news recently. At time of writing, observers are sending back reports of clouds and glows that suggest that major eruption could be imminent.

Building a Kill Chain to Boost Your IT Security

When hackers try to penetrate your databases and IT infrastructure (or perpetrate any other cybercrime), they often plan a sequence of steps to get what they want. Individual steps may seem innocent or meaningless.

The Business Continuity Runbook – Between Automated and Manual BC

Much of business continuity today can be automated. Production lines, supplies reordering, failovers in case of problems, management reports, many of these things now work on a “set it and forget it” basis.

Linux the Unhackable? That All Depends…

Linux has an enviable reputation as a secure platform for servers. But Linux the Unhackable? Certain myths persist about the inherent resistance of Linux to viruses and the superfluity of firewalls.

Legal Requirements for Business Continuity

Business continuity is good for your business, but is it also a legal requirement? Laws and regulations differ from one country or one industry to another, although there is a basic expectation that organisations will act responsibly.

Cyber Security and Pointers from Criminology

While cyber security may have you thinking in zeros and ones, and wondering which next generation firewall you should buy next, the human element is alive and well in cyber crime.

Near Misses, Critical Parts of Business Continuity

If everything is working and you have a business continuity plan in place, is there anything left to worry about? Yes!

ITSM and Statement of Work

With the aim of IT service management being to serve the business or the organisation funding the IT, it’s crucial that business requirements drive ITSM projects and procurement.

The “Six Degrees” of Business Continuity

The “six degrees” concept is that you can reach any person in the world using a maximum of six personal relationships in a chain stretching from you to the person you want to reach.

Information Security and ERP Systems

In principle, every IT system needs to be secure. In practice, some IT systems are less secure than others.

Business Continuity in 2017 – Lest We Forget?

So, it’s that time of the year again, when we look back over the last 12 months in business continuity to see… nothing?

Santa Clause and Cyber Crime

Does Father Christmas know just how exposed his operation is? With one of the largest address books ever conceived (names, addresses, gift preferences of billions of people) and a seasonal workforce of elves that may or may not have been vetted before hiring, Santa’s gift selection, preparation and delivery system may be hugely at risk.

Robots and Business Continuity – We’re Well Past the Turing Test

Meet Sophia, who has Saudi-Arabian nationality. There’s nothing unusual about that, except that Sophia is a robot.

Threat Hunting Could Accentuate the Corporate Divide

The idea behind threat hunting is that some attackers are getting too smart for current IT security technology.

ITSM and the Scourge of Server Sprawl

In theory, IT service management should contain sprawl, limiting or preventing the spread of underutilised IT assets.

Business Continuity and Suppliers – Take Nothing at Face Value

“Yes, we have a business continuity plan”. Every enterprise wants to hear this from its suppliers, especially the key suppliers.

IT Security and the Unikernel – the Answer to Hackers and Attackers?

First, there was the virtual machine. Then came the container. Now, welcome to the unikernel, the latest initiative for atomising computing.

The Business Continuity Battle Against FUD

Fear, uncertainty and doubt. Collectively known as FUD, these items skew rational thinking, panic otherwise sensible people, and throw sizeable spanners in the works of business continuity planners.

The End of the Password (Again)?

Will it ever go away? The basic password is still alive and well.

Business Continuity Management and Avoiding Bankruptcy

Bankruptcy per se is not necessarily the end of an enterprise, as several high-profile phoenixes rising from the ashes have shown.

Why You Can’t Trust Anyone These Days

It’s not paranoia, they really are out to get you. When the very organisations promoting IT security manage to botch it up, it’s difficult to have confidence in anything anymore.

Why Business Continuity Will Be a Constant Battle Against Silos

You may well have heard the story of the person trying to streamline business operations and driving past huge, separated grain silos one day, which reminded him of the mentalities and divisions he was trying to overcome back in the office.

How Far Back Do You Go in Your Business Continuity?

It’s a fact of business life that customers, markets, and industry commentators only see your brand, and not the suppliers who provide the materials, components, or products behind it.

Bad Habits Are the Worst IT Security Risk

People – “Can’t live with them, can’t live without them” might be the motto for many enterprises and their chief information security officers (CISOs).

Business Continuity by Staying (Very) Close to Your Customer

Sometimes in business continuity we end up with such a fierce focus on actions inside the enterprise that we neglect actions directed towards the outside world, and specifically towards our customers.

A Zero Trust State of Mind in IT Security

Hollywood (once again) got there first. Remember those films in which shadowy figures hiss “Trust no-one!” before vanishing from the scene?

Business Continuity for Machines? Just a Sec, I’ll Print You Some

You may find this blog article mind-expanding – especially if your natural reaction is to think about its title in two dimensions, rather than three. To set things straight, we’re not talking about paper printouts of business continuity plans that by definition are out of date the moment they are distributed.

IT Service Management, Your New Name is Marketing

What’s more important in IT Service Management (ITSM), the management or the service?

The Observer Effect in Business Continuity

When you look at something, you have an impact on it. That’s the observer effect.

When Bolted-On IT Security is the Only Option

If you’ve worked in IT development for hardware or software, or had dealings with that world, you may well have seen the statistics about the costs of fixing bugs.

Business Continuity? It’s in Our DNA, Right?

How many times have you heard business people talk about their DNA – meaning their business culture or something similar?

Risk Management and Proactively Dealing with Threats

What’s the difference between a risk, a threat, and a vulnerability? This is worth knowing, because if you can spot the risks in your enterprise and mitigate or eliminate them, you might not have to worry about associated threats.

3 Ways to Build Collaboration into Business Continuity Management

As a business continuity manager, you are likely to be involved in getting your colleagues to take business continuity seriously and ensure that their own departments will continue to function even in adverse conditions.

Business Continuity Management – How Relevant is It to Data Breaches?

It’s always good to show how business continuity can be a net profit generator or produce other positive and measurable advantages.

People are Important to Business Continuity Too

Sounds obvious? When you’re knee deep in metrics, reports, and audits, it’s not always easy to remember that without people doing their jobs, nearly every organisation will rapidly cease to function.

The Most Worrying Definition of the Blended Attack

It almost seems that there are as many definitions of the “blended attack” in IT security, as there are experts willing to give them.

Is Business Continuity about Prevention or Detection & Repair?

Ideally, business continuity means no discontinuity.

The Rise and Rise of the Insider Threat in IT Security

Once upon a time, IT security was all about building the highest wall possible to keep attackers out and corporate users and systems safe.

Is IT Getting in the Way of Business Continuity?

In theory, IT should be a boon for business continuity. Speed, reliability, automation, efficiency, productivity, all these things are positive effects available by moving to a digital environment driven by information technology.

Risk Assessment Pitfalls to Watch Out For

Risk assessment is already a vast subject and the pitfalls of risk assessment alone would probably fill a good-sized book.

Are Politics Interfering with Your Business Continuity?

Politics in career progression, in investments, in enterprise projects – but in business continuity as well?

The Four, No… The Five “P”s of IT Service Design

People, products, processes, and partners are the four “P”s of IT service design in a lifecycle model for IT services, but is there something missing?

Business Continuity and Resiliency Engineering

To stay healthy, should you get your jabs or eat your vegetables?

What Will It Take to Kill Off the Password?

Back in 2004 at the RSA Security Conference, Bill Gates was campaigning for the replacement of the password by two-factor authentication or some other secure mechanism.

The Use of Praise in Business Continuity

Don’t get us wrong, simply telling somebody how wonderful he or she is unlikely to guarantee business continuity!

Even in Australia, Europe’s New Data Regulation Could Affect Your Business

Talk about the long arm of the law!

Objectives or Capabilities, Where Does Business Continuity Start?

In business continuity management, should you start with what you want or with what you have?

Disaster Recovery Failure with a Cyber Security Twist

The case of Code Spaces still echoes in cyberspace.

Business Continuity Management May Need Another Name

Did you know that car manufacturers tend to choose the letters for their car model references according to the type of buyer they want to attract?

IT Risk Management is Getting Tougher, but are Managers Keeping Pace?

Tougher to do, and with tougher consequences if you get it wrong: these are the two big trends in IT risk management today.

Agile Business Continuity – A Happy Medium Between Fossilisation and Chaos

Ah yes, agile, that buzzword that is being borrowed by so many parts of businesses! The word itself is full of promise, suggesting all kinds of good things, like flexibility, nimbleness, and adaptability.

ITSM for All, Including Those Who Have Nothing to Do with IT

We’d be straining your patience if we didn’t explain the title of this blog right away. ITSM?

Business Continuity Jargon – For or Against?

Jargon crops up everywhere, and business continuity is no exception. RTO, RPO, BIA, and others are often sprinkled liberally into conversations, plans, and reports.

The Vulgarisation of IT System Hacking Could Be Good News

Attack sophistication is growing. 20 years ago, social engineering had already made inroads and automated attacks were on the rise, with denial-of-service, browser executable attacks, and techniques for uncovering vulnerabilities in the binary code of applications.

Adaptive BC – The New ABC of Keeping Things Running?

Every so often it’s good to shake things up. Sometimes the simple act of asking questions about what we do in business continuity and why we do it can give us a fresh point of view and point out areas for improvement.

Should Disaster Recovery Be a Legal Requirement?

Governments often make legal requirements about things that could damage people’s health, whether in a physical, financial, or possibly other sense.

Synchronizing Your Business Continuity Plans with a Changing Business

The cliché of “change is the only constant” is true for most enterprises. Customers, business analysts, and employees all expect some sort of evolution, even if it is with varying degrees of enthusiasm.

Just Delete It – Destruction as an IT Security Strategy

If confidential information didn’t exist, you wouldn’t have to worry about data breaches.

Dealing with Combined Mobile and Cloud IT Security Problems

Now that so many people and enterprises have rushed headlong into mobile, cloud, or both, it’s time to take a step back and consider your security posture relating to these two items.

The Macro and the Micro of the Perfect Storm in Enterprise Risk Management

What does a perfect storm make you think of – natural catastrophes, perhaps, like the one portrayed in the film “The Perfect Storm”, the risks confronting the Korean economy, or simply a situation you would rather avoid in the interests of business continuity?

IT Service Management, Meet Marketing!

IT service management is sometimes described as a customer-focused approach to making information technology available.

Business Continuity and Machine Learning

According to certain industry analysts and software vendors, we are now midway between a stage 10 years ago when few applications used machine learning, and a stage 10 years into the future when apparently, most applications will function with it.

IT Service Management, Automation, and Erosion of Job Satisfaction

Labour-saving devices, robots, and automation – Weren’t they all supposed to improve the quality of life, by removing manual work and drudgery?

The Coming Roles of Virtual and Augmented Reality in Business Continuity

If you thought virtual reality (VR) and augmented reality (AR) were just gimmicks for people with too much time on their hands, you could be in for a surprise.

Enterprise Attacks that Start in Mobile Apps

Some IT security attacks start from the most innocent mobile apps and in ways that let cyber-criminals simply pick up confidential communications without having to hack into anything at all.

Business Continuity by Working Backwards

Ever since marketing figured out that companies could do better by asking customers what they wanted, rather than just trying to tell them, businesses have moved massively to the notion of working backwards from the customer.

IT Self Service Management is Not the Easy Option

It’s tempting to see IT self-service as the simple way to hand off responsibilities to end-users.

Combining Scenario and Impact Planning in Business Continuity

Scenario planning, in which you seek to identify higher risk and higher probability causes of business interruption, attracts both supporters and cynics.

IoT Device Security Doomsday on the Horizon?

Does it sound strange that many organisations believe they are exposed to major problems with Internet of Things device security, yet few of them have taken any measures to resolve those problems?

Why Business Now Needs Personal Business Continuity

Business no longer controls all its data, now that the data is spread out over systems that could be in-house, in the cloud, or in somebody’s pocket.

IT Asset Management of Grey Matter

If you’ve already moved all your systems and applications to the cloud, you may feel there is little left for you to manage other than your organisation’s data and your IT department’s skillsets.

Disaster Recovery and Human Error

The title of this blog post could almost have read “Never send a human to do a machine’s job”.

Are Routers Open Doors for Hackers?

Small businesses using low-end routers for their networks may be highly vulnerable to hackers.

Business Continuity, Gut Feeling and Data-Driven Decisions

“Give me your gut!” (as in “gut feeling”) has long been the cry of business continuity management in meetings, trying to make sense of complex situations or cut through to the essentials.

Adapting Your IT Sourcing to BYOD (or is that CYOD?)

In theory, BYOD or bring your own device lightens the load in terms of IT sourcing, because it transfers the work (and cost) of acquiring a device to the user of that device.

How Business Continuity Goes to the Movies

Vendors like to go to the movies, meaning they like to see their products and logos in Hollywood productions, and are usually prepared to pay for the privilege.

IT Security and Strange Mobile App Permissions

If you have already installed mobile apps on your smartphone to go beyond the stock selection provided with the device, you may well have noticed how a mobile app asks for permission to access certain resources or take certain actions.

Secrets of a Business Continuity Culture

Do you dream of a work environment in which everybody automatically thinks “business continuity” and acts accordingly?

Cloud IT Sourcing via Brokers – A Solution Whose Days Are Numbered?

What used to be IT sourcing at the physical system level is turning into an exercise at the virtual cloud level, but with a new actor, the cloud broker.

Better Business Continuity with Analytics Chatbots

In this age of big data, business analytics are likely to form an increasingly large part of business continuity planning and management.

National Preparedness Month, World BackUp Day, and Change that Sticks

A while ago, we asked in this blog if World Backup Day was really a good idea. Our logic? If everybody focuses on one day in the year to get their backups right, then spends the other 364 days ignoring the issue, things won’t change for the better.

Business Continuity and Multipathing

Sometimes, IT can teach business a thing or two. In a recent survey on private cloud computing use, there was a statistic on the use of multipathing.

Is It Time to Rename Malware as Sneakyware?

Malware (Sneakyware) is the software that gets into your system and causes havoc, unless you detect it and neutralize first.

Business Continuity and the Knock-On Blackouts

Power blackouts in business can range from a minor inconvenience to a major threat. Diggers slicing through power cables, extreme weather conditions bringing down power lines, or other local failures can all interrupt the supply of electricity.

