OpsCentre - Gold partners with Continuity Forum

Find us on LinkedIn

Find us on Facebook

Follow us on Twitter


The Pesky Human Factor in Password Resets and IT Security

February 26th, 2015

Forgot your password? Call in-house IT support. They’ll ask you a couple of questions to verify your identity (maybe your date of birth, your favourite colour). Then they’ll reset your password and tell you what it is so that you can go and do that work that’s been piling up. Or so that you can break into that user’s account and from there into more databases and servers – because you weren’t a panicked user at all, but a hacker successfully masquerading as one. What’s the answer to this IT security risk? Harder questions? Passwords that are easier to remember? Or simply taking something out of the equation that shouldn’t have been in there in the first place?

Read the rest of this entry »

The Importance of Unified Communications in Emergency Situations

February 24th, 2015

Picture this. A main water pipe bursts and water begins to flood the warehouse, which is also where you happen to be, smartphone in pocket. To avert serious damage and downtime, you need to find the cut-off valve – quickly. At this point, two scenarios are possible. First scenario: you try to find out who can help by calling reception and trying to note the names they suggest and the phone numbers. Second scenario: you access a directory of resources directly from your smartphone, call the person concerned and turn the call into a video call from that person’s desktop so that you can be remotely guided to where the cut-off valve is and how to shut it. How do you get from scenario one to scenario two?

Read the rest of this entry »

Do You Need a CRO for Your Business Continuity, or a CRO, or Both?

February 19th, 2015

No, there is no typo in the title. In today’s C-level world, CRO can stand for Chief Risk Officer, but can also mean Chief Reputation Officer. By definition, the Chief Risk Officer looks after the governance of significant risks (both menaces and opportunities). The Chief Reputation Officer supervises the management of an organisation’s reputation, brand and communications. Looking after risks and reputation are both vital functions for organisations. The question is whether specific job functions are to be created for one or both of them. The definitive answer will depend on different factors.

Read the rest of this entry »

Hacking Yourself to Find Holes in IT Security Before Others Do

February 17th, 2015

The more IT pervades businesses, the more IT-based tools hackers have to exploit vulnerabilities. If you want your company to stay safe, you may need to ‘attack’ yourself to find out where the weak points are and fix them to prevent others from breaking in. The following list of hacker tools and techniques will give you an idea of the range of resources readily available over the Internet. Remember also that hackers may be plying their trade every day of the week. By comparison, some organisations may not have the time to run checks more once or twice a month. If you’re strapped for internal resources, consider other options like third party services to check or boost security.

Read the rest of this entry »

When Automated Business Continuity Breaks Down

February 12th, 2015

Computers are typically robust and reliable. When it comes to doing the same thing over and over again at scheduled times, they leave human beings far behind. That makes IT automation an attractive proposition for many business continuity routines or processes. Where people might forget or botch a data entry because of the monotony of a task, computers remain unaffected. They will check the status of all your branch servers every hour on the hour without fail. They will monitor manufacturing stocks and supply chains and send alerts when any out of bounds situation occurs. What could ever go wrong? Two things at least that human beings still have to help computers sort out.

Read the rest of this entry »

What is Virtual Machine Side Channel Analysis and Why Should You Care?

February 10th, 2015

Here’s the quick version. Hackers operating in the same cloud server hardware as you can steal your encryption keys and run off with your data/bank codes/customers/company (strike out items that do not apply – if any). Yes, behind that mouthful of a title is a scary prospect indeed. Until recently, this kind of cloud-side hacking possibility had been discussed but not observed. Now a team of computer scientists have managed to recover a private key used by one virtual machine by spying on it using another virtual machine. Therefore a hacker could conceivably do the same to your VM from another VM running on the same server. How worried should you be?

Read the rest of this entry »

Here’s Your New IT Project. It’s Called “2015”. Start Planning!

February 5th, 2015

As seasoned IT professionals and business continuity managers, you’ve probably already done a good few projects. Typically, you start by thinking about what you need to get done and then map out the activities to see how long it will take. Here’s a slight different take on the subject. We start with a fixed time period (12 months) and look at project or process-oriented activities that can help you make the most of it. By planning ahead for the right milestones and routines, you can also contribute to a higher-performance, more robust IT department with less (or no) service outages.

Read the rest of this entry »

Sandy, Sony and What Else Does It Take to Companies to Fix Their Business Continuity?

