IT Security

CIOInsight – The Heavy Cost of System Downtime

IT system outages have emerged as fairly routine issues for companies today—and the resulting downtime amounts to a five-figure financial hit every day, according to recent research from CloudEndure. The resulting “2016 Disaster Recovery Survey” report reveals that while the majority of IT professionals say they’ve set service availability goals of 99.9% (a.k.a., the industry standard “three nines” mark), far fewer say they’re capable of achieving this “most of the time.” As for the culprits? Either human error or network failures are usually to blame, not to mention app bugs, storage failures and (of course) the ever-troublesome hacker. Disaster recovery solutions would help. However, only a minority of businesses use disaster recovery for the majority of their servers.

More of the CIO Insight slideshow from Dennis McCafferty

CIO Strategy / IT Security — Comments Off
28
Jun 16

Are you mistaking a business decision for a technology decision?

For the past ten years, I’ve been talking to CIOs, CTOs and business leadership about the role technology plays in making their organizations better. And while the conversations have become more business-centric, I’m still surprised at how many times we mistake business decisions for technology decisions.

This problem is understandable; information technology is complex, and today there are 20 ways to solve a problem with technology in contrast to two or three ways to solve the same problem ten years ago. So why do we mistake virtualization for business agility, disaster recovery for risk mitigation, and leasing or other financing options for cost control?

I think it’s because many IT leaders came up through the ranks as problem solvers. We’re ready to throw out solutions before we hear the whole story. The YouTube video “It’s Not About the Nail” is a fun example of this behavior.

But technology solutions don’t address all business problems. Try to solve the problem of attracting and retaining high end infrastructure talent with software and see what happens. Implementing cloud infrastructure without considering the risks associated with the provider can end in disaster. A perfectly implemented disaster recovery scenario can sink a business if the the most critical business data is not being protected.

The simplest way to stay on track is to map all technology decisions to clear non-technical business requirements like:
• Agility
• Speed of Delivery/Time to Market
• Innovation
• Cost Control
• Availability
• Risk Mitigation
• Business Productivity/Efficiency
If you can’t map the technology to a clear business requirement, drop it.

Then ask yourself what parts of the business requirements remain unaddressed, even with the technology. Chances are, people and process issues will still need to be considered and addressed, and these are often much bigger issues that what the technology can solve.

How are the most successful companies addressing business requirements? Contact me.

CIO Strategy / Get Better / IT Security — Comments Off
23
Jun 16

HBR – Every Fast-Growing Company Has to Combat Overload

It feels horrible: You’re scaling up aggressively and working harder than ever, but with each passing day you feel more overwhelmed. Your business is a success, but you feel like a failure. You used to be able to track everything with an Excel spreadsheet, personally designed by your CFO; now you’ve got an SAP installation in its place, supported by an entire IT department. You and your founding team used to feel like members of the same small tribe; now you’re working with unfamiliar layers of staff hired from companies whose culture is not like yours. You used to know your key customers by their first names; now you know them only as averages on PowerPoint slides. Every employee used to know what made your mission special; now most of them don’t. Things are spinning out of control, and you don’t know what to do.

What’s going on? You’ve hit overload—the internal dysfunction and loss of external momentum that strikes young, fast-growing companies as they try to rapidly scale their businesses. Overload is one of the three predictable crises that companies experience as they grow. With overload everyone in the company becomes stretched and loses the focus on the customer. A helpful image to keep in mind here is that of a plate spinner. As the spinner sets more and more plates in motion (growth), he obviously has to keep them in motion. This gets harder and harder, especially if he hasn’t prepared adequately for the challenges involved. Soon what once was a satisfying process becomes a deeply troubling and threatening one (overload): plates start to wobble, and the spinner has to scramble ever faster to keep them all in motion. His mission has changed. He’s no longer thinking about serving and delighting his audience (customers). He’s just trying to manage the chaos and avoid catastrophe.

