CIO Strategy

Continuity Central – The State of Enterprise Resilience: survey report

Control Risks has published the results of its latest ‘The State of Enterprise Resilience’ survey, which assesses the degree to which the concept of resilience has gained traction and become embedded within organizations.

Over one third of respondents felt that their organizations lacked the relevant skills or talent to drive corporate resilience; this is an increase of 17 percent on 2015. This is in spite of the fact that 27 percent of respondents have actively recruited dedicated resources to support the resilience agenda and 46 percent have invested in training, awareness, and communications.

Other key findings include:

ISO 22316 provides guidance on resilience programmes
62 percent of respondents were either aware of or have read the draft of ISO 22316 – the guide to organizational resilience. 92 percent of respondents agree with the core principles which focus largely on shared purpose and collaboration across functions. However, 18 percent of respondents indicated that they would not be striving to adopt the core principles, preferring instead to stick to existing processes.

The Register – Inside the Box thinking: People want software for the public cloud

Analysis On-premises file sync and share and collaboration is yesterday’s story. The future is the public cloud with dedicated software service suppliers, like Box.

File sync, share and collaboration is not a feature, but a product, best expressed as a service (SaaS) through Box’s three data centres and the public cloud, and not subsumed into part of an on-premises storage array offering. The company says it is now a content platform for the modern enterprise.

That’s the Box message and it’s working, though not dramatically, given that Box is growing and increasing its services.

Box has grown its base service with specific offerings for, for example, IBM, Salesforce, Microsoft Office, and Google Android for Work. It has also announced its Box Platform, an open API set for authentication, user management and content access.

More of The Register post from Chris Mellor

CIO Strategy / Cloud Computing / Cloud infrastructure / Data Center / Digital Transformation / IT Governance / IT Security / IT Strategy — Comments Off
10
Oct 16

ZDNet – Is the IT budget ready to power digital transformation? The journeys of four CIOs

The digital transformation is upon us, with many CIOs expected to lead the charge. These technology leaders must determine how much of next year’s budget will drive internal and external innovation to meet staff and customer needs — and we’ve found a wide variety in investment levels across different industries.

While 72 percent of CXOs report that it is ‘critical’ or ‘very important’ for an organization to turn to a digital business model, only 15 percent said their company is agile enough to build such a system, according to an August survey from Unisys and IDG Research.

Another recent study found that 52 percent of companies surveyed looked to their CIO and CTO to lead their organization’s digital transformation, but only half said they actually had a business-wide digital transformation strategy.

More of the ZDNet post from Alison DeNisco

CIO Strategy / Data center compliance / DevOps / IT Governance / IT Strategy — Comments Off
05
Oct 16

Data Center Knowledge – Hospital Pays $400,000 HIPAA Breach Penalty for Obsolete ‘Business Associate’ Agreement

HIPAA has teeth. Are your BAAs accurate and up to date?

A Rhode Island hospital agreed this month to pay $550,000 in settlements after failing to properly update business associate agreements as required under the privacy and security rules of the Health Insurance Portability and Accountability Act (HIPAA), federal authorities said.

The U.S. Department of Health and Human Services Office of Civil Rights (OCR) opened an investigation into Women & Infants Hospital of Rhode Island (WIH) after receiving a report of a data breach in November 2012.

WIH told federal authorities it had lost unencrypted backup tapes containing ultrasounds of 14,004 women, including patient names, dates of birth, dates of exams, physician names and, in some cases, Social Security numbers.

More of the Data Center Knowledge post from Aldrin Brown

CIO Strategy / Cloud Computing / Cloud infrastructure / Disaster Recovery / IT Governance / IT Security / IT Strategy — Comments Off
04
Oct 16

Continuity Central – The IT DR program: a crucial, but not well understood, aspect of disaster recovery

This is the shortest, most complete treatment I’ve ever seen of what it takes to be successful with IT Disaster Recovery. Worth the read.

While the hardware and software costs for disaster recovery are well understood many organizations do not fully realize that, in order to be assured of successfully executing the plan in the event of an outage or disaster, a comprehensive IT DR program must first be in place. An organization can have all the right IT DR hardware and software, but without a properly managed program, its efforts will fail.

Even the organizations that do have this understanding often underestimate the complexities involved in creating an IT DR program and the associated costs.

The DR program consists of the people, processes and tools necessary to implement the IT DR solution and manage its lifecycle. Because this implementation process requires considerable expertise and experience, organizations must carefully consider the costs of developing their in-house skill sets as well as those of purchasing, implementing, and maintaining their own hardware and software in house. They should then compare this expertise and the hardware and software costs to those they could access by going to a third-party managed recovery provider that specializes in providing IT disaster recovery services.

