by

Six Email Continuity Mistakes – and How to Avoid Them

The 2014 Atlantic Hurricane season is in full swing through November, putting your organization – and mission-critical systems, like email – at sudden risk of exposure to tropical storms, floods and fires.

Ask yourself: When was the last time you tested your business continuity plan? If the answer is one year or longer, you risk significant network downtime, data leakage and financial loss. According to Gartner, depending on your industry, network downtime can typically cost $5,600 per minute or more than $300,000 per hour, on average. Don’t wait for disaster to strike. Treat email like the critical system it is, and avoid making these six mistakes that could jeopardize business continuity – and your job.

Combat downtime during hurricane season by planning ahead.

Combat downtime during hurricane season by planning ahead.

  1. Not testing your continuity solution. You’ve devised and implemented what you believe to be a solid continuity solution, but you’ve not given it a production test. Instead, you cross your fingers and hope when (and if) the time comes, the solution works as planned. There are two major problems with not testing your plan from the start. First, things get dusty over time. It’s possible the technology no longer works, or worse, maybe it was not properly configured in the first place. Plus, you might not be regularly backing up critical systems. Without testing the solution, you’ll learn the hard way that data is not being entirely backed up when you perform the restore. Second, when it comes to planning, you need a clear chain of command, should disaster strike. If your network goes down, you need to know who to call, immediately. Performing testing once simply is not enough. You need to test your solution once a year, at a minimum. Depending on the tolerance of your business, you’ll likely have to test more frequently, like quarterly or even monthly.
  2. Forgetting to test fail back. Testing the failover capabilities of your continuity solution is only half the job. Are you prepared for downtime that could last hours, days or even weeks? The ability to go from the primary data center to the secondary one – then reverting back – is critical, and this needs to be tested. You need to know that data can be restored into normal systems after downtime.
  3. Assuming you can easily engage the continuity solution. It’s common to plan for “normal” disasters like power outages and hardware failure. But in the event of something more severe, like a flood or fire, you need to know how difficult it’s to trigger a failover. Also, you need to know where you need to be. For example, can you trigger the fail over from your office or data center? It’s critical to know where the necessary tools are located and how long it’ll take you or your team to locate them. Physical access is critical. Distribute tools to multiple data centers, as well as your local environment.
  4. Excluding policy enforcement. When an outage occurs, you must still account for regulatory and policy-based requirements that impact email communications. This includes archiving, continuity and security policies. Otherwise, you risk non-compliance.
  5. Trusting agreed RTP and RPO. In reality, you’ve got to balance risk and budget. When an outage happens, will the email downtime agreed upon by the business really stick? In other words, will the CEO really be able to tolerate no access to email for two hours? And will it be acceptable for customers to be out of touch with you for one day? The cost associated with RTO and RPO could cause a gap in data restore. If you budget for a two-day email restore, be prepared that during an outage, this realistically means two days without email for the entire organization. As part of your testing methodology, you may discover that you need more or less time to back up and restore data. It’s possible that, as a result, you may need to implement more resilient technology – like moving from risky tape backup to more scalable and accessible cloud storage.
  6. Neglecting to include cloud services. Even when you implement cloud technologies to deliver key services, such as email, you still have the responsibility of planning for disruptions. Your cloud vendor will include disaster recover planning on their end to provide reliable services, but mishaps – and disasters – still happen. Mitigate this risk by stacking multi-vendor solutions wherever possible to ensure redundancy, especially for services like high availability gateways in front of cloud-based email services, or cloud backups of key data.

With the proper testing and upfront business continuity preparation, you can significantly reduce – or even prevent – email downtime, data leakage and financial loss after disaster strikes.

by

Big Data: Focus and Practicality Now Vital

It’s been years in the making and has had its fair share of media hype, but according to Gartner’s August ‘Hype Cycle Special Report for 2014‘ the concept of Big Data has now entered its aptly named ‘Trough of Disillusionment’.

It's been years in the making, but according to Gartner's August 'Hype Cycle Special Report for 2014' the concept of Big Data has now reached the point where we're now in the 'Trough of Disillusionment'.

It’s been years in the making, but according to Gartner’s August ‘Hype Cycle Special Report for 2014′ the concept of Big Data has now reached the point where we’re now in the ‘Trough of Disillusionment’.