BYOD, BYOT, BYOC, All One Facet of a Bigger Challenge

IT has no shortage of four-letter words. It’s not clear what the latest variations on the “BYO” or “bring your own” theme add.

The Other Face of the Business Continuity Hacks

There are hacks and there are business continuity hacks. Some hacks are bad news, especially when they target IT security and jeopardize business continuity, but others – the other kind of hack – could save the day in certain circumstances.

Ransomware is so 2016 – The New Menace is Ransomworm

Don’t take this title too literally. Ransomware, the malware that extorts money from victims to prevent a disaster, will surely continue to be active, at least in the short term.

Business Continuity and Machine Learning – Is It Time?

Machine learning, if you have not already met it, is the capability of a machine (a software application) to modify its rules and algorithms according to new data.

ITSM and DevOps – A Win-Lose Situation?

Do the formalism of IT service management and the agility of DevOps mean that one can only succeed if the other fails?

The Business Continuity Manager and the Typewriter

A well-known IT security solution vendor recently published a white paper about planning for business continuity, and listed typewriters as examples of equipment that should be safeguarded to prevent interruptions to an enterprise’s activities.

Data Lake Hacking is the New Dumpster Diving

When computers ran on punched cards and information was stored and communicated using paper, suspicious individuals could sometimes be seen loitering close to the large rubbish bins or dumpsters used for corporate refuse.

The Great Business Continuity Risk-Reward Mix-Up

Investors and financial institutions like to correlate business continuity risk with business continuity reward. If risk is greater in an investment, then the potential reward should be greater too.

Our 2016 Business Continuity Review – From National Resilience to Toasters (and Back)

It’s always an editorial dilemma – Do we start with the event with the biggest business continuity impact? The event that was the most unbelievable? For the 2016 Business Continuity Review, we have some difficult choices, including the massive cyberattack of the toasters, the most powerful man in the world (soon) trying to carve up the Internet, and a smartphone threatening the health of a national economy.

Travelling at the Speed of IT Security

Einstein, move over. There is a new universal constant now, one that governs all IT-driven security activity, which by now is almost everything that goes on in the known world.

IT Service Management and Digital Transformation

Speaking of these two items in the same breath might seem incongruous. After all, what does IT service management looking after daily operations (mundane) have to do with the digital transformation of an organisation (visionary)?

Why IT Strategy Fails and What to Do About It

IT strategy – hmm, that sounds good! It suggests you know what you’re doing, and that those invoices from your IT suppliers correspond to something of value to the business.

BCM, ITSCM and BIA – Alphabet Soup or a Chance to Save Money?

We know you know, but to save you the mental effort of fleshing these acronyms out into full-length descriptions, here’s what they stand for. BCM is business continuity management. ITSCM is IT service continuity management.

6 Ways to Go Down the Road to ITIL Hell (or to Avoid Doing So)

Paved with good intentions and best practices, the road to ITIL hell can look so alluring to the unwary IT manager.

Business Continuity and Business Transformation

Can these two items coexist? Business continuity is about keeping things going, whereas business transformation is often about breaking things (figuratively, if not literally) to get out of a rut and into a new, more competitive mode of business.

Emergency Management and the Rise of the 5G Networks

5G networks is on the horizon now, destined to increase mobile data transfer speeds and reduce communications latency compared to current 4G.

Ethics and Your IT Sourcing Strategy

IT servers, enterprise applications, data centres and cloud services might seem world away from other sectors traditionally attracting attention in terms of a ethical sourcing strategy.

Should You Have a Secret Agent for IT Asset Management?

Start humming the James Bond theme, now. Or perhaps not. Agents in IT asset management don’t quite have the glamour of 007.

At this Moment, Deep Inside Your System, an APT May Be at Work

The advanced persistent threat or APT is the up and coming menace to IT systems today.

Four Steps to External IT Sourcing without Tripping Up

The road to IT sourcing nirvana is full of potholes, not to mention the ravines on either side, should you stray from the straight and narrow.

IT Service Management as a Business Partner

Now and again, we hear rumblings about IT governance and how synergy must be developed between IT and the rest of the organisation to work in harmony as a “business partner”. The principles are praiseworthy.

IT Risk Management as Seen by the Man with the Black Swan

The man in question is Nassim N. Taleb. He coined the term “Black Swan” in risk management to describe events that are unforeseeable, even highly unlikely, yet that happen and in doing so change the course of history.

Seven Mistakes to Avoid in Planning Your IT Strategy

According to some sources, only 10% of any business strategy plans are ever effectively implemented.

IT Security and the Worry About WordPress

As free and freely available software that has helped millions of individuals and enterprises easily establish a presence on the web, WordPress has a reputation for being well-designed and reliable.

The Link Between Online Dating and IT Asset Management

You mean, there is one? Yes, indeed – You see, online dating organizations are all about asset relationships, preferences, likes and dislikes.

Is World Backup Day Such a Good Idea?

Hooray for World Backup Day, you might think, reminding people how important it is to safeguard data and systems.

The Delicate Position of the Chief Information Security Officer (CISO)

A well-paid, but heavy responsibility with a built-in ejector seat is one way of looking at the CISO position.

IT Asset Management and Hardware Hoarders

You’d be surprised at the emotional bonding that can go on between users and their IT hardware devices but there’s a difference between managing your asset appropriately and actually collecting a heap of junk hardware you’ll never use.

IT Service Management and Complete Recovery from Service Failure

How do you measure your IT service success and failure? Performance numbers and metrics can be valuable, because they help you to improve, as well as to defend your IT service management against possible criticism.

The Comeback of the CMDB for IT Asset Management

Enough of the four-letter acronyms! CMDB, in case this had slipped your memory, stands for configuration management database.

Four Pitfalls in IT Risk Management that You Can Avoid

IT risk management can be a risk all by itself. Although the principles sound straightforward, applying them incorrectly can lead to wasted effort, mistakes in risk postures, and failing to spot relevant risks or changes in those risks.

In the Future, IT Service Management May Lose the “IT”

Don’t worry, all you IT people, you won’t lose your jobs because IT service management changes its name.

IT Risk Management and Technical Debt

When you shove things higgledy-piggledy into your desk drawer, just to clear space in your workspace, you have a quick solution, you also have a dirty solution, because trying to find the key to your filing cabinet will take you ages afterwards, and Yes, you’ve just experienced technical debt, first hand!

6 Pitfalls in IT Risk Management

IT risk management is a common thread running through IT investments, IT security, IT disaster recovery, and business continuity.

Using MTTR, Not Just MTBF, in Your ITIL Problem Management Processes

If ain’t broke, don’t fix it, as the saying goes. However, even unbroken IT installations must be fixed by patches, upgrades or redesigns to meet new business objectives. ITIL Problem Management Processes tackles the issue by taking a problem-solving and root cause approach.

How Often Should Users Change Their Computer Passwords?

This is a little like asking “how long is a piece of string”, except that in this case the string may already be a lot shorter than you imagined. Passwords are often the bane of the IT helpdesk.

IT Service Management and Employee Engagement

Does talking about these items in the same breath seem incongruous to you? After all, IT service management is typically viewed as technology at the service of an enterprise and its end-users, helping productivity, rather than being linked directly with motivation.

Uberisation and Business Continuity

So much of business is being scrutinized through the lens of uberisation that it would be an omission (and possibly a dangerous one) to neglect a quick squint at business continuity.

Adjusting Your IT Risk Management Language for Your Business Colleagues

Sure, as a CIO or IT manager, you know what IT risk management is. It’s all about applying risk management principles to IT, including the adoption, ownership, operation and influence of IT within the larger context of the enterprise but in terms of risk management language, are these principles communicated properly across the organisation?

Cascading in IT Asset Management – Should You or Shouldn’t You?

“Here, take my old PC. I’m getting a new one to help meet my advanced needs, but this one will surely do the job for you.” This, in a nutshell, is cascading in IT asset management.

IT Strategy – More than Just a Simple Matter of Business Alignment

On the face of it, it sounds simple. IT strategy should be driven by business requirements.

Your Strategy for Shadow IT Sourcing

Wait a moment, does it actually make sense to talk about shadow IT and sourcing strategy in the same breath?

Archived Backups and Backups of Archives – What Do You Need?

If you’ve archived backups of data for contractual or regulatory reasons, do you also need to back that data up?

Whaling? If Your IT Security Smells Fishy, It Probably Is

There is some deeper relationship between IT security and the sea that has yet to be fathomed.

Will IT Management Morph into Business Process Management?

Take IT as a service, IT governance and maybe some business process execution language, and mix them all together.

Big Data Security Challenges Now and Into the Future

People and organisations generate more data than ever before. Smart software can analyse mountains of data and offer insights and recommendations, or even take decisions.

ABS Census Attacked by DDoS

What were Australian’s doing on the evening of the 9th of August, 2016? All jumping on the bandwagon to fill out their Australian Bureau of Statistics (ABS) Census details on the Census website.

Is Blockchain Going to Be Big for Business Continuity?

If you’ve met blockchain before, it may well have been in the context of the cyber currency Bitcoin.

Expanding ITIL to Cover the Whole DevOps Model

What do ITIL and DevOps have in common, you may ask – apart from the syllable “Ops”? So far these two items have had little overlap, but that may now start to change significantly.

When Less is More in Risk Management

In business risk management, risk-reward is a concept known by many, but understood by rather fewer.

Lean and Cost Cutting in IT Service Management

Enterprises can come up with all sorts of schemes for cutting waste and costs, ranging from cancelling coffee machines to selling off entire business units.

Would You Reveal Your Password for Chocolate? For Even Less?

A survey showed that commuters in London more often than not (more than 70%) would reveal their computer password in exchange for a bar of chocolate.

IT Service Management and Handling Shadow IT – Fight, Flight or Better Marketing?

Now that business apps (that really can help you do better business) are available immediately in the cloud, the internal IT organisation may find itself being ignored as the shadow IT.

The Business Continuity Fight of the Week: Real Clouds vs. Virtual Clouds?

What would you expect residents of Sydney to be doing Sunday afternoon and evening, 5 June 2016?

Will Every IT Security Risk Now Be Followed by a Fake Risk?

It would be risky to generalise from one specific example in IT security, but the case of fake ransomware is intriguing.

Where Do You Put the Cursor for Supply Chain Resilience?

Supply Chain Resilience have so many moving parts that rapidly becomes a priority issue.

Business Impact Analysis Errors You Must Avoid

In business continuity planning, business impact analysis or BIA is possibly the most critical part.

Risk Evaluation and the Science of Danger

Let’s be honest. Between ‘Risk Evaluation’ and ‘The Science of Danger’, the second name has more star quality.

Cyber Criminals attack on Third Parties

Where do cyber criminals focus their attacks? On the organisations with the information of most interest or highest worth, naturally enough.

Designing Business Continuity into Your Business Strategies

As IT morphs from legacy on-site systems and firewalls to cloud computing, mobility and data-anywhere, it is having to change in terms of agility and security.

Learning from How Others Do Their Business Continuity

Looking at how other enterprises organise their business continuity can be beneficial for two reasons. First, it helps to compare your own preparations with those of another entity.

Have Data Protection, Can Travel – IT Security without Borders

IT Security perimeters no longer exists, now that mobile and cloud computing are so prevalent. The availability of files and information to employees in the office, on site, on the road or at home is high.

Resilience and TICTF (Too Interconnected to Fail)

Remember the economic meltdown (almost) of eight years ago? Two buzzwords came to the fore at that time. One was “systemic risk”, the risk that applies to an entire sector or domain; in this case, the global economy.

A Lean Approach to Business Continuity

Often, techniques that are invented in one domain can be of use in another one too. If you’ve spent your working in life so far in business continuity, you may not have seen much of the lean approach that is frequently used in manufacturing.

If Facebook Rules the World, What about Business Continuity?

The company has a vision of making its Messenger app the default communication mode for businesses, whether with other businesses or with customers.

Where Whistleblowing Fits into Business Continuity

On the face of it, business continuity is a robust process. You gather the appropriate information, apply methodologies to assess business risk.

Outward-Looking Business Continuity

It is easy to indulge in navel-gazing when it comes to business continuity. We examine your business, its components, its requirements, its objectives and the risks that could affect it.

Get Your Own Local Resilience Forum

A Local Resilience Forum? Should you have one? Also referred to for short as an LRF, the idea is to bring together different respondents in a local area in order to guarantee cooperation

Cloud Business Continuity – Brilliant, but Still Garbage In, Garbage Out

Current press coverage may be focusing on exaflops and artificial intelligence, but the IT success story of the decade is still likely to be cloud computing as Cloud Business Continuity struggles to bring much progress.

Will Buggy Releases Triumph Over Smart Mobile Architectures?

Smart mobile has so far been largely a consumer-driven market. That has been good news for the business sector. It has reaped the benefits of the technological advances and better user experiences, with which vendors have sought to woo Jane and Joe Public.

Willie Sutton Logic and Cyber-Attacks

Willie Sutton was the man who (according to a popular story) gave the definitive answer to the question “Why do you rob banks?” He said “Because that’s where the money is”.

Why BYOD Isn’t All Enterprise Security Gloom

The economic arguments for bring your own device (BYOD) working are multiple. The first one is that if employees fund their own terminals (smartphones, tablets, portables), their employer does not have to.

Human Rights and Business Reputations

Sourcing and procurement in business is becoming less and less hands-off. Gone are the days when an enterprise could shut its eyes to labour conditions in a supplier’s company, as long as the products or services arrived on time and at the agreed cost yet behind the scenes what impacts the most is business reputations when the human element becomes non-existent.

Are Cyber-Security Skills Due to Nature or Nurture?

Culture and language determine much of how we live, think and act. So does history. These factors could explain why the Netherlands has gained a reputation as a leading exporter of IT Cyber-Security.

The (Non) Strategy of Australian Government Cyber Defence

The 2016 Defence Whitepaper from the Australian government is now available online. It discusses a broad range of defence topics, of which cyber defence is just one.

Proper Backups Can Beat Ransomware Attacks

Ransomware attacks are on the rise, according to recent reports. Cybercriminals often favour these attacks, because they find them to be effective and lucrative.