More of the Harvard Business Review post from Chris Zook

CIO Strategy / Data Center / IT Security / IT Strategy — Comments Off
21
Jun 16

Data Center Knowledge – FedRAMP’s Lack of Transparency Irks Government IT Decision Makers

Four out of five federal cloud decision makers are frustrated with FedRAMP, according to a new report from government IT public-private partnership MeriTalk. Federal IT professionals said they are frustrated with a lack of transparency into the process.

MeriTalk surveyed 150 Federal IT decision makers in April for the FedRAMP Fault Lines report, and found that 65 percent of respondents at defense agencies, and 55 percent overall, do not believe that FedRAMP has increased security. Perhaps even worse, 41 percent are unfamiliar with the General Service Administration’s (GSA) plans to fix FedRAMP. The GSA announced FedRAMP Accelerated in March.

“Despite efforts to improve, FedRAMP remains cracked at the foundation,” said MeriTalk founder Steve O’Keeffe. “We need a FedRAMP fix – the PMO must improve guidance, simplify the process, and increase transparency.”

More of the Data Center Knowledge article from Chris Burt

CIO Strategy / Cloud Computing / IT Security / IT Strategy / Uncategorized — Comments Off
13
May 16

CIO Insight – How Security Laws Inhibit Information Sharing

Third-party vendors could provide compliance services to companies and ISAOs, a likely market solution given that they already have expertise and can spread the cost among many clients.

A new report finds that although there is a need for actionable threat intelligence and information-sharing worldwide, significant obstacles exist because of data privacy and protection and national security laws. The result is a chilling effect on cross-border cooperation that must be addressed. In that spirit, the report, “Information Sharing and Analysis Organizations: Putting Theory into Practice,” by Price Waterhouse Cooper, analyzes global legal hurdles to information-sharing and offers potential solutions.

More of the CIO Insight article from Karen Frenkel

CIO Strategy / Cloud Computing / IT Security / IT Strategy — Comments Off
12
May 16

HBR – https://hbr.org/2016/05/the-impact-of-the-blockchain-goes-beyond-financial-services

The technology most likely to change the next decade of business is not the social web, big data, the cloud, robotics, or even artificial intelligence. It’s the blockchain, the technology behind digital currencies like Bitcoin.

Blockchain technology is complex, but the idea is simple. At its most basic, blockchain is a vast, global distributed ledger or database running on millions of devices and open to anyone, where not just information but anything of value – money, titles, deeds, music, art, scientific discoveries, intellectual property, and even votes – can be moved and stored securely and privately. On the blockchain, trust is established, not by powerful intermediaries like banks, governments and technology companies, but through mass collaboration and clever code. Blockchains ensure integrity and trust between strangers. They make it difficult to cheat.

In other words, it’s the first native digital medium for value, just as the internet was the first native digital medium for information. And this has big implications for business and the corporation.

Much of the hype around blockchains has focused on their potential to fundamentally change the financial services industry – by dropping the cost and complexity of financial transactions, making the world’s unbanked a viable new market, and improving transparency and regulation. Indeed, it is already having a big impact on that sector. However, our two-year research project, involving hundreds of interviews with blockchain experts, provides strong evidence that the blockchain could transform business, government, and society in perhaps even more profound ways.

More of the Harvard Business Review article from Don Tapscott and Alex Tapscott

CIO Strategy / Disaster Recovery / IT Security / IT Strategy — Comments Off
10
May 16

IT Business Edge – Setting the Right Tone for Risk Management

Without one person in an organization responsible for managing third-party risk, companies face a serious barrier to achieving effective third-party risk management, according to a new study. The study, “Tone at the Top and Third-Party Risk,” was conducted by the Ponemon Institute and sponsored by Shared Assessments, a member-driven, industry-standard body specializing in third-party risk assurance. “Tone at the Top” describes an organization’s environment, as established by its board of directors, audit committee and senior management. It is set by all levels of management and trickles down to all employees. “If management is committed to a culture and environment that embraces honesty, integrity and ethics, employees are more likely to uphold those same values,” according to the report. ”

More of the IT Business Edge post by Karen Frenkel

CIO Strategy / Data Center / Disaster Recovery / IT Security / IT Strategy — Comments Off
09
May 16

Continuity Central – Expanded NIST disaster and failure data repository aims to improve resilience

NIST has announced that data from the February 27th 2010 Chile earthquake has now been added to the NIST Disaster and Failure Studies Data Repository, providing a great deal of useful information for regional and global resilience planning.

