Tips to Make Sure Your Disaster Recovery Plan is Effective

Having access to a quality information technology infrastructure is extremely important for all businesses. If a business suddenly does not have access to its data or systems, it can be very damaging. Because of this, having an effective disaster recovery plan in place is extremely important. There are several tips to follow to ensure your IT disaster recovery plan will be effective and available when you need it most.

Create a Comprehensive Plan

One of the most important parts of disaster recovery is coming up with a disaster recovery plan. This plan should carefully consider the needs of all people in your organization. Because of this, it is important that you include as many people as possible in the process. This will help to ensure that everything that needs to be accounted for is included. You also need to make sure you have a plan for what everyone’s responsibilities are in the event of a disaster.

Be Redundant

When you are completing a disaster recovery plan, you should focus on being redundant with the more significant issues. The last thing that you would want in the event of a disaster is to not have access to your plan because something is not working. Because of this, it would be wise to backup all laptops, backup servers and other data in multiple spots and create a system for checks and balances.

Check the Plan

The most important thing that you need to do is to make sure that you are able to check your disaster recovery plan on a regular basis. Ideally, you should test your disaster recovery strategy at least once per calendar quarter. This will help to ensure that all the systems are in place and functioning properly and that the necessary people properly understand their roles in the disaster recovery process.

Project Management in IT

Software upgrade rollouts. Database and server migrations. Security protocol change implementation. Hardware replacements and upgrades.

At any given time, your IT team is facing a list of projects that need to be completed. (Even more so at smaller companies where the “IT team” is one or two people trying to play catch-up when they’re not wearing one of their other hats.) At times, projects even seem to get added to your to-do list faster than you can cross them off.

Such is the nature of virtually any modern business. Staying current on security, delivering your customers the type of experience they demand, and equipping your employees with the tools they need to succeed requires you to be every bit as proactive about technological upgrades and process improvements as you are about system maintenance and monitoring.

The days when a calendar on your wall and sticky notes on your desk were adequate tools for managing the types of projects your company demands are in the past. Today, if you are going to have any chance of staying ahead of the curve on IT projects (and hopefully, maintain your sanity), you will need to be much more deliberate about your approach, understand how to work on multiple projects simultaneously, understand the proper sequencing for projects, and ensure that you are able to complete these projects in ways that minimize interruptions to your company’s work and your customers’ experience.

There are a myriad of tools designed to help you manage technical projects. There are, of course, classic tools like Microsoft Project, which remains the solution of choice for many companies and is a reasonable standard against which to measure any other potential solution. Other companies have signed large contracts with rapidly-expanding firms offering cloud-based project management platforms to simplify collaborative management and leverage shared data. Other companies embrace open source project management systems and platforms (whether installed locally or in the cloud) to access robust functionality without making a commitment to a single vendor.

No matter what route your company decides to go, it is imperative that you approach technical projects with the degree of intentionality that these solutions are designed to support. Successful project management is dependent on defining a clear scope of work, assigning the necessary resources, carefully and accurately documenting the work that needs to be done and the work that has been done, and following through.

How Can IT’s Analytics Help with Business Forecasting?

In many companies, most departments don’t have a lot of opportunities to communicate to each other. Unless there’s a problem that involves multiple parties, only the department heads are presenting information about changes or trends. But the next time any department needs to work on forecasting, see if your IT experts can help. They have insight into a lot of valuable areas, including:

How Much Your Website Traffic Is Increasing

You need to know how many people are going to your business’s website. While Marketing may have the numbers behind visits generated through ad campaigns, they may not know the metrics behind all of the traffic. Ask your IT department for detailed information about surges in activity. This can tell you a lot about seasonality, how high traffic patterns correspond to or differ from high sales periods, and more.

If Your Technology Is No Longer Up to the Task

Even better, the IT department can tell you when high traffic surges and internal activity leads to network outages. It’s almost impossible to measure the expense of even an hour of downtime, but it can range from the tens of thousands of dollars to millions depending on the size of your company. Factor network expansions, server costs, and hardware updates into your annual budget. You should also account for the increased likelihood of hacks and malware.

How to Make Sense of the Data

Every department uses spreadsheets and data. But most departments don’t have people trained in reading that data outside of the narrow focus of their job. IT professionals, whether they focus on cybersecurity or desktop support, often have to have Excel and MySQL qualifications to get the jobs in the first place. If the raw data doesn’t make sense, turn to IT. They may also have the keys and license codes to the legacy software designed to read it.

IT departments don’t just provide anti-virus software and support. They have access to a wealth of logistical information that your business needs. Make sure they’re included in your major meetings and decisions.

Planning For IT Disaster Recovery with DRaaS

Of all the business areas, the IT infrastructure of an organization is more susceptible to the impact of disastrous events. What’s more, IT recovery can be exceedingly traumatic to a business.

IBM’s DRaaS (Disaster Recovery as a Service) – Offering Prompt Recovery from IT Outage

Analysts recommend different approaches to planning recovery from IT disasters, but IBM’s IT recovery service stands alone. IBM provides “rapid recovery”, followed by “continuous replication” of all the critical aspects of IT infrastructure. DRaaS eradicates redundancy of on-site recovery servers, and its optimized resiliency offers verifiable recovery with greater automation through end-to-end services. Besides, DRaaS facilitates business with dramatic minimization of RTO (Recovery Time Object) and RPO (Recovery Point Objective).