The Inherent Risks of payWave and PayPass Cards

Convenience is the name of the game, especially when it helps customers spend more. The new generation “tap and go” paywave and paypass cards are designed to do that.

Does It Make Sense for a Battle Box to be a Physical Artefact?

If you have a battle box for your enterprise, then it probably contains vital information such as employee and major supplier contact details, the most important business contracts, system codes for accessing or restarting critical applications, and so on.

Winning in the IT Service Continuity Management Obstacle Race

In an ideal organisational world, ITSCM (IT service continuity management) guarantees rapid recovery of critical IT services after unplanned downtime.

Nobody, but Nobody is Safe from Cybercriminals

You might not go as far as to bet that they would never, ever suffer a breach of security. Yet today’s scandals seem to concern entities in the private sector.

The Rise and Rise of the Recovery Consistency Objective

Timing, as comedians say, is everything. It’s true if you’re on stage entertaining an audience.

Hi, Can I Interest You in Some Second Hand Security?

Buyers, beware! While a car with one careful previous owner (we’ve all heard that one, right?) may still be a viable purchase proposition, somebody else’s security may be ill-suited to your organisation. Second Hand Security can crop up in situations like company mergers and acquisitions.

Employees vs. Employees – the Internal Battle for Data Security

As organisations have boldly gone when no enterprise has gone before, meaning out to the far corners of cyberspace, the face of data security has changed significantly.

Zika and the Multi-Dimensional Development of a Pandemic

The Zika virus is turning out to be a bigger and more unwelcome surprise than expected.

Should Mobile Device Data Protection Be Encouraged or Enforced?

How many people in your enterprise use their personal mobile devices for work?

Our 2015 Business Continuity Review – Cloudy with Scattered Security Breaches

Information security, both in-cloud and on-premise, was somewhat higher profile during 2015. The top three threats for the year for cloud environments were (in decreasing order of importance) app attacks, suspicious activity, and brute force.

IT Security Trends in Technology, Politics and People – Always Two Sides to the Coin

With mobile computing already so widespread and the promise to add billions more attached devices, a large part of your security will be determined by the state of your technology.

How Ready Do You Feel for Bring Your Own Encryption?

Revelations of government snooping and pressure on cloud providers to provide customer data to authorities have led to new developments in the way encryption is applied with those ready for the Bring Your Own Encryption (BYOE) phase.

Micro Answers to Expanding IT Security Perimeters

If you use a cloud service or let your employees access company systems from their own smartphones, you’ve probably already noticed how your IT security perimeters has expanded.

IT Security and the End of Ivory Towers, Bolt-Ons and Bigger Fences

Have you ever looked at an IT security plan and wondered, “what’s wrong with this picture?” When words like “policy”, “procedure” and even “implementation” are prominent, but others like “user”, “training”, “performance” and “awareness” seem to be pushed into the background, there may be room for improvement. Unless your context is entirely “lights-out” and computer-driven…

The Rise of Rule-Based Security in Cloud Computing

Corporate policies on anything from safety to ethical sourcing are all about rules. Do this; don’t do that! Often created from the experience of everything that went wrong in the past, policies can soon turn into large, unwieldy documents. IT security also has its rules, some of them born of common sense, others of past…

IT Security, One Rotten Apple and a Whole Bad Barrel

Barrels of apples can go bad, both literally and figuratively, because of just one rotten apple. The rot spreads from one apple to another until the whole barrel is infected. Not so long ago (in 2014), experts from security company ESET discovered 25,000 servers infected with malware, some of these servers being grouped together in…

3 Broad Categories of Cyber-Security Trends for 2016

System hacks, data breaches and information theft are frequently in the news, and will surely continue to feature strongly in 2016. However, recent crystal ball gazing by different actors and experts yielded an intriguing variety of predictions for the coming year. Broadly speaking, there are IT security trends we can expect, those we should suspect,…

Data Encryption and Reputation Management

What do encryption and reputation have to do with each other? On the face of it, the link seems tenuous. However, if a data breach occurs, encryption could be the difference between intense corporate embarrassment and a corporate reputation that remains untarnished. Of course, we’re talking about than standard encryption of data in transit with…

Cryptographic Protection that Does Not Hide Your Information

Does this sound like a contradiction in terms? If your idea of cryptography is all about keeping confidential information hidden from prying eyes, then the idea of applying it to information that is then consumable by others may seem strange, to say the least. However, this is a major function of cryptography too. It makes…

Password Salting may be Effective, but is it Healthy?

Much of IT security revolves around the question of how much you believe users can think for themselves. Password salting is a solution likely to appeal to those who think users are unreliable, careless or otherwise unable to behave correctly when it comes to the proper use of passwords. Yet the brain is a muscle…

How to Make It Through a Failed Security Audit

Embarrassing – or inevitable? How you view a failed security audit, whether in IT or at an overall organisational level, depends on whether you think security is a result or a process. There is a fundamental difference between the two points of view. In addition, current trends suggest that security is becoming less of an…

Four Fatal Flaws in IT Security Flagged at Black Hat Europe 2015

IT security flaws are now myriad, but these four stuck out like sore thumbs at the recent Black Hat Europe 2015 conference on security. Their distinguishing feature for the most part was the massive scale on which hacking could be perpetrated, either because of the number or the size of the systems affected.

Is Your Toaster Spying on You? Security Concerns in the Internet of Things

When so many products can now be equipped with a tiny microprocessor and Wi-Fi connectivity, the possibility to pervert their use over the Internet of Things is a threat that nobody can ignore. Initially, IoT was to be a next generation, connected world in which devices talked to each other for automatic management, repair and…

Employees are Still Unaware of the Need for Information Security

“Careless talk costs lives” was one of the slogans on posters displayed during the Second World War. It was a warning to people to avoid discussing confidential matters in public places, where spies could eavesdrop on vital secrets. Many people also know the saying “wall have ears”. Yet in enterprises and other organizations, too few…

Auditing Security in New Virtualized IT Environments

In the old days, there was a physical cable running from A to B. One server ran just one application. Auditors could see the boundaries and could assess IT security accordingly. But today, matters have changed considerably. The virtualisation of X applications over Y servers, and the use of the cloud make it impossible to…

Extending to Long Range Disaster Recovery Planning

People go to their “panic stations” (or rather, their designated disaster recovery roles!) to contain and repair the damage.

Free Wi-Fi Spots Are Security Risks for the Unwary

Unsuspecting and easy to attack – users of public Wi-Fi spots are a hacker’s dream target. Cybercriminals don’t wear cat-burglar masks and striped t-shirts, so it may not be easy to see them. On the other hand, the smart user of a free Wi-Fi hotspot knows that he or she should assume that hackers are…

How Printer Security Issues Have Been Creeping Up on Us

Printers print. By definition, that is their function. Wads of printed paper, transparencies, continuous feed printouts, presentations stapled together, and so on. Many people are aware of the security risks of leaving printouts lying around, or throwing them out without shredding them. Thirty or forty years, tales of hackers going through refuse were rife. Now…

The IT Security Risk on Your Wrist

Mobile computing devices used to be the challenge for many enterprises. IT departments found themselves tugged in several different directions at once. Employees insisted on using their tablets and smartphones to access company applications, while security officers threw up their hands in horror at the idea of unknown and uncontrollable devices having a way in…

Time to Put Up Your Defences

The world is a dangerous place and a simple firewall just won’t cut it when it comes to this generations highly advanced weaponry, the weapon of knowledge, the knowledge you have turned against you. Warfare is no longer only on the battlefield but on the Internet where anyone with some knowledge of hacking becomes a…

Diamonds are Forever and So (Unfortunately) Is Biometric Security

They last a lifetime and they never change. Fingerprints, irises and even gaits (as in walking) are immutable, if you discount the use of surgery. That is what makes them such reliable identifiers and the basis of different biometric security systems. From science fiction and spy films, we now have smartphones (iPhones for example) that…

Why You Should Keep Doing IT Penetration Testing

If the business and IT environment fluctuates so much, why then is it still important to do penetration testing?

The Cloud Experience

For many years we’ve been hyped with the cloud generation of computing with the likes of giants such as Amazon, Microsoft, VMware and Oracle to name a few in the ring. But moving entirely to the cloud has some considerations to take into account and a Cloud Risk Assessment is to be conducted to analyse…

How Are You Doing with Your Android Security?

Every once in a while it’s good to take stock of a situation. A projected 1.25 billion Android users for 2015 (according to Gartner) is such a situation. Either your organisation is already an Android shop or it is likely to become one in the near future. A plethora of software apps for the Android…

IT Network Firewall Technology is a Model for Business Continuity Too

Instead of (or as well as) trying to sneak past a firewall with a few innocent-looking data packets, the DOS attack tries to cripple a network

Middle East Respiratory Syndrome – Is Carelessness or Ignorance the Bigger Problem?

Middle East Respiratory Syndrome (MERS) is a new threat for humans. Also known as ‘camel flu’, it is a viral respiratory illness first identified in 2012 in Saudi Arabia, where so far it has caused over 280 deaths. Since then it has spread to other countries. As of late June 2015, South Korea was the…

A Marketing Lesson in the Debate about AES 128 and AES 256 Encryption

For business executives and marketers, as well as IT departments, the following paragraphs on the secrets of cryptography hold a useful lesson. First a quick recap on what this is all about. AES stands for Advanced Encryption Standard, used to keep your data confidential. The 128 and 256 numbers refer to the size of the…

Image Backups Help You Get Back in Business Faster

What does it take to get PC or server backups to work properly and bring computers back to operational status?

Backfiring Data Encryption or Being Hoisted by Your Own Petard

Data encryption should be a good thing for security. When your data is encrypted using today’s encryption standards, other people cannot decode your files or your information. Data at rest encryption (DARE) takes care of the data sitting on hard drives, while data in motion encryption (logically DIME – you read it here first!) ensures…

Teachers and Role Models Falling Down on Disaster Recovery

When it comes to singling out sectors that are in the forefront of disaster recovery, finance is often quoted as an example. With so much depending on the ability to recover systems and data rapidly after any incident, major banks were among the first to implement hot failover data centres for instance – as well…

Risk Management for the Masses! Or At Least For Each Project…

Risk management is one of those areas that are too often “somebody else’s responsibility”. Whether through lack of knowledge or indifference, it gets shunted off somewhere else and replaced with an approach of “it’ll be alright on the night”. Unfortunately, it frequently isn’t. Like business continuity or information security awareness, risk management should ideally be…

Data Loss Prevention and the Insider Twist to IT Security

For many people, IT security is about keeping the bad guys out of the data centre by using firewalls to control external access and anti-malware programs to prevent hackers from infecting servers. That is only half the picture however. The threat that has also been growing comes from people already within the security perimeter of…

Look Who’s Doing Risk Management

If you’re wondering how much risk management should become part of your organisation’s rulebook, you may already be looking around to see who else is doing it. Insurers and bankers are obvious examples, because their businesses are centred on risk calculation, whether in terms of setting insurance premiums or defining credit interest rates. Many insurers…

Putting Numbers on Levels of Importance in Crisis Management

Now that management science has taught us how to quantify so many other things, crisis management is a good candidate for being awarded its own scale of seriousness too. The detail you put into such a scale will depend on how much crises afflict your enterprise. If you are battling a continual stream of problems,…

Does the Concept of Agile Recovery Make Sense?

‘Agile’ is still a buzzword. That’s quite a feat in today’s high-speed business and technological environments, where concepts date so rapidly. The original ‘Manifesto for Agile Software Development’ appeared in 2001, some 14 years ago. Since then, the word and the concept it labels have been applied to different business areas, including marketing and supply…

The Critical Importance of the Spokesperson in Crisis Management

Try this simple test, made possible thanks to the ubiquity of the smartphone and its on-board camera. First, imagine a crisis that would put your organisation in a difficult posture with the public. A generally applicable example is breach of your confidential business data, including your customer records. Now take your smartphone and record a…

The Internet of Things and the Two Faces of Risk Management

Within the next five years, the number of people connected to the Internet is forecast to rise to over 7 billion. The number of things hooked up to the web is projected to be around 50 billion. While the Internet of Things (IoT) still has to fulfil certain promises, the base is already there. From…

When the Best Response to a Pandemic is… Don’t!

The Ebola crisis, also a pandemic because of cases in different countries, has hit the nation of Sierra Leone the hardest. National and international health teams have worked round the clock to contain the disease and prevent new outbreaks. Pharmaceuticals companies have ramped up efforts to develop new vaccines. Sierra Leone counts almost 12,000 people…

I know What You’re Doing in My IT System from these Tell-tale Signs

IT security managers and IT teams can install the latest antivirus software and firewall appliances to protect their computers and networks. However, there are also other signs to look out for, which software and hardware products are not always smart enough to see. Human beings on the other hand are naturally gifted in spotting strange…

It is with Regret that the Demise of RAID 6 is Announced – for 2019 Precisely

Information technology has certain features that make it possible to calculate probable dates of demise. It’s all digital, with a finite number of bits and bytes, and calculable error rates. As disk storage capacities increase, technologies viable today may run out of steam tomorrow. They cannot scale forever. Unlike vinyl records in the music industry…

Active/Active IT Configurations and How HA and DR Work Together

If the title of this post makes you go cross-eyed, don’t worry. All will become clear. Let’s explain. Active/active IT configurations consist of computer servers that are connected in a network and that share a common database. The ‘active/active’ part refers to the capability to handle server failure. First, if one server fails, it does…

Disaster Recovery Forecast: Cloudy with Scattered Virtual Machines

First there was the dedicated, physical server. Then came virtualisation to help organisations mix and match over different servers on their sites. After that came cloud computing with more virtualisation (and multi-tenancy thrown in). However, organisations typically still did their virtualisation between machines in close physical proximity, even if they were using cloud services. Now…

Disaster Recovery and the Pitfalls of ‘No Pain, No Gain’

How often have you heard the expression ‘no pain, no gain’? These four words sum up the idea that if you are to receive benefits, then you must suffer (or at least make an effort). Alternatively, you could take it to mean that if you don’t make an effort, you can’t expect benefits. An example…

Pros and Cons of Virtual Tape Libraries

Tape data storage just keeps on going. It’s almost like the steam punk of IT, a branch off into a different universe where everybody reads with bigger candles instead electric light bulbs. But it works. In fact, it works well enough for the largest IT vendors to continue pushing the envelope on data storage density…

Patterns in Data Theft and What Organisations Should Look Out For

Data theft is becoming big business if the estimated damages of recent breaches are any indication. Can you imagine being insured for US $100 million against such events, yet having to bear costs that exceeded even that figure? The recent attack against Anthem, the second largest health insurer in America, involved as many as 80…

Five Aspects of Usability to Integrate into Your Disaster Recovery Planning

Disaster recovery planning for your IT installations may use automated procedures for a number of situations. Virtual machines can often be switched or re-started in case of server failure, and network communications can be rerouted without human intervention. For other requirements, people will be involved in getting IT systems up and running properly after an…

The Pesky Human Factor in Password Resets and IT Security

Forgot your password? Call in-house IT support. They’ll ask you a couple of questions to verify your identity (maybe your date of birth, your favourite colour). Then they’ll reset your password and tell you what it is so that you can go and do that work that’s been piling up. Or so that you can…

Do You Need a CRO for Your Business Continuity, or a CRO, or Both?

