“Careless talk costs lives” was one of the slogans on posters displayed during the Second World War. It was a warning to people to avoid discussing confidential matters in public places, where spies could eavesdrop on vital secrets. Many people also know the saying “wall have ears”. Yet in enterprises and other organizations, too few employees make the connection between that maxim and the need to improve precautions in the way they handle information at work. When data breaches or intellectual property theft has occurred, the problem was often that employees were simply unaware of the need to be more careful.
If you run or use the services of a data centre for your organisation, the quality and compliance of that data centre are likely to be dear to your heart. Your auditors may be breathing down your neck to make sure it has a clean slate financially. Your senior management may be pressuring you for assurances about data protection. Ideally, the data centre can show that it meets requirements. Suppose it offers to do so by demonstrating compliance with ISAE 3402, the standard developed by the International Auditing and Assurance Standards Board. One version of ISAE 3402 may satisfy your financial audit team, but won’t answer concerns about data protection, and vice versa. How will you know which is which?
One day, city street lighting everywhere will brighten or dim automatically at night, according to the number of people on the street or the amount of traffic passing by. The technology already exists to do this in the form of autonomous local networks of commodity devices. Sensors send information to the lighting controllers. They can function independently of any central IT server, yet can be reprogrammed from a central management console at any time. If all of this says “business continuity” to you, you’re right. The potential BC applications for this kind of resilient network are myriad.
In the old days, there was a physical cable running from A to B. One server ran just one application. Auditors could see the boundaries and could assess IT security accordingly. But today, matters have changed considerably. The virtualisation of X applications over Y servers, and the use of the cloud make it impossible to see physically what is going on. IT installations must still be audited for quality and risk, but many auditors do not fully understand the new virtual computing models. Some auditor education may be in order.
When an IT server goes down because its hard disk crashes, the effect is noticeable immediately. People go to their “panic stations” (or rather, their designated disaster recovery roles!) to contain and repair the damage, so that there is no lasting, significant impact on the organisation. This kind of event is sudden and unpredictable, even if it can be taken into account in disaster recovery planning. Good DR management, however, also looks at longer-term measures to reduce probabilities and impacts over time, as well as tackling day-to-day requirements.
In the go-go years of the Internet start-ups, “ready-fire-aim” was a popular model. The idea was that things were moving so fast that trying to plan everything out first meant your target had morphed into something different by the time you were ready to act. This was a big change from the “check it, check it and check it again” approach of many traditional organisations. After many start-ups crashed and burned, it became clear that “ready-fire-aim” was no guarantee of business continuity. However, the pace of business has still increased significantly since the turn of the century. Is the “check-it-again” approach to business continuity still realistic?
Unsuspecting and easy to attack – users of public Wi-Fi spots are a hacker’s dream target. Cybercriminals don’t wear cat-burglar masks and striped t-shirts, so it may not be easy to see them. On the other hand, the smart user of a free Wi-Fi hotspot knows that he or she should assume that hackers are lying virtually in wait. The terrain can vary: coffee shops, airports, restaurants, libraries, bookstores, fast food outlets and even schools can all be dangerous. Unfortunately, statistics show that users in general, consumer or business, have a lot to learn if they want to bring their risk back down to reasonable levels.
Printers print. By definition, that is their function. Wads of printed paper, transparencies, continuous feed printouts, presentations stapled together, and so on. Many people are aware of the security risks of leaving printouts lying around, or throwing them out without shredding them. Thirty or forty years, tales of hackers going through refuse were rife. Now however, it is not the printout that is the security problem, but the printer itself. As the rest of IT has been getting smarter (meaning more processors, memory and software), so have printers. One problem is that we haven’t noticed it. Another one, it seems, is that vendors while ramping up printer intelligence have omitted to increase security accordingly.
Every now and again, a new theory of enterprise success appears. Business agility is one example, applying ideas drawn from agility in projects and industries like software development. To reap the benefits of the business version of agility, organisations should apparently operate at the “edge of chaos”. In this region, so the theory goes, the organisation is balanced between forces of change and constraints that work against change. The organisation is then “perturbed” enough to innovate and succeed. With this kind of vocabulary, how does business continuity fit in?
Mobile computing devices used to be the challenge for many enterprises. IT departments found themselves tugged in several different directions at once. Employees insisted on using their tablets and smartphones to access company applications, while security officers threw up their hands in horror at the idea of unknown and uncontrollable devices having a way in to corporate data. Judging from statistics from a survey earlier in 2015 by BYOD security solutions provider SOTI Inc., security officers are right in their misgivings. Mobile device usage puts enterprises at risk, whether through sloppy networking or data storage practices or other. Yet what if the bigger security risk was now no longer in your pocket, but strapped to your wrist?
Could you imagine doing business without the Internet today? From ecommerce to online CRM, and from social networks to cloud disaster recovery, the Internet has been grafted onto most existing businesses and is built into the DNA of new ones. That, of course, means the Internet that most people know, the one with Facebook, Amazon Web Services, Salesforce, Gmail and Microsoft Office 365. There is however another part of the Internet that remains hidden to anybody using a “normal” browser like Chrome, Edge, Firefox or IE. Also known as the Tor Network, it includes about 50,000 websites that live in a cyber business space all of their own. Is this a new commercial opportunity – or a security nightmare you should avoid like the plague?
The world is a dangerous place and a simple firewall just won’t cut it when it comes to this generations highly advanced weaponry, the weapon of knowledge, the knowledge you have turned against you. Warfare is no longer only on the battlefield but on the Internet where anyone with some knowledge of hacking becomes a threat to the existence of your company. With the power to infiltrate and steal sensitive data, it’s time for us to take a stand, time for us to put up our defences and prevent further intrusions from occurring.
To many companies and their IT departments, hyperconvergence in IT systems looks like a blast from the past. It moves storage back to individual machines, whereas recent efforts have been focused on dissociating storage from separate services, and bundling it all up in storage area networks and the like. However, hyperconvergers (what else would you call them?) put their concept forward as a better way to handle business and IT requirements in general, and business continuity in particular. Indeed, with one or two additional items (see below), there is a case to be made for hyperconvergence helping BC in both the short term and the long term.
Natural disasters like earthquakes and floods may be less frequent than a computer hard disk crash, but their total impact is orders of magnitude greater. So far, construction techniques for buildings to mitigate the effects of tremors have been centred on the appropriate choice of materials or isolation systems looking like giant shock absorbers. These solutions can help individuals and organisations to get through various seismic events, although they do not stop all of the shaking. Sensitive systems, IT servers included, could still therefore be at risk. Now a new approach promises not just the reduction, but also the elimination of such effects.
They last a lifetime and they never change. Fingerprints, irises and even gaits (as in walking) are immutable, if you discount the use of surgery. That is what makes them such reliable identifiers and the basis of different biometric security systems. From science fiction and spy films, we now have smartphones (iPhones for example) that have integrated fingerprint recognition. Users no longer have to remember or reset those ID/PIN combinations. Yet recently, hackers recently stole a file with 5.6 million fingerprints of US government employees. And of course, unlike ID/PIN combinations, those fingerprints cannot be reset. Now what?