« A Trio of New Videos | The Mainframe Blog Home | 2011: IBM's Centennial(ish) Year »
Is Government Part of Your Business Continuity Strategy?
Last year, Wired reported on the U.S. Federal Bureau of Investigation's raid on data centers in Texas. There have since been several developments in the story, including grand jury indictments and pending criminal trials for the alleged offenses. Nonetheless, apparently the data centers were co-location facilities, meaning that they housed the servers and equipment for multiple legitimate businesses. That didn't matter: those businesses were shut down when the FBI carted out the equipment. Undoubtedly some of those businesses never recovered.
This raid (and others like it) raises some interesting new questions about business continuity planning, disaster recovery, the possible pitfalls of co-location, and the whole idea of public "cloud" hosting. I am seeing evidence that many businesses are already considering these issues in their IT strategies, and I think more businesses should. Here are my recommendations:
- Remember that businesses must act ethically and legally, and they must have business controls in place to assure that their employees and assets are not being used for illegal purposes. Mainframes and their justifiably famous security controls and audit trails certainly have advantages in helping businesses conduct themselves properly, but they are merely tools which require competent management.
- Civil liberties tend to get debated after the fact, and slowly. But government confiscation of IT assets can occur in any country, and typically there are several agencies that can act without warning. I have heard of one case where tax authorities in an Asian country unplugged and carted away a mainframe (and other assets) in a dispute. Obviously that was an IT disaster. Understand and plan for these risks.
- Assess which business functions are critical to the company's survival and which IT assets support those business functions, end-to-end. Then protect those end-to-end assets from multiple hazards. That means not placing any of those IT components in a single public cloud or at a single co-location facility. Could a government grab a cloud provider's servers if any one of its tenants is suspected of illegal activity? Yes, apparently so. Your risk in a public cloud or co-location facility is basically the sum total of the risks each tenant brings to the facility.
- Consider keeping critical assets in two or more government jurisdictions. Many businesses have already taken this step, quietly of course and for multiple reasons.
- Use encryption smartly, and manage keys well. With mainframes that means taking advantage of encryption features in storage devices (like IBM TS1120/TS1130 tape drive encryption and DS8000 series disk encryption), in networking (for example, enabling TLS/SSL with CryptoExpress and/or CP Assist), in DB2, etc.
- Try to educate government authorities on business and technology issues, and keep them informed. In the Wired story, the FBI trusted AT&T and Verizon because those companies had sufficiently strong business controls that enabled them to alert the FBI to possible criminal activity. However, keeping government informed does not mean compromising your customers' privacy without due process.
| by Timothy Sipples | December 20, 2010 in Current Affairs, Systems Technology Permalink |
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d834521c8469e20147e0e2a197970b
Listed below are links to weblogs that reference Is Government Part of Your Business Continuity Strategy?:
Comments
Hi Timothy,
I'd like to feature this entry in an IBM Systems Magazine e-newsletter; we have a section called "Links we Love," where it would appear. Please contact me via the e-mail address above.
Thanks,
Natalie
Posted by: Natalie | Jan 6, 2011 10:42:36 AM
Naturally businesses are need to acquire their annually permission to run the business.
Government Business Grants Australia
Posted by: govern business | Jan 28, 2011 9:19:46 AM
Thanks for sharing, please keep an update about this info. Love to read it more.
Posted by: psd2html | Jun 8, 2011 6:03:31 AM
Good job, this article is just great, especially for beginners.
Thanks
Posted by: Atlanta Electrician | Jul 21, 2011 1:43:11 AM
I truly liked this excellent website. Please continue this great work. Regards from John!!!!
Posted by: Credit Card Information | Jul 21, 2011 3:32:12 AM
I'm very pleased to read your article.
Your article writing sense is very good...kept up good working.
Posted by: Native American Jewelry | Jul 21, 2011 4:42:13 AM
I really appreciate your content. The article has actually peaks my interest. I'm going to bookmark your site and hold checking for new information.
Thank you very much.
Posted by: Binding Machines | Aug 23, 2011 3:50:09 AM
What a great ability of writing this post contains.
It’s been a true pleasure to go through your post. Keep up this good working.
Posted by: Party Catering | Aug 25, 2011 2:39:44 AM
I found your blog when I was looking for a different sort of information but I was very happy and glad to read through your blog. The information available here is great.
Posted by: Botox Melbourne | Aug 25, 2011 9:10:30 AM
I will forward this article to him. Pretty sure he will have a good read. Thanks for sharing!
Posted by: Binding Machines Sydney | Aug 27, 2011 2:41:28 AM
Very good article and Great post! Thank you for sharing. I wise your best
Posted by: cellex c | Aug 29, 2011 12:36:45 AM
Anyone studied the Kaplan MBA in Australia before? I heard they are launching a new one.
Posted by: Postgraduate Courses | Aug 29, 2011 8:37:26 AM
I read your post other as well, all were good. I really appreciate the Author. Thanks for the post, it was nice. I Will Share with my friends and I know they will like it.
Posted by: Pool Builders Sydney | Aug 30, 2011 8:37:19 AM
This is the first time I am visiting this post. I have gathered much of it. Really a interesting firm things. Thanks for sharing.
Posted by: xeroform gauze | Sep 8, 2011 8:48:38 AM
I admire what you have done here. I like the part where you say you are doing this to give back but I would assume by all the comments that this is working for you as well.
Posted by: Buy facebook fans | Sep 22, 2011 9:38:57 AM
Business priories should be based on ethically defined demands of the consumers of the area. My point about the growth of business in competent environment is that try to present yourself worthy instead of pointing others as less worthy.
Posted by: Lifting Chains | Oct 5, 2011 6:16:29 AM
Very useful many thanks, It looks like your subscribers might just want considerably more information such as this continue the great work.
Posted by: sjr builders | Oct 20, 2011 9:06:38 AM
I don't have any words to appreciate this post.....I am really impressed ....the person who created this post surely knew the subject well…Thanks for sharing this with us.
Posted by: finance courses | Oct 27, 2011 5:18:07 AM
this was a good article. offered good and useful information while not being boring.
Posted by: best sunscreens | Nov 1, 2011 8:49:25 PM
My point about the growth of business in competent environment is that try to present yourself worthy instead of pointing others as less worthy.
Posted by: Bridesmaid shoes | Nov 17, 2011 5:13:20 AM
The comments to this entry are closed.