No, there is no typo in the title. In today’s C-level world, CRO can stand for Chief Risk Officer, but can also mean Chief Reputation Officer.

Hacking Yourself to Find Holes in IT Security Before Others Do

The more IT pervades businesses, the more IT-based tools hackers have to exploit vulnerabilities. If you want your company to stay safe, you may need to ‘attack’ yourself to find out where the weak points are and fix them to prevent others from breaking in. The following list of hacker tools and techniques will give…

What is Virtual Machine Side Channel Analysis and Why Should You Care?

Here’s the quick version. Hackers operating in the same cloud server hardware as you can steal your encryption keys and run off with your data/bank codes/customers/company (strike out items that do not apply – if any). Yes, behind that mouthful of a title is a scary prospect indeed. Until recently, this kind of cloud-side hacking…

What Are Your Disaster Recovery Options if Your Data Storage Fails?

The answer to this question depends on how fast you want your data back and how much time and effort you are prepared to spend. If your data is both mission and time critical, then full, frequent backups possibly with mirrored systems for immediate restore or failover may be the only solution. Financial trading organisations,…

Putting the Cloud inside Your Company Firewall

Some enterprises are attracted by the potential advantages of the cloud for disaster recovery and business continuity. However, they fear the possibility of information being spied on, stolen or hacked after it leaves their own physical premises. A little lateral thinking suggests another possible solution. Instead of moving outside a company firewall to use cloud…

When a Government Deliberately Stores Data Outside the Country

As cloud computing develops and providers multiply their data centres, physical location of data has become an important issue for many organisations. Their goal has often been to prevent storage of confidential data outside their national boundaries. The risk of a data breach is considered to be too great, especially in the wake of the…

Are Company Boards Taking Risk Management Seriously?

All business in a competitive market is risk-based, whether or not enterprises admit it. Positive risk indicates opportunities. Negative risk points to the need to take measures to avoid, transfer or mitigate that risk. Banks are a case in point, with risk analysis at the heart of their daily activities as they continually calculate the…

Disaster Recovery and the Darker Side of the ‘Undo’ Function

There are times when you wish you could undo what you just did. Sometimes, you can’t. Financial investments, office reorganisations and even that too-hasty email you sent often cannot simply be reversed. With IT on the other hand, it’s a different story. From individual PCs to corporate data centres, the ‘Undo’ function has become a…

When the Resilience of the Web Comes Back to Haunt You

The Internet is truly a work of genius. From the original DARPA brainwave about a network that would reroute around failure to the social media that have brought billions of people together, the Internet is a wonder of the world as much as the Egyptian pyramids and the Taj Mahal. It is a fascinating thought…

What’s Stopping People from Defining Their Own Recovery Objectives?

People who manage a functional department or a business process may find it tough to set recovery objectives for what they manage so devotedly, day in and day out. That does not necessarily mean that they are not objective. Instead, they may not know how critical their part of the business is to the rest…

Androids, Apples, the Long Distance Wipe and Mobile Computing Security

Statistics from reputable sources are clear: Symantec of anti-virus software fame found that 73% of organisations it contacted saw higher levels of efficiency as a key advantage. Deloitte, the audit firm, has said that 71% of enterprises are already deploying mobile apps. That means opportunity for faster sales reactions, improved productivity and even lower operating…

Smart Power, Cheap Power… Safe Power? Smart Grids and Resilience

They say that information drives business. Actually, it’s electricity. Your data will most likely be useless if you have no power. On the other hand, if you can turn the lights on, you can start working, one way or another. But now in a kind of millennial Mobius loop, information is also increasingly driving power…

How to Start Tackling a Big Web Threat – Cross Site Scripting

If you haven’t yet met cross site scripting or XSS for short, it’s probably only a matter of time. And if your enterprise is running a web site that allows users to enter data, for example as search terms, consider XSS as a threat to be tackled now, not later. The short version of what…

Ebola and the Ramifications of Pandemics You Should Consider

Efforts continue in order to stop the spread of the Ebola outbreak and find vaccines to defeat the virus. However, businesses need to be prepared in more ways than one. Although the risk is considered low that a widespread Ebola infection would occur outside West African countries, the potential consequences could be catastrophic and deadly.…

How much of an Iceberg are Data Security Issues Today?

The bulk of the iceberg is hidden below the waterline where it lurks, ready to sink large entities like the Titanic and corporations. One of the most recent news items about data security ‘icebergs’ involves incorrectly configured web servers located in a number of prominent organisations. The systems at risk were identified by ethical hacking.…

Current Australian Preparedness against Ebola

As efforts to contain and eliminate the current Ebola outbreak in West Africa continue, countries around the world are making preparations to be ready in case the virus arrives. The Australian government is also making plans to deal with such an event. Ebola already exists in Australia – but fortunately (so far) only as the…

Disaster Recovery and Technological Horrors

In disaster recovery, technology is often a neutral element – neither good nor bad, in itself. Some technologies are better suited to specific needs or offer relative improvements to existing solutions. What determines whether an organisation benefits or suffers is the application of technology. When it is used unthinkingly and incorrectly, the horror stories start.…

The Ebola Disaster and Double-Edged Logistics

The Ebola outbreak in West Africa is taking a horrific toll in human lives on a scale that is unprecedented. It is also happening in a place that makes the whole rescue process an order of magnitude more difficult. Besides trying to save those already infected, aid workers must cope with the fact that the…

Ebola Outbreak – What Should You Know About It?

With the deaths of more than 4,000 people and an estimated 8,000 cases (at this time), the Ebola epidemic has affected three West African countries in particular. But Ebola could also spread to become a pandemic without geographical limitation. There are three key questions to be answered:

Coffee-Shop Recovery Tactics for Today’s Enterprise

The times, they are a-changing. Mobile computing devices not to mention BYOD and a millennial attitude mean that a substantial number of employees in enterprises now do their work away from their desks. Whether at home, in a bus, train or plane, or in their favourite coffee-shop, if there’s a Wi-Fi connection available, there’s a…

Information Security – Are Companies Giving Up?

With the security threats around today, the sheer mass of information and the vulnerabilities to attack, it has to be admitted that information security is a challenge.

Information Security – What Do You Think It’s All About?

When was the last time you saw a survey on Information security in enterprises? It’s a topic that often means different things to different people.

Have You Met the Recovery Consistency Objective?

Which disaster recovery measurements do you really need? The answer is the ones that are effective in helping you to plan and execute good DR. So your choice will naturally depend on your IT operations. The two ‘classics’ of the recovery time objective (RTO) and recovery point objective (RPO) are so fundamental that they apply…

Where are the Holes? Turning IT Security Inside-Out

It’s an unfortunate truth. The holes in your IT security are most likely to be where you neither see them nor expect them. That means they’ll be outside the basic security arrangements that most organisations make. Firewalls, up to date software versions and strong user passwords are all necessary, but not sufficient. Really testing security…

Who is Responsible for Cloud Data Security?

“The Buck Stops Here”, said US President Truman. And he made it doubly clear by having that statement inscribed on a thirteen-inch sign on his White House Oval Office desk. But what would he have made of the cloud, where IT engineers, managers and employees can all upload data and trying to pin down one…

IT Security is Essential in the Cloud – But Which Cloud Do We Mean?

Clouds by definition are nebulous and vague. Their use in IT models and discussions goes back decades, long before the current cloud computing models. A ‘cloud’ was convenient shorthand for showing a link between a system on one side and a terminal or another system on the other. Today however, the concept has evolved. Not…

Integrated Network Technologies Make Disaster Recovery Simpler (Sort Of)

What is the scarcest IT resource today? Processor power, main memory and disk space all seem to grow unabated. But network bandwidth on the other hand is still comparatively expensive. Consequently, enterprises tend to have less of it, which is turn leaves them more exposed to possible outages. Luckily, other technology means that bandwidth can…

Penetration Testing: How Many Shades of Grey?

Commercial enterprises know that the best way to maintain market leadership is to attack yourself. It’s the same in IT security if you want to maximize your resistance against hackers. A niche industry has grown up around penetration testing – or ‘pentesting’ for short. Providers in this sector offer their services for applying automated or…

“Data, Data, Everywhere, nor Any Drop to Drink”

The literature buffs among you should recognise this paraphrase of Samuel Coleridge’s epic poem, ‘The Ancient Mariner’. Besides having to put up with an albatross hung round his neck, the Ancient Mariner despaired of a lack of drinking water while becalmed at sea (“Water, water, everywhere…”) Given today’s oceans of data, CIOs might feel much…

Virtualisation Needs More Than Just a Physical Security Approach

As you bring virtualisation into your IT infrastructure, you may have noticed a few security-related aspects that weren’t present in a purely physical ‘one-app-one-server’ environment.

Disaster Recovery – Sometimes the Devil Really is in the Details

Disaster recovery planners are often recommended to take a holistic view of their IT organisation. They should work to deal with potential outcomes, rather than possible causes. That certainly helps businesses to greater overall DR effectiveness and cost-efficiency. However, there’s no denying that a number of practical details must also be respected. Otherwise, the best-aligned…

Beyond Data Back-Up Requirements to E-Discovery Compliance

Your data backups are there to help you recover information, applications and files if required, hopefully both effectively and efficiently. But they and any archiving you do may also be there for external parties to use as a result of e-discovery. That’s the retrieval of electronically stored information (ESI) for use in legal proceedings involving…

Living Dangerously with Virtual Machine Mismanagement

Virtualization is a business continuity answer to the vulnerabilities and foibles of physical servers. By spreading applications virtually and horizontally across vertical stacks of computing power, service can be ensured even if one stack goes down and the same application elsewhere picks up the slack. In principle, that’s fine – as long as IT administrators…

Disaster Recovery Services and Multi-Tenancy in the Cloud

Historically, vendor solutions for disaster recovery have been created for on-site use for individual enterprises. The client company concerned was the sole owner of the user data involved, and disaster recovery could be implemented without having to worry about anybody else. The cloud computing model changes that situation. It’s possible to use cloud services to…

Disaster Recovery as a Service and the New ‘Not Invented Here’ Syndrome

The ‘not invented here’ syndrome was something that forward-looking corporations set out to beat about 20 years ago. If a different product or service could be more cost-effectively bought in rather than being designed and manufactured in-house, then it was bought in. The challenge was to overcome misplaced pride and internal turf wars, where being…

Continuous Data Replication – Is This ‘Goodbye’ to Your RPO?

Traditional data backup happens once every so often – once an hour, once a day, once a week, for example, depending on the recovery requirements associated with the data. It’s typically the recovery point objective or RPO that determines the frequency of the backup. If you cannot afford to lose more than the last 30…

The Crisis Management Call Tree – Manual or Automatic?

Ensuring employee safety by rapidly disseminating the right information, and keeping communication lines open in a time of crisis are both priorities for businesses. Traditional solutions for this have relied on the manual ‘call tree’ or ‘phone tree’. Key employees are contacted first to inform them of whatever situation or crisis has arisen, with remaining…

Crisis Communications and When No News is Not Good News

No news is good news, or so the saying goes. But when equipment malfunctions and services are interrupted, no news can mean intense frustration for customers and end-users.

Tape Backup Developments – Death-Defying or Simply Better?

Considered by some to be obsolescent, obsolete or virtually flat-lining, tape backup is still around. Even new hard drive technology and solid state storage cannot match the price point per terabyte stored. Now IBM and Fujifilm have pushed the envelope even further with new tape cartridge that can hold 154 terabytes of data. By comparison,…

Disaster Recovery Lessons from Radiology

When hospitals moved from film-based hardcopy systems to electronic images, they began to generate large amounts of data held on PACS – Picture Archiving and Communications Systems. Hospitals use various ‘modalities’ to scan patients, including Computer Tomography, Magnetic Resonance Imaging and Ultrasound systems. These modalities must regularly (and frequently) upload the scanned images to the…

A Theorem for IT Disaster Recovery – But With Practical Application

If you look through the literature on disaster recovery, you’ll probably see that practical ideas, recommendations and methods abound – but that theory is in rather shorter supply. This makes sense in that all those IT systems and networks are running now – so if they break, you’ll want some good ‘cookbooks’ or ‘how-to’s’ for…

Business Continuity Benefits – Not Just an Insurance Policy

Business continuity often inspires a feeling of ‘disaster averted’. In other words, the perception is that spending money on business continuity is really an insurance policy, and as such brings no positive benefit, but helps to avoid negative outcomes.

Opening Up Company Systems without Compromising Security

As business shifts more and more to the Internet, enterprises find themselves increasingly driven to provide better access to their IT systems.

Emergency Management – Getting Ahead of the Social Media Test Curve

Social media is increasingly being looked to as a tool for emergency management. It has a number of attractive characteristics, including cloud-based resiliency and being well-known and understood by a large portion of the public and professionals alike. The problem that many organisations face is in knowing how to prepare their use of social media.…

Are You Obliged to Use a Risk Management Software Application?

