To customers, the cloud often seems like an ideally flexible application and data storage solution. On the other hand, starting as a cloud provider often requires very deep pockets. As a result, not every provider stays the course. And if under-capitalisation doesn’t kill a provider off, there is always the danger of a marketing failure that persuades backers to pull the plug. The irony of the situation is that many customers want to make their cloud provider a strategic part of their disaster planning. However, customers must then also extend their plan to include the possibility that the provider itself is the disaster.
If you haven’t yet met cross site scripting or XSS for short, it’s probably only a matter of time. And if your enterprise is running a web site that allows users to enter data, for example as search terms, consider XSS as a threat to be tackled now, not later. The short version of what XSS does is this: it uses vulnerabilities in a web application (such as a dynamic website) to let an attacker send malicious content via the application to another end-user victim. What can web application owners do to stop it?
Online giant Google raised eyebrows recently when it stated that it was starting up two billion containers a week in its computing infrastructure. But the type of containers the company was talking about were logical instances inside its computers, not the mammoth steel boxes that are shipped by truck, rail and ship. Google’s containers are its solution to an issue concerning conventional server virtualisation, which involves more overhead than the provider is prepared to accept. A new development in IT, its new ‘lightweight virtualisation’ may be attractive to other organisations too. Yet, in certain circumstances, a real steel container may also hold the solution for business continuity.
Would you put all your investment into shares in just one company? Or into just one piece of property? Or even just into gold? While people are free to put their money where they please, many financial investors have identified diversification of investment as a better solution. Similarly, in business continuity the right mix of safer measures with lower returns and more innovative strategies with higher returns can optimise resilience without requiring unduly heavy expenditure (which in itself could threaten business continuity). This portfolio approach requires a certain attitude and tools, but can pay dividends.
Efforts continue in order to stop the spread of the Ebola outbreak and find vaccines to defeat the virus. However, businesses need to be prepared in more ways than one. Although the risk is considered low that a widespread Ebola infection would occur outside West African countries, the potential consequences could be catastrophic and deadly. Like other epidemics that became pandemics, precautions against Ebola can start with common sense instructions to prevent infection and to react appropriately if it is detected. But they cannot end there. Organisations must make sure that additional protection is in place both for their employees and their business activities.
In theory, BCM and ERM should get along just fine. ERM or enterprise risk management is concerned with identifying both positive and negative risk for an organisation – or opportunities as well as threats, if you prefer. Business continuity management is about keeping a business in operation in the face of adversity. It’s also about enhancing the value and profitability of operations, thanks to a better corporate image towards customers, banks, insurers and the like. Effective BCM depends on good risk analysis of the kind that ERM is designed to do. With selection of ERM software tools to automate risk management, how can organisations find out if there’s one that’s right for them?
The bulk of the iceberg is hidden below the waterline where it lurks, ready to sink large entities like the Titanic and corporations. One of the most recent news items about data security ‘icebergs’ involves incorrectly configured web servers located in a number of prominent organisations. The systems at risk were identified by ethical hacking. The method was to search Google for a word combination that would indicate that the system in question was not configured correctly. US consultant Bryan Seely claimed to have pinpointed 25,000 websites in this way, corresponding to between 400 and 500 business entities. But there’s more than just one dimension to a data security iceberg.
As efforts to contain and eliminate the current Ebola outbreak in West Africa continue, countries around the world are making preparations to be ready in case the virus arrives. The Australian government is also making plans to deal with such an event. Ebola already exists in Australia – but fortunately (so far) only as the subject of research in the high security Australian Animal Health and Research Centre in Geelong to develop a vaccine. But how does Australian preparedness compare with that if other countries? And what would happen if Ebola cases were declared in Australia in the way they have already occurred in Spain and in the United States?
Guerrilla warfare, guerrilla marketing, guerrilla negotiating – if all these things can benefit from a ‘guerrilla’ point of view, how about business continuity management? The basic concept is to get bigger results from a smaller amount of resources, possibly supplemented by some lateral thinking. Guerrilla soldiers don’t have the big guns and tanks of their adversaries. Guerrilla marketers don’t have the big television and print budgets of their competitors. And guerrilla negotiators learn to think around business deals to turn losing propositions into winning ones. Guerrilla business continuity management can draw on each of these areas to help BCM move forward.
In disaster recovery, technology is often a neutral element – neither good nor bad, in itself. Some technologies are better suited to specific needs or offer relative improvements to existing solutions. What determines whether an organisation benefits or suffers is the application of technology. When it is used unthinkingly and incorrectly, the horror stories start. Worse still, many technology-related disaster recovery failures are repeats of catastrophes that were already happening decades ago. What have we learnt since then – or what should we have learned?
How does a business cope with regulations that, when piled on top of each other, are ‘three Eiffel Towers high’? That’s the future for the financial industry, according to a recent report from financial regulations consultancy JWG and its forecast for the situation in 2020. But regulatory risk is also growing in many sectors. New legislation is swinging into play relating to developments unforeseen five years ago. Should organisations simply chase ever-evolving and expanding regulations to try to remain conformant? Or is there an opportunity here, disguised as a problem?
The Ebola outbreak in West Africa is taking a horrific toll in human lives on a scale that is unprecedented. It is also happening in a place that makes the whole rescue process an order of magnitude more difficult. Besides trying to save those already infected, aid workers must cope with the fact that the disease moves more easily outwards than medical supplies and vaccines can be brought inwards. The gradual improvement of logistics and transport in the region over the last few decades is having a perverse effect. It is encouraging the spread of infection, but hindering measures to eliminate it. How can this be?
The world turns and things change – and that includes computer hacker approaches too. The immediate threats of malware and cybercriminals are relatively well-known. Phishing emails are designed to get you to click right away on a hacker’s link. Worms burrow through systems, always on the go. Viruses in that free software you should not have downloaded replicate and ravage. But now there’s a new menace with a different approach. Instead of attacking your system now, some hackers are making themselves at home for the longer term. They enter by stealth and lie low. Then they start to use your computers – just like they were their own computers. Welcome to the Advanced Persistent Threat or APT for short.
With the deaths of more than 4,000 people and an estimated 8,000 cases (at this time), the Ebola epidemic has affected three West African countries in particular. But Ebola could also spread to become a pandemic without geographical limitation. There are three key questions to be answered:
The times, they are a-changing. Mobile computing devices not to mention BYOD and a millennial attitude mean that a substantial number of employees in enterprises now do their work away from their desks. Whether at home, in a bus, train or plane, or in their favourite coffee-shop, if there’s a Wi-Fi connection available, there’s a potential workspace in the making. But naturally enough, all this may then escape the control of the enterprise or at least partially so. For instance, how can companies then implement effective work area recovery for such nomadic workers in the event of an IT incident?