IT-Toolkits.com

Hiring and keeping younger workers

webmaster — Sat, 28 Jan 2012 09:15:59 -0700

Today's young workers are extremely tech-savvy, and the technology they'll have access to is a major consideration for many as they join the workforce. Many are used to having 24/7 access to email and the Internet on their smartphones or tablets. And with extensive knowledge of the Internet and its many services, more are using Web-based applications for many of the solutions they use on a daily basis. As an employer, making sure you have the right technology on hand to both appeal to and keep your younger workers happy is an important consideration when plotting out your technology roadmap.

Keeping workers helps reduce training costs over time, and it could also help you sell your CEO on some product purchases. You know that cloud solution you're dying to implement? Well, tell the CEO about your young workforce being able to take advantage of it to work extra hours, and it might just happen. Want to bring iPads to the office? Tell the top executive that it might just improve productivity. As your company tries to find an edge in a job market filled with educated Millennials, technology could very well be the differentiating factor that helps you attract and retain a young workforce.

Cloud as an alternative to outsourcing

webmaster — Fri, 20 Jan 2012 10:33:25 -0700

CEOs at three of India's top ten outsourcing providers recently told the Times of India that they plan to "reduce on-site work by up to five percent over the next year and handle traditional onsite projects such as managing takeover of an existing outsourcing contract& through videoconferencing. (The Times did not name the CEOs or their companies.)

As the whistleblower case against Infosys, alleging that the Indian IT services provider misused B-1 visas to bring offshore staff to the U.S., heads to court later this year, it's unlikely that scrutiny of the temporary worker visa system will subside. And, as of Monday, talks between the U.S. and India intended to address these visa complaints among other issues, were called off indefinitely.

Prepare now for the inevitable effects of reductions in onshore and on-site headcount:

Conduct a Process Design Review - Make sure that essential on-site roles required for seamless operation of global delivery will be filled. Consider contract resources to handle short-term gaps, advises Amneet Singh, vice president of global sourcing for outsourcing consultancy Everest Group. Longer term, developing such skills in-house maybe a better bet. "Buyers are picking and choosing certain roles to bring back in-house," says Esteban Herrera, chief operating officer of outsourcing analyst firm HfS Research.
Invest in Change Management Efforts - Prepare users for potential tweaks in the delivery model and changes in their day-to-day working experience, says Singh, and execute an effective communication strategy to address any uncertainty in the business
Consider Nearshore Alternatives - Providers with alternate delivery locations, like Mexico, do not have the same temporary visa restrictions as a result of the North American Free Trade Agreement (NAFTA), Herrera points out. They can more easily transfer workers across borders to manage projects and knowledge transfer.
Beef Up Your Technology Backbone - Your offshore provider is likely to require more high-end videoconferencing or digitization capabilities to manage future projects. Ensure you have the right infrastructure and software to handle the proposed technology enablers of diminished on-site staff, says Singh. Also, make sure to design and execute effective internal training programs for the new tools.
Revisit Contract Pricing - If your IT service provider is planning to move on-site roles overseas, it's probably a good time to renegotiate price, but don't play hardball. Sharing the upside of sending more work to less costly locales will result in a happier and healthier relationship long-term.

Half of European companys have no Disaster Plam

webmaster — Thu, 12 Jan 2012 05:46:02 -0700

Over half of small organisations across the UK, France and Germany are operating without a formal disaster recovery plan in place, according to research.

The survey of 160 IT decision-makers found that 58% of small organisations (50-250 employees) do not have a formal disaster recovery plan, and nearly one fifth of mid-sized enterprises (250- 1,000 employees) are in the same position.

Industry differences became apparent when comparing how prepared organisations are for a potential disaster. companies within the Financial Services sector (90%), as well as those in Communications and Media (81%), have formal disaster recovery plans in place. However, a much smaller percentage of businesses in Retail & Distribution, and Manufacturing, have done the same, with less than 40% having drawn up formal disaster recovery plans.

Security Template now has electronic forms

webmaster — Sat, 07 Jan 2012 17:24:18 -0700

Security Manual for the Internet and Information Technology is over 230 pages in length. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance). In addition, the Security Manual Template PREMIUM Edition contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO 27000, PCI DSS, and HIPAA.