Risk management software identifies the risk associated with different assets. It then communicates this information to the enterprise concerned, for example through business dashboards displayed on screens. While risk is a factor for every organisation, some are bound by regulations to practice and demonstrate good risk management. Banks are a case in point: they must…

Crisis Management and the Growing Role of Social Media

Facebook and Twitter are already used to disseminate information about breakdowns and crises. Public service organisations have begun to use them to as part of their PR strategy for good crisis management.  Now there’s a move to use social networks, Twitter in particular, for communication in the opposite direction. In the UK, the London Fire…

Are Global Shocks Part of Your Business Continuity Planning?

Planning for business continuity includes identifying real risks and evaluating their impact on business activities and objectives. The risks to be included are the ones that could reasonably be held to apply to an organisation. Of course, each entity needs to make its own list, because many risks are situation-specific. For example, an enterprise in…

Keep Your Pandemic Plan Updated in Case of MERS

Is another pandemic on the way? The generic coronavirus is common everywhere, but this one – Middle East respiratory syndrome coronavirus, or MERS-CoV – is a particularly virulent strain. It’s also on the move. The World Health Organization published information on May 1st about serious infection of a hospital patient in Egypt who had returned…

Disaster Recovery, Horses for Courses and Other Metaphors

Just think how exciting the world of disaster recovery has become. What used to be exclusively tape storage has branched out into all kinds of disk storage, virtual snapshots, deduplication and cloud object storage. That’s great for DR managers, right? Not so fast. One of the central elements of disaster recovery is risk mitigation, which…

Making a Profit Centre out of Business Continuity Management

Hands up all those in favour of a cost centre. Nobody – just as we thought! Now, hands up all those who’d like a new profit centre. Ah, much better! With the trend to define business operations in terms of the net profit they generate, instead of the expense to be funded, your next clear…

A Quick Guide to IT Disaster Recovery Technology

Money alone can’t buy happiness, and technology by itself can’t buy disaster recovery – but they can both help significantly! IT disaster recovery management needs thought, planning and training of personnel; being aware of what technology has to offer is an important part of this. Check our handy ten-point list below to see if you’re…

A New Metric for Business Continuity – the Stupidity Index

If most problems are due to human error, the next metric for understanding risk and business impact might just be the stupidity index. It’s a somewhat tricky concept in a business sense, because stupidity is often context-dependent. The Peter Principle points this out, by stating that in organisations, people are promoted to their highest level…

The Heartbleed Threat to Business Continuity

If you’ve been following the news of any kind recently, you may well have seen articles about Heartbleed. This is the vulnerability in the OpenSSL network protocol that theoretically allowed hackers to invisibly copy sensitive data from a web server. A sign of the times, Heartbleed even made front page news in the tabloid press…

Mapping Networked Business Continuity Disciplines into Documents

As organisations evolve, they need to re-evaluate their degree of preparedness in the different business continuity management disciplines. In the networked partner model that has become common today, risk management, governance over recovery, crisis communications and talent management all need updating, compared how things used to be in the vertically integrated enterprise. Changes made in…

Is Seven the Magic Number for IT Security?

The number seven crops up in many contexts: the Seven Wonders of the World, the seven dwarfs, and now the seven levels of cyber security. Let’s start with the different levels of threats posed by hackers. In order of increasing severity, we have: script kiddies (hacking for fun); the hacking group (often the first level…

Supply Chain Resilience and Other Great Unknowns

Outer space, the deepest parts of the oceans, the human brain – and perhaps supply chain resilience? A list of great unknowns still yet to be fathomed might include all of these things. Supply chain business continuity features in it because supply chains are fast becoming a (or even the) key competitive differentiator for enterprises…

BS 25999-2 to ISO 22301: Will Your Business Continuity Certification Still Be Valid?

Being able to show a valid certificate for business continuity management is becoming increasingly important. Firstly, you can expect to parlay your hard-won certificate into financial advantage for your company in several ways. Secondly, many customer organisations also now insist that you demonstrate business continuity certification as a condition for doing business. The BS 25999-2…

Business Continuity and Split Corporate Personality

Business continuity originated in electronic data processing or EDP. Some observers joked that the personality of an EDP manager corresponded to those three letters. E stood for Engineer. The EDP manager, more commonly referred to as an IT manager nowadays, was technically astute and obsessed over the hardware and software details of the company’s computer…

Is a Windows or Linux Server Better for Business Continuity?

The answer is clear, says the Linux fan. The Linux operating system has proven its dependability time and time again. If NASA uses Linux for the International Space Station, and Oracle and IBM make it a strategic plank in their systems platform, organisations everywhere can also rely on this open system for day-in, day-out business…

I Spy with My Google Glass Eye

If you haven’t yet met Google Glass, the new computing and communications tool from Google, you might be surprised at what it can do. Looking like a designer spectacles frame but without the lenses, Google Glass manages to tuck into a very small space: a miniature screen (just above your right eye), camera, microphone, ear…

Smart Satellite Communications and Business Continuity Benefit

Among the previous articles you’ve read in our blog, you may have noticed that besides discussing how good business continuity management can save organisations from disaster, we also like to point out where it can also simply save you money. Here’s one of those cases. Satellite communications may intuitively seem to be more expensive than…

Successfully Sitting on the Fence with Hybrid Cloud

So what will you choose: public cloud, private cloud – or perhaps a solution in between? The flexibility and scalability of the cloud have also made it well suited to partial use, namely the hybrid cloud solution. Those who can’t quite make up their mind can have as much or as little of the cloud…

Version Control Basics for Better Business Continuity

Business continuity is often about reinforcing existing infrastructure or eliminating sources of business disruption. Bringing in techniques to accelerate or multiply results thanks to good business continuity may not be so frequent, but here’s one that may well do that. It’s version control, which is used when several knowledge workers need to simultaneously work on…

When You Just Know What the Next Disaster Will Be

From the title of this post, some people might immediately think of intuition: that vague and rather flaky resource used when that’s all you have. However, we’re actually thinking of something a little more structured in this context. In the coming age of Big Data and associated worldwide online resources, analytical techniques like those used…

Can Tablet Computers Cure Disaster Recovery Headaches?

Let’s proceed by elimination. Servers? Those are the things that fall over when your data centre is hit by lightning and for which you do your disaster recovery planning anyway. Desktop PCs? They’re practically nailed to your desk, so they won’t be going with you as you run for the exit. Laptops? Maybe, although battery…

Vetting and Monitoring Cloud Providers

Set it and forget it? Not if it’s a cloud computing solution on which your enterprise is relying to accomplish its daily operations. Due diligence in cloud vendor selection and frequent regular testing are both key components of the overall process. Taking a leaf out the banks’ books can be instructive in this context. While…

Server Crashes and Data Security Breaches: Just Like Death and Taxes

US statesman Benjamin Franklin was famous for many things and for one in particular: his proclamation that “in this world nothing can be said to be certain, except death and taxes”. Well, Benjamin, it seems like modern technology and inflation have conspired to add a couple more items: server crashes and data security breaches. In…

Why Server Virtualisation Is Not a Disaster Recovery Plan

It’s funny how some myths continue to be believed, even by hard-nosed business people. The notion that virtualisation will save a company’s data is such a myth. Although it can be valuable in optimising an organisation’s use of IT resources and reacting quickly to changing IT needs, virtual environments are not inherently safer than independent…

New Business Continuity Lessons for Banks – and Others Too?

Businesses can’t function if they don’t have customers. When customers find other solutions and move away, it’s therefore a threat to business continuity. Conventional banks may be at risk if a new development in online-only banking takes off. Startup ‘Simple’ (that’s the company’s name) for instance is giving clients an innovative alternative. Its solution is…

Data Snooping and Privacy – Is There a Pilot in the Plane?

The data snooping debate has quietened down a little recently, even if Edward Snowden’s name still crops up here and there. Whether or not the revelations about intelligence activities have changed much in terms of governmental attitude and behaviour remains to be seen. Pressure can still be applied to Internet, cloud and telecommunications service providers…

Data Deduplication Ramifications for Disaster Recovery

Data deduplication or the elimination of repetition of data to save storage space and speed transmission over the network – sounds good, right? ‘Data deduping’ is currently in the spotlight as a technique to help organisations boost efficiency and save money, although it’s not new. PC utilities like WinZip have been compressing files for some…

DIY Phishing has a Message for Business Continuity

Think you need advanced computer skills to set up a phoney bank website and fool people into giving you their money? Think again. DIY phishing is now on offer in kit form. Someone who knows how to set up a personal website or even a Facebook page probably has the level of knowhow required to…

The Purpose-Built Backup Appliance Comes of Age

Not everybody chooses the cloud as the first option for backing up data. Despite the advantages of practically limitless storage area, pay-as-you-go pricing and resilience, a weak point for the cloud is the network speed for uploading or downloading all those gigabytes (terabytes, petabytes…). The alternative for organisations is to put their own solution in…

What Disaster Recovery Planners can Now Expect for Data Storage

Did you know that in six years’ time each individual on the planet will correspond to over 5,000 gigabytes of stored data? That’s the estimate from market research company IDC and digital storage enterprise EMC who see worldwide data holdings doubling about every two years to reach 40,000 exabytes (40 million billion gigabytes) by 2020.…

The Internet of Things and Big Data – Both Looking for a Killer App

Despite the publicity given to Big Data and (to a lesser extent) the Internet of Things, their practical advantage has yet to be clarified. It’s difficult to think of them in terms of business continuity when they don’t influence the fortunes of an enterprise; unless you count the negative impact of money spent investigating them.…

The importance of Network Security in Disaster Recovery Planning

There is no question that technology today forms the core of business. In their role of facilitating transactions and storing sensitive data—the data of both the staff of the company and the stored data of the clients—the systems and networks of companies are increasingly under siege. This makes data both the most precious asset to…

The Perils of the Password – How to Protect Your Business Continuity

How many passwords do you have? How many can you remember – and what do you do about the others? Business and consumer life is controlled to a significant degree by passwords. It’s a balancing act between making them memorable (for their rightful owners) without opening the door to password abuse or theft. The business…

Factoring in Human Error in Your Business Continuity Planning

Good business continuity training helps managers and enterprises prepare business continuity plans. However, they’ll also need to deal with a further factor – human error. This element is a cause of anything from small business failure to nuclear power plant meltdowns. A little information on the subject can help make business continuity that much more…

A Startling Idea in Disaster Recovery (and Nothing to do with Technology)

Ask people where the next surprise will be in disaster recovery and they may well point to technology, the weather or legislation. While all of these areas should be taken into consideration, there’s another one that is vital to good DR management.  It’s people.  Perhaps because it’s so obvious, disaster recovery plans sometimes gloss over…

Virtualise All You Want but Business Continuity Must Still Be End-to-End

It started with IT server virtualisation and then continued with cloud computing. Instead of physical machines running a company’s own software applications, we now simply have interfaces to virtual instances of these things. Computing resources are no longer located in a specific piece of equipment on a company’s premises. They are ‘somewhere’ in the cluster…

Tons of Technology for 2014 – But Does It Help Business Continuity?

At the start of each year, there’s always a long list of IT offerings vying for attention. With many solutions still looking for a problem, it pays to take a moment to consider the business impact rather than being seduced by the high-tech glitter. Here’s a quick rundown of what might affect business continuity in…

Point of Sale Hacking – a Growing Threat to Business Continuity?

The data breach at the Target Corp, the US supermarket chain, was a shock for many. The personal information of at least 70 million customers was stolen by hackers who intercepted the information as buyers used credit and debit cards at the company’s points of sale. The reputational damage seems to have quickly spilled over…

Security Risk Management – Standing Still is Moving Backwards

The world turns, things change and new security risks continue to appear on the scene. Some organisations bury their head in the sand or cross their fingers. ‘It wouldn’t happen to us’ is their motto. Others make plans using different approaches, some better than others. Then they leave the plan untouched without updating it and…

Business Continuity and Balancing Expert Resources

People are often cited as the most valuable resource of an organisation. The more capable an employee is and the better trained, the more an enterprise stands to profit – up to a point. Difficulties may begin when a person becomes indispensable because of unique expertise that is essential to the smooth running of the…

Balancing Acts and the CIO – the Blondini of the Organisation?

150 years ago the Great Blondini, the world-famous tightrope walker, performed incredible feats of balance and daring in his aerial ambulation above Niagara Falls. While today’s Chief Information Office doesn’t always hold crowds breathless with excitement in quite the same way, he or she has a balancing act to get right too. How much detail…

Is It Time to Review Your Malicious Software Reporting Policy?

Be honest – do you currently have a malicious software reporting policy? Just relying on the existence of anti-virus software and firewalls may be too optimistic nowadays. The potential damage to information assets and productivity, let alone identity or bank account theft, suggests that a malware reporting policy should be in place in any organisation.…

Outsourcing: Good Contracts are Only the Starting Point

Stick to core competence and competitive advantage, and outsource the rest: such has been the mantra of businesses for decades now. The logic is simple. By using external partners specialised in the non-core activities, for example, accounting, logistics and pay, an enterprise can benefit from that partner’s economies of scale and superior expertise. Profits go…

Data Sanitisation and Its Impact on Business Continuity

In data management, the way you delete information can be as important as the way you keep it. Confidential information that finds its way into the wrong hands can lead to loss of advantage over competitors, public relations crises or other threats to business continuity. However, that doesn’t mean the wholesale destruction of data within…

A Perpetual Motion Machine for Sales and Business Continuity

Perpetual motion, like the alchemist’s stone, makes a great legend. The idea of something that keeps going indefinitely with no external source of energy is highly seductive, but also highly impractical. Friction or resistance of some kind will always intervene to eventually bring the system to a halt. However, almost-perpetual motion that just needs a…

What the NSA Revelations Mean for Business Continuity

Although the dust hasn’t yet settled on the Edward Snowden revelations about the activities of the US National Security Agency, the consequences already extend beyond the purely technical. While the immediate reaction was to think of better ways in which to encrypt data, it also dawned on foreign organisations that they might want to review…

Business Continuity and IT Security: Give Up or Give In?

