Top 10 Disaster Recovery Best Practices every organization needs to follow
DR / BC planning requires a robust program that is constantly updated and monitored
Top 10 Disaster Recovery Best Practices as defined by over three decades of DR and BC practice by Janco Associates. Experience is based on having operated in earthquake zones, hurricanes, and terrorist attacks.
Janco’s principles created the Disaster Recovery Plan that was implemented by Merrill Lynch (ML) on 911. The plan was activated within minutes of the attack and only 52 seconds of transactions were lost. The top 10 best practices that are followed in all DR/BC plans that have been created by us are.
Focus on operations – people and process that drive the enterprise are the primary issues that DR and BC are controllable. Implementing a planning and recovery environment is an ideal time to define an approach based on best practices that address the process and people issues effectively. In the case of ML the plan was activated in the computer room while the CIO was on a plane over the Atlantic.
Have at least one recovery site in place – Before an event there need to be plans in place for not only operation of computer but also for location of operations staff. Cloud managed computer operations can work when a disaster is in a limited ares. However it is is wide ranged like a hurricane the issues can be problematic.
Train everyone on how to execute the DR and BC – People are the front line when it comes to supporting the enterprise. A staff that has not been properly trained in the use of the DR and BC when an event occurs will we hindrance. Everyone must have the knowledge and skills to provide the right support. The primary focus is to reduce downtime, it also delivers better performance and a faster ROI through better and wiser use of IT assets.
Have a clear definition for declaring when a disaster or business interruption occurs that will set the DR and BC process into motion – There needs to be a clear processes for allocating resources based on their criticality and availability requirements. This will define the “rules of the road” for who does what and when while minimizing the factors that can negatively impact enterprise operations.
Integrate DRP and BCP with change management – Changes are inevitable in any sizable environment. It is difficult to keep up with the flood of new applications, technologies, and new tools. That is why it is essential to design, implement, and continuously improve change and configuration management processes.
Focus on addressing issues BEFORE they impact the enterprise – When you are aiming to operate at the speed of business, after-the-fact fixes do not make the grade. These days, you need to anticipate trouble and head it off before it happens. It is important to identify risks across people, process, and technology so that appropriate countermeasures can be implemented. You should also make sure that vendors provide an appropriate level of support including proactive features such as critical patch analysis and change management support.
Have an Incident Communications Plan in place – The incident communication plan should cover all interested parties from customers to employees and investors.
Validate that all technology is properly installed and configured right from the start – a technology solution that is properly implemented in terms of its hardware, firmware, and software will dramatically reduce problems and downtime in the future. Proper initial configuration can also save time and reduce issues with upgrades, hot patches, and other changes.
Monitor the processes and people to know what critical – many of today’s enterprises are experiencing a capacity crisis as they reach the limits of reduced budgets, older facilities and legacy infrastructures. Space is tight. Power and cooling resources are over-burdened. Implementing new solutions in inefficient environments may limit their ability to recover from an event. An assessment that examines and analyzes the enterprises environment’s capabilities and requirements can provide valuable information to help improve efficiency.
Test often – a DR BC plan is not a static document. Things change and new individuals are involved as staff changes.
IT Organization is dependent a clear set of IT Job Descriptions and a career planning system.
IT Organization structure is dependent on clearly defined roles and career paths for all IT Professionals
IT Job Family Classification System – Both in an individual’s personal career planning and an enterprise’s staffing, promotion and compensation it is important to have benchmarks on the levels that individuals are at. To that end, one of the best objective ways to meet this goal is to have formal job descriptions and clear paths for promotion and compensation.
Over the past three decades Janco Associates and its principles have created a set of 300 IT Job descriptions that are viewed by many as the industry standard. As a natural extension of that offering Janco has documented its IT job classification system.
A job family classification system is one that defines how individuals can grow in to higher level positions over time by providing benchmarks milestones that need to be achieved as they advance over time. This in time impacts the compensation that is paid in a fair and objective manner.
The traditional job families within an organization does not have clearly defined promotion paths. In addition compensation levels are often driven by factors other than an individuals capabilities and performance.