The policies and procedures template now has electonic forms including:

Blog Policy Compliance
Company Asset Employee Control Log
Email - Employee Acknowledgment
Employee Termination Checklist
Internet Access Request
Internet Use Approval
Internet & Electronic Communication - Employee Acknowledgment
Mobile Device Access and Use Agreement
Employee Security Acknowledgement Release
Preliminary Security Audit Checklist
Security Access Application
Security Audit Report
Security Violation Reporting
Sensitive Information Policy Compliance Agreement

Federal agencies are not spending as much as private businesses on security

webmaster — Tue, 22 Nov 2011 14:59:24 -0700

Federal agencies have budgeted $6.5 billion for security in 2012, much less on a percentage basis than other businesses and industries.

The federal government lags behind most industries when it comes to how much of its IT budgets are spent on security, pointing to a need for agencies to rethink their investments as they adopt new technologies.

Many agencies report they don't feel they have enough money to spend on security and, in general, security investments by the federal government are less than that spent by other business sectors.

In total, federal agencies have budgeted $6.5 billion for all security investments in fiscal 2012. However, the entire IT budget for the feds for that year is expected to top $81.3 billion.

Not surprisingly, the Department of Defense spends more than any other agency on security, according to the report. Its budget in 2012 for security for both legacy systems and development, modernization, and enhancement, in 2012 is $4.1 billion, according to the report, which does not provide data on total IT budgets for agencies. The Department of Homeland Security also is one of the leading security investors among agencies, having budgeted $525.7 million for security in 2012.

US Senate looking to tax Internet Sales

webmaster — Wed, 09 Nov 2011 15:45:59 -0700

The US Senate has a new bill on its agenda, The Marketplace Fairness Act, that would allow states to collect taxes on Internet sales, even when the seller does not have a physical presence in the taxing state.

In essence the bill would allow states that sign on to collect sales taxes from Web-based sellers, reversing a widespread practice of no Internet sales taxes since the beginning of the commercial Web.

The new bill would allow states to collect sales taxes from remote sellers if they sign on to the Streamlined Sales and Use Tax Agreement (SSUTA), a 12-year-old effort to meet the Supreme Court's requirements to simplify sales tax collection, or if they adopt a so-called alternative tax simplification plan.

Sponsors of the bill, similar to past efforts to allow Internet sales taxes, said the current system is unfair to small bricks-and-mortar businesses that have to charge sales tax to local customers.

Correcting Social Media Errors

webmaster — Tue, 08 Nov 2011 07:19:04 -0700

What matters first with a social media mistake is responding quickly, being transparent and demonstrating sincerity -- all of which should follow a social gaffe committed in person and in public. Social media, though, introduces complications all its own: How you've been using it all along will also affect your ability to clean up after it.

This is why what comes after the mistake is just as important, if not more so: The chance to learn why it happened in the first place and do something about it. You may find better ways to use social media because of this. If you've been spammy or thoughtless, you need to own up to that. If your audience makes good points about your shortcomings (however badly they phrase them), you need to respond to those too.

Smartphones impact how CIOs implement a secured DR infrastructure

webmaster — Sat, 05 Nov 2011 06:14:52 -0700

The world of smartphones, tablets and mobile devices is evolving rapidly and is changing the way CIOs think about topics ranging from telework to disaster recovery to information security.

CIO concerns include include:

Mobile Device Security: Before you can make your users more productive with mobile devices, you need to make certain that those devices are highly secure and remotely managed.
Custom Applications: The rapid advances in COTS smartphone technology have changed the game for creating custom, multi-platform applications that can dramatically boost your mobile users productivity.
Disaster Recovery and Emergency Response: New commercial wireless technologies can be a key part of your disaster response/Continuity of Operations (COOP) plans.
Mandated Mobile Security: While modern cellular networks provide security good enough for everyday usage, there are some situations such as when youre dealing with sensitive or classified information where you need a higher grade of information assurance for your wireless voice communications.
Mobile Resource Management: Whether youre tracking vehicles or other transportable assets, Wireless asset management systems enables CIOs to increase your asset protection and tracking capabilities and save money at the same time.
Field Force Automation: Virtually any job process that is done with paper-based forms or on unconnected terminals can be adapted to mobile handheld or tablet devices.

Small businesses have a false sense of security about Internet access

webmaster — Thu, 27 Oct 2011 09:22:40 -0700

Most small business owners believe that Internet security is critical to their success and that their companies are safe from cyber security threats: but most fail to take fundamental precautions. This is the major finding from a survey of US small businesses.

The survey found that two-thirds (67 percent) of US small businesses have become more dependent on the Internet in the last year and 66 percent are dependent on the network for their day-to-day operations. What's more, 57 percent of firms say that a loss of Internet access for 48 hours would be disruptive to their business, 38 percent said it would be 'extremely disruptive' and 76 percent say that most of their employees use the Internet daily.