There are different ways of looking at IT security involving end-user equipment such as PCs and mobile computing devices. One is to batten down the hatches at a corporate level, repel all viral boarders and let end-users fend for themselves. Another is to extend security to all end-user devices and take responsibility for maintaining data…

Business Continuity and Why the New Age Still Needs the Old

What words spring to mind to describe the business world today – remote control, automation, speed, renewal? These concepts can all help with business continuity and competitiveness, but so can their ‘yesteryear’ counterparts. Although new technology lets organisations improve different areas of operations, it doesn’t mean that it is a panacea to be applied universally…

Homing In on Best Use of the Public Cloud

When new technology arrives, it’s not always clear how best to use it. Mobile phone makers invented the text message because they thought it would be of use to technicians in their troubleshooting. Since then the SMS has become one of the most popular means of communication for the general public ever. Similarly, public cloud…

How Much Can Predictive Analytics Help Business Continuity?

If you can see what will happen in the future, you can take steps to prepare for it – or avoid it, or even change it. That’s the promise of predictive analytics, a topic that naturally interests business continuity managers. While there’s no guarantee of exact predictions, predictive analytics can indicate change patterns and emerging…

Unthinkable – Business Continuity without a Battle Box?

Lists, kits, packs… they often exhibit order and completeness, two dimensions that are also important for effective business continuity. They are also the underlying principles of the ‘battle box’, a repository for vital information to allow an organisation to carry on operating in adverse conditions. Just like first aid kits and motorists’ emergency packs, a…

Business Continuity and Creative Cyber Criminals

While the web has opened wide the doors of opportunity for entrepreneurs around the world, others have shown evidence of creativity as well. Ingenious use of technologies has led to hacktivism, identity theft, distributed denial of service (DDoS) and swatting, to name but a few. Perpetrators use both the latest cyber-techniques and also old-fashioned approaches…

Risk, Business Continuity and IT DR – the Year of 2013 in Review

Risk certainly marked the year of 2013, with knock-on effects on business continuity thinking. However, in a year picking up the pieces after different disasters, the real message was a reminder that while we collectively now know a great deal about risk, we don’t always prepare or take action appropriately. The devastation caused by rainfall…

How Much Can You Outsource a Risk?

A common corporate credo nowadays is: ‘make only what you cannot buy’. The idea is that if a supplier is already making an affordable, quality component or product, there is no sense in re-inventing the wheel. The company would be better off using its internal resources to develop more strategic advantages related to its core…

Should You Warn Vendors about Impromptu Disaster Recovery Tests?

Vendors supplying you with components or services for your infrastructure need to feel confident about working with your organisation. That way they’ll be motivated to give off their best. It could be argued that stressing a vendor with unannounced tests might have a negative impact on their relationship with you. After all, they have a…

Disaster Recovery – the Truth is Out There

There are statistics, there is business folklore and there are facts about disaster recovery. Some of the statistics quoted may not always be easy to trace back to their source, but it remains a fact that to stay in business, you need to be able to do business. That’s why good disaster recovery planning and…

How SMBs Can Consolidate Their Business Continuity Strategy

‘I keep it all in my head’. Or ‘How likely is it that an event occurs that stops my business from operating?’ These are frequently the reactions of small business owners to the idea they should pay more attention to business continuity and disaster recovery. While business continuity often occupies an increasingly large part of…

Using Qualitative Tools to Assess Your Business Efficiency

Numbers can be useful, but they don’t always tell you everything. Just like business forecasts and other models, it’s wise to include both quantitative and qualitative evaluations of your business efficiency. While quantitative measurements are designed to give hard numbers, qualitative tools can help fill in the gaps where other data are lacking. Qualitative tools…

What Should You Upgrade – Dinosaur Computers or Dinosaur IT Skills?

Business continuity is a matter of staying competitive as well as operational. With much of current business revolving around computers, that means ensuring that IT resources are effective and efficient. However, the fastest processors and the most recent versions of software do not automatically confer competitive advantage on the companies using them. Indeed, the standard…

Accelerated Business Continuity – Are Real-Time Analytics the Future?

How do you view Business Continuity? Is it all about avoiding business outages for a given speed of business, or should it also contribute to increasing that speed? After all, if business continuity is designed to move an enterprise away from slowdowns, then logically it should be moving the enterprise towards picking up the pace…

Infinitely Versatile? The Bid for QR Codes to Now Become Your Authentication

User IDs and passwords are part of everyday business life and business continuity for many people. You need them to log on to get your email and use other company systems. Often, the easier they are to remember, the easier they are to hack. And cryptic codes often get written down on scraps of paper…

Eight Security Questions to Ask a Cloud Vendor Before You Sign Up

Cloud services whether PaaS (platform), SaaS (software), DraaS (disaster recovery) or another ‘as a service’ option are part of the business landscape now. However, in the vast majority of cases, using them means that your data is stored outside your organisation. No matter what the cloud vendor’s reputation, security must be evaluated, confirmed and applied.…

Is Google Earth a Good Tool for Business Continuity and Disaster Recovery?

When you’re scouring your neighbourhood to detect possible risks to your organisation, a tool like Google Earth can be a valuable asset. Without leaving your desk you can tour streets and advance street view by street view, pinpoint addresses such as the nearest phone service and electricity providers on your map and spot vulnerabilities –…

What Are Your Top Ten Organisational Risks?

Organisational risk is in the eye of the beholder. What you see as being the main risks as an innovative small business serving the Melbourne metropolitan area may be very different from the point of view of a multinational corporation with projects all over the world. It’s wise however for both types of organisation to…

Agile Organisations and Business Continuity

‘Agile’ is a common buzzword in organisations today. Intuitively, it fits well with the notion of business continuity – an agile enterprise, able to respond iteratively to whatever today’s business conditions or events throw at it. The old concept of long-term corporate planning is light years behind; many businesses don’t know what will happen in…

IT Security for Small Businesses – Are You Listening?

Hacking of the IT resources of small and medium businesses is on the increase. The age-old excuse of ‘We have nothing worth hacking’ is no longer valid, although this doesn’t always register with SMBs. Hackers see small businesses as targets of interest for several reasons. Firstly, SMBs are vulnerable. Their security is weak, because of…

‘If It Ain’t Broke, Don’t Fix It’ – When Change is Not the Only Constant

The ‘new normal’ propounded by management gurus a few years back was that ‘change is the only constant’. Companies, said the gurus, must constantly change, innovate and reinvent themselves in order to remain competitive and successful. They applied their mantra to everything from marketing to manufacturing to supply chain – with varying results. Victories included…

Critical Vendor Reviews are Part of Business Continuity Management Too

What goes on inside your enterprise is of prime importance for your business continuity management. However, so are the actions and attitudes of vendors on which you rely to run your business.  In the same way that you regularly check on BC processes and awareness inside, you should also conduct periodic investigations of key business…

How Technology Smooths the Way for Business Continuity and Disaster Recovery

While good planning and processes are at the heart of business continuity and disaster recovery, technology can accelerate the benefits as well. We live in an age of cloud computing and smartphones. Both can be used to help an organisation get back on its feet after incidents, or simply ride them out without severe or…

The Army as the Model for Business Communications

One of the biggest factors in helping people to get along and making businesses profitable is communication. Mobile phones in particular have become the symbol of this: depriving somebody of his or her mobile phone is today akin to torture, at work, at home or anywhere else. The trend continues too towards more advanced and…

ITIL, ITSM, and the Way They Can Help Business Continuity

IT is at the heart of most business today. Whether it’s in marketing systems and CRM, design software applications, production line automation or finance and accounting, if the information technology being used breaks down, so do business operations. Conversely, when service from the IT department is defined in terms of the business objectives of the…

How Not to Be a Victim of Your Own Data Centre

Nowadays, IT plays a vital role in supporting business functions for many organisations. They depend on their data centres to keep their activities going and to come up with new ideas about how to improve them. However a report by research company IDC (International Data Corporation, 2012) suggests that both business operations and innovation may…

Making Virtualisation in IT an Advantage, not a Risk

The big selling point about virtualisation, at least in disaster recovery terms, is the power it gives to handle single points of IT failure. The idea is to distribute applications the right way over a number of servers; then if one physical machine crashes, another one should be available to ensure that applications can continue…

Keeping Organisational Policies Up to Date in Business Continuity Management

Whether or not rules are made to be broken, company policies are made to be reviewed. What was suitable for an organisation a few years ago may be out of date with requirements now. Paradoxically, this is an instance where business continuity management needs to introduce some discontinuity, to avoid the enterprise getting stuck in…

Encryption Alone Won’t Ensure Business Continuity and Here’s Why

Did you know that the ‘uncrackable’ 128-bit Advanced Encryption Standard (AES-128) in fact turns out to be crackable? Granted, it would currently take 2 billion years using an enormous number (like a trillion) of computers. But before you heave a sigh of relief on behalf of your organisation’s information, think again. That’s the situation when…

How Well Does Your Company Password Policy Perform?

If you haven’t seen it, you’ve probably heard about it: the sticky note on the computer screen with the account login and password for all to see. While this archetypally bad behaviour has security officers recoiling in horror, there are also other less obvious forms of password vulnerability that affect many organisations. Fundamental problems that…

Organisations in Europe Are Making Risk Management a Priority

Research into leadership in risk management in Europe indicates that it is gradually becoming a board-level item and an integral part of organisational strategy. While banks for example have embedded it into their operations since their inception, in other sectors the importance of risk management has taken longer to come to the fore. Common categories…

Are Chinese Businesses Doing Well Because of or In Spite of the Web Security?

Is there a relationship between the Internet control and censorship policy in China, and the country’s economic success? Chinese Internet censorship has meant that access has been denied to Facebook, Twitter, YouTube and many others (Wikipedia estimates over 2,600 websites in total). Meanwhile the Chinese economy continues to grow. While the jury is still out…

Five Strategies to Prevent a Distributed Denial of Service (DDoS) Attack

Distributed Denial of Service (DDoS) attacks are becoming a trending and serious issue when it comes to Cyber Security across many industries in particular the banking and financial sectors. In a DDoS attack Botnets (usually referred to as a “Zombie army”) bombards a server or a network with thousands of system requests sent from infected…

Social media – Risks and Productivity Impacts in the Workplace

A few years ago, social media were the bane of many businesses. Seen as a dangerous distraction for employees, some even instructed their IT teams to block access to social networking sites in an effort to recover employee time and productivity. Nowadays however, the tide seems to have turned. Companies look towards social media as…

Virus Protection – Think of it like Car Insurance

If you’ve never dinged your car (other than brushing bumpers while you’re parking), you may not appreciate how good it can be to have adequate car insurance. Likewise, if you have been spared the pain of a PC that slows down or dies because of a virus, software for protection against viruses may seem more…

Cyber Security Risks for Financial Systems

The financial sector and the banking industry in particular are unique in the IT world: no other businesses have the same combination of constant drive for innovation, regulatory pressure and customer-facing IT applications. That also means increased exposure to cyber security risks via the interfaces to the public, whether these risks are linked to criminal…

Agile Business Continuity – Simple as ABC?

Agile techniques have become popular over the last few years. They have their roots in software development projects. Unhappy with ‘monolithic’ projects that exceeded both time and money budgets, project teams looked for a better way to deliver useful end-results to software users – and that also kept up with changing requirements into the bargain.…

When Business Continuity Means Not Coming to Work

Do you remember those problems in school calculus about the multiplication of bacteria? Throw in a little network effect and you can start to build a crude but realistic model of how illnesses like influenza are propagated throughout an organisation. One person carrying flu germs and coming into contact with other people in an enterprise…

Just When You Thought It Was Safe… Emergent Risks

Decades ago, the ‘Jaws’ film series struck a chord with its marketing slogan ‘Just when you thought it was safe to go back in the water’. Risks are like sharks as well. You think you’ve disposed of one, only to find a new one circling you and your organisation, waiting for an opportunity to emerge…

Disaster Recovery Set to Grow in the Cloud

One of the big things about cloud computing is the potential for cutting costs and saving capital. On demand storage and Software as a Service (SaaS) paved the way with applications stretching from cloudified accountancy to sales force and customer relationship management. ‘All things shall move to the cloud’ is the mantra of many, and…

Duct Tape Business Continuity – Can It Work?

Perhaps you’ve already come across Duct Tape Marketing, a popular business book about successful marketing for small businesses. Duct tape, as you may know, is the strong adhesive tape you can use as a quick fix to bind many different things together especially if you don’t have any other solution. It stops things from falling…

When Retail Giants Move into Disaster Recovery

Amazon already did it. With huge data centre installations and expertise to support its exclusively electronic commerce, it wasn’t a big leap to start providing cloud computing platform services and practically limitless data storage resources for other companies. Amazon Web Services now offer organisations the possibility to move their disaster recovery and business continuity into…

Cyber Business Continuity Needs Broad and Deep Together

In mid-July 2013, several of New York’s Wall Street firms participated in an exercise to test their resilience in the face of cyber-attacks. The initiative was coordinated by SIFMA, the Securities and Financial Markets Association, and included commercial financial companies, as well as the U.S. Treasury Department. Financial institutions in the US have been subjected…

IT Security and Business Continuity Through Divide and Conquer Tactics

‘How do you eat an elephant’ is the age-old metaphorical business question. ‘One piece at a time’ is the answer. Big problems can be broken down into smaller ones, which can in turn be broken down again, until you get to a level where you can see your way to solutions. Project management and production…

Disaster Recovery – How Would You Like to (Not) Pay for That?

Usage-based payment systems are becoming increasingly common, but a recent variation in disaster recovery has an interesting twist. A new pricing model from a company called Asigra is based not on how much data an organisation backs up, but how much it restores. In particular, a ‘recovery performance score’ determines the amount of money a…

Business Continuity and the use of Robots

For most organisations, business continuity issues have more to do with breakdowns in everyday processes than with incidents in a nuclear reactor. However, events like the most recent catastrophe in Japan have catalysed discussions on the potential for using robots for recovery and continuity – discussions that could progressively include even ‘run of the mill’…

Disaster Recovery Planning and the Use of Automation Software

If your IT systems go down, you want a solution in operation ASAP – or within the limits imposed by criteria like your recovery point objective and your recovery time objective. The problem is that under stress and time pressure, the difficulty of correcting failure is magnified. Human emotion is the cause. It causes delays,…

WAN and Cloud Disaster Recovery: Look out for the Latency

How fast does your application need to be – how quickly do you need to be able to see a response after you enter a command? In some contexts, speed is not a critical factor. For instance, if you’re entering or retrieving accounting data, you don’t want to wait for half an hour, but anything…

Shrinkage, Fraud and Other Hidden Parts of Business Continuity Management

Sometimes we get so wrapped up in business continuity management that deals with natural disasters or accidental breakage that it’s all too easy to forget about another dimension: deliberate acts that damage the worth of an organisation. Even if terrorism and activism get publicity, theft and fraud often remain in the background. And yet there’s…

What Constitutes National Resilience?