Top 10 Net Neutrality advantages for the general public are all centered around the factor that without it the Internet will not longer be a universally accepted standard infrastructure.
Only way to keep the internet open for small to mid-sized companies.
If net neutrality is not made the basis for connectivity and access, the large companies like Google, Amazon and Twitter will have a complete monopoly in their markets. Also the large carriers like AT&T and Verizon will have no incentive to create better and faster access to the Internet.
Net Neutrality is a core requirement for IT Governance and Infrastructure definition.
Creates an open playing field.
With net neutrality in place, Internet Service Providers (ISP) have do not control what passes through the devices that are used by customers to access the Internet. This means an ISP under net neutrality cannot block access, change services, or alter the flow of data simply because there is something that goes on which they don’t like.
Remain as an international channel without governmental interference.
Recently whenever there has been civil unrest, governments have taken over or eliminated access. Without small players in the space, there can be no alternative sources for access. Add to that the recent moves by the Russian government to to close down all connectivity to the general Internet in “troubled political” situations will only be enhanced without net neutrality.
Innovation is encouraged and protected with the internet remains neutral. Big companies still have the same access as SMBs or freelancers and this allows everyone come with new and creative solutions. Just look at companies that started with a video and audio attached to door bells. Now and entire new segment of the security industry has been created with “self-service” security. No longer do companies like ADT have a monopoly on that sector of the industry.
Freedom of expression is fostered.
Blogs, services, businesses, and any website that can operate legally is able to do so and be available because of net neutrality. There isn’t any censorship available as long as the content being offered meets legal obligations. If illegal content is discovered, it can be immediately reported to law enforcement officials. Without this freedom of expression, it could become easier for illegal content, such as child pornography, to become more available. If a small ISP blocked access to all and approved of such a thing, it could hamper keeping our communities safe.
Illegal activities are monitored.
ISPs, are like utilities as they provide everyone with the services they need. For example , illegal file sharing, due to the fact that each ISP is treated as a regulated common carrier.
Unlimited data is available to everyone equally.
In the 1990s, internet users had a good time being online in AOL chat rooms or waiting 20 minutes for a cool website to load. Today, there are real-time video calls. Companies like Netflix providing legal streaming. YouTube has grown into an educational and entertainment network.
Income from internet uses has moved to a subscription base.
There are certain businesses and high-use individuals who consume large amounts of bandwidth every month. Entire industries have been created that generate revenue based on service provided not access. It is like the Interstate Highway System, everyone benefits.
Competition thrives. There are numerous online streaming services that offer live TV today: Hulu, PlayStation Vue, and Sling by Dish Network are just three examples. If a customer must choose Comcast as their ISP, then these streaming services could be given a lower priority because they are rival organizations. Comcast could choose to offer the highest speeds to the networks and services it owns and slow down the signals provided by the competition. This would effectively limit consumer choice.
Free internet access is Free.
When the internet becomes a place where profitability is the primary concern, the idea of providing free internet access to those who cannot afford it goes away. Providers could charge whatever they wanted and restrict access to whomever they please. This could lead to demographic discrimination, socioeconomic discrimination, or prioritize content to the wealthiest who are willing to pay high prices for the fastest data streams.
This is an ever evolving area as Net Neutrality is not in the area of political influence. Time will only tell what will happen.
CIOs Management Focus Janco conducted a survey of C-Level executives to get a clear understanding of what CIOs are focusing their management talents
AnyConnect Windows 10 An example of a best practice for patch management and version control. An issue arose after an update by a major vendor and how to implement a best practice to have a solution in place for a critical application.
This tool kit has been updated to meet all of the EU’s GDPR mandated requirement. In addition, it now reflects all of the requirements of the newly enacted California Privacy Act and contains the Privacy Compliance Policy with its associated electronic forms and job descriptions.
Top 10 in Demand IT Skills to drive median IT Salaries up
Top 10 in Demand IT Skills are primary drivers for the increase in IT Median Salaries. A secondary factor is the limited supply of IT professionals as the economy continues to boom.
Median Salaries for IT professionals now are $93,077 and foretasted to be around $98,000 by 2020.
There are a number of skill that the booming economy places a high value on. Janco’s analysis of the IT job market concurs with this list of in demand skills.