And it’s not Gartner alone. Talk to industry stalwarts and a clear message comes back – the honeymoon is over. No longer is it a positive buzzword in meeting rooms. It’s becoming tangible…real people with real salaries and real job titles are now associated with the discipline of managing and making the most of a company’s big (or small) data, both locally and in the cloud.

We’ve come to realize there are a number of opportunities for big data and it’s management, as outlined in IBM’s August report titled ‘The New Hero of Big Data and Analytics‘. In it, a new C-suite role is outlined, along with five areas are a Chief Data Officers (CDOs) can optimize and innovate in:

  1. Leverage: finding ways to use existing data.
  2. Enrichment: existing data is joined up with previously inaccessible (fragmented) data either internal or external.
  3. Monetization: using data to find new revenue streams.
  4. Protection: ensuring data privacy and security, usually in collaboration with the Chief Information Security Officer.
  5. Upkeep: managing the health of the data under governance.

It’s a great list of general outcomes for those who manage data to plan around over the coming years, but what might be even more useful is a planning framework to help develop these plans now.

Obviously this framework will evolve, and to some extent there will be a degree of trial and error as organizations try to wrangle increasingly large data-sets. But I thought it’d be useful to make some suggestions for considerations against these outcomes. So I’ve come up with some key questions to gather information to help in the CDOs strategic planning. Answering yes to most, if not all of these questions is a good indication a CDO in your organization would have a beneficial business impact.

  1. People: as mentioned in IBM’s report – is the CDO’s office a guiding, enforcing authority? Is the office fully aligned to the business and scalable? Are the skills available appropriate? Is the business giving the CDO authority or permission to operate?
  2. Compliance: not just with regional and industry regulation but with the company culture.
  3. Intelligence: how can the right information reach the right people in a digestible form that catches their attention? Does the information remain useful throughout its lifecycle?
  4. CIA: Confidentiality, Integrity and Availability. The triangular cornerstones of any information security policy, no less important. Can your CDO guarantee data CIA, and have board level authority therein?
  5. Technology: which technology providers can help support these outcomes today, and well into the future? Does the chosen technology scale in line with the parabolic growth of data, or is it linear or worse, unpredictable?

It’s by no means a definitive list, but we hope it helps stimulate the conversation around this emerging discipline of curating data to a commercial end. I look forward to sharing ideas with our customers and partners on this over the next few months. And as always, I’d appreciated any comments under this post.

by

The Dangers of Convenience

We live in an always-on, digital world. Information is at our fingertips. Mobile devices are pervasive.

Interactive websites, allowing users to comment on posts, and social networking are de rigueur. All these things encourage us to consume—and share—information continuously and often without regard for the consequences. Criminals are increasingly using this information, often detailed about personal lives, to their advantage in social engineering exploits that specifically target individuals and that attempt to exploit the trust that they have in the technology, applications and websites that they use.

Ransomware was distributed through Dropbox, with attackers demanding users pay a ransom to have their files, which have been encrypted and are hence unusable, returned to them.

Ransomware was distributed through Dropbox, with attackers demanding users pay a ransom to have their files, which have been encrypted and are hence unusable, returned to them.

In recent years, consumers have flocked to file sharing sites that allow them to upload and share very large files such as photos and videos with friends and family. Seeing just how convenient such sites are, many users are increasingly adopting their use for business purposes as well, using them to upload information so that it’s available to them from any device that they wish to use, wherever they are. It has been recognized for some time that this creates security risks for organizations regarding sensitive data being placed on file sharing sites that are outside of the control of the IT department—often without their knowledge. Bloor Research has recently published research that discusses the problems surrounding unsanctioned use of file sharing sites in organizations and that provides pointers as to what organizations can do to provide employees with the convenience and flexibility they demand, but in a way that safeguards sensitive information and shields them from the perils of data loss.

But a relatively new problem with the use of file sharing sites is currently in the news. Criminals are turning to the use of such sites for hosting and spreading malware and viruses. In one such campaign, the Dropbox file sharing service has been targeted, with an estimated 500,000 users affected. In this case, ransomware was distributed, with attackers demanding users pay a ransom to have their files, which have been encrypted and are hence unusable, returned to them. It’s believed the attackers have so far netted $62,000 from this campaign alone.

