Forrester BlogsBusiness TechnologySecurity & Risk Professionals

Traditional Disaster Recovery Services Are Dead

Posted by Stephanie Balaouras on August 6, 2008

  • 214 Recommendations
Stephanie Balaouras

Stephanie Balaouras

If you still subscribe to fixed site recovery services using shared IT infrastructure from the likes of HP, IBM BCRS, or SunGard, among others, you will quickly become a dinosaur in the next 1 to 2 years.

These types of shared infrastructure services involve lengthy restores from tape and a recovery time objective of 72 hours, at best. Plus, you'll be lucky if you recover at all because chances are, you've had trouble scheduling a test with your service provider and it's been a LONG time since the last one, if indeed you’ve ever tested.

72 hours recovery just doesn't cut it anymore. And frankly, understanding your provider's oversubscription ratio to shared infrastructure to determine the risk of multiple invocations, or attempting to negotiate exclusions zones and availability guarantees is a time suck. Most companies are either taking DR back in-house or, if they still rely on a DR service provider, they are using dedicated infrastructure.

Read more

Categories:

Upping The IPS Ante

Posted by John Kindervag on July 30, 2008

  • 202 Recommendations
John Kindervag

My colleague at Forrester, Chris Silva, recently commented upon the recent Air Defense acquisition by Motorola.  Looking at the deal through the security lens, I completely agree with Chris that this will help ease integration of wireless security into wireless infrastructure.  It's good to see one of the major wireless brands step up and take wireless security seriously.  Perhaps that other major wireless vendor will get the hint...

Upping The IPS Ante


Motorola announced this week its intentions to acquires Wireless IDS/IPS vendor AirDefense.
The acquisition may provide a bit of deja vu to readers who recall the
acquisition of Network Chemistry's wireless IDS/IPS assets by Aruba
Networks in 2007.

Read more

Categories:

A Culture of Compliance

Posted by Chris McClean on July 18, 2008

  • 193 Recommendations
Chris McClean

Chris McClean

Read more

Wireless as Fashion

Posted by John Kindervag on July 14, 2008

  • 207 Recommendations
John Kindervag

As a security guy, I’ve spent a lot of time thinking about the security ramifications of wireless connectivity.  Wireless has evolved from a single protocol, 802.11b, to a veritable alphabet soup loosely defined as "Mobility."  We now have 11a/b/g and maybe n, Bluetooth, RFID, CDMA, Wi-Max, and a bunch of other stuff that all provides wireless access, often without even a thought of security.  As people scramble to have the latest, coolest, most connected devices in the company, they are tossing security right out the window.

Read more

Power Outages Are A Major Risk That Most Companies Overlook

Posted by Stephanie Balaouras on July 10, 2008

Stephanie Balaouras

Stephanie Balaouras

TechCrunchIT reported today that a Rackspace data center went down for several hours during the evening due to a power grid failure. Because Rackspace is a managed service provider (MSP), the downtime affected several businesses hosted in the data center.

When companies think of disaster recovery and downtime, they typically think of catastrophic events such as hurricanes, tornadoes, and earthquakes. What companies don't realize is that the most common cause of downtime is power failures. In a joint study by Forrester Research and The Disaster Recovery Journal of 250 disaster recovery decision-makers and influencers, 42% of respondents indicated that a power failure was the cause of their most significant disaster declaration or major business disruption.

Read more

Categories:

Deduplication Hits The Mainstream

Posted by Stephanie Balaouras on June 26, 2008

  • 220 Recommendations
Stephanie Balaouras

Stephanie Bottom line for IT Infrastructure and Operations professionals? Your next purchase of a backup-to-disk appliance or backup software will have integrated deduplication functionality, given the slew of announcements from all the major storage players. It’s no longer just pioneering vendors Data Domain and Diligent beating the deduplication drum — it’s all the major storage vendors.

 

 

In addition, based on the direction of NetApp, you need to start thinking about how the rest of your storage environment would benefit from integrated deduplication functionality like your VMware environment (server and desktop) or end-user home directories.

 

 

NetApp plans to introduce integrated deduplication technology in its NearStore VTL some time this year. In the meantime, the company is promoting the availability of deduplication on its production FAS storage systems and touting the huge benefits of deduplication in VMware environments.

 

 

Read more

Categories:

Cisco's Path In Entitlement Management

Posted by Andras Cser on June 13, 2008

  • 256 Recommendations
Andras Cser

Andras Cser

While waiting for the pan-out of the Cisco System's acquisition of Securent, I can't help but wonder how Cisco is going to develop the Securent technology in its future products. Will the Securent policy engine (PDP) be used 1) as a main point for policy management and enforcement for network equipment, OR 2) will they continue using the product along the 'Securent-intended' path: enforcing fine grained application level policies by integrating policy enforcement points into applications, OR  3) managing fine grained authorizations on the network layer (without the need to open up applications), similarly to BayShore Networks, Autonomic Networks, and Rohati Systems? Without a comprehensive identity and access management offering (IAM), Cisco will probably be fit best to do 1) and 3) described above. This seems most consistent with Cisco's background and culture.

Categories:

Can Moody’s solve your third party assessment problem?

Posted by Khalid Kark on May 28, 2008

  • 212 Recommendations
Khalid Kark

Khalid Kark

Moody’s recently launched their Vendor Information Risk (VIR) ratings service. The main objective of this service is to reduce the overall burden of conducting risk assessments for organizations, as well as their service providers. The whole idea being that if Moody’s can do a risk assessment on behalf of multiple subscribers, it can make the assessment process a lot more efficient.  The service provider will not have to go through multiple assessments and the subscribers will share the cost, and therefore have a much lower price point.

Many CISOs I talk to are sick of performing third party risk assessments; it takes up valuable time, is expensive, and most importantly, pulls resources away from doing actual security work within the company. On the other hand service providers are also having a hard time keeping up with these assessments. A compliance manager at a large service provider estimated that they responded to over 300 audit requests in 2007, and that number would be around 400 in 2008. Thus, a service like this could potentially save millions of dollars for service providers and subscribers.

Read more

Categories:

VMware Advances DR Preparedness

Posted by Stephanie Balaouras on May 12, 2008

  • 238 Recommendations
Stephanie Balaouras

Stephanie

On May 12th, 2008 VMware announced that nine storage replication vendors have tested and certified their technology with VMware’s long awaited Site Recovery Manager (SRM) offering. SRM is an important step forward in DR (DR) preparedness because it automates the process of restarting virtual machines (VM) at an alternate data center. Of course, your data and your VM configuration files must be present at the alternate site, hence the necessary integration with replication vendors. SRM not only automates the restart of VMs at an alternate data center, it can automate other aspects of DR. For example, it can shutdown other VMs before it recovers others. You can also integrate scripts for other tasks and insert checkpoints where a manual procedure is required. This is useful if you are using the redundant infrastructure at the alternate data center for other workloads such as application development and testing (a very common scenario). When you recover an application to an alternate site, especially if your redundant infrastructure supports other workloads, you have to think about how you will repurpose between secondary and production workloads.  You also have to think about the entire ecosystem, such as network and storage settings, not just simply recovering a VM.

Essentially, VMware wants you to replace manual DR runbook with the automated recovery plans in SRM. It might not completely replace your DR runbook but it can automate enough of it. So much so that DR service providers such as SunGard are productizing new service offerings based on SRM.

Read more

Categories:

Syndicate content