Is your data center ready for the coming zombie apocalypse? Data center designers generally do a good job preparing for conventional risks, like earthquakes, fires, floods and hurricanes, but if your disaster recovery plan doesn’t include provisions for dealing with the undead, your risk mitigation strategy has a gaping hole. Data centers are a natural refuge from zombie hoards, but only if you prepare in advance.
Unlike conventional disaster recovery (DR)/business continuity planning (BCP), zombie preparedness has a unique set of goals beyond data protection and business resumption. RPO/RTO goals go out the window when there’s a geek chewing on your skull. I generally recommend hiring a zombie specialist to develop your zombie survival plan (ZSP) but there are steps you can take on your own.
Start with establishing the goals for your ZSP. For most organizations, ZSP goals will fall into 5 categories
Containment – Keep the zombies out
Endurance – Stay alive until the zombies are gone
Sustenance – Don’t go hungry
Eradication – Kill every zombie you find
Repopulation – Breed new humans for the continuation of the race
A good ZSP is measurable and testable. Data centers are used to measuring availability and power usage effectiveness (PUE). Your ZSP needs a similar metrics program. A best practice is to assign weighted values to your ZSP goals, measure them quarterly, and report to executive management on your composite zombie protection effectiveness (ZPE) score. (read more…)
Occasionally, I find a simple solution to a complex problem that works better than expected. Office of Foreign Assets Control (OFAC) compliance can be difficult. OFAC is the treasury department responsible for, among other things, enforcing the PATRIOT ACT and Terrorism Sanction Regulations regarding blocking financial transactions with suspected terrorists. Basically, OFAC requires you to compare your client list regularly to the published terrorist watch lists. If you find a match, you are required to stop doing business, freeze the money, and contact the Feds.
The hard part of OFAC compliance is matching your clients to the watch list. OFAC publishes a list onÂ a regular basis, but the list is not exactly user friendly. Complicating matters is the fact that the list contains lots of Mohammeds, Usamas, and John Smiths. Most names on the list also have dozens of aliases. Obviously, not everyone named Mohammed doing business with you is a terrorist, so how do you distinguish the good from the bad? (read more…)
The problem with all these articles is that they don’t provide links to the actual rules published by the court. Since I have no life, I searched the Supreme Court’s website for the published rules. The new rules (http://www.supremecourtus.gov/orders/courtorders/frcv06p.pdf) were released by the Supremes last April. Based on my reading, there is both good and bad news in the rules with regards to e-discovery.
(Legal Disclaimer: I am not a lawyer; Do not rely upon my opinions; When in doubt hire a real lawyer and make sure he’s a good one; I am not responsible if you rely upon my analysis.) (read more…)
I wrote this paper last year on document retention & compliance with regard to e-mail systems. Sarbanes-Oxley section 802 has created a small nightmare for IT managers, and there is precious little information for what 802 really means. I wrote this paper as a guide for designing a system that would satisfy the worst case scenario. SOX 802 carries big financial penalties as well as jail time for company officers. If you are an IT manager of a public company, this paper will serve as a good starting point. It is written with a vendor neutral approach.
If you are looking for a compliance solution for e-mail, I highly recommend Hewlett-Packard’s RISS/RIM product suite. Symantec’s Enterprise Vault is also a good product, although in my experience it does not scale well beyond 1 data center. If you find this paper useful, drop me a comment and let me know how you are dealing with e-mail & SOX.