More news about IT disasters (and disaster recovery) last week, this time concerning a French state financial system. Service was interrupted for four days in a configuration used to pay suppliers, and running SAP software and operated by the national French IT company, Bull. France still has a national computer company, providing mainframes and servers,…

Virtualisation at the Heart of a Health Provider’s Disaster Recovery Planning

A recent article on the website ZDNet.com describes how a health provider in Indiana, US, put in place IT virtualisation to manage a number of challenges, including disaster recovery planning. One of the big changes was moving from a situation where a breakdown in a physical server threatened the welfare of hundreds of individuals, to…

Cloud Business Continuity Moving Towards Self-Healing Solutions

While cloud services have promised advantages of redundancy and resilience from the start, there is still the spectre of failure. Even the largest operators can be affected. Amazon’s EC2 (Elastic Compute Cloud) suffered breakdowns in 2011 because of a wrongly applied change of configuration, and again in 2012 owing to ‘historic’ thunderstorms in the neighbourhood…

Crisis Management and Social Network Resources

Customers are influenced by what they experience, but also by hearing about the experiences of others. In crowded, competitive markets, maintaining positive ‘brand capital’ with customers is an important part of business continuity. Although social networks often have a gradual effect on a company’s activities rather than an immediate one, crisis management is an exception.…

Move over, the Six Million Dollar Man. Now It’s NYC’s Turn for Increasing Resilience.

Remember the TV series with Lee Majors playing the role of astronaut Steve Austin? It’s OK, you can admit it without overly dating yourself – there have been reruns since the series was originally launched in 1973! In essence, Austin is ‘rebuilt’ after an accident using bionic body parts to make him stronger and better…

Getting Visual with Natural Catastrophes and Business Continuity

As part of the business continuity insights from Hurricane Sandy, the American National Hurricane Centre is reviewing the way that it makes warnings about storm surges (abnormal rises of sea water). The problem was not in the accuracy of the predictions but in the perception of the information by the public. There was a disconnect…

Disaster Recovery Myths about Deleted Computer Files

Once a file is gone, it’s gone, right? Well, it all depends. In many cases files are not physically removed from hard disks, but simply hidden from users by the operating system, and left available to be overwritten by new files. That means that some degree of disaster recovery may still be possible if a…

Disaster Recovery Goes Mobile with a Self-Propelled Solution

After meals on wheels, how about mobile disaster recovery? That’s what US distributor Avnet Technology Solutions is offering customers in a scenario that sounds rather like it came out of Star Wars. The company has put together a technology package of products from EMC, Brocade, Cisco, Metalogix and Microsoft, all installed on a chassis from…

Spot Your BYOD Challenge for Business Continuity

BYOD, or ‘Bring Your Own Device’, is spreading through the business world. Initially a user-driven phenomenon, some organisations now even want to stop supplying computing devices to employees that have them anyway. But once computing and data for computing for the organisation are no longer controlled by the organisation, the question of business continuity comes…

Where is the Truth in Business Continuity Today?

Let’s set some expectations. This blog post won’t give any definitive answer about the question above! On the other hand, this post is prompted by a comparison of recent news items, on the face of it interconnected and yet apparently at odds. Within the space of less than a month one survey found that companies…

Social Networks, Business Continuity and the Pyramid of Needs

What do people in your organisation do when there’s news of bush fires approaching or impending floods? Batten down the hatches, check the emergency generators, and perhaps get connected to a social network like Facebook or Twitter? Social networks can sometimes provide a vital connection when other means of communication fail. Available over mobile devices…

On the Trail of the Business Continuity Calculator

Business continuity? Sure, but how much will we earn from it – or at least, how much will we save? Business continuity managers often appear to be destined to an eternal quest for hard data on the return on investment for their activity. The situation is complicated by the fact that business continuity is almost…

What’s the Bill for Repairs after Recent Natural Australasian Disasters?

The Global Catastrophe Recap for April 2013 from reinsurance company Aon Benfield gives a region by region breakdown of recent damages and costs after different natural disasters. The Impact Forecasting organisation, part of Aon Benfield, uses data on disasters to build models of catastrophes to better understand the risks. This helps customers better understand the…

How Business Continuity is Built into Australian Police Operations

Crime-busting is a key part of their activities, but police forces in Australia also have a much wider remit to protect communities. People naturally turn to the police of help and guidance if there is an emergency, making police officers the first to respond to many situations requiring rescue or evacuation, for instance. Senior officers…

Business Continuity RAA-RAA? Get Ready for Resilient Australia Awards

The 2013 Resilient Australia Awards (RAA) may put the accent more on measurable accomplishment, rather than “boisterous and uncritical enthusiasm and excitement” (an online dictionary definition of “rah-rah”). Notwithstanding the natural keenness of people to do a good job, the awards have been put in place to recognise achievement and innovation in resilience: increasing the…

IT Business Continuity – How Safe and Green Can You Be at the Same Time?

The Data Centre Risk Index (DCRI) has been published for 2013. Companies looking for IT business continuity may have to choose between being the safest or the greenest when it comes to installing their data centres. Overall, the worldwide winner is the United States. In Europe, the top country is the United Kingdom. The UK…

Resilience Management Models – Is There Anybody Out There?

Resilience as a subject is getting wider coverage nowadays. For example, Resilient Australia is an example of an organisation promoting the concept and holding competitions to award prizes to entities judged to have done outstanding work in the area of resilience. Resilient Organisations (ResOrgs) is a public research programme based in New Zealand as a…

Making Business Continuity Friends in Manufacturing

Some areas of an enterprise are naturally more sensitive to business continuity than others. Whereas interruptions may be a nuisance in accounting, they may simply be unacceptable in manufacturing production lines aligned to lean and just-in-time manufacturing methods. As facilities increase in size, they tend to use more automation. The Manufacturing Execution System or MES…

“Location, Location, Location”, OK but where’s the Business Continuity?

In the property business, the three most important things are (so they say) location, location and location. You can hear the wisdom of the ages in those words when it comes to buying, selling and renting – as long as the estate agent’s systems are in working order. And that according to a survey recently…

The Agile Approach to Implementing Business Continuity

The Agile approach is currently in vogue in a number of business areas, one of the better-known examples being software development. The same principles that can help keep software applications aligned with business needs and available on a timely basis can also be applied to business continuity. The name “Agile” refers to the notion that…

What Would You Like to Win a Business Continuity Award For?

It’s that time of the year again, and surveys are running to see who will win the title of Business Continuity Person of the Year. Common criteria include the most effective, most innovative, most promising newcomer, and best lifetime achievement. There are even a couple of new categories being offered: best crisis communications and best…

Disaster Recovery and IT Systems with Minds of their own

The bigger IT systems get, the more complex they get, the more chance there is a failure somewhere inside and a need for disaster recovery. It’s mathematical – as you multiply the number of components or the number of computer procedures called, you multiply the possibilities for something to go wrong. Even the biggest guns…

HaaS and the Business Continuity Challenge

When a global IT distributor like Ingram Micro gets on board the HaaS (Hardware as a Service) bandwagon, you know it’s really on the move. The concept behind Hardware as a Service is that organisations no longer have to own, support or in general worry about the IT hardware that is present on site. Instead,…

What Business Continuity Management and Zero-based Budgeting have in Common

Every so often (business continuity plan updates, for example), figuratively speaking it’s time to get the crystal ball out and see what the future holds. This is an ambitious undertaking given how difficult it is to know what the weather will be like next week, let alone business in six months’ time. Modern science has…

Isn’t a Threat Landscape More than just Worms and Viruses?

By a quirk of language, the term “threat landscape” is currently used to refer specifically to cyber-threats. These threats alone already keep business continuity professionals on their toes, even if the nitty-gritty of protecting a company in this area is often the direct responsibility of the IT department. However, considering that threats were confined to…

Have You Got Your Global Risk Analysis Kit?

Want to know what’s on the radar screen for economic and technological risks? Or is your interest more in societal and environmental threats? The Global Risks 2012 report from the World Economic Forum has something for everything. It breaks risks out into five global categories – the four we’ve just mentioned, plus a fifth, geopolitical…

Disaster Recovery can be a “Free” Consequence of Cloud Computing

In the world of disaster recovery, one of the challenges is getting people to approve budget for having the right DR capabilities in place. Unless you are dealing with enlightened senior management, it’s not always easy to get people to sign off for events that may or may not come about, at some indeterminate time…

ASIC BC Guidance as an Alternative to Putting Your Money under the Mattress

There was a time when the safest place for your money was reckoned to be under your mattress. Paper money didn’t exist. The gold and silver coins in use were resistant against flood and a certain degree of fire, as well as theft if you were lying on the mattress at the time: in other…

To Share or Not to Share Business Continuity in a Shared Supply Chain

One of the challenges to business continuity planning in 2013 will be the trend to share supply chain facilities between two or more companies. The logic is that to keep logistics and distribution running smoothly but at acceptable cost, the overhead of facilities such as distribution centres or delivery can be shared. It is even…

Embedding Business Continuity Management Into A Company’s Culture

One of the challenges for the business continuity manager is to get his or her colleagues to think about BCM too. People who remain unaware of business continuity plans and requirements, even in their simplest form, may be unable to continue their work when an incident or a problem arises. So getting a minimum of…

NFPA1500 or how the Fire Department Does Business Continuity

With emergencies as the very basis of its existence, a fire department still needs to think out its own business continuity. The NFPA (National Fire Protection Association in the United States) 1500 standard details the procedures that a fire department should or must follow in order to continually remain operational. Instructions in NFPA 1500 start…

Never a Dull Day with Business Continuity

Business continuity principles may span industries and continents, but their application can turn out to be very different. Organisations in different professional sectors have varying methods and priorities in organising their daily activities. What may be sufficient as business continuity planning in one enterprise may be inadequate for another. Try this as a thought experiment…

What the SS540 Business Continuity Standard is Designed to Do

Is a population of around five million people enough to justify bringing out a separate business continuity standard for that country? After all, with other internationally applied standards already available, such as BS 25999 and now ISO 22301, making your own version might be described as reinventing the wheel. However, when that country is Singapore…

Business Continuity Plans for Mergers and Acquisitions

Business continuity plans are not only to be used when uncontrollable or unpredictable events beset an enterprise. They also have a role to play in events that, so to speak, firms bring upon themselves. Mergers and acquisitions are good examples. Such events are deliberately induced, unlike fires, floods or IT systems breakdowns. However, that still…

Linking ISO 22301 to Related Management System Standards

To paraphrase John Donne, no standard is an island. Users implementing systems according to ISO 22301, the standard for business continuity management within the context of societal security, can gain from linking their work to that done on other standards as well. While the standard takes an all-hazards approach and applies equally to both private…

Keep CALM and Share My Business Continuity With Me

As supply chains increasingly integrate suppliers, it’s time to extend business continuity in the same way. In simple situations involving individual consumers and providers, this is already happening. Customers who buy new cars today often rely on the dealer to also provide their “car continuity” because the systems in the car require specialist equipment for…

Divergent Attitudes to Business Continuity Regulation and Recommendation

Should business continuity planning be a legal requirement? Should it be an option left to the discretion of an organisation? A school forced to close for a day because a heating pipe burst and flooded the ground floor is an inconvenience. An online shop that loses its e-commerce site for a day may be a…

Physicians, Heal Thy Business Continuity Thyself

Like the cobbler’s children who are the least well shod, it seems that organisations whose whole business is in emergencies are not necessarily well-prepared for business continuity. In particular, hospitals have come under scrutiny in recent years because of an apparent lack of integration of risk management practices. Approaches have sometimes stopped short of the…

Reality Bites – Business Continuity Incident Examples and Statistics

As business continuity covers all parts of an organization, there is a tendency sometimes to describe it in correspondingly general terms. Compared to all the theoretical possibilities of how BC issues can affect businesses, real-life examples are often in shorter supply. On the other hand, statistics about the number of businesses that go bust after…

Why Should You Care About Business Continuity Management Governance?

Let’s face it. It’s hard enough to define what corporate governance is in a general sense, let alone drilling down to explain it for business continuity. Apart from being something that organisations start pondering once they’ve tamed their marketing and business strategy, governance can also be defined in terms of its component parts: the “Reporting,…

Not only is tape back-up still around, but it’s also still beating disk

The classic strength of tape compared to disk is in the relative cheapness, but now there’s more. If you’re thinking in terms of long-term archives, then tape also beats disk, because it has a “shelf life” of 30 years, compared to a “measly” 10 years for disk. After 10 years, disk runs the risk of…

Disaster Recovery – the Price to Pay for Self-Inflicted Disasters

“A stitch in time saves nine” is a well-known saying. However, “familiarity breeds contempt” as they also say, and knowing your maxims off by heart doesn’t automatically mean taking the appropriate action. The “stitch in time” in IT terms is a proper plan, or good change management, together with backup planning if things don’t work…

Customers Who Make the Laws for Business Continuity in Manufacturing

In finance and healthcare, they have laws for business continuity. In manufacturing, they have OEM customers and it’s a moot point as to which, laws or customers, have the stronger influence.

Keeping Business Continuity Plans Up to Date – Say “Aah”!