Java (SE and EE) is significant expansion of the skills required and programming language that has been around since the introduction of Java.
Lawson ERP software which has a focus on HR, customer service, and manufacturing needs unique application knowledge to implement is in high demand.
SAP for manufacturing industrial use – With manufacturing companies increasingly undergoing digital transformation and compliance on the rise, SAP are in high demand.
Compliance expertise – CaCPA and GDPR skills have an increased value as companies scramble to hire qualified professionals who could help them meet compliance mandates
SAP Forecasting and Replenishment is designed to help retail and food companies automate forecast and replenishment planning.
SAP Point-of-Sale Data Management is a point-of-sale management solution that allows sales data to be quickly transferred from the cash register to a back-office system automatically throughout the day
SAP FS (Insurance) is designed specifically for the insurance industry. It helps organizations streamline operations, improve customer engagement and gain deeper insights on potential risks.
Microsoft VISIO – a big data tool that is a data visualization program that lets users take complex data and turn it into easy-to-read charts, graphs and flow charts
Data Visualization are growing in demand as more companies turn to data analytics and business intelligence for decision-making, risk assessment and process improvements.
Quantitative analysis and regression analysis are quantitative research methods that are used for modeling and analyzing large amounts of data with several variables. They’re important skills as businesses try to make sense of all the data they’ve collected over the years.
CIOs Management Focus changed with he improved economy and the resulting increase in budgets.
Janco Associates conduct a survey of CIO and senior IT Managers in large and mid-sized corporations. 156 individuals participated in the study.
The top ten areas of management focus that we identified are listed below along with the percentage of participants who listed that as an area of their focus.
New Security Threats – identification, remediation and protections.
Data Protection / Compliance – The EU’s GDPR regulation and California’s data privacy legislation are driving this.
Staff Skill Gaps – Many enterprises have not invested enough into staff development in the past several years.
Multi Platform Security – With the move towards disparate operating environments away for the core data center to multiple cloud platforms security and data protection are more of a priority.
Innovation / Digital Transformation – New ways of doing things and the move away from traditional ways of doing everything towards a digital environment are driving top level IT Pros to rethink how they can provide value to the enterprise.
Revenue Stream Improvement – IT now is viewed more as an additional source of operational revenue.
Agility of IT – For most companies, projects with a 3 year development life cycle no long exist.
Outsourcing Risks – In outsourcing your work, the quality of the deliverable is at the mercy of the firm you outsourced to.
Business Results – IT value is now tied to the results of the operation units.
Tools for Digital Workers – With more remote users who operate on tablets and smartphones remotely instead of an office environment with direct connection to the processing center, productivity tool are more critical.
AnyConnect Windows 10 fails with the newest version of the VPN client software. After a windows update we encountered a problem when we wanted to connect to our VPN.
Patch management and version control policy needs to be reviewed in light of issues like AnyConnect Windows 10 failure.
The symptoms were the service was running on the client PC (Windows 10 Pro 64 bit) and when we went to run AnyConnect, the hour class would appear but we did not get the dialog to connect to the firewall. We also noticed there was a Microsoft update that occurred since the last time we used the program.
Based on suggestions from our provider, we uninstalled the current version the program, rebooted the client and reinstalled the current version. The same problem occurred as before. We searched the internet, including Cisco’s trouble shooting suggestions. We found no solution, rather we see that there were a number of instances where AnyConnect Windows 10 failed.
The problem did not exist before the update by windows. We then did the following to fix the problem.
Uninstalled the current version of the program
Rebooted the client with a power on and off
Installed a prior version that worked on the client
Ran the program and the dialog to set up the connection came up
The program did an automatic update to the current version
AnyConnect then worked
What caused the problem
We think that with the Microsoft update some registry entry or other setting was altered or removed. The re-installation of the program with the current version did not correct the issue. When we installed an earlier version the setting was correctly added or modified.
As a best practice, versions of programs and updates should be saved. With the constant updates by both hardware and software vendors the chance of a similar problem occurring are high. When it is time to solve a problem, the vendors often lack easily obtainable solutions. In our case when we talked to our providers help desk, their repsonse was that was an interesting problem and they would communicate it to Cisco if they saw several customers with the same problem. Ergo Cisco does not know the problem exists so they will not fix the offending software.
