Janco Associates, Inc.

Hurrican Earl will test many Disaster Recovery and Business Continuity Plans

Webmaster — Tue, 31 Aug 2010 10:32:19 -0600

When Hurricane Earl, now a major hurricane, hits the East Coast of the U.S. later this week many enterprises will find that their Business continuity plans were not adequately tested.

Critical data centers, with backup generators, facilities and fuel supplies, are now built to continue operating during storms. The same can't be said for the computing setups that telecommuters maintain in their homes, and they may be put to the test this year.

Disaster Planning Base for Business Continuity

Last year there were only three hurricanes in U.S. waters last year, and none of them brought hurricane force winds over land in this country. In 2009, there were an average of 236 power outages a month in the U.S. Through July of 2010, the average had increased to 273 a month.

The need for teleworkers to be self-sufficient (and less dependent on coffee shops and local libraries for wireless access) is growing. In a report released last month, the Metropolitan Washington Council of Governments estimated that there as may be as many as 600,000 workers, or about 25% of the region's workforce, who telework at least one day a week. The council also discovered, via a telephone survey of more than 6,000 area workers, that the number of teleworkers could rise by 500,000 over the next few years.

When blizzards early this year prompted a multiday shutdown of federal offices, many federal employees rose to the challenge and continued to work, making good use of telework and other work flexibilities. The question is will Hurricane Earl be as easy on existing Disaster Recovery and Business Continuity Plans.

Cloud computing capacity planning is complex

Webmaster — Wed, 25 Aug 2010 12:02:41 -0600

The cloud computing model reduces the need for capacity planning at an application level. An application can simply request resources from the cloud and obtain them in less than an hour in accordance with dynamic demand. Thus, it is far less important to correctly predict the capacity requirements for an application than it is in traditional data centers, for which as many as six months might be needed to order and install hardware dedicated to the application.

On the other hand, virtualization makes it harder and more important to plan capacity from the data centers perspective. In the past, data center managers could use the projections from applications, take into account the hardware on order, and thus avoid having to dynamically adjust the capacity of deployed hardware. Traditionally, a data center would just need to make sure that it had the capability to support the hardware planned by individual applications. In a cloud environment, however, many different applications will be installed. It becomes the data center managers responsibility to predict the average or total resource requirement of all the applications and to order enough hardware in advance independently of the input from application owners.

The basis for capacity planning, then, lies in monitoring existing usage and keeping track over historical time periods. Long-term trends can be projected based on previous activity and adjusted without any knowledge of business plans. In a data center-driven cloud, typical capacity planning techniques can be applied for the most part. Since clouds use virtualized resources that share the same physical resources, this makes capacity planning somewhat more complex. In contrast, the capacity planning does not need to consider each individual application, and can simply track and project the overall summation of all applications on the cloud.

Cloud computing gone wrong

Webmaster — Mon, 23 Aug 2010 16:00:41 -0600

A leading software company in the application development and governance market, made headlines in 2008 when it decided to migrate all of their 600 employees from Microsoft Exchange to Google Apps. After months of user dissatisfaction, content loss and poor support, the company decided to make a full migration off of Google Apps to Microsoft's Business Productivity Online Suite. Since then, user confidence has returned, IT has once again become a trusted partner, and the company can increase their focus on their core business.

The Practical Guided for Cloud Outsourcing Template includes -- Sample Cloud Outsourcing Contract along with a Service Level Agreement and other tools to facilitate the cloud outsourcing process. The template includes Janco's exclusive Business and IT Impact Questionnaire.

The template is delivered electronically in WORD and/or PDF format. Included are two 3 page t job descriptions - Cloud Application Manager and Cloud Computing Architect. Sarbanes-Oxley issues are addressed directly, alond with an ISO 27001 and ISO 27002 audit program.

Google Desktop is in a World of Hurt

Webmaster — Wed, 18 Aug 2010 09:27:46 -0600

Janco has just released its Browser and Operating System Market Share White Paper. The study shows that in the last 12 months Microsoft's browser market share has continued to erode Microsoft lost over 4% in the last 12 months; Firefox's market share is unchanged for the last 12 months; and Google Desktop and Chrome now have just under 6%. On the operating systems side, Windows 7 is being accepted at a pace is parallel to the way Window XP was in the 90's. The CEO of Janco Associates, Victor Janulaitis said, "The last six months have been a mixed bag for Microsoft. Their browser market share has fallen to level that they back in 1998 with no end in sight. At the same time Windows 7 now has 17% of the OS market in less than 13 months since its availability."

Google Desktop is going the way of Netscape

Google Desktop has not taken off as the emphasis seems to be on Chrome. Based on these trends we belive that unless Google places more emphasis on Desktop, in short order Desktop will no longer be a force in browser market.

Security Breach Impacts 3,000 Bank Accounts

Webmaster — Fri, 13 Aug 2010 13:27:16 -0600

Consumers and businesses in Great Britain have lost more than $1 million so far this summer from a Trojan that is infecting their computers, prompting them to log into their bank accounts, and then is surreptitiously transferring money to scammers in other countries.

About 3,000 bank accounts were found to be compromised at one financial institution, which was not identified, according to a white paper released by M86 Security.

The multilevel scheme uses a combination of a new version of the Zeus keylogger and password stealer Trojan, which targets Windows-based computers and runs on major browsers, and exploit toolkits to get around anti-fraud systems used at bank Web sites, the report found.

Bank sites that offer two-factor authentication, such as one-time passcodes and ID tokens, are ineffective because the malware has taken over the browser after the victim has logged into the banking site.

Layers of Disaster Recovery Defined

Webmaster — Mon, 09 Aug 2010 07:42:04 -0600

Business continuity can mean success or failure if data and applications on a production server are lost. Disaster recovery planning ensures organizations have the capability to continue essential functions across a wide range of situations that could disrupt normal operations. However, traditional data protection strategies focus on just the data and not the application. Read this white paper for a discussion on how layers of protection not only mitigate the risk of data loss, but also maintain the health and uptime of systems and applications.

Security is poor at many companies

Webmaster — Mon, 02 Aug 2010 16:56:15 -0600

Social engineering hackers -- people who trick employees into doing and saying things that they shouldn't -- took their best shot at the Fortune 500 during a contest at Defcon and showed how easy it is to get people to talk, if only you tell the right lie.

Contestants got IT staffers at major corporations, including Microsoft, Cisco Systems, Apple, and Shell, to give up all sorts of information that could be used in a computer attack, including what browser and version number they were using (the first two companies called were using IE6), what software they use to open pdf documents, their operating system and service pack number, their mail client, the antivirus software they use, and even the name of their local wireless network.

Basics for business continuity planning

Webmaster — Sat, 31 Jul 2010 15:51:32 -0600

(IBM) - Planning for inevitable disruptions requires an understanding of the essentials of each of these five elements:

Keep people busy with business as usual - Planning for employees, business partners and customers makes up the most critical aspect of business recovery planning. Depending on the nature of the outage, you may need to figure out how and where people can continue working. For a brief period of time, everyone may need to work remotely, but youll need to have these contingency plans ready, along with automatic notification to tell employees to work at home.
Make accommodations for facilities - Facilities make up an important part of business recovery planning. According to the U.S. National Fire Protection Agency, 35 percent of businesses that experience a major fire are out of business within three years. So, if having everyone work at home is not the best option for your business, recovery vendors can provide interim workplaces such as prefabricated mobile offices or buildings designed specifically for use in times of crisis.
Secure information before the storm hits - Data can make or break a business - According to the U.S. National Archives and Records Administration, 80 percent of companies without well-conceived data protection and recovery strategies go out of business within two years of a major disaster. Backup tape and storage testing services can help ensure that critical data will be available after a major outage. Ideally backups should be performed offsite, preferably at a facility far away from everyday operations. The best way to protect the information for a small business is to use a remote data backup facility, which actually transmits the data either overnight or at scheduled times to a remote site where it is stored.
Prepare alternate networking routes - Can you keep networks open - or restore them quickly? What happens if you don't have local area network (LAN) or wide area network (WAN) connectivity for an extended period of time? Or phone connections and e-mail? In the worst-case scenario, your business may not have access to any of these vital services. LAN and WAN contingency plans can include services such as remote data access so critical information can be managed and administered from any location. A failover system for e-mail is also highly recommended by Sirota, who notes that keeping in touch with partners and customers can make all the difference in remaining in business. These solutions can be activated in seconds, but keep in mind that these systems need to be in place prior to an outage.
Keep technology up-to-date and aligned with recovery plans Keep tabs on how technology is applied within your organization - This can be as simple as making sure a security patch has been correctly applied. Otherwise, recovery plans can be easily derailed when new software and hardware is added or upgraded without testing the potential consequences of changes to business technology. That's why experts recommend routine system checkups, as well as longer-term business continuity and resilience planning services. Resilience is the ability to take a blow and keep on going.

Social networking policy is a must

Webmaster — Mon, 26 Jul 2010 11:14:11 -0600

Social networks are about radically transforming the traditional battlefield of marketing and PR. Your social networking policy, in turn, is the rule book that defines the guidelines used to wage and win this war of the new media. While beginners new to the scene might mistake the presence of a policy for social networking as nothing more than a protective mechanism, the truth is that it exists not to limit but really to liberate participants.

Applied properly, the strategic use of social networks will allow a David to outmaneuver and outrun Goliaths, or for heavyweights to propel their reputation and brand awareness to greater heights. As social media gurus have said, The unique characteristics of disembodied identities in the virtual world can radically transform rules that traditionally govern social groups.

This is evidenced in the way large corporations are hiring digital or social media managers, or incorporating such roles into the primary job responsibilities of existing PR or marketing executives. As companies strive to cash in the rewards of successfully engaging social media, guidelines are required to formalize a company's strategy in this new, uncharted terrain. In addition, there is a need to recognize and protect social media practitioners within the company.

Taken together, it is clear that there is a need to craft a proper social networking policy so as to maintain a degree of consistency in your organization's engagement of social media. So what does a social networking policy consist of? The quick answer might be to point you toward a sample of a simple social networking policy on www.e-janco.com.

Focus of CIOs shifting

Webmaster — Sat, 24 Jul 2010 13:31:05 -0600

As the economy moves towards recovery, CIOs need to develop new strategies to be successful in the every changing business environment. This new strategy need to be structured around the following business imperatives.

Technology solutions need to be flexible and focused on IT Service Management and Service Oriented Architecture. Businesses must be able to respond to opportunities and challenges faster than ever before. Businesses are battling other well-resourced organizations that may be based where the opportunity originated, lower cost market, or another company that is reaching out for new opportunities. In order to compete, businesses have to be able to rapidly deliver products or service as good, or better, than that of any other company.
Complexity should be avoided - infrastructure is key. Simplicity has always been rewarded, as the scope of technology increased this has led to increased complexity and risk. While per unit costs of technology typically are decreasing, in aggregate IT and technology cost are increasing. With the pressure on IT to act less as a cost center and more as a way to increase the profitability of business units, just adding more storage, more bandwidth, or additional technologies throughout the organization is no longer viable. Instead, successful CIOs are investing in technologies like continuous data protection, virtualization, and wireless connectivity to help IT slim down its footprint while increasing their businesss competitive advantages.
Mandated requirements have moved security to be a top priority. With the growing importance of digital applications and data, the sources of threats to enterprise data have multiplied dramatically. Everything from natural disasters to criminals to corrupt sources within the company might try to steal or corrupt data. While businesses do everything that they can to stop these threats in the first place, they still must be prepared to recover from these threats as quickly as possible.
Business Continuity and Disaster Recovery plans are no longer optional. As businesses have expanded the need for anytime, anywhere application access has become a requirement. At the same time, global 24/7 operations have shrinking maintenance windows and a need for applications to be running at all times. Delay or loss of data for any reason system failure, natural disasters has a domino-like effect across the entire organization, at any time of the day or night.