February 3rd, 2015

“You’ll be sorry if it happens!” The problem is that until it does happen, it’s often hypothetical and even unimaginable. And yet it happens. Hurricane Sandy in 2012 caught a large part of the United States unawares. And who would have thought that Sony Pictures Entertainment would have been hacked and exposed to the extent of the November 2014 attack? Real disasters (other people’s disasters) can however provide leverage for business continuity managers to get their own senior management to take BC more seriously. Here’s a quick list of things to check before you state your case to the boss(es).

Read the rest of this entry »

Men in Black, Flooding and How Farms and Factories Can Learn from Each Other

January 29th, 2015

Agriculture and animal farming in particular have as much a need for business continuity as any other sector. Animal farmers deal with larger volumes of cattle, sheep or other livestock, whereas factories or other non-agricultural businesses are usually more concerned with teams or departments staffed by people. Yet when it comes to preparing for and dealing with natural disasters, these different types of enterprise may have more in common than you thought. The following quote from the film ‘Men in Black’ gives a hint about what’s going on.

Read the rest of this entry »

What Are Your Disaster Recovery Options if Your Data Storage Fails?

January 27th, 2015

The answer to this question depends on how fast you want your data back and how much time and effort you are prepared to spend. If your data is both mission and time critical, then full, frequent backups possibly with mirrored systems for immediate restore or failover may be the only solution. Financial trading organisations, large volume e-commerce sites and hospital emergency wards are examples. Other users who do not want to or cannot go down this route will be faced with more basic options.

Read the rest of this entry »

Putting the Cloud inside Your Company Firewall

January 22nd, 2015

Some enterprises are attracted by the potential advantages of the cloud for disaster recovery and business continuity. However, they fear the possibility of information being spied on, stolen or hacked after it leaves their own physical premises. A little lateral thinking suggests another possible solution. Instead of moving outside a company firewall to use cloud possibilities, how about implementing cloud functionality inside the firewall? A number of vendors now offer private cloud solutions and they have some customers whose identity may surprise you.

Read the rest of this entry »

When a Government Deliberately Stores Data Outside the Country

January 20th, 2015

As cloud computing develops and providers multiply their data centres, physical location of data has become an important issue for many organisations. Their goal has often been to prevent storage of confidential data outside their national boundaries. The risk of a data breach is considered to be too great, especially in the wake of the Snowden revelations and CSA snooping saga. In some industries such as medical or financial, regulations may simply prohibit the use of data storage facilities abroad. Yet one national government is taking the opposite approach and making foreign facilities a part of its disaster recovery plan.

Read the rest of this entry »

Are Company Boards Taking Risk Management Seriously?

January 15th, 2015

All business in a competitive market is risk-based, whether or not enterprises admit it. Positive risk indicates opportunities. Negative risk points to the need to take measures to avoid, transfer or mitigate that risk. Banks are a case in point, with risk analysis at the heart of their daily activities as they continually calculate the probabilities of profitability in investments and loans. For enterprises in other sectors, risk may be less in the spotlight, but no less important. All companies need good disaster recovery and business continuity management for instance. Both depend on properly assessing risks and their impact. So how can you tell if senior management is taking risk management seriously?

Read the rest of this entry »

Disaster Recovery and the Darker Side of the ‘Undo’ Function

January 13th, 2015

There are times when you wish you could undo what you just did. Sometimes, you can’t. Financial investments, office reorganisations and even that too-hasty email you sent often cannot simply be reversed. With IT on the other hand, it’s a different story. From individual PCs to corporate data centres, the ‘Undo’ function has become a standard feature of many computing systems for making errors and problems disappear. As little as one mouse click may be enough to turn back the hands of time and begin again as though a mistake had never been made. But is this disaster recovery capability the magical solution it is often made out to be?

Read the rest of this entry »

What’s Stopping People from Defining Their Own Recovery Objectives?

January 6th, 2015

People who manage a functional department or a business process may find it tough to set recovery objectives for what they manage so devotedly, day in and day out. That does not necessarily mean that they are not objective. Instead, they may not know how critical their part of the business is to the rest of the organisation. Without a measuring stick, they cannot confidently make recommendations or requests about suitable recovery times. So when the next business continuity planning moment comes along, BC managers may find that they have some handholding and educating to do to bring different organisational units up to speed.

Read the rest of this entry »