12/06 - Business Continuity

The concept that refers to planning and preparation of a company to overcome serious incidents or disasters and resumes its normal operations as seamlessly as possible. Granted some organisations are happy just to claim insurance or restore from old backup technology such as tapes, but this approach still renders greater downtime and can present a very bad image to customers who may no longer be able to access the services they require for their own business to run. A worst case scenario of ICT failure of a single business entity can have a flow on effect across all stakeholders both suppliers/customers and could possibly see more then one business entity fail entirely. It is irresponsible not to have a business continuity plan in place.

Committo likes to work independently with Vendors to find the right fit solution for customers. Their are two vendors that appeal to us in being able to provide a complete business continuity solution.

Veeam, a market leader in the space, often seen as the number 1 vendor of ‘Backup, Recovery and Archiving’ software. Veeam solutions are generally more customisable then competitors, and have tight integration with most leading server OS’s. Committo’s Veeam solutions are a better fit for customers that are looking to work closely with a local partner and want to be close to the management of the solution. Committo utilises a local top tier data centre that meets government standards for the protection of data privacy, to store Veeam Backups and Restore functionality. It is also good for those customer that may wish to extend their DR (Business continuity environment) into a fully production based cloud IaaS model.

Our other choice of provider is Datto, recently Committo have spent some time exploring the other vendor solutions, and we  can see the value in an all-in-one DR (Business Continuity) device. We hold the viewpoint that it is effectively comparable to hyper converged infrastructure where all components are optimised and streamlined in way to deliver a high performing IT virtual infrastructure. Datto’s value proposition is to provide a device that is optimised and streamlined solely for backup/restore and archiving. You simply drop the device into the infrastructure configure, and Datto take care of the rest.  Backup up occurs to the data centre in Sydney. In the event of an emergency Datto technicians handle the situation, and Committo simply provides a first level of support.  Datto may not be the best choice for customers looking towards the longer term option of Infrastructure-as-a-Service (IaaS), as there would be more complexity involve in doing a migration project back to Committo’s Data Centre. There is also the question of whether a closer local relationship is more suitable to your way of doing business.

28/05 - Privacy Law Update

The Data Privacy Laws are still the hottest topic in Tech now. Committo were at another security event (we like to attend a few), in which the context of the new laws was discussed as really being about pushing business to invest in security. That is what the Governments of the world are essentially trying to do.

The European GDPR is quite comprehensive and effectively covers any customer data gathered from customers, even website visitors that are European. The standards are high and so are the possible fines if ones breaches the regulations. Businesses can be liable up to 20 Million Euros. The laws are in effect as of the 25/05. So if there is any doubt about how secure your European customer data is, now is the time to check in with a professional for help.

This is an important topic to consider, as data is collected at all points of the network. Signing privacy agreements does not stop data ending up in the wrong hands. The difference is now that there are steeper penalties in place for those that mishandle data. It remains that our network security is only as good as the trust and faith we place in the providers we choose to protect us.

The Government can only regulate and punish those that are found to be doing the wrong thing. The individual must think carefully and maintain vigilance on the data we use day to day in our jobs and raise any concerns quickly if we think data maybe slipping out unnoticed. A program of continually adaptation to possible threats is also time an individual/organisation should set aside for thinking about because we live in an age of constantly evolving technology security threats.

15/05 - Tech News

Part of working at Committo, is getting involved with local vendor events. Most recently we have been working with Blancco to build out some service offerings for Data Erasure and E-waste removal for customers. They kindly invited us to a recent event on the new Data Breach laws.  The key take away from this is that organisations must report any event where private data has been exposed to an unauthorised party. What is not clear is exactly what constitutes a notifiable breach, and that some necessary steps can be taken to mitigate the need to report the event. Say an employee sends an email out to the wrong marketing list, if there are reasonable steps that can be taken to fix the the leaked data. Maybe by getting the receiver of the email to write a statutory declaration that the data has been wiped and they will not use it for any purposes then that may satisfy the mitigation requirements and thus not need reporting. Whatever the situation might be Committo is here to either help your organisation plan for and/or mitigate the risk if an data breach event occurs. So if your unsure please contact us and we can help.   

Why do we use a professional Data Erasure tool like Blancco which is more expensive then some of the others ? Because it has support for all devices including mobile and types of HDD (spinning disk or SSD). It will also provide a certified verification of erasure which meets many of the standards of many commercial security compliance audits carried out by industry. It guarantees a safe complete disk erasure and offers multiple erasure algorithms for specific devices and situations. Please do not hesitate to reach out to us if this is an area of concern for your business.

Another important item of reflection is the campaign surrounding net neutrality. There is a last ditch attempt to maintain net neutrality laws imparted by Barrack Obama in the US. The current ruling is that Net Neutrality will be remove on June 11th this year. This means ISP's have the freedom to block, or slow down traffic to sites of their choosing and speed up access to sites that in most case will likely pay for it. This makes it harder for the little guys to be seen or heard, and supports big businesses manipulation of news and media, delivering on a focused agenda of Corporate domination of public thought, reducing access to a societal cross section of free speech to be heard.