The vast majority of small business owners think their company is cyber-secure as 85 percent of respondents said their company is safe from hackers, viruses, malware or a cyber-security breach and seven in ten (69 percent) believe that Internet security critical to their business's success. Additionally, a majority (57 percent) of small businesses believe that having a strong cyber security and online safety posture is good for their company's brand.

Despite this, a closer look reveals that most small businesses lack sufficient cyber security policies and training. 77 percent said they do not have a formal written Internet security policy for employees and of those, 49 percent reported that they do not even have an informal policy. More small business owners also said they do not provide Internet safety training to their employees than said they do - to a tune of 45 versus 37 percent. And a majority of businesses (56 percent) do not have Internet usage policies that clarify what websites and web services employees can use and only 52 percent have a plan in place for keeping their business cyber-secure.

At the same time, small businesses may not understand how to respond to online threats or the danger they pose. For example, 40 percent of small businesses say that if their business suffered a data breach or loss of customer or employee information, credit card information or intellectual property, their business does not have a contingency plan outlining procedures for responding and reporting it. Two-fifths (43 percent) also say they do not let their customers and partners/suppliers know what they do to protect their information.

The survey also found that 69 percent of their businesses handle customer data while about half (49 percent) handle financial records, one-third (34 percent) handle credit card information, one quarter (23 percent) have their own intellectual property, and one in five (18 percent) handled intellectual property belonging to others outside their company. When asked to rank the top concern of small business owners while their employees are on the Internet, 32 percent reported viruses, 17 percent spyware/malware and 10 percent reported loss of data. Yet only 8 percent are concerned about loss of customer information, 4 percent about loss of intellectual property and only 1 percent worry about loss of employee data, even though cyber security experts believe the loss of any of this kind of information would be devastating to a business.

Data Center Consolidation Impacts DRP and BCP

webmaster — Sun, 16 Oct 2011 14:32:29 -0700

Disaster Recovery and Business Continuity planning are impacted by Data Center consolidation that centralizes productivity applications. As enterprises reduce the overall number of data centers, consolidating remote and branch office assets in the process Disaster Recovery and Business Continuity become more critical. According to an international research firm, 41% of large organizations have consolidated most IT assets in corporate data centers, while another 34% have consolidated some assets in corporate data centers.

While this has given IT greater operational control and lower costs, it also can lead to increased risk. Each remote site that accesses the centralized data center creates a potential point of failure. If the new centralized location were to fail, all the applications and services housed therein would be unavailable and its impact - as measured in lost productivity and revenue - could be far greater.

Security threats to increase according to a University of Georgia report

webmaster — Wed, 12 Oct 2011 13:17:22 -0700

In 2012 there will be new and increasingly sophisticated ways used to capture and exploit user data, as well as escalated battles over the control of online information which will threaten to compromise content and erode public trust and privacy. In the Georgia Tech Emerging Cyber Threats Report for 2012 reportspecific issues which are expected to cause the most problems to organizations are:

The mobile threat vector - managing tensions between usability, security and scale

Mobile applications rely increasingly on the browser, presenting unique challenges to security in terms of usability and
Expect compound threats targeting mobile devices to use SMS, e-mail and the mobile Web browser to launch an attack, then silently record and steal data.
While USB flash drives have long been recognized for their ability to spread malware, mobile phones are becoming a new vector that could introduce attacks on otherwise-protected systems.
Encapsulation and encryption for sensitive portions of a mobile device can strengthen security.

Botnets - the evolving nature of adversaries, tactics, techniques and procedure

Botnet controllers build massive information profiles on their compromised users and sell the data to the highest bidder.
Advanced persistent adversaries query botnet operators in search of already compromised machines belonging to their attack targets.
Bad guys will borrow techniques from Black Hat SEO to deceive current botnet defenses like dynamic reputation systems.

Controlling information online - a new frontier in information security

Security researchers are currently debating whether personalization online could become a form of censorship.
Attackers are performing search engine optimization to help their malicious sites rank highly in search results.
The trend in compromised certificate authorities exposes numerous weaknesses in the overall trust model for the Internet.
Advanced persistent threats and the intersection of cyber threats with physical and critical infrastructure

Advanced persistent threats will adapt to security measures until malicious objectives are achieved

Human error, lack of user education and weak passwords are still major vulnerabilities.
Cloud computing and computer hardware may present new avenues of attack, with all malware moving down the stack.
Large, flat networks with perimeter defenses at the Internet ingress/egress point break down quickly in the face of advanced persistent threats.