The repository was established in 2011 to provide a place where data collected during and after a major disaster or structural failure, as well as data generated from related research, could be organized and maintained to facilitate study, analysis and comparison with future events. Eventually, NIST hopes that the repository will serve as a national archival database where other organizations can store the research, findings and outcomes of their disaster and failure studies.

Initially, the NIST Disaster and Failure Studies Data Repository was established to house data from the agency’s six-year investigation of the collapses of three buildings at New York City’s World Trade Center (WTC 1, 2 and 7) as a result of the terrorist attacks on Sept. 11, 2001. With the addition of the 2010 Chile earthquake dataset, NIST is broadening the scope of the repository to begin making it a larger collection of information on hazard events such as earthquakes, hurricanes, tornadoes, windstorms, community-scale fires in the wildland urban interface, storm surges and man-made disasters (accidental, criminal or terrorist).

IT Business Edge – IT Pros Say Wearables Their Greatest IoT Security Threat

Are we on the edge of an explosion of the Internet of Things (IoT)? It appears so, and it seems like organizations are serious about securing the IoT, according to new Gartner research. According to ZDNet, Gartner predicts that:

global spending on security for the Internet of Things (IoT) will reach $348 million this year, a 23.7 percent increase from last year’s $281.5 million spend.

As the IoT gains momentum, Gartner expects the 2017 worldwide spend to fall just shy of $434 million, whilst the 2018 predicted spend is $547 million.

It sounds like a lot of money, but Gartner says that this is a drop in the bucket when you compare it to overall security spending. The analyst group also predicts that in the next four years, a quarter of all attacks will target the IoT, well out-gaining the percentage of security dollars budgeted for IoT security.

Where will the bulk of enterprise IoT security threats be? According to new research from Spiceworks, expect that threat to be coming primarily from wearable technologies. The majority of IT professionals said their greatest IoT security concern is wearables, followed by video equipment.

More of the IT Business Edge article from Sue Marquette Poremba

CIO Strategy / Cloud Computing / IT Security / IT Strategy — Comments Off
04
May 16

CIO Insight – The Essential Requirements of a Digital CIO

Here’s another excellent Dennis McCafferty slide deck on the modern CIO.

CIOs are becoming more central to overall business strategy, and a full arsenal of soft and hard skills are needed to meet the challenge.

What’s the difference between “yesterday’s CIO” and the modern-day digital one? Digital CIOs maintain a higher profile in the corporate board room, where board members have raised their expectations of IT performance and the delivery of new, business-benefiting innovation, according to a recent survey from BT. The resulting “The BT CIO Report 2016: The Digital CIO” also indicates that, given these challenges, board members increasingly recognize that today’s CIOs must be more creative than in the past. Indeed, in assessing the “must have” qualities of digital CIOs, survey respondents were most likely to cite the need to work in a flexible manner with new business models and remaining open to new ideas/solutions, along with “soft skills” such as effectively responding to feedback and looking at situations from different perspectives. However, even with these shifting needs, CIOs still spend more time maintaining IT systems rather than looking for new solutions, but that balance appears to be reversing. “Digital transformation is under discussion at the board level, in IT and operational teams, in every organization and in every industry,” according to the report. “That’s exactly how it should be (because) the scope of what is digitally possible is uncertain

More of the CIO Insight post from Dennis McCafferty

Doug Theis Leave your comfort zone.