Rothstein Associates Inc. Business Survival ™ Weblog

Data backups have been a central function with data centers for a very long time. They provide the life line in the event the systems and data are destroyed at the primary data center. And, although tape as a backup media will eventually be replaced with remote vaulting and redundant SAN units, it is still the main media in use today. Therefore, we should be very careful on how data is backed up and how the tapes are handled and stored. It is not a good scenario to find out at recovery time that what you thought was there really isn’t.

Read the rest of this entry »

In the wake of recent hurricanes and tropical storms, it’s important to make sure that you have communications available following an event. Here are a dozen tips to ensure that you are able to keep in touch:

1. Have service from more than one provider; if one provider’s service is unavailable, it’s possible the other may still be operational.
2. If possible, have more than one type of mobile phone; many types are available, such as Blackberrys, Treos, iPhones, and others.
3. If you don’t want the added cost of a second mobile service provider, consider a prepaid cell phone that runs on a different network than your regular cell phone.  For example, if Verizon Wireless is your carrier, a Boost (owned by Sprint) prepaid cell phone might be a good complement.
4. Try not to bundle your home phone service, Internet and television in the same provider; if the carrier goes down you lose all those services.  Consider keeping your land phone line with a different carrier than your Internet and TV.
5. If you use digital phone service, such as IP phones, be sure to have a battery backup arrangement, as the phones will not operate without electric power.
6. Despite the desire to use cell phones as your main phone service, it might be important to keep one land line available. If traditional flat-rate service is too expensive per month, see if the carrier offers “message rate” service, which is usually cheaper per month, especially if you don’t plan to use the land line very often.
7. Ask your cell phone and land line carriers what they can offer in an emergency, what it costs, and what they will do to ensure uninterrupted service.
8. Consider texting, not calling. According to T-Mobile, text messaging “has a greater success rate in getting through the network during high-usage periods, versus voice calls.” Texting also helps free up the voice part of the phone network for emergency calls.
9. Program your mobile phones with emergency contact numbers, and add the letters “I-C-E” (for “In Case of Emergency”) next to those numbers and the names of those you would need to reach in a disaster. Do this for your children’s cell phones as well.
10. Make sure cell phone batteries are fully charged. Consider getting a second battery for each cell phone, and make sure they’re charged, as well. Buy battery chargers that work in your car (keep it in the glove box or console), as well as the ones you use at home.
11. In an emergency, have resealable plastic bags available to protect cell phones, pagers, batteries, cell phone chargers, and other devices from water and other damage.
12. If your land line has call forwarding, program that number to forward to your cell phone if you have to evacuate the area. According to AT&T, since call forwarding is based out of a telephone central office, you are more likely to receive incoming calls from your land line even if telephone service at your home is disrupted.

And one more thing to keep in mind - don’t assume that cell or wired phones are going to work! In the event of a major, regional disaster (think: Hurricane Ike). If communication is really critical, you may want to consider a satellite phone.

FatPipe Networks (Salt Lake City, UT), a developer of patented tools for WAN optimization, redundancy and security products, recently announced U.S. Patent No. 7,406,048 which protects the “tools and techniques for directing packets over multiple parallel disparate networks, based on address and other criteria.”

The firm’s invention facilitates dynamic load balancing and automatic failover of packets over multiple parallel private and public networks for high levels of WAN fault tolerance and security.  It helps companies who are utilizing point-to-point, frame relay or MPLS networks achieve the highest level of reliability for wide area network (WAN) connectivity by aggregating data lines from private networks with public Internet lines using VPNs and/or other Internet-based networks.  The patent protects the methods used to allow frame relay, MPLS and/or point-to-point networks to co-exist with VPN and other Internet-based networks for redundancy and the ability to fail over from one disparate network to the other transparently.

Users may elect to use the technology to load balance data packets over two or more disparate WAN connections, and also have the automatic failover component in place, or treat one of the WANs as a backup that is used only when the primary network fails.  The invention also allows for a transition from frame or point-to-point networks to Internet-based solutions in a graded fashion.

August 20, 2008 (Computerworld) IBM today announced that it is spending $300 million to expand its business continuity and disaster recovery business, adding 13 facilities around the world to address what it described as a surge in demand from businesses and governments.

The company said the investment is the largest of its kind in IBM’s 40-year history in the business continuity and resiliency industry.

IBM said it will build new “Business Resilience Centers” in cities including Hong Kong, Beijing, Shanghai, Tokyo, Paris, London, Warsaw and New York, as well as Izmir, Turkey; Milan, Italy; and Cologne, Germany.

In addition, IBM said it is accelerating the build-out of its Information Protection Services business to deliver cloud-based computing services to support business continuity.

See:

IBM pumps $300M into business continuity centers:IBM said its investment is the largest of its kind

SunGard Availability Services has reported a 100 percent success rate supporting customers impacted by Hurricane Ike.

See SunGard handles 25+ concurrent invocations

www.availability.sungard.com

The highly sensitive area of personal health information and how best to protect its confidentiality and integrity while assuring its availability for healthcare delivery is the issue addressed by the newly published ISO 27799:2008, Health Informatics – Information Security Management in Health using ISO/IEC 27002.

Read the rest of this entry »

In our daily lives we try to protect ourselves from the worst. We buy insurance for our cars, homes and health and we safeguard personal information. Shouldn’t business owners and IT managers treat their networks and critical infrastructure the same way?

According to Gartner, the majority of small and midsize businesses (SMB) under-invest in business continuity and disaster recovery planning. Gartner estimates only 35% of SMBs have a comprehensive disaster-recovery plan and fewer than 10% have crisis management, contingency, business recovery and business resumption plans.

For SMBs, it is critical to implement a disaster-recovery plan. According to Gartner, two out of five businesses that experience a disaster go out of business within five years. Moreover, disasters happen more frequently than you think because 80% of application downtime is caused by people or processes failures not disasters or technology failure.

Disaster-recovery planning: Business insurance you can’t live without

By Jeff Godlewski, CDW Technology Specialist , Network World , 09/18/2008

Continuity managers are underused and underpaid!

I guess that most people who find themselves, by accident or design, in the business continuity business are comfortable about their skills and their value within the confines of the continuity management programme of their organisation.  I wonder though how many fully recognise the value of their skills and tools beyond the confines of the continuity project or business continuity envelope.  We could usefully take a look at both those skills and tools; and consider where else in the organisation they could bring very real and important value.

There are of course the soft skills, being an almost unique wide-view vision of the whole organisation; its importances, its dependencies and how its objectives are achieved throughout the value chain.  Furthermore, there are few jobs that demand such people skills.  Few people have such a need as we do to demand work, resources, time and priorities from so many others over whom they do not have direct line management authority.

Engineering consistent activity across a large, diverse, often multicultural, competitive basket of power bases is not an easy task by anybody’s measure.  This is especially when the demand we make is to stop worrying and dealing with what’s already happening; but instead to divert scarce time and resources to something that only may happen; and indeed may not even happen during their watch!  Difficult or what?

The more visible skills and tools of our industry put the organisation into a position whereby it can, 24/7, respond instantly, and I mean instantly, to a life threatening or business threatening situation that it most likely has never experienced before.  That combination of minute by minute reaction to, excruciatingly slowly, emerging real information about a previously unquantifiable risk or impact must be, surely, one of the greatest corporate challenges too.

The point of this risk article however is that, whilst we may have prepared for the more traditional continuity manager’s worry beads; there are other situations where a structured, resourced team needs to swing instantly into place with pre-prepared tools and options; the bread and water of the risk and continuity world.

• An employee suspecting a major fraud by another can do massive damage by stepping in before evidence is carefully gathered to criminal law standards, assets and secured; and opportunities for blackmail removed.
• The challenge of product recall; especially of products that are sold over the internet demand the same sort of authorised, instant damage limitation and control.
• A bomb or other threat warning needs instant authorised control and decisionmaking to help preserve life and injury.
• A case, or even just a concern, about a potential kidnap and/or ransom threat needs just the same sort of instant trained response to preserve life and assets.
• The organisation’s succession planning is inadequate if kept in the Human Resources Department that expects to have the contractual six month notice period to prepare the replacement.  If only life was so easy and slow moving!
• Substantial third party environmental damage - or indeed any other situation may trigger damage to the brand values may be just one reason that the media may choose to have a go.
• Any incident that can evolve into potential legal liability or governance failure of such scale to threaten the existence of the organisation is far too important to leave to lawyers alone!
• Increasingly emergency services and other first responders are looking to commercial and other organisations to provide crucial values into a wide area disaster recovery and they should, if the feel able to contribute, need to be ready to do so even if their own organisation has escaped damage.

• The unfortunate death of any one single employee, demanding immediate and considerate corporate responses amongst family, friends and media may be more personal but non the less needs fast action by prepared people with the tools to achieve what is needed..

My suggestion in this article is that the skills and tools; our ‘lights’, are lost when kept under the bushel, as the saying goes, but other managers across the organisation may need too to be prompted to cross boundaries and gain best value from what the organisation already contains.  There is so much value that we can bring to an organisation if we are allowed. We must however set out ourselves to be confident about those values and shout them from the corporate roof tops!

David Kaye

===============================================

David Kaye is the co-author with Julia Graham of A Risk Management Approach to Business Continuity: Aligning Business Continuity with Corporate Governance.

Incredible undersea cable scenario

by Nathaniel Forbes, ZDNet Asia

At 08:00 on Wednesday morning January 30, 2008, two ships 2,500 kilometers (1,600 miles) apart in the Mediterranean drop their anchors in stormy weather off Alexandria, Egypt, and Marseilles, France, at the same time. They both manage to drop their anchors directly onto two separate undersea cables buried 50 centimeters in the sand, each roughly the diameter of your wrist.

The two cables carry 75 percent of network traffic in the Middle East and South Asia. Your business in India or Egypt loses over half its international data and voice network capacity.

Two days later on Friday morning, February 1, a third cable is severed by an abandoned anchor embedded in the sea floor off the coast of Dubai, also 2,500 kilometers (1600 miles) from Alexandria, but in a different direction. That cable is owned by the Indian company that also owns one of the cables broken earlier.

Your voice and data networks are now crawling at just 25 percent of capacity. A spokesman for your business in India or Egypt calls it a “national disaster”.

Then two days later on Sunday Feb. 3, a fourth cable goes down, this time between the UAE and Qatar, from a power failure. Egypt’s Ministry of Communications announces, after a review of video footage, that the first cable break off Alexandria was not caused by a ship’s anchor, but offers no other explanation.

Incredible undersea cable scenario

==============================================

So, what was that about exercising your contingency plan…? A valuable book on exercising contingency plans is Disaster Recovery Testing: Exercising Your Contingency Plan, Philip Jan Rothstein, FBCI, Editor.

Merge Healthcare (Milwaukee, WI), a medical imaging solutions provider, recently launched its Managed Services initiative. The first service of the initiative is Merge Off-Site Disaster Recovery which provides HIPAA-compliant backup of radiology images and information. This service provides hospitals and imaging centers with a business continuity solution in the event of system failure, unplanned downtime or natural disaster.

Merge’s Off-Site Disaster Recovery service includes 24/7 system monitoring via Merge’s proprietary ViewCheck™ software. Merge’s tiered offering provides on-demand access and unlimited online retrieval of archived studies, an audit trail of all studies from the customer site to Merge’s Data Center and on-site recovery services.

A new white paper by Jim Mitchell, CBCP, available from eBRP Solutions asks the question: “Is your BCM program incident ready?”  The paper goes on to question if a firm’s crisis/incident management teams have all they need to support their decision-making.  It investigates what incident managers need to properly assess the incident and allocate people and resources where they are needed most.  To review the white paper, see:

Are You Incident Ready?