Data loss in a cloud environment is a major issue for CIOs

webmaster — Mon, 10 Oct 2011 04:00:53 -0700

IT professionals surveyed reported that 65 percent of organizations frequently experienced data loss from a virtual environment. This represents a 140 percent increase in virtual data loss when compared to a similar survey last year.

Other key findings indicate that 53 percent of those surveyed experienced five virtual data loss incidents in the past year and 12 percent of respondents experienced data loss more than five times in the past twelve months.

Common causes of data loss from virtualized environments include file system corruption, deleted virtual machines, internal virtual disk corruption, RAID and other storage/server hardware failures and deleted or corrupt files contained within virtualized storage systems.

A virtualization data loss can be catastrophic for an organization. Determining the financial impact of a business disruption is difficult because there are both tangible factors, including productivity loss, missed sales opportunities and staff's hourly time, but also less tangible factors such as potential non-compliance penalties, damage to corporate image and weakened customer confidence.

"Successful organizations realize that any disruption within the virtual infrastructure, regardless of how small, will have an amplified impact on the business as a whole," said a manager of data recovery operations. "Virtualization contracts often claim no liability for data corruption, deletion, destruction or loss. As a result, it is critical for IT leaders and business continuity planners to proactively include a data recovery service provider in their contingency plans."

In addition to implementing virtual data centers onsite, organizations are increasingly turning to third-party cloud providers as a means of data storage. When asked about their cloud providers ability to properly handle data loss incidents, 55 percent revealed a lack of confidence. In fact, only 39 percent of respondents said their cloud provider educated their organization on how they would approach a data disaster/data recovery situation from the cloud.

Data in the cloud puts many enterprise's at risk

webmaster — Sat, 01 Oct 2011 11:40:37 -0700

Between data analytic requirements and consolidation initiatives, there is a rapid increase in the use of structured data storage, and the amount of data stored in this way. The information stored in enterprise databases is increasingly sensitive and subject to legal, regulatory and other compliance requirements. In addition, many enterprises continue to rely on inadequate network and application-layer controls, and perform only minimal monitoring on database storage infrastructure.

Steps that CIO must take

Evaluate your enterprise's current database controls to identify gaps and compensatory or mitigating controls for those gaps.
Conduct a database risk assessment, applying a balanced approach to risk management and mitigation based on risk, criticality, and regulatory and other compliance requirements.
Identify the monitoring use cases that apply to their enterprise's database infrastructure, and deploy tools to support those use cases effectively and efficiently.
Develop and communicate a clear policy specifying what database-related behaviors should be audited and why.

CIO who are paid more that $1MM are not that rare

webmaster — Fri, 23 Sep 2011 22:35:58 -0700

The federal securities laws require clear, concise and understandable disclosure about compensation paid to CEOs, CFOs and certain other high-ranking executive officers of public companies. Several types of documents that a company files with the Commission include information about the company's executive compensation policies and practices. You can locate information about executive pay in: (1) the company's annual proxy statement; (2) the company's annual report on Form 10-K; and (3) registration statements filed by the company to register securities for sale to the public.

As a part of documents that need to be filed by public corporations, the total compensation of the top 3 paid executives in these corporations needs to be published each year. From those records we have identified these information technology executives who fall in that category. This is not an all inclusive list of the highest paid IT executives but a snap shot of their compensation and other CIOs can are paid more.

What defines cloud computing

webmaster — Fri, 16 Sep 2011 08:02:39 -0700

Cloud computing is very different from traditional networks and applications. In general, a service or offering is considered cloud computing if it has at least four of these seven traits:

Internet (or intranet) accessible
A massively scalable, user-configurable pool of elastic computing resources (such as network
bandwidth, compute power, memory, etc.)
Multitenancy (one large software instance shared by many customer accounts)
A broad authentication scheme
Subscription or usage-based payment
Self-service
Location indepedent

All of these traits offer new challenges to the computer security professional, but accessibility, multitenancy, broad authentication, and lack of location specificity are the four items responsible for the biggest technology shift and demand for new security solutions.

How malware gets installed on a computer

webmaster — Tue, 13 Sep 2011 05:41:38 -0700

Common types of malware delivery mechanisms:

Software updates: Malware posts invitations inside social media sites, inviting users to view a video. The link tries to trick users into believing they need to update their current software to view the video. The software offered is malicious.
Banner ads: Sometimes called malvertising, