May 10th, 2008

(Computerworld) Researchers who extracted data from a hard drive onboard the ill-fated space shuttle Columbia say the device was so thoroughly damaged in the shuttles fiery crash that it just looked like a cracked "hunk of metal" when it appeared at their door six months later.

Data recovery specialists at Kroll Ontrack Inc. painstakingly retrieved 99% of the information stored on the charred 400MB Seagate hard drive's 2.5-in. platters over a two day period after the device was discovered six months after the 2003 shuttle crash. The device was found in a dried up lake bed along the shuttle's debris area.

The successful retrieval of the data was disclosed in the April, 2008, issue of the Physical Review E journal, which published data from tests performed by the shuttle astronauts on the critical viscosity of xenon gas, according to published reports. The results of the tests were stored on the disk and retrieved by Kroll.

The Columbia disintegrated upon re-entry into the atmosphere of Earth on Feb. 1, 2003, killing all seven crew members and scattering debris across Texas and Louisiana.

- more info 

 

May 2nd, 2008

Disaster recovery has always been a key concern in virtually all companies. But the widespread damage from Hurricane Katrina has companies re-evaluating their planning, procedures and overall systems to make sure they can survive a major outage.

Wherever data resides, it must be protected. With this idea as the driving force, companies are looking for new and easier-to-manage ways to safeguard company databases, records and files.

When a disaster does strike (be it a fire, a flooded data center or a catastrophic malware attack) companies need to take several steps to reduce downtime and get operations back to normal. 

A business resumption and continuity plan should be in place before any disaster occurs. - more info 

 

May 1st, 2008

Berkeley Data Systems released Mac Mozy public beta, the first unlimited online backup service for Mac users worldwide. The service allows Mac users to encrypt and automatically back up all of their digital media content online, including collections from iTunes and iPhoto.

Designed as a consumer service, Mac Mozy leverages Apples innovative Spotlight Search technology, allowing users to easily select the types of files they want to back up. The service installs quickly and runs quietly in the background. Backup speeds vary from user to user, largely determined by the upload speed of the consumers internet connection.

Mac Mozy offers an added measure of privacy by allowing its users to choose between a Mozy encryption key and a private encryption key. Incremental backups and block level differentials are included, which means subsequent backups complete at a much faster rate than the initial backup. Mozys servers also retain the most recent version of a file as well as 30 days worth of previously modified file versions. Customers may retrieve files or versions of the files via the internet or by requesting a DVD restore with next-day delivery.

- more info 

 

April 25th, 2008

(Computerworld) University of Miami officials last week acknowledged that six backup tapes from its medical school that contained more than 2 million medical records was stolen in March from a van that was transporting the data to an off-site facility.

The vice president of communications at the university said a vehicle used by Archive America Ltd. to transport the patient data was broken into in downtown Coral Gables, Fla. Thieves removed a transport case carrying the schools computer backup tapes.

For reasons the VP could not explain, Archive America waited 48 hours before finally notifying the university about the break-in and theft. Officials from the transport firm could not be reached.

The university posted an alert about the incident a full month after the backup tapes were stolen. In a statement, the senior vice president for medical affairs and dean of the University of Miami Miller School of Medicine, said, Even though they were confident that the patients data was safe, we felt that it was in the best interest of the physician-patient relationship that the incident should be transparent.

Since the incident, the senior VP said that the university temporarily stopped transporting backup data off-site. At this point, the University is not transporting anything until they conduct their own internal evaluation of the incident and see if there is anything that could have been done differently or better.

- more info 

 

April 19th, 2008

From mobile workers perspectives, up-to-the-minute information is the life blood of their jobs. Regardless of whether they are in a home office or on the other side of the globe, speed and dependability are the keys to successfully doing their jobs. From an IT departmentÂ’s perspective, they must support the needs of all employees, while diligently maintaining security policies, which is becoming increasingly challenging now that the majority of the workforce has stepped beyond the corporate walls. Can these two opposing forces be reconciled? Can remote access be both fast and secure from any location?

 

 

Data at rest is growing much faster than network throughput. That makes it difficult to get backups completed on time and on budget – not to mention trying to recover from an IT emergency.

 

The first is to accomplish backups in a timely yet accurate manner. Given organic data growth, and that each logical data object has between four and eight copies somewhere in the network, even differential backups can be tough to fit into assigned windows. Synchronous or live-to-live data models are even more bandwidth intensive and latency intolerant.

 

 

 

The second challenge is minimizing downtime. In the event of a failure or disaster, how quickly can backed-up data be restored? Considering a differential backup can take 8 hours or more to complete, and only represents 10-20 percent of the total data set, a full restore can be daunting. According to Ziff Davis Research, the average organization has 94TB of managed storage, and getting that data across the network only begins after the systems have been physically restored.

 

Rather than add more bandwidth, or invest in expensive, dedicated storage networks, WAN optimization can improve IP network performance sufficient to turn recovery into continuity. To help meet the objectives outlined above, a WAN optimization solution must be able to do three separate tasks for true business continuity: restrict bandwidth to backup applications during the allowed window and allocate it to critical applications in the event of a disaster, overcome latency and bandwidth limitations on the wire, and provide acceleration to roaming or displaced users redirected to alternative data sources.

- more info 

 

April 13th, 2008

There is some magic that happens when you follow some basic steps in creating a functioning Disaster Recovery and Business Continuity Plan.  You should start with:

• An objective to get back to a fully functioning data center and business
• Know what data is necessary and what is nice to have
• Validate that you have the data you will need
• Assume that anything critical will fail
• Focus on quick solutions that will minimize outages
• Have sufficient resources available before you start
• Encrypt data but know how to get at it in an emergency
• Focus on Recovery Time Objective (RTO) with a Recovery Point Ojectivie (RPO)

- more info 

 

April 2nd, 2008

During a disater recovery processyou will need all hands on deck.  In addition to a entire range of other personnel and resource issues, you will need to know how your team is doing and is stress of the situation you are in causing things to go badly.

Some of the things that you should look for are:

• Team members feeling close to tears much of the time
• Team members finding it hard to concentrate and make decisions
• Team members being short tempered with people at home and at work
• Team members feeling tired most of the time and or sleeping badly
• Team members feeling stretched beyond their limits at the end of the day
• Team members drinking and smoking more to help them get through the day
• Team members feeling that they just can not cope
• Team members eating when they are not hungry
• Team members feeling that they have achieved nothing at the end of the day

- more info 

 

March 25th, 2008

We have got a plan! - Many a CIO has come to rue making such a blanket statement to a CEO regarding the companyÂ’s disaster preparedness. A decade of regional calamities has shown that traditional approaches to disaster planning have failed to keep organizations operational. IT-focused recovery plans can leave the overall organization in the lurch because they often do not address such business issues as handling a disaster that is regional in nature; employee availability; communications; travel and transportation; and data location and availability. But an integrated business continuity and resilience plan can take some of the pressure off CIOÂ’s by reducing the business impacts of a disruptive event, speeding recovery times and delivering value to the organization—even if a disaster never strikes. - more info 

 

March 19th, 2008

Enterprises rely on business critical information; this makes it imperative for IT departments to protect against unexpected data loss from disasters. Both replication and backup involve large amounts of information transferred globally but limitations in the WAN can make it difficult to execute the plan effectively. A preventative plan in place should always include WAN acceleration to facilitate disaster recovery.
- more info 

 

March 15th, 2008

The term Disaster Recovery and Business Continuity are often used interchangeably. They are in fact, different but complementary components of a business's overall recovery and continuity planning. Whereas Disaster Recovery Planning (DRP) is concerned with the recovery of systems and infrastructure components, Business Continuity Planning has a larger scope - namely, the determination of which business components and functions need to be recovered - and those which can be ignored. This paper explores several of the key components of a business continuity planning effort. It also provides a high level framework for the creation, implementation, and maintenance of a Business Continuity Plan.

- more info 

 

March 5th, 2008

For the last couple of years, security researchers have been sounding warnings that phishers could turn their attention to super-personalized attacks targeted at high-level corporate employees whaling attacks. Now, however, there is  growing evidence that this type of attack is moving from theory to practice. The reasons? The bad guys are getting better access to the information they need to bait these e-mails--both because they are getting better at mining databases on compromised corporate sites, and because employees are providing more useful information at networking sites such as LinkedIn and MySpace.

Once launched, the results of a whaling attack can be devastating. They are hitting the high-level executives and getting access to these individuals entire workstations.

Like all spearphishing or targeted phishing attacks, whaling involves personal information, but in this case  the targets are high-level, high-value individuals whose credentials, if compromised, can endanger an entire organization. The targets are carefully chosen, and the number of e-mails distributed is small. Where a massive phishing attack might involve billions of e-mails sent from botnets with a million zombies, whaling usually involves anywhere from a few dozen to a few thousand e-mails, which are sent from a botnet with perhaps 20,000 compromised computers. Conventional methods for identifying phishing attacks depend on spotting a lot of identical messages, so the small scale of whaling attacks makes them essentially invisible to Internet scanners. - more info 

 

February 29th, 2008

EMC may have been first out of the gate with an enterprise-class solid-state drive (SSD), but it looks like the rest of the pack is ready to join the field. There's a new round of start-ups and joint ventures aimed at developing flash and SSD technology expressly for high-end enterprise environments as opposed to traditional laptop and mobile device markets. The newest player on the scene is Pliant Technology, led by Maxtor and Quantum co-founder Jim McCoy. The company is making the rounds of leading venture capitalists with plans for a new controller mechanism that will boost flash performance up to RAM-quality, with possible demo models out by the end of the year. Even closer to launch is the SSD PRO 7000 system from Imation, jointly developed with controller technology from Mtron Co. The system is due out in the first quarter and boasts a maximum read speed of 120 MBps, with a write speed of 90 MBps and 0.1 ms random access. According to industry observers, demand for SSDs among enterprise users is white hot. - more info 

 

February 20th, 2008

ESG has found that there is an increase in the number of companies and organizations requiring 24 x 365 days of IT uptime. In fact, research indicates that 36% of enterprises will incur significant revenue loss or other adverse business impact if they have even an hour or less of downtime on their mission-critical applications. Almost 15% indicate they cannot tolerate any downtime. Virtually any amount of downtime can mean lost productivity, lost revenue, lost customers and lost opportunities -- not to mention damage to brand. This is why you need a strong disaster proof solution.   

- more info 

 

February 15th, 2008

Janco Associates, Inc. (http://www.e-janco.com) has found that there is an increase in the number of companies and organizations requiring 24 x 365 days of IT uptime. In fact, Janco research indicates that 36% of enterprises indicate they will incur significant revenue loss or other adverse business impact if they have even an hour or less of downtime on their mission-critical applications. Almost 15% indicate they cannot tolerate any downtime. In the past, this type of business demand was only consigned to a relatively small group. However, many more organizations of all sizes, in all industries and located across the globe, now require applications to be running and data to be always available. The needs of these organizations go far beyond simply recovery, requiring an environment that maintains business continuity during and immediately after a disaster. - more info 

 

February 5th, 2008

(BBC) A submarine cable in the Middle East has been snapped, adding to global net problems caused by breaks in two lines under the Mediterranean on Wednesday.

The Falcon cable, owned by a firm which operates another damaged cable, led to a critical telecom breakdown, according to one local official.

The cause of the latest break has not been confirmed but a repair ship has been deployed, said owner Flag Telecom. The earlier break disrupted service in Egypt, the Middle East and India.

The situation is critical for us in terms of congestion, chief executive of Dubai's ISP DU, told The Associated Press, following the most recent break.

Wednesdays incident caused disruption to 70% of the nationwide internet network in Egypt on Wednesday, while India suffered up to 60% disruption.

Flag Telecom said a repair ship was expected to arrive at the site of the first break - 8.3km from Alexandria in Egypt - on 5 February, with repair work expected to take a week.

A repair ship deployed to the second break - 56km from Dubai - was expected to arrive at the site in the next few days, the firm said.

Web returns

The first cable - the Fiber-Optic Link Around the Globe (FLAG) - was cut at 0800 on 30 January, the firm said.

INSIDE A SUBMARINE CABLE 1 Polyethylene cover 2,4 Stranded steel armour wires 3,5 Tar-soaked nylon yarn 6 Polycarbonate insulator 7 Copper sheath 8 Protective core 9 Optical fibres Not to scale

A second cable thought to lie alongside it - SEA-ME-WE 4, or the South East Asia-Middle East-West Europe 4 cable - was also split.

FLAG is a 28,000km (17,400 mile) long submarine communications cable that links Australia and Japan with Europe via India and the Middle East.

SEA-ME-WE 4 is a submarine cable linking South East Asia to Europe via the Indian subcontinent and the Middle East.

The two cable cuts meant that the only cable in service connecting Europe to the Middle East via Egypt was the older Sea-M-We 3 system, according to research firm TeleGeography.

The firm said the cuts reduced the amount of available capacity on the stretch of network between India and Europe by 75% percent.

As a result, carriers in Egypt and the Middle East re-routed their European traffic around the globe, through South East Asia and across the Pacific and Atlantic oceans.

The cause of the break has still not been confirmed. Initial reports suggested that it could have been snapped by a ship's anchor.

But Egypts communications ministry said damage to the cables in the Mediterranean was not caused by ships.

The transport ministry said that footage recorded by onshore video cameras of the location of the cables showed no maritime traffic in the area when the cables were damaged.

The ministrys maritime transport committee reviewed footage covering the period of 12 hours before and 12 hours after the cables were cut and no ships sailed the area, a statement said.

Internet service providers said they expected India's to be back to about 80% of its usual speed by the end of Friday.

In Egypt Minister of Communications and Information Technology .said he expected to be at the same capacity within two days.

However, it is not before ten days until the internet service returns to its normal performance.

- more info 

 

January 27th, 2008

Research clearly demonstrates that a good business continuity plan is by no stretch reserved for organizations with huge budgets. When you consider how many organizations actually use their BC plan, and that any company without one could be just a day or two from a "fatal issue," the real costs for business continuity assurance begin to look miniscule. We were encouraged to find that not only did 73 percent of organizations have formalized BC plans in place, but also that 87 percent of those plans include a remote disaster recovery site as a failover option. Clearly, real-time protection of data is a priority.

We also found that organizations are prioritizing the protection of customer-centric IT services in their plans to assure BC. Survey respondents ranked customer support as the top service to protect, with e-mail and phone systems also ranking among the top four. A lot of people might have guessed that the primary focus among IT services companies would be order processing or the like, the assumption being that the only thing businesses really care about is the cash register. But our survey results show that this is not the case at all; the talk about focusing on the customer is in fact being carried out as part of operational planning. IT leaders are obviously demonstrating alignment with the business goal of customer-centricity.

- more info 

 

January 27th, 2008

There is an increase in the number of companies and organizations requiring 24 x 365 days of IT uptime. In fact, research indicates that 36% of enterprises indicate they will incur significant revenue loss or other adverse business impact if they have even an hour or less of downtime on their mission-critical applications.

Almost 15% indicate they cannot tolerate any downtime. More and more organizations of all sizes now require applications to be running and data to be always available. The needs of these organizations go far beyond simply recovery, requiring an environment that maintains business continuity during and immediately after a disaster. To make it more interesting, the number and types of applications that require this level of protection is very diverse.

In fact, in the enterprise space 14% of the businesses polled said they cannot tolerate any application downtime. More than 58% cannot tolerate four hours or less of application downtime. All told, more than 80% of Enterprise-class and mid-tier respondents reported that they cannot tolerate more than 24 hours of application unavailability2. What is even more interesting is that survey respondents were not just from the Financial Sector but also included Government, Manufacturing, Retail and Health Care (including Pharmaceutical). Some of the reasons for these survey results include the following:

• Retail: The critical applications that track point-of-sales data and enable inventory and distribution require applications that are always available. Being able to react quickly to changing conditions can mean the difference between profitability and loss. Online shopping and the customerÂ’s experience are also very important to retailers
  , and downtime is not acceptable.
• Health Care: With the digitization of medical images and patient records, retaining and ensuring availability of these applications and files is beyond mission-critical. Especially when you consider the pervasive use of technology in the operating room, effectiveness can actually be measured in the number of lives, not just dollars, saved.
• Manufacturing: Competitive pressures drive companies to run as efficiently as possible. Just-in-time manufacturing processes that coordinate shipments from suppliers around the world demand 24 x 7 availability.
• Globalization: Companies are becoming increasingly dependent on a global economy. Many have established key technology in “follow-the-sun” modes that require 24 x 7 availability.
• Increased sensitivity to outages: Business continuity is now a boardroom-level concern. In many cases, it is the CEO who mandates that the business be fully protected. Even worse than an outage itself is the fallout from negative press, loss of customer confidence and, for public companies, potential impact to stock prices.

Regardless of the industry, the trend is clear: more businesses require highly available solutions. Not only is this expanding along industry lines, but we also see mid-tier companies requiring disaster tolerant solutions.

 

- more info 

 

January 27th, 2008

- more info 

 

December 19th, 2007

- more info 

 

December 5th, 2007

When you delete a file from your hard disk, it may seem as if it is gone forever In truth, however, this is not the case.  You must wipe it clear "serveral" times or someone can find traces of the data that was there orginally.

The reason why file deletion is not as thorough as it can be is a simple one; resource management. Actually overwriting every bit of every file that is to be deleted will use more resources than would be practical, for everyday use. And in fact, this simple file deletion is usually sufficient for the basic userÂ’s needs.

The seemingly permanent process of file deletion actually leaves the file data still on the hard disk. When a file is deleted, it is simply marked ‘deleted’, and the space that it occupies on the disk is accordingly marked ‘ready for use’. Hence, it may be overwritten when more disk space is required, but this is by no means certain, unless the entire hard disk is filled with data.

Now, the actual data that make up the file is still on the hard disk, even after deletion. This makes it available for recovery, usually done using specially designed data recovery programs. MSDOS, in fact, has a built-in UNDELETE command which may recover recently deleted files.

However, secur

ity considerations might necessitate the complete erasure of a given hard disk or collection of hard disks. When reassigning hard disks, for instance, or switching computers around, confidential data might need to be deleted. To lessen the possibility that this data is recovered, a hard disk wipe may be performed.

When a hard disk wipe is performed, the entire area of the hard disk is actually overwritten with random data. This means that the data that used to be on the hard disk becomes much harder (practically impossible) to recover after such a process. Almost no traces of the previous data that used to be on the disk is left, making a hard disk wipe a secure improvement upon ordinary file deletion.

The metadata or information on the data that used to be on the hard disk is also wiped clean, since the entire space of the hard disk is overwritten. The randomness of this data used to overwrite depends on the algorithm used to generate it. Some hard disk wipe programs give users the choice to select the algorithm they want the program to use. However this is not as necessary for hard disk wipe programs as it is for file shredder programs, which wipe individual files. This is because when it is the entire hard disk that is wiped, the degree of randomness of the overwriting data is not anymore as important.

Performing a hard disk wipe is often as easy as clicking a few buttons in a specially designed hard disk wipe program. Some programs are set to run automatically when a CD containing the program is placed into the computer containing the hard disk to be wiped. This makes it easier to perform batch wipes on many computers at once, and makes the hard disk wipe a feasible security solution for multiple hard disks. - more info