It’s kind of like going to the dentist. You might not want to make the appointment, because you don’t know how it might turn out. However, you know down inside that regular care and attention will mean you’ll stay in better shape than if you let things slide. If visits to the dentist annually are…

Social Media and Crisis Communications – Starting Out Right

In developed countries, statistics indicate that about half the population participates in social networks or online communities. The Internet is also the third most popular channel of communication used by people to gather information on emergencies, even if TV and radio remain the favourites. And to top it all, about two-thirds of people expect that…

Hurricane Sandy and Business Continuity Plan Best Practice

The damage from Hurricane Sandy was front page news for some time, even if it will probably finish by fading from popular memory, as new tropical storms come and go. Yet because it hit the Northeast of the United States with its financial nerve centres, there was a particular impact on the operations of the…

Preparing for Product Recall beyond Standard Reverse Logistics

Where product recall sits in relation to your overall business continuity planning will depend on the gravity of the recall. At one end of the scale, reverse logistics is simply part of distribution and shipping: when someone somewhere receives a defective or unwanted product, the supply chain has to be able to handle the flow…

WorkCover Sticks and Business Continuity Carrots

One of the consequences of aiming for business continuity is the need to fit in with other programs and imperatives in an enterprise. In particular, employee safety is a requirement that must be met, although it opens the door simultaneously to opportunities for BC planning. Australian states such as New South Wales, Victoria and Queensland…

Don’t Abdicate Your Disaster Recovery Just because your Employees are Doing It

In today’s world of cloud and BYOD (bring your own device) computing, disaster recovery sometimes almost seems to be organising itself. Employees can copy all sorts of data to mobile phones, tablets and personal web storage, including customer lists, proposal templates, financial spread-sheets and more. It would take at least a double disaster – for…

How would You like a “Disaster Resilience” Plan?

Just when you thought you’d figured out DR, up pops a new concept – now it’s DR for “Disaster Resilience”, as well as for disaster recovery. Entities like the Australian Government and the Australian Emergency Management Institute are getting in on the act, so it might be good to know what’s going on and what…

What Does Bloom’s Taxonomy Have to Do with Disaster Preparedness?

If you’ve worked in education or training, Bloom’s Taxonomy may mean something to you. It’s a tool for structuring learning, for example learning about disaster preparedness, via a set of simple steps. Depending on which terminology you choose to use, these steps can be named in order as: remembering; understanding; applying; analysing; synthesising; and evaluating.…

The Real Business Continuity Lesson to be Learned from Hurricane Sandy

In terms of natural disasters for 2012, the “big one” for many people was Hurricane Sandy. The storm affected individuals and enterprises as it knocked out power lines and punished buildings, roads and infrastructure on the US East Coast. After the fact analyses of the hurricane took different standpoints. Some praised the decisions taken by…

BCM in a Health Organisation – Who Gets Priority?

Health organisations are a special case (not the only one) in business continuity management. Life and death issues are the backdrop in many cases, while the size and complexity of some hospitals elevate BCM to new levels of complexity. At the same time, they need to generate income in order to pay the ongoing costs…

New Zealand Earthquakes and Disaster Rebuilding

Why should DR stand only for disaster recovery? In the face of the earthquakes that assail parts of New Zealand from time to time, both the short term and the long term implications are being taken into account. Short term is disaster recovery, in a wider context than just IT, but disaster recovery nonetheless to…

Business Continuity Test Scenarios at the Speed of Light?

The more business continuity test scenarios you can run in your IT systems, the closer you can get to a bullet-proof organisation. Of course, that doesn’t mean that you’ll necessarily achieve such a Holy Grail; it might just mean you’ll be a little less further away than when you started. And then there’s all that…

Cloud Disaster Recovery, OK, but what if the Cloud IS the Disaster?

Disaster recovery via cloud computing is a hot topic nowadays. Inexpensive compared to traditional hot standby solutions and with greater flexibility, by definition cloud data backup is independent of local or even regional incidents. In theory, cloud data restore should be just as independent. The problem however comes when a cloud provider fails to provide…

Bush Fires and Business Continuity – Has Anything Really Changed?

Should you stay or should you go? That’s the big question in thinking out preparedness and plans for disaster recovery and business continuity in the event of a bush fire. In Australia, the damage done in 2009 in Victoria sparked off new debates about the right choice between staying to defend property against bush fires,…

Embedding BCM – Not Just Another Road Paved with Good Intentions?

Embedding business continuity management in an organisation certainly gets a mention in standards like BS25999 (with good intentions carrying through to ISO 22301). So it should. As BCM concerns everyone and is only as strong as its weakest link, it needs to be understood and applied by all: hence the embedding into the organisational culture.…

How the Cloud Mixes Up Everything and the Impact on Disaster Recovery

Despite some claims that that data storage and data recovery are set to become two separate items in computing cloud land, at the moment it’s all in there together: data, the applications that handle that data and the infrastructure that needs to be managed in consequence. IT disaster recovery plans involving cloud now have to…

What does AS/NZS5050 have to Do with Black Swans and Defining Your Destiny?

AS/NZS5050, with its title of “Business continuity – Managing disruption-related risk”, caused a few ripples when it was published in 2010. With its focus on risk management, it recommends that disruption should be stabilised as soon as possible, with resumption of mission-critical operations and a speedy return to normal functioning. It also recommends that a…

Check Your Level of Crisis Management Maturity

If there was a crisis, how well prepared would your organisation be to deal with it? While scales of preparedness can only be relative, the following model may help to evaluate the situation. Adapted from part of a presentation at the DEP Expo 2012 on Site Location Response Teams by Martin McNamara, each of the…

What HICS does to Help Hospitals Cope with Disasters and More

HICS – Hospital Incident Command System, or Control System for some – contains guidelines specific to hospital organisations with respect to business continuity requirements. While most people would readily appreciate the life or death nature, literally, of certain activities within a hospital, business continuity and disaster recovery stretch can have a very broad remit. Fires…

Cloud Disaster Recovery still Needs to be Analysed and Tested

While it’s comforting to think that a professional organisation can now hold your data safe and sound for you in the cloud, cloud DR planning still needs the same careful attention as a solution using any other technology. There are significant business advantages available, not least in terms of financial flexibility and hugely scalable resources,…

Too Much “Business as Usual” can be Bad for Your Health

It’s something of a paradox. On the one hand, maintaining business as usual (BAU) could be considered a key goal of business continuity, especially if “business as usual” means high productivity and efficiency. Yet as a research paper presented by Dr. Robert Kay at the DEP* Expo 2012 points out, a focus on BAU that…

APRA and Business Continuity in Finance – Accountable in More Ways than One

Business continuity is a big deal in financial institutions. This is not just because of the institutions themselves, but because of the widespread follow-on effects of interruption to their millions of business and consumer customers. APRA (Australian Prudential Regulation Authority) revised its compulsory standards in 2012 by bringing out Prudential Standard CPS 232 for Business…

BCM Culture – Who is the Most Important Player in Your Organisation?

While the idea that business continuity management needs to become part of corporate culture is gradually gaining ground, the practical aspects of making it happen may be less obvious. You want everybody in your organisation to be BC-aware, because business discontinuity can happen at any time and affect anyone. But how do you communicate that…

What’s the Basic Business Benefit of IT Disaster Recovery via the Cloud?

Let’s stop talking technical for a moment. Although the quality of IT disaster recovery depends on which technologies are used and how, we sometimes fall into the trap of assuming that innovation and specifications are all we need to optimise DR for our business. Cloud services are a case in point. Yet taking a moment…

Preventing Policy and Employee Disconnects in Business Continuity Plans

Recent information about IT security, a particular aspect of business continuity plans, highlights the high risk behaviour of people in using computer passwords. The data comes from passwords uncovered by hacktivists group Anonymous, who then exposed them online. The more general question is then whether such a gap between stated rules and real life behaviour…

Is that Maximum Tolerable Outage, Maximum Tolerable Disruption, or What?

Maximum tolerable outage or MTO is a common measure in both disaster recovery and business continuity. It is the maximum amount of time a system or resource can remain unavailable before its loss starts to have an unacceptable impact on the goals or the survival of an organisation. It’s either on or off, and if…

SydneyALERT Aims to Improve Emergency Information to the Public

Central business districts (CBDs) are known for the high concentration of people in them, during business hours. This makes them a special case in emergency management. There is a strong need to provide timely, clear instructions to the public in this instance in order to contain any emergency situation and to avoid complications. SydneyALERT is…

If Bigger Australian States have DISPLANs, What do Smaller States Have?

If search engine results are anything to go by, state-wide disaster plans are common currency for the largest Australian states in terms of population (New South Wales and Victoria), but not so much in evidence for others. NSW even goes one better with not just a DISPLAN, but also an EMPLAN – Emergency Plan (the…

Business Continuity Plans of 2012 – a Mayan Point of View?

Case histories and past experience are material for building the business case for business continuity plans. So what have the last twelve months contributed? Since the Mayan prophecies on December 21st provoked no major upsets in the world, 2012 was quiet compared to 2011. There were events like the Olympic Games and Hurricane Sandy, but…

Resilience Management and the Road to Unified Continuity

As fields such as business continuity, risk management and security management, to name but a few, develop, they often develop different branches and specialities. With the multiplication of concepts and methods, the original discipline isn’t big enough to hold them all, or so it seems. Yet resilience management is something that bucks that trend. It…

Business Continuity Plans that Accentuate the Positive

If the names of Johnny Mercer and Harold Arlen don’t immediately strike a chord, at least in business continuity, you could be forgiven. Yet their sage advice has been around for some time. It dates from 1944, when they wrote the lyrics and the music for the song “Accentuate the Positive”. How does it go?…

What Sort of Cloud Best Suits Your Disaster Recovery Plan?

It had to happen. Just having “the Cloud” was too simple. In the same way that the Internet morphed into intranets, extranets and more, cloud computing is now branching out into internal, external, inter-, public and private clouds. Vendors and service providers alike have seen the opportunity to leverage existing solutions and create their own…

Production Pressure that Prevents Proper Business Continuity Plans

“Do it now”, “do it faster”, “do more”,… While these may all be justifiable goals on their own, the problem comes when production pressure like this has a negative impact on business continuity plans and actions. BC planning is preventive and its objective is the absence of disruption to a business. However, it can therefore…

Emotional Continuity Management – Still Just Right-Brain?

Presented as the offspring of business continuity planning, emotional continuity management has been around for a few years now. The concept links emotional distress in the workplace with a negative impact on productivity, and conversely emotional wellbeing with a positive impact. People who feel good perform better. People who don’t fall apart emotionally when disaster…

Why Earthquake Intensity can Affect Any Disaster Recovery Plan

If you think your organisation is in an earthquake-free zone, you may be right – up to a point. From a purely local point of view, your site may never have experienced the slightest tremor or be likely to. On the other hand, you may also be using suppliers for raw materials or components that…

Going Deeper than just a Dashboard in Your Business Continuity Plan

Production has them. So does supply chain, and finance; for sales, it’s practically a no-brainer. Yes, it’s the departmental dashboard – that one page summary of key performance data, typically in a graphical format with pie charts, bar charts and the like. You get at-a-glance information on how well an operation is doing. Most company…

Showing Off as Part of Business Continuity Plan Best Practice

Getting your organization to recognise the value of business continuity is sometimes hard. However, business continuity plan best practice isn’t only a matter of what you put into your plan, but also what you do with it afterwards. You already need to show it to your management, the board, departmental heads affected, and others in…

Maximum Tolerable Outage(s) for the Supply Chain in 2013

End of year deadlines and festivities mean that maximum tolerable outage is an increasingly hot topic in many sectors. But what will expectations be for the year to come? MTO in itself is a measurement, a tool to be used in delivering business continuity overall. Changes in MTO, whether in terms of level or application,…

Is it Time for Disaster Recovery Plans to Include QR Codes?

You’ve probably already seen QR codes many times. A QR code typically looks like a bit of computer-generated art in a square, printed in magazines, on cereal packets, on buses, and so on. What’s the link with disaster recovery plans? Simple enough. The use of smartphones is increasing, and so are the opportunities for enabling…

Where’s the Proof of Business Continuity Plan Best Practice?

Practice all you like, but if you can’t see measurable results in terms of your organisation, then you can’t guarantee that business continuity plan best practice is of benefit. True, in some cases, it seems intuitively obvious. Or perhaps a sufficient number of relevant case histories exist for the probability to be high enough that…

Integrative Negotiation as Part of a Business Continuity Plan

Business continuity is not always the easiest thing to put in place. Budget that gets allocated to BC is budget that does not get allocated to other projects or departments, and then there are also organisational turf wars to consider. If you’re faced with a manager intent on protecting his or her fiefdom, a slide…

Why being a Minority in Business Continuity Planning is still OK

In the best of all worlds, everyone in an organisation is convinced of the merits of business continuity planning, and works to make BC happen as it should. Idealism may be inspiring, but many BC managers feel they have more in common with lone voices in the wilderness, or Cassandra of mythical Greek fame, who…

Why Prospect Theory has a Role in Your Business Case for Business Continuity

Cloud computing and risk mitigation, OK – but when pundits start linking business continuity plans and “prospect theory”, discussions can run deep indeed. What do the two have in common? To answer a question like that, you first have to know what prospect theory is about. In a simple form, it describes how people make…

Ethics and Business Continuity Plan Best Practice

Keeping a business going is what business continuity is all about, but at what price? Ethics have more than one role to play as part of business continuity plan best practice. Not only are they important in order to prevent continuity from being jeopardised, but they are also a crucial part of any response to…

Maximum Tolerable Outage by Whose Criteria?

Maximum tolerable outage means what it says – the longest time that an organisation can accept that a given service or facility is out of operation. Many enterprises and institutions go to great lengths to predict and calculate MTO, usually because of what’s at stake. Hospitals for example cannot accept IT outages that disrupt critical…

Ray Bradbury and the Role of Paper in Business Continuity Planning

Ray Bradbury was the author of many works of science fiction and futurism. SF literature owes to him classics such as The Martian Chronicles, Something Wicked This Way Comes and Fahrenheit 451. Although monsters from outer space do not feature in the top ten risks that organisations must face, the title alone of Fahrenheit 451…

How to Sell the Business Case for Business Continuity

Some of the most effective selling in any context is done by systematically applying certain rules. Selling the business case of business continuity is no exception. Finding out what internal decision-makers want and presenting the case for BC so that it demonstrates value in their eyes, while motivating them to accept sooner rather than later,…

4 Trends in Business Continuity Plans for IT and Beyond

With the end of the year looming larger and larger, it’s time for a review of trends that have marked BC in 2012 so far, and that will likely continue to do so into the next year. Four important ones are rooted in information technology: cloud computing, mobile devices in the workforce, social networking and…