Technology Acquisition – Desktop Computer Shopping via the Internet is a way that companies and individuals get the latest technology. No longer is it the computer salesman at the office or going into a brick and mortar store.
One of the first things that we found is most of the larger companies like HP, Dell, and Lenovo have great selections of desktops. The major issue that you quickly discover is that the technology they are selling you is at least 3 to 5 years old. In some cases, the desktops and laptops are close to end of life.
A sign of the age of technology offered is the appearance of those offerings in big box stores and special sales which discount those configurations by 20% to 50% off of list prices. That is not hard to understand when you look at the business model for those companies. By the time the technology is released and made stable, the companies need to ramp up manufacturing to hit the masses. However, these same vendors will go thru “real-time” product refreshes to update to more recent technology and stay relevant – but they still are behind the technology curve.
A better solution
In our last acquisition for power desktop workstations we found a company that really stood out – Velocity Micro (VM) – https://www.velocitymicro.com. VM sells custom desktop computers that are worth a look for the following reasons:
The company assembles and stress tests 100% of the computers they sell. As an added benefit they do all of this in the U.S. That is opposed to some of the major manufacturers who send 100% of their order to China, only do power on test and then ship it to the U.S.
Ordered equipment is usually delivered in a less than 2 weeks. That is a far cry from 3 to 4 week delivery time for desktops configured in the U.S., assembled in the China, and then shipped to the customer.
VM has a dedicated support staff that is in the U.S. and has the unique ability to listen to customer requirements. The majors have preset packages that they push even they do not fit the customer’s requirements.
VM does not add “bloatware” to the computers it sells. Almost every major vendor ships computers with not only “free” software trials, but also software that ties the computer to them with preset proprietary software.
VM ships systems with a basic OS and OEM media. With that if the system OS needs to be regenerated, the user has all of the options available to the user.
The cost of the power professional workstation from VM was just over $3,000. A similar, but less powerful system from HP and Dell was configured at a cost of $4,200.
For those reasons, we strongly recommend Velocity Micro as a vendor to evaluate when looking for technology acquisition.
Cyber Currency Hacker Target as the population of Blockchain applications expands.In the last year there was a boom in malicious cryptocurrency mining. That is where cyber attackers secretly hijack the processing power of computers, servers and even IoT devices and use it to mine for cryptocurrency. While it is not very lucrative in the short term, it is stealthy and can be sustained over a long period of time. Typically it is taking very little from each PC, most users don’t even know their machine’s processor is being used to line someone else’s pockets.
Ransomware a much more aggressive approach: pay up, or risk having your files permanently locked.
Both cryptojacking and ransomware continue to be widespread threats, other attackers are quietly deploy a potentially much more damaging threat: trojan malware.
Trojan malware sneaks onto your PC by disguising itself as something else, often hidden in a malicious attachment that’s distributed with a phishing email.
Trojan attacks range from those using commodity malware, with phishing emails spammed out in bulk in the hope of scooping up victims for the purposes of stealing their login credentials, banking information or other private information. Other attacks are far more precise, targeting organisations or even individuals to gain access to specific data or information: this can be for creating a persistence presence on their network for espionage, stealing data and selling it, or loading other malware onto the system.
Experienced IT Pros Harder to find as demand rises
Experienced IT Pros Harder to find – A major research firm has just published our forecast for US tech employment and compensation (2019 US Tech Talent Market Outlook). It has some foreboding news for CIOs and for tech vendors: Tech talent will be harder to find and more expensive over the next two years.
The median salary for IT Professionals continues to rise. Currently, it is $93,077 and Janco forecasts that it will be around $95,000 by the end of this year. Experienced IT Pro harder to find as demand increases.
At the same time, they found that the supply of tech workers has largely kept up with demand. But the current data available for 2018 suggests that wage growth is starting to accelerate. This supports the finding in the latest IT Salary Survey from Janco Associates, Inc.
This acceleration poses a special threat to CIOs, who could find themselves paying premiums for certain tech roles in high demand.