Such attacks have been known about for some five years or so, but appear to be increasingly common. Just this month, an emerging practice came to light in terms of using file sharing sites for high-value, low-volume attacks against high-profile, lucrative industries that include banking, oil, television and jewelry businesses. Discovered by Cisco, these attacks are attributed to a group calling itself the “String of Paerls” group, which has been flying under the radar or security researchers since 2007, constantly changing their tactics to avoid detection.

These attacks highlight the problems many organizations are facing with the use of consumer-oriented services. Many organizations are still grappling with the issue of controlling the deluge of personally owned devices that are connecting to their networks—often outside of the purview of the IT department—as well as the use of cloud-based services by individuals or particular business units, many of which are not officially sanctioned by the organization. Now there is further evidence that they must add control of consumer-oriented file sharing services into the mix—not just to guard against the loss of sensitive information, but to prevent them being used as another vector for attacking the organization.

There are options available to IT that allow them to offer the same levels of convenience to users, but in a way that can bring back control over who is sharing what and with whom. Some of these options are discussed in the research published by Bloor Research referenced above. Centralized control and high levels of security are paramount. They must also be as easy to use as the consumer-oriented services employees are already used to if they are to gain widespread acceptance.

Today’s generation of consumers and employees demand convenience and the freedom to work as they wish. But that convenience brings many dangers to organizations if they cannot control where sensitive information is being posted or transferred, and who is accessing it, or guard against the dangers employees might be exposing the organization to through the use of unsanctioned services. There is a fine line to be tread between ensuring employees are satisfied and productive, and guarding the organisation from malicious exploits and data loss that could dent their revenues, brand and reputation.

by

Welcome to Number 10. Mimecast Presents to UK Prime Minister and Guests

Thursday mornings don’t get more exciting than this. Yesterday I was asked to represent Mimecast at a briefing hosted at Number 10 Downing Street by the UK Prime Minister, David Cameron.

We were one of only ten UK technology companies invited to speak to an audience of leaders of some of the world biggest companies and other members of the Government – the event was called ‘Pitch 10’. The goal was to showcase the strength and talent of the UK tech scene. It was great for Mimecast to be recognized again for our work in this way and to join other inspiring companies carving their own paths as innovators and businesses.

Mimecast at a briefing hosted at Number 10 Downing Street by the UK Prime Minister, David Cameron. We were one of only ten UK technology companies invited to speak to an audience of leaders of some of the world biggest companies and other members of the government – the event was called ‘Pitch 10’.

Mimecast at a briefing hosted at Number 10 Downing Street by the UK Prime Minister, David Cameron. We were one of only ten UK technology companies invited to speak to an audience of leaders of some of the world biggest companies and other members of the Government – the event was called ‘Pitch 10’.

My brief was pretty simple. Come and tell us about the company and what you have achieved.

Firstly I’d say that this event, and others, show that the UK tech scene is something to be admired. It’s a vibrant and diverse community of innovators and business people right across the country and from around the world. London’s Tech City gets a great deal of the press and plaudits of course but it was good to see firms from other parts of the UK represented.

As those who follow us closely will know we’re a cloud email, security and archiving business. So job number one was to explain our view about the criticality and primacy of email in business.

When you take a moment to think about it you realize quickly that we all rely on email. Email is the communications and data backbone of all organizations large and small, private or public sector. It underpins our communication, collaboration and decision making. It carries our ideas, insights and knowledge. It stores and exchanges contracts, orders and business commitments.

Because of this, managing, storing and protecting email (and the valuable data it contains) is a critical consideration for IT teams. This is where we come in. We help customers move to the cloud and solve three critical challenges beyond the mailbox.

We help them:

- Protect their organization by improving email and data security from the growing volume and sophistication of security threats they face every day.

- Ensure their business carries on when the primary email service is out of action with our continuity services.

- Archive the rapidly growing volumes of email communication and associated data safely in the cloud, and off their own on-premise infrastructure.

Now traditionally organizations have put several independent systems on their IT infrastructure to address these email needs, adding considerable cost and complexity. Mimecast’s secure cloud platform enables organizations to protect their corporate email and data; move these security, continuity and archiving services off their own IT infrastructure safely to the cloud, and decommission these additional systems, freeing budget and resources for other priorities.

I’m pleased to say that the reception to our story was very warm and supportive. We’re proud of what we’ve achieved for our customers. We also see a great deal more opportunity and chance for innovation still to be grasped.

So as probably the world’s most famous front door shut behind me, it was straight back to our offices in The City in London and back down to the day job.