While it’s clear IBM’s recovery service can protect businesses from catastrophic disasters, it also offers protection from less dramatic but equally devastating disruptions. Results from this year’s IDG Enterprise Research Survey have shown ransomware attacks are climbing. While the threat to IT security is increasing, organizations can mitigate losses reducing RTO and RPO with DRaaS.

Here are some more DRaaS features that make it a powerhouse for IT recovery:

  • DRaaS can run disaster recovery tests without impeding the replication of data, while keeping costs low
  • DRaaS offers an “Alternate Work Area,” for businesses, so they don’t experience downtime due to disruptions to their locations

If you would like to learn more about IBM’s DRaaS, check out COMMON’s Webcast “DRaaS 101: Tips for Evaluating Cloud for Disaster Recovery as a Service.” Not a COMMON member? Join now.

How the Retail Industry Is Benefiting from Improved IT

Improved information technology and software programs continue to have a major impact on many different industries across the world. One industry that continues to be improved by IT services and products is the retail industry. Retail benefits in a number of different ways.

Improved Security

One of the main ways that the retail industry benefits from improved IT is through the improved security programs now available. Over the past few years, several major retailers have announced that their systems have been hacked and data for millions of consumers has been lost. Today, there are more IT security software programs and services that are geared to help retailers prevent these risks from occurring. This is accomplished through secure cloud-based networks and other systems that are challenging to access illegally.

Inventory Management

One of the biggest challenges that retailers have always had to deal with is inventory management. Those retailers that are not able to manage their inventory will often have too much of an unpopular product and not enough of the best-selling items. Today, through the use of a variety of IT programs and inventory management systems, companies are able to get better real-time inventory reports that can allow them to automatically modify orders from suppliers.

Mobile Shopping

Mobile apps are also gaining in popularity with consumers and retailers today. These enhanced applications provide a user with the ability to complete entire transactions from their phones while also ensuring that their data is going to be properly protected. This provides a more convenient and enjoyable shopping experience for all consumers. The increased use of mobile applications has also helped to reduce the need for as many brick-and-mortar stores, which has helped many retailers reduce their operating costs.

Understanding Different Disaster Recovery Strategies and Methods

Many information technology professionals come to understand that disaster recovery has several different elements. Categorizing different disaster recovery methods can help information technology departments protect what they have.

Precautionary Procedures

Disasters can strike at any time, and information technology departments need to be ready before there is any indication that one will happen. Part of the process is having solid off-site copies of important data available in several locations.

Making sure information technology departments are equipped with generators and surge protectors can also stop departments from losing massive amounts of data on a basic level. It’s also a good idea to monitor the department regularly, thus giving professionals the opportunity to recognize the warning signs of problems.

Identification of Threats

Even the most carefully maintained information technology departments will face threats eventually, and they need to be skilled at finding them. Antivirus software is used to find threats that are already in place. However, information technology departments can potentially face many different threats. Even something as simple as safety alarms can help protect these organizations.

Restorative Methods

Information technology departments have to prepare for the possibility that they will not be able to catch all threats, and this is a reality for almost all of them. Having the right insurance policies is part of the picture here, especially given the importance of data in the modern world. Working with data recovery professionals who can fix damaged systems is also important.

Departments that have all of these different methods in place, or more, will be less likely to face truly devastating problems at any point.

3 Tasks You Can Take to Improve Your IBM i’s Security and Ease of Administration

By Dana Boehler

Securing an expansive platform like an IBM i system can be an intimidating task, a task that many times falls into the hands of a systems administrator when more specialized help is not available in-house. Deciding what tasks and projects will add value, while reducing administrative overhead, is also difficult. In this article I have chosen three things you can do in your environment that can get you started in ascending order of time and effort.

1. Run the ANZDFTPWD Command

Run the ANZDFTPWD command – This command checks the profiles on your system for passwords that are the same as the user profile name and outputs the list to a spooled file. Even on systems with well controlled *SECADM privileges (the special authority that allows a user to create and administer to user profiles), you will find user profiles that have either been created with or reset to have a password that is the same as the user profile name, which could provide an unauthorized user a method for gaining access to system resources. Additionally, the command has options to either disable or expire any user profiles found to have default passwords if desired.

2. Use SQL to Query Security Information from Library QSYS2

In recent updates to the supported IBM i OS versions, IBM made a very powerful set of tools available for querying live system and security data by using SQL statements. This allows users with the appropriate authority to create very specific reports on user profiles, group profiles, system values, audit journal data, authorization lists, PTF information and many other useful data points. These files in QSYS2 are table views directly accessing the information they are querying so the data is current every time a statement is run. One of the best things about creating output this way is there is no need for creating an outfile to query from or refresh re-querying. A detailed list of the information available and the necessary PTF and OS levels required to use these tools can be found here.

3. Implement a Role-based Security Scheme

The saying used to be the IBM i OS “is very secure”, but that statement has changed to the more accurate “is very securable”. This change in language reflects the reality that these systems are now very open to the world as shipped but can be one of the most secure systems when deployed with security in mind. For those who are not aware of role-based authority on IBM i, it is basically a way of restricting access to system resources using authorities derived from group profiles. Group profiles are created for functions within the organization, and then authorities are assigned to those group profiles. When a user profile is created it is configured with no direct access to objects on the system, instead group profiles are added to allow access to job functions. Although implementing role-based security may seem like a daunting task it pays huge dividends in ease of administration after the project is in place. For one thing having role-based security in place allows the administrator to quickly change security settings for whole groups of users at once when needed, instead of touching each user’s profile. It also allows for using group profiles as the object owners instead of individual user profiles, which means the process of removing users who create large numbers of objects or objects that are constantly locked is much easier. Using role-based security also relies on group profile for authority, so the likelihood of inadvertently granting a user too much or too little authority by copying another similar user is far less likely.

These a just a few of things you can do to get started securing your IBM i. In future posts, I intend to delve into more depth, especially regarding role-based security.

Guest Blogger

Dana Boehler is a Senior Systems Engineer at Rocket Software.

Disaster Recovery and Preparing For the Worst

Disaster recovery is largely about preparation. If the correct procedures and protocols are not in place, information technology departments will find themselves losing a lot of data. All information technology departments need to set priorities when it comes to disaster recovery procedures, which will help them solve these problems with efficiency.

Making Sure All Employees Are Prepared

Information technology departments are often large enough that many different people will be involved in the disaster recovery procedures. All employees need to know in advance what they personally need to do in the event of a major disaster.

Disaster recovery needs to be part of their training right from the start, but it should also be part of the training that they receive as long-term employees.

Disaster Recovery Specialization

It is true that many employees will be involved in the disaster recovery procedures themselves. However, those procedures need to be established in advance by a committee that includes disaster recovery specialists.

Disaster recovery is complex enough in the modern world that it is possible to be an information technology professional who primarily focuses on it. People like this need to be involved in the planning stage.

Focusing On Certain Functions

Some functions will be more important than others in different organizations. Concentrating on the most crucial functions first will create the best results. This can be complicated, since some functions might be particularly important at certain points during the year and less important at other times.

As such, the specific actions of a disaster recovery team will actually vary according to the month. When the team knows all these details in advance, the results will be that much better.

Find disaster recovery and high availability videos in the COMMON Webcast Library.

IT in the Insurance Industry Now

The effects of IT in the insurance industry have been very broad. People who interact with the insurance industry at all levels will see how it has been influenced by the rise of information technology.

Customer Service

All businesses need to have high customer service standards, and it’s especially important for insurance companies to emphasize customer service. Information technology has certainly made this easier.

In the modern world, customers can purchase insurance online. For a lot of people, this is much easier than trying to do the same thing in person. This process is paperless and can be conducted from any location.

Customers can more or less manage everything related to their insurance policies online in the modern world, which makes it easier for them to work with the insurance companies in question every step of the way.

Getting New Leads

In the insurance industry, information technology is particularly important when it comes to lead generation. With modern information technology, it’s possible to generate leads on a broad level and in a particularly convenient manner.

Targeted Marketing

Information technology has also made it easier for insurance companies to target very specific demographics. People will have very different needs when it comes to insurance based on their family structure, age range, health status, and many other factors.

As such, the fact that information technology makes it even easier to reach out to groups of individuals selectively can truly make all the difference for the companies that are trying to use the money that they have set aside for marketing wisely.

Insurance Types

Cloud Technologies – Containerizing Legacy Apps

Information technologies are continually in a state of transition and organizations often need tools to help them transition from one platform to another, especially with regard to legacy apps. Many companies either still find value in these apps or simply cannot make the transition to Cloud technologies fast enough due to budgetary concerns or other reasons. For these organizations, IBM is now offering the Cloud Private platform, which allows businesses to embrace the Cloud by not only containerizing their legacy apps but also containerizing the platform itself, along with other IBM tools and many of the notable open source databases.

Providing Bridges

Through their Cloud Private platform, IBM provides the bridge between current cloud services and an organization’s on-site data mechanism. In essence, it allows a company’s legacy apps to interact with cloud data. IBM understands the value of making a platform accessible to other technologies and they used this philosophy as well with their Cloud Private tools. Whether an organization uses Microsoft’s Azure cloud platform or Amazon Web Services, IBM’s Cloud Private is flexible enough to work with both.

A Comprehensive Package

IBM’s Cloud Private platform offers a comprehensive package of tools to help companies mix and mingle their legacy apps with other cloud services and data. The Cloud Private toolset includes components for:

  • Cloud management automation
  • Security and data encryption
  • The core cloud platform
  • Infrastructure options
  • Data and analytics
  • Support for applications
  • DevOps tools

Providing a comprehensive transitioning tool, such as the one IBM developed, should help companies make the most of their investment in their legacy apps. In addition, it will provide them with the time buffer they will need before eventually making a full transition to the Cloud.