Home Tags Disaster Recovery

Tag: Disaster Recovery

Disaster recovery (DR) involves a set of policies and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster. Disaster recovery focuses on the IT or technology systems supporting critical business functions, as opposed to business continuity, which involves keeping all essential aspects of a business functioning despite significant disruptive events. Disaster recovery is therefore a subset of business continuity.

UKCloud launches Disaster Recovery to the Cloud service

London – 11 April 2017 – UKCloud, the easy to adopt, easy to use and easy to leave assured cloud services company, has today announced the launch of Disaster Recovery to the Cloud, a self-service replication and recovery solution, powered by market leading disaster recovery software provider, Zerto.

As UK citizens increasingly expect to be able to access services online, around the clock, it has become even more important for public sector departments to invest... Source: RealWire

Phishing scammers exploit Wix web hosting

Cybercriminals like to subvert legitimate online services like Google Docs and Dropbox to carry out their malicious activities.

The free website hosting company Wix is the latest addition to the list of services they’ve abused.Researchers from security company Cyren found that scammers were creating phishing sites designed to harvest Office 365 login credentials via Wix, which offers a simple click-and-drag editor for building web pages.

As typically happens with free services, the criminals are taking advantage of these tools to carry out their operations.[ 4 top disaster recovery packages compared. | Backup and recovery tools: Users identify the good, bad, and ugly. ]The phishing site looks like a new browser window open to an Office 365 login page.
In fact, it’s a screenshot of an Office 365 login page with editable fields overlaid on the image. Users would think the site is legitimate and enter the login credentials, except the information is entered into the fields on the overlay and not the actual Office 365 page.To read this article in full or to leave a comment, please click here

Coders and librarians team up to save scientific data

On a windy, snowy night in Dover, N.H., about 15 people gathered in an old converted mill, staring at computer screens and furiously tapping at their keyboards.The group – some students, some programmers, and at least one part-time dishwasher and data entry clerk – were braving the snowstorm and volunteering their time to try to keep scientific data from being lost.[ 4 top disaster recovery packages compared. | Backup and recovery tools: Users identify the good, bad, and ugly. ]It was one of dozens of data rescue events spread out in cities from Toronto to Los Angeles, and Houston to Chicago.

These events, many on university campuses, have been going on since December, bringing together software programmers, librarians and other volunteers who are trying to safely archive scientific data from government websites.To read this article in full or to leave a comment, please click here

Disaster recovery: How is your business set up to survive an...

Asynchronous vs synchronous.

Dark disaster recovery vs. active architecture.

Active/active vs. active/passive. No setup is objectively better or worse than another.

The best one for you primarily depends on your level of tolerance for what happens when the server goes down.Security experts say how individual companies choose to save their data in anticipation of an outage depends on how long they can survive before the “lights” are turned back on. What level of availability does your company need? Is the face of your company an ecommerce site where even a few minutes offline can cost an astronomical sum? Will the cost of an active-active system outweigh the potential loss of business from an outage?To read this article in full or to leave a comment, please click here

Eutelsat Broadband boosts speed and sets the industry standard for data...

Optimised for organisations with slow or no fixed line access and those requiring alternatives for solutions such as disaster recovery or back-up28th February 2017. London, UK. – Eutelsat Broadband today announced an improved range of tooway™ Business satellite broadband services designed to meet the needs of SOHO, SMB and Corporates located across Europe, North Africa and large parts of the Middle East.

The new services include boosted download speeds from 22Mbit/s to 30Mbit/s and an... Source: RealWire

Databarracks sponsors world record attempt for the first woman to successfully...

Disaster recovery service provider Databarracks has today announced sponsorship of Lia Ditton’s attempt to be the first woman to successfully row the North Pacific Ocean.

Departing in early 2018, sailor and writer Lia Ditton will attempt to row approximately 5,500 nautical miles alone from Japan to San Francisco – a journey currently only two other people have successfully completed solo.

Databarracks, along with YO! Company, is sponsoring the expedition.Peter Groucutt, managing director at Databarracks, commented:... Source: RealWire

Intel’s Atom is underwhelming no more: New chip packs 16 cores

Intel's Atom was mostly known as a low-end chip for mobile devices that underperformed.

That may not be the case anymore.The latest Atom C3000 chips announced on Tuesday have up to 16 cores and are more sophisticated than ever.

The chips are made fo...

Flaw in Intel Atom chip could crash servers, networking gear

A flaw in an old Intel chip could crash servers and networking equipment, and the chipmaker is working to fix the issue.The issue is in the Atom C2000 chips, which started shipping in 2013.

The problem was first reported by The Register.[ 4 top disaster recovery packages compared. | Backup and recovery tools: Users identify the good, bad, and ugly. ]In January, Intel added an erratum to the Atom C2000 documentation, stating systems with the chip "may experience [an] inability to boot or may cease operation."To read this article in full or to leave a comment, please click here

Surviving a cloud-based disaster recovery plan

Getting data offsite is easier today, but what happens when the Internet isn’t there?

Ransomware sleazeballs target UK schools

This is not a test.

The data might be. Hang on...
See me after class, Mr Hacker Cybercrooks are targeting UK schools, demanding payments of up to £8,000 to unlock data they have encrypted with malware. Action Fraud warns that fraudsters are cold-calling schools claiming to be from the Department of Education and asking for the head teachers’ email addresses.

Crooks then send booby-trapped emails with infectious zip attachments supposedly containing sensitive information. In reality, these files carry file-encrypting ransomware.

Action Fraud is urging educational establishments to be vigilant. Andrew Stuart, managing director of backup and disaster recovery vendor Datto, commented: “Unscrupulous hackers see ransomware as a business, and have already been known to exploit hospitals and even charities, so schools were always possible targets. "It is vital that schools review their data backup procedures to ensure that they not only have copies of all critical data, but can restore their data smoothly in the event of a ransomware incident.” ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub

What 2017 has in store for cybersecurity

There is much uncertainty surrounding the security industry for 2017, and according to experts in the field, a lot of the trepidation is directly connected to what the nation’s next president will do. Here’s what security vendors and analysts are predicting for the year ahead. John B Wood, CEO of Telos Corporation, cites a need for cooperation between the government and the private sector. President-elect Donald Trump took a break from his “thank you” tour to meet with tech executives to smooth over a contentious time between the two sides during his campaign. “President-elect Trump has been vocal about the need for a stronger and more aggressive cyber security posture, and I’m confident that he’ll work with leading members of Congress. Many non-political cyber experts throughout the government, various agency CISOs and [Federal Chief Information Security Officer] General Touhill will also be great resources to further refine cyber security policies to protect U.S. interests in the face of constantly changing threats,” Wood said. He also noted the renewed focus on U.S. Cyber Command. The President-elect has promised to eliminate the threat of defense sequestration and to spend more on the military. “This needs to include working to roll back the budget caps for defense spending and providing additional resources for cyber security, including more money for U.S. Cyber Command, which I believe is grossly underfunded,” Wood added. Speaking of funding, Wood does not believe that a change of administration will automatically lead to a change in regulatory policy. “Although there will certainly be a big push by the Trump administration to roll back or modify overly burdensome regulations, I don’t see this affecting cybersecurity regulations, like the NIST Cyber Security Framework that has been developed in consultation with the private sector,” he commented. Reuven Harrison, CTO and co-founder of Tufin, a provider of network security policy orchestration solutions for enterprise cybersecurity, said the thought of a Trump administration inevitably failing to uphold regulations will keep IT departments tossing and turning at night. “If Trump implements his deregulation promises, and penalties for non-compliance with industry-wide security regulations are relaxed, security teams will need to be self-disciplined to maintain a high level of security by turning to outside resources for security best practices,” he said. Carson Sweet, co-founder and CTO at CloudPassage, said privacy will take center stage over security. “Trump’s administration will create a fundamental shift in concerns as it pertains to security. There’s a new sheriff in town, and many posit that he has less regard for privacy concerns than the current administration. Case in point, Trump supported the FBI in its battle with Apple over iPhone privacy and security,” Sweet stated. “If this new administration demonstrates in their policies a value for law enforcement and intelligence access over citizens’ privacy, they’ll double or triple down on the government’s right to inspect data. The impact of such a reality would extend to the use of online services, cloud providers, even personal computing devices and IoT.” What that impact would be is very hard to know, but it’s safe to bet that it won’t be positive, he said. The wars around PGP and personal encryption come to mind (anyone remember the Clipper chip?). John Bambenek, threat systems manager at Fidelis Cybersecurity, said he never would have predicted last year that we would be talking about the DNC and hacking of elections. “Ransomware will be on the upswing and evolve in new unforeseen ways. It will be more targeted and focus on more valuable targets as we saw with healthcare. And it will continue to attack new, more damaging industries like we recently witnessed with San Francisco BART and Muni,” he said. While 2016 found the election under scrutiny because of alleged hacking by foreign powers, 2017 will continue the trend of identity theft and ransomware. Forrester predicts that within the first 100 days, the new president will face a cybercrisis. The momentum of winning the election gives new presidents the public’s support to follow through on key initiatives of their campaigns. However, the 45th president will lose that momentum coming into office by finding the administration facing a cybersecurity incident. Forrester suggests that the administration prepare for nation-states and ideologies looking to disrupt and degrade. They believe the U.S. should be on the lookout for China, North Korea and Iran. “Political ideologies use electronic means to both recruit and spread information. DDoS attacks using IoT devices are becoming a common means of disrupting operations for companies or individuals that threat actors disagree with. A company can become a target not just because of its size or global presence but also because of its political donations or public statements. If you’ve never factored geopolitical concerns into your security risk analysis, you ignore them at your own firm’s peril.” Civilian “casualties” in the Cyber Cold War Corey Nachreiner, CTO at WatchGuard Technologies, follows Forrester’s way of thinking. “Whether you know it or not, the cyber cold war has started. Nation-states, including U.S., Russia, Israel, and China, have all started both offensive and defensive cyber security operations. Nation-states have allegedly launched malware that damaged nuclear centrifuges, stolen intellectual property from private companies, and even breached other governments’ confidential systems. Countries are hacking for espionage, crime investigation, and even to spread propaganda and disinformation.” Carson Sweet, CTO, CloudPassage He believes 2017 will be much of the same: Behind the scenes, nation-states have been leveraging undiscovered vulnerabilities in their attacks, suggesting that these countries have been finding, purchasing, and hording zero-day flaws in software to power their future cyber campaigns. “In other words, the nation-state cyber cold war is an arms race to discover and horde software vulnerabilities—often ones in the private software we all use every day,” he said. In 2017, expect to see a civilian casualty from the nation-state cyber cold war, Nachreiner said. “We expect to see at least one private business or citizen become a victim of a zero-day flaw that a nation-state held secret in their arsenal,” he said. In an effort to combat terrorism and expand surveillance at least one Western government will follow Russia’s lead and mandate access to encryption keys and certificates, foresees Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “Widespread government access to encrypted communications has the potential to demolish internet privacy and devastate security. Encryption is the backbone of secure and private communications on the internet — it protects online banking, shopping, all manner of consumer services that our economy and critical infrastructure rely on. Once we allow governments universal access to encryption the likelihood of abuse and misuse skyrockets. It’s time to stand up against governments’ efforts to hijack privacy and trust online,” he said. Scott Millis, CTO of mobile security company Cyber adAPT, believes that by next year every adult in the U.S. will know a relative who has had their identity stolen. The Internal Revenue Service reported that 2.7 million people had their identities stolen in 2014, and according to TransUnion 19 people fall victim to identity theft every minute. George Ng, co-founder and CTO of Cyence, believes many companies don’t realize even the smallest things can expose personal information and make them more likely to be targeted. For example, a job listing for a CSO or CISO indicates a lack of senior leadership for cybersecurity. “[Personal identifiable information] continues to be a target for hackers and criminals and is very tangible information that can be sold easily on the dark web, just as easy as credit cards. PII records will continue to be specifically targeted because they fetch a higher price and are more versatile in their usage for hackers.” With privacy in mind, Forrester said surveillance marketing will blur the line between online and offline customer behavior. “The online ad world has been chipping away at people’s ability to keep their online and offline habits separate for years.” New rules for U.S. internet service providers will unleash a flurry of lawsuits. Earlier this year, the U.S. Federal Communications Commission (FCC) determined that ISPs like AT&T, Comcast, and Verizon would be classified as “common carriers”—the same designation as landline telephony providers. On Oct. 27, the FCC voted on a set of rules that place limits on how these providers are allowed to monetize customer data. The carriers say that the FCC is restricting fair competition, since companies like Facebook and Google have no such rules. “2017 will be a year of legal battles—between the internet giants and against federal regulators—while the promised consumer protections will fall short on enforcement,” Forrester writes. More data breaches Of course predicting more data breaches is not a real shocker. Forrester estimated that a Fortune 1000 company will succumb to a cyberbreach and ultimately close down. There will be no improvement in the time companies take to react to a breach, Millis said. Ponemon Institute found that when a breach was identified within 100 days, average costs were $5.83 million per breach. However, if a breach went undetected for more than 100 days, costs rose nearly 40 percent. Healthcare breaches will become as large and common as retail breaches, Forrester believes. The 2015 breach of Anthem that affected as many as 80 million patients will become commonplace. As a result of mergers, acquisitions, and other partnership arrangements, large healthcare insurer and provider conglomerates are only increasing in size—as is the critical patient information they store. The consolidation of providers leaves security fragmented with varying security levels. Second, patient data carries unique, permanent information, such as genetic markers, and biometric data, such as fingerprints. For malicious attackers interested in ransom, blackmail, and espionage, this data will be too tempting not to grab. Given the critical nature of the services and the sensitivity of the data at risk, healthcare firms should spend on par with other critical infrastructure industries. Mike Patterson, vice president of strategy at Rook Security, said there will be a billion-dollar breach. Costs for Anthem’s breach reached hundreds of millions of dollars within a few months of its early 2015 disclosure that affected nearly 80 million accounts. Yahoo’s acquisition by Verizon could see a devaluation or termination of the $4.8 billion deal value as a result of Yahoo’s recent breach disclosure. “If we are at the point where a big breach at a large enterprise can quickly generate hundreds of millions of dollars in costs or cost shareholders hundreds of millions of dollars in share purchases, we aren’t far from a new breach in 2017 taking us over the $1 billion mark,” he said. By contrast, Justin Giardina, CTO at iland, believes the “little guys” will be the next targets. “While historically, it was the biggest organizations with the most attractive data that got hacked, increasing numbers of malicious attacks targets smaller, often weaker, targets. So, we’ll see medium-sized enterprises raising their security and business continuity efforts.” There will be a shift in focus from broad-based attacks to more targeted attacks against specific firms or individuals, says Scott Petry, CEO at Authentic8. The best evidence of this is the intellectual property theft against law firms, insider spoofed spear phishing to finance and HR people, ransomware targeting healthcare after Methodist paid out. Speaking of paying out, Rick Tracy, CSO and senior vice president at Telos Corporation, said cyber insurance needs to mature. “Cyber attacks have increased over the past few years and will only get worse. Because cyber is so new, relatively speaking, there isn’t a great deal of actuarial data to help insurance carriers underwrite cyber risk,” he said. The aggregate effect of cyber risk and the financial liability it poses are concerns for the insurance industry. For example, as bad as the Target breach was, what if there had been multiple, similar breaches that occurred simultaneously? What impact would this have had on the insurance carriers providing cyber liability coverage to these companies? “Moving forward, not only will it be important for insurance companies to better understand the risks facing individual clients, but they will need to view this data over their entire portfolios to understand aggregate risk and ensure they are not over extended,” he said.  He added, the good news is that the insurance industry is beginning to rely on the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) to help standardize the view of cyber risk and ultimately manage aggregate, or portfolio, risk. In the next year we are going to see a rebalancing of spending from traditional security solutions to data protection and recovery, said Paul Zeiter, president at Zerto. “While security spend protects the perimeter fence, there are simply too many cases of breaches getting past these defenses to not have a plan B in place.” CIOs and CEOs are starting to recognize that millions of dollars in IT security investments, while critically important, are just not enough when a disaster such as a hack or ransomware breaks through the perimeter or a natural disaster like a hurricane floods their data center. Paul Zeiter, president at Zerto “In the wake of a disaster, companies quickly come to the realization that without the right investments in a disaster recovery solution, their businesses are exposed. To be proactive, companies need a plan and tools in place to recover from any disaster very quickly with as little revenue and end-user impact as possible. Even if an organization has implemented the best preventative security technology, disasters can and do still happen,” he said. DevOps breach CloudPassage’s Sweet predicts DevOps teams will own security implementation (or, DevSecOps will gain traction).“History doesn’t repeat itself, but it rhymes. In this case, the rhyme is that the primary technology owners will also own security control implementation—even if they don’t operate it,” he said. As distributed computing and TCP/IP took hold in the early 1990’s, the information security world revolved around RACF and TopSecret—mainframe access management. Distributed computing and network security had never been issues before, so there were no skilled security practitioners to get the job done. The result… network security was owned by the network organization. The same thing happened when web application security became a demand; the web developers were responsible for implementing security controls (e.g. WAMs) even though central infosec was providing guidance and standards, he said. Just as network security ownership defaulted to network teams in the 1990s, the same will be true for agile security and DevOps teams in 2017. “Cloud and agile technologies are being adopted faster than ever, and the industry doesn’t have time to wait for infosec to develop the needed skills. Therefore, DevOps teams will be on the hook for implementing actual security controls,” he said. The successful security team will recognize this and seek to provide tools that work with this trend instead of fighting it. In so doing these teams will maintain high degrees of visibility and create leverage for their already-stressed resources, he added. We’ve said for over a decade that security should be built in, not bolted on—here’s a prime opportunity to move towards that reality. Tufin’s Harrison agrees about the importance of DevOps in the security process, ensuring compliance to internal and external security rules without slowing down the primary mission of the DevOps team. This will be a challenge, as security is not inherently baked into a DevOps culture of “move fast, break stuff.” “In 2017, DevOps oversights could be the new data breach. We may see a major breach that gets tracked back to the DevOps approach, causing DevOps and security teams to become new best friends.” More predictions Need to rethink endpoint security. Rick Grinnell, co-founder and partner at Glasswing Ventures, says in 2017 the industry will need to rethink the focus on security at the endpoint and instead begin to think about security at what he calls the “middle point”—or layers of security between the exploitable surface area of the internet of things (IoT), and the assets, data, and services that we need to protect. From a VC perspective, there are various areas that are ripe for innovation in this middle point, including new product areas (e.g., the detection and profiling of all connected devices) as well as improvements in existing solutions (e.g., next-generation security information and event management that can better analyze all of the output of new middle point and existing solutions).  Moving away from security sprawl and towards true automation. Joerg Sieber, director of products at Palo Alto Networks, said to counter the malicious activities coming at them, security operations teams need to be more agile than ever, which means more visibility into what’s coming at them, a reduction of noise, and automating for faster response. Traditionally, security teams have bolted on additional security solutions to address new threats. This has led to management frustration, coordinating security resources (oftentimes manually) from a variety of security solutions and vendors where the components don’t talk to each other or share knowledge. Security organizations will start to migrate toward solutions that are more contextually aware and security platforms that can share information across the attack surface, utilizing analytics for automated detection and response. Critical firewall vulnerabilities will continue to be ignored. Chris Morales, head of security analytics at Vectra Networks, said the firewall is the most trusted device in a data center. The Shadow Brokers’ treasure trove of exploits stolen from the Equation Group was a wake-up call that advanced adversaries and nation-states had access to tools that provide access to eavesdrop on even encrypted communications traversing firewalls. According to the Shadow Server website, there are still more than 816,000 Cisco firewalls connected to the internet that are vulnerable, undermining the inherent trust placed in firewalls.  Services instead of products. The security industry will accelerate the development of service-based offerings, offering packaged services rather than simply selling hardware, according to Monica Hallin, CEO of Vindico Group. Security companies will need to be flexible and agile in a time of great and rapid changes in the world and the industry. These changes increase the demand for new products and services. Security providers who lack the ability to rapidly change their businesses and offerings will face a difficult time. Even customers need to manage their risks and track their incidents more often, and be much quicker to revise and adapt to their needs. Phishing still on the hook. “Phishing will continue to be the number one attack vector for spoofing, malware and other malicious activity,” says Ng. “Email, both personal and corporate, continue to be used at various enterprises with very little oversight. We will see attackers utilizing various email framework protocols to launch attacks that cause data breaches well into the next five years.” More bug bounties. “We will see a large trend of organizations offering bug bounties for vulnerabilities, which will offset the cost of selling the same vulnerability on the dark web,” Ng adds. “Companies will be more open and transparent in their vulnerabilities and encourage attackers to break them.” This story, "What 2017 has in store for cybersecurity" was originally published by CSO.

4 top disaster recovery packages compared

Whether the disaster is a flood, a power outage or human error, IT departments have the critical role of getting business systems working again.

And that requires reliable disaster-recovery software. Four of the top disaster-recovery (DR) software suites are Veeam Backup, Altaro VM Backup, Zerto Virtual Replication and VMware’s Site Recovery Manager (SRM), according to reviews written by users in the IT Central Station community. But what do enterprise users really think about these tools? Here, users give a shout-out for some of their favorite features, but also give the vendors a little tough love.