Only by understanding what goes into a full IT DR program and the complete total cost of ownership (TCO) of both an in-house versus a ‘selectively outsourced’ solution can organizations make the right choice.

The DR program consists of five processes: application mapping; developing disaster recovery procedures; test planning and execution; post-test analysis; and recovery lifecycle management. The discussion below will address what each step involves.

CIO Insight – Do IT Workers Lie About Certifications?

A surprising minority of CIOs and other IT leaders actually check to see if their staffers’ claims of tech certifications earned are actually true, according to a recent survey from TEKsystems. But they should—because many IT pros admit that they do not always report this information accurately on their resumes. The lack of verification could result in long-term consequences, as the majority of IT leaders take into account tech certifications in making decisions about the hiring, developing and promoting of their staffers. Among the certifications most in need: Those related to cyber-security, programming and development, project management and software engineering. Given that many organizations pay for these educational opportunities, CIOs need to do a better job of making sure that their employees aren’t fibbing when they indicate they’ve earned them. “(Organizations) need to be more diligent in actually verifying certifications in order to avoid getting trapped in a certification shell game,” said Jason Hayman, research manager at TEKsystems. –

More of the CIO Insight slideshow from Dennis McCafferty

CIO Strategy / Cloud Computing / Cloud infrastructure / Data Center / Digital Transformation / Disaster Recovery / IT Governance / IT Security / IT Strategy — Comments Off
28
Sep 16

CIO Insight – Why Enterprise Still Matters

In today’s economy, executives must account for market pressure while keeping focused on the evolution of innovation in technology. This new reality presents both challenges and opportunities for businesses and IT to align on IT strategy and finding balance between the desire to seek value and manage for risk. Due to the difficulty in finding this balance, business leaders are increasingly contracting with cloud-based service providers for the creation of applications, integrations and custom development, with or without the support of enterprise IT. These leads are essentially acting as CIOs by providing their own technology-led business solutions, which leads to fragmentation and delays in accomplishing business initiatives

More of the CIO Insight article from Mike Sommer

CIO Strategy / Digital Transformation / IT Governance / IT Strategy — Comments Off
27
Sep 16

Baseline – What Employees Say They Must Have From IT

Information workers are expressing frustration with what they view as a lack of tech tools and space to pursue collaboration, according to a June 2016 survey commissioned by Prysm and conducted by Forrester Consulting. The resulting report, “Digital, Disparate, and Disengaged: Bridging the Technology Gap Between In-Office and Remote Workers,” reveals that IT and facilities professionals feel that the situation is much better than information workers describe, leading to a glaring perception gap on the issue. Similarly, when it comes to having access to the “latest and greatest” technology, only a minority of information workers said they have what they need.

More of the Baseline slideshow from Dennis McCafferty

CIO Strategy / IT Strategy — Comments Off
27
Sep 16

Continuity Central – ‘Data hoarders’ putting organizations at risk: survey

Businesses’ data security, data management and corporate compliance are being jeopardised by an internal army of data hoarders, according to a recent survey. As a result, 77 percent of IT decision makers are now more concerned about the impact of data hoarding than a year ago.

The survey, commissioned by Veritas, was conducted among 10,022 global office professionals and IT decision makers to look into how individuals manage data.

Major issues highlighted by the survey include:

The digital hoarding struggle is real

The findings highlighted that IT decision makers are hoarding their digital files and saving 54 percent of all the data they create. In addition, 41 percent of all digital files created go unmodified for three or more years.

Continuity Central – The unintended consequences of risk reporting

In this article we posit three questions. The first question is: “Is it a social responsibility of companies that they undertake a comprehensive risk assessment?” The second question: “Does the notion of conscience and its application to the generation and use of risk information and information in general, create an obligation for the organization to disclose the results of the comprehensive risk assessment?” The third question: “How do the people in the organization communicate the information from the comprehensive risk assessment to stakeholders and yet preserve security and protect the organization?”

The three questions may, at first, appear simple and straightforward. However, as we dissect each, we find that there is significant complexity intertwined in these questions. While this article does not attempt to provide a rigid framework or hard and fast answers to the above questions, it is our intent to set in motion a dialogue regarding corporate social responsibility (CSR) and its relationship with governance risk and compliance (GRC) activities/obligations that form a social contract between the organization and its stakeholders.

More of the Continuity Central article from Geary W. Sikich and Joop Remmé

Doug Theis Leave your comfort zone.