Summer time is Coming to an Finish – That Must Mean It’s DRJ Fall World

I wish I could tell you that my summer was spent vacationing
in some exotic location without internet access; or I was deep in remote third
world countries performing humanitarian work for international charities; or
that I won the lottery and was out spending my new found fortunes ­ ­­- but, I
can’t.  Instead, being a consultant who
has to work when the work is available, I spent my summer busy with delivering
client projects.

For me, that is a hopeful sign.  This bares hope of a sign that the economy is
picking up and companies are now able to support projects, such as business
continuity planning, that are often deemed deferrable during down-times.  This bares hope that budgets are starting to
allow for monies to invest in consulting assistance for projects, such as
disaster recovery planning, where the in-house expertise is lacking.  And, this bares hope that companies are
starting to put more emphasis on and giving more attention to business
continuity planning and related topics.

But, the end of summer vacations, the start of school,
football season kicking off in the United States are all signs of the calendar
changing to Fall.  And, in our profession,
that means DRJ Fall World.  I am happy to
report that I am typing up this blog page from my hotel room at the San Diego
Sheraton Hotel and Resort at DRJ Fall World 2012.  It is Monday afternoon and we are off to a
tremendous start.

Yesterday, Sunday, was full of tremendous Workshop Sessions,
a welcoming reception and product demonstrations.  Today, Monday, kicked-off with 3 very
informative and entertaining General Sessions and the opening of the Exhibit
Hall full of vendors and service providers ready and willing to educate you on
their products and services designed to assist in the strengthening and
expanding of your business continuity, disaster recovery, crisis management and
emergency response programs.

I have already passed out and collected numerous business
cards – the real value-gain at these conferences – and have made a number of
new acquaintances and new friends … and it IS ONLY MONDAY.

I am looking forward to the breakout sessions this afternoon
and two more action packed days of DRJ Fall World lying in front of me.  This DRJ conference marks the 47
th
Conference put on by the DRJ and they just keep getting better.  That is mostly because the attendees are
getting more experienced and are able to drive the topics discussed to deeper
and more complex levels of challenges that we face in this field.

I will post a few more blogs during my time here so that you
can learn some of the stuff that I learn. 
And, if you happen to be here – come up and say, “Hi” – it would be a
pleasure to meet you, as well.

But, now – I have those breakout sessions to get to, so, I
will see you later.

Three Trends in IT Disaster Recovery

Disaster recovery is constantly being influenced by trends in the IT industry.  These trends are forcing businesses to reevaluate how they plan, test, and execute their disaster recovery plans.  The following are a few IT trends and how they are affecting the disaster recovery strategies for businesses in every industry.

Cloud Services:  As the cloud computing industry grows and businesses adopt more cloud services, they are realizing that the cloud can become part of their disaster recovery plan.  Instead of buying resources in case of a disaster, cloud computing allows companies to pay for long-term data storage on a pay-per-use basis, and therefore only pay for servers if they have a need to run them for a disaster or test.  Cloud-based disaster recovery gives businesses the potential for a lower cost, faster, and more flexible recovery solution for backing up their data.

Virtualization:  Server virtualization has become a key component of the disaster recovery plan for many businesses because it enables greater flexibility with computing resources.  Virtualization allows businesses to create an image of an entire data center that can be quickly activated when needed, giving companies a faster recovery time at a relatively low cost.

Mobile Connectivity:  In terms of disaster recovery, the growing use of mobile devices in the workplace facilitates business continuity when disaster strikes because mobile devices give people the ability to work remotely and maintain communication in the event of a disaster.  This keeps business operations functioning and minimizes downtime.

Because natural disasters such as hurricanes, floods, fires, earthquakes, and snow storms can put a business out of commission for a while, it is important to have an efficient, low cost, reliable disaster recovery plan in place.  IT managers should consider how these trends in the industry can be best leveraged to improve disaster recovery strategies.  

Atlantic.Net has been recognized throughout the world by disaster recovery hosting professionals and has been chosen by the Disaster Recovery Journal as their official data center!

 

Insurance for Independent Consultants

Since 2002, my S-Corporation carried “Errors and Omissions” or Professional Insurance coverage. As an independent BCP/DR consultant, are you adequately insured? In 2008, my insurance carrier expanded coverage (known as the Bell endorsement) to include insurance for several crisis and emergency conditions that might create a business loss and hence a claim. The items covered may be of interest to you. They were not available in all states.

 

As an independent BCP/DR consultant, do you have the following coverage?

$ 25,000 Identity Theft Expense – coverage which reimburses the expenses of any director or officer who becomes a victim of an incident of identity theft;

$ 25,000 Terrorism Travel Reimbursement – which covers any director or officer for emergency travel expenses that he or she incurs in the event of a “certified act of terrorism”;

$ 25,000 Emergency Real Estate Consulting Fee – coverage for realtor’s fee or real estate consultant’s fee necessitated by the insured’s need to relocate due to the “Unforeseeable destruction” of the insured’s principal location;

$ 25,000 Temporary Meeting Space Requirement – coverage for rental of meeting space which is necessitated by the temporary unavailability of the insured’s primary office space due to the failure of a climate control system, or leakage of a hot water heater;

$ 25,000 Workplace Violence Counseling – in the event that a violent incident occurs at any of the insured’s premises;

$ 50,000 Kidnap Expense – coverage for reasonable fees incurred as a result of the kidnapping of a Director of Officer or their spouse, “domestic partner”, parent or child;

$ 50,000 Key Individual Replacement Expenses – coverage for the Chief Executive Officer or Executive Director who suffers an “injury” which results in the loss of life. No deductible applies to this coverage;

$ 25,000 Image Restoration and Counseling – coverage for image restoration and counseling arising out of “Improper Acts.”

$ 25,000 Donation Assurance – coverage for “Failed Donation Claim(s)”

$ 25,000 Business Travel – coverage for Business Travel Accidental Death Benefit to the Named Insured if a Director of Officer suffers an “injury” while traveling on a common carrier for business;

The Crisis Management Endorsement included the following:

$ 25,000 Crisis Management – coverage for “crisis management emergency response expenses” incurred because of an “incident” giving rise to a “crisis.”

 

I found this additional coverage interesting. My municipalities and larger corporations require certain type of insurance coverage be carried by indendent consultants. My lawyer advised, “Don’t go to work without it.”

Haiti Revisited – Hurricane Isaac’s Unnecessary Deaths

In 2010 following the earthquake devastation in Haiti, I
became concerned about the use of tarps and similar temporary shelter materials
because of the strong possibility of a hurricane later that same year. Haitians
were spared the any serious hurricanes in 2010 and 2011, but in 2012, they were
seriously impacted by Hurricane Isaac.

What I proposed in 2010 was to use ConEx containers for
temporary shelter, feeling that they were in abundance and more durable than
tarps.  I shared my thoughts at DRJ in
Orlando with Hector Fulgencio and Cole Emerson. 
Hector was familiar with ConEx containers from his work in the shipping
industry. Cole has vast experience in disaster response.  The consensus among us was that there was
indeed a surplus of containers in the U.S. and the military could offload them
and place them using heavy lift helicoptors. This would not necessitate using
the ports in Haiti which had been seriously damaged. Since ConEx containers are
transported via the sea, there would also be no need for the damaged and
overcrowded airport.

ConEx containers have been used successfully for shelter
both by the military and by the private sector. If properly ventilated and
secured to the ground, they are far more resilient than a temporary shelter
made from a tarp.

We tried to convince American authorities to create a
partnership wherein surplus ConEx containers could be donated in an appropriate
manner to provide their donors with a tax break while providing the American government
with a way to assist earthquake victims with far more secure should a hurricane
threaten Haiti.  We found no takers.

It was an idea.  Many
ideas fail to come to fruition due to securing the necessary “clout” or “compassion”
to make them work.  We are now seeing
what might have been different if this idea had provided more secure shelter to
victims of the earthquake in Haiti.

Your thoughts?

Benefits of cPanel Cloud Server Hosting

cPanel is a Linux control panel used by many web hosting companies because not only is it one of the most intuitive control panels available, but also it is relatively cheap to use.  cPanel allows you to control and manage every aspect of your website and is compatible with Linux applications like Fedora, Mandriva, CetOS, and Redhat Enterprise Linux.  In addition, there is a plethora of plug-ins available online for this leading control panel.

The demand for cPanel on cloud computing platforms is very high due to the high amount of stability, security options, ease of deployment, speed, and wide array of features it offers.  From adding sub-domains and email accounts to installing scripts and checking bandwidth, the control and flexibility provided by cPanel is unsurpassed.

When running a heavily trafficked site, maintaining a backup may be the last thing on your mind.  That is why a major benefit of cPanel is that it allows you to regularly store backups of data, images, emails and other content on your website.

Also, the cPanel & WHM software package is a very user-friendly control panel that gives web hosts, as well as website owners, the ability to easily manage their servers and websites.  cPanel/WHM is designed with multiple administrative levels and offers different communication channels for administrators, resellers, and end users.  These multiple administrative levels provide security, ease of use, and flexibility for everyone from server administrators to email account users.

When cPanel is combined with a cloud hosting environment like Atlantic.Net’s cloud servers, the management of individual servers is simplified, allowing web hosting resellers to focus more time on their core business and less time managing their infrastructure.  Atlantic.Net’s cPanel cloud servers allow businesses to manage their web hosting and cloud computing needs in a more effective manner, while ensuring their data is regularly backed up in case of a disaster.  

Atlantic.Net will be dedicating some resources to educate business professionals with the best practices when it comes to deploying cloud servers for a 100% up-time guarantee!

Is a “Measured” Continuity Plan Excellent Sufficient??? Or Just Proper??

The goal of Measured programs is to develop a
resiliency program that is efficiently sized to mitigate risk while monitoring
critical data elements to manage risk as the business demands. Measured programs are developed and
maintained by utilizing three steps.  The
first step takes into account an organization’s current state of readiness and
resources available to them. The second step reviews industry best practices
and determines application to your organization.  The third approach requires the
implementation of program monitoring and dashboarding to provide data
intelligence for senior leadership to identify a change in the risk profile and
its potential impact to the organization. 
This data will drive actionable items to treat, transfer, terminate, or
tolerate the risks at hand.

Business Continuity Planning – Beyond the Doomsday Scenario

At a conference I recently attended there was a lot of conversation around PS-Prep which bled into the discussion of “Why get certified” or, the more generic question of, “Why perform business continuity planning?” An oft repeated answer to this question, echoed by business continuity planners around the world is, “Because without a plan you will not survive as a company.”

I think this is a disingenuous answer without any history to support it. Where exactly is the evidence of this fact? What historical data can you share with me, or the CEO you are trying to convince, that this is the case? I am confident that you can dig up cases of small companies that did not survive a disaster, but where is that story about the big guy who did not survive the disaster?

The one and only case study I can think of off the top of my head is Enron, but that was a disaster of a different kind.

Look at BP and the horrific Gulf Coast disaster – they survived. Did they have a plan in place for this? Maybe … if so, most professionals would argue against its effectiveness. Were they certified? No.

Look at Cantor Fitzgerald, the one company most widely spoke about concerning the extent of their losses during the events of 9/11. Survived. With much loss and many significant challenges, but they are still in business.

I found this article that lists 8 Infamous Business Disasters – those companies all survived – albeit some under a new name and different business model, but they did survive. Now, not all of these cases are the kinds of disasters we plan for, but I can’t find that one poster child event that proves the statement, “Without a business continuity plan, you will not stay in business.”

Now look, I am a business continuity planner. I make a living out of helping companies put these programs in place. I want … no, I NEED … CEO’s and Boards of Directors to embrace the need for these plans and to invest in professionals like me to help put them in place. But, I think we need a better sales pitch than the shallow threat of; this is needed to survive a disaster.

I don’t think we need C-level executives to buy into this all or nothing proposition with business continuity planning. No, I think that the message should be: Business continuity plans will allow us to mitigate our losses should a disaster occur. The goal is to ensure the investment we make in our plans and solutions is justified by the potential losses that could occur considering the probability that an event happens.

The losses that could occur is measured by performing a Business Impact Analysis and the probability that an event happens is measured by a Risk Analysis.

We plan because it is a reasonable business practice to protect our assets and our stakeholders against losses that could impact the market value of our company not just if, but when, a business interruption event occurs. We need to sell business continuity planning using business terms that executives can understand and stop with the doomsday scenario selling technique. At least, that’s the way I see it.

In the meantime, if you can share those stories with me that support the position companies will not survive without plans, I would love to read them. Thanks.

How to Calculate ROI from Cloud Computing

In a business world that is embracing the cloud more and more every day, it is interesting to see that, while the cloud benefits companies in several ways, these companies seldom demonstrate their advantage from the cloud in terms of ROI (return on investment).  This may be because many of the benefits from cloud computing are intangible and may not be fully realized until further down the road.  

Therefore, to calculate returns from cloud computing, a business will most likely not employ the standard ROI calculations.  Instead, the company may use one of the following ways to determine ROI from cloud computing:

  1. Rate of adaption in the market:  With the flexibility that the cloud offers in terms of quick transitioning of capabilities, businesses can adapt to ever-changing market trends and therefore improve standing against competitors in the industry.  Consequently, increased revenue may be realized due to their ability to grab market share at an improved pace.
  2. Utilization and control of resources: The scalability of cloud computing allows businesses to avoid under or over utilizing resources, which in turn ensures effective capacity utilization and the avoidance of waste.
  3. Cost of ownership:  With little to no barriers to entry and the low skill level needed to configure and use cloud infrastructure, businesses can save the money that would otherwise be used for staff training, installation, and maintenance of the infrastructure.
  4. Growth potential:  As a business in today’s world, it is important to have room for growth.  Traditionally, if a business demanded additional resources (in terms of infrastructure and IT personnel), it may have taken weeks to acquire the infrastructure and to train/transition the staff.  However, with cloud computing, resources can be scaled almost instantaneously to accommodate the growing demands of the business.

Depending on the specific needs of your business, you may calculate ROI in any one of these ways, or another.  As you can see, it may be hard to quantify the returns on cloud computing, even if the benefits are quite substantial. 

At Atlantic.Net, we want to make sure that disaster recovery professionals are aware of the best cloud hosting options available to them.  We realize that they need a solid platform designed to deliver the speed and reliability demanded by today’s businesses.  Atlantic.Net will be dedicating some resources to educate the business continuity and disaster recovery professionals with the best practices when it comes to deploying cloud servers for a 100% up-time guarantee!

For want of a nail

According to a Wall Street Journal article (see Penn
State Warned On Accreditation at http://online.wsj.com/article/SB10000872396390444318104577589174048808462.html?mod=ITP_pageone_1
), “Pennsylvania State University’s accreditation is “in
jeopardy,” one of the nation’s primary accrediting groups warned the
school, in the latest fallout from the Jerry Sandusky child-sex-abuse scandal.

The Middle States Commission on Higher Education, the
WSJ reported, “said there was ‘insufficient evidence’ that Penn State was
complying with standards related to governance and integrity, as well as
meeting financial obligations. “

Should a risk management practitioner have seen this
coming? Or is the threat just another “black swan” that no one could
have anticipated?

Does the university even HAVE a risk management
program; I’m not asking about business continuity or disaster recovery, I’m
talking about comprehensive, enterprise risk management.

Sex scandals – and the Jerry Sandusky issue is very
much a “sex scandal” – are nothing new; just ask the Roman Catholic
church. Likewise, penalties in the millions of dollars are not new.

Somewhere the school’s policies and procedures had a
loophole that apparently allowed Sandusky’s alleged crimes to go unreported to
the proper authorities. Had an experienced risk manager been privy to the
school’s P&Ps, the loophole might have been discovered and eliminated. Had
it been eliminated, most of the scandal also would have been avoided.

Once the scandal broke, an experienced risk manager –
working with university legal, PR, and administration personnel, might have
been able to mitigate some of the publicity and legal attacks.

Ellen Chaffee, a senior fellow with the Association of
Governing Boards of Universities and Colleges, told the WSJ that “the
chances of Penn State losing its accreditation are ‘extremely remote.'” 

For all that, the school’s reputation has been hurt,
it’s sports programs have been  severely
damaged, and its coffers raided.

For want of a nail.

Data Center Selection – What do I do?

“I’m a great believer that any
tool that enhances communication has profound effects in terms of how people
can learn from each other, and how they can achieve the kind of freedoms that
they’re interested in. “
Bill Gates



What a profound quote from
a visionary in the technology movement, one that paved the way to the movement
of accessing data anywhere, anytime and any way.  I’m dating myself a bit when we go back to the
days of selecting a data center just because it was nearest to where we could
do hands-on support; and where we had just enough power to manage the data plus
a few years of growth.  As remote
technology and virtual server technology became prevalent, Infrastructure
required less power and space.  Data
access allowed companies to be more agile and move their thoughts on data
center selection to enable resiliency and ease recovery. While tape backup is
still in place, the reality is having a remote data center with ease of
failover to a location geographically distant  allows recoverability to be resilient , or
have the option of basing recovery on the time it needs to be recovered and the
amount of data loss the company and customers are willing to accept.

 

So what do I look for in a
data center?

·        
Access
Control – Physical Security; locks, rack/cabinet locks, cameras, monitoring,
etc.

·        
Power,
cooling, and fire protection

·        
Growth
enablement

·        
If
insourced Hot Points away from an alternate data center (hot points = distance)

·        
If
outsourced, a plan for an alternate failover location

·        
Ability
to staff

·        
Federal
and regulatory compliance (as noted in my previous blog located here:
http://www.drj.com/user-blogs/drj-blogs/business-continuity-and-legislative-requirements.html) – this includes political
stability

·        
Requirements
based on recoverability needs through performing a business impact assessment
(as noted in my previous blog located here:
http://www.drj.com/kelly-hudson/34252-what-happens-after-the-bia.html)

·        
 Financial stability: whether you co-locate or
own the datacenter, will the datacenter be able to stay in business? Is the
market stable in the data center location?

·        
Location
stability; is this an area with frequent earthquakes or flooding, and having
the data center or a team that understands this type of algorithm on the impact
of the location

·        
Cost
of service

 

 

There are numerous other
dimensions in data center selection; especially with the growth in Cloud
technology.  I have a few questions and
would love to hear from you!

·        
What
does your checklist look like for data center selection?

·        
Are
you moving to outsourcing your data center, moving to container technology
and/or reducing your cost?

·        
Do
you know what you need for your business, and your customers?

·        
Have
you taken into consideration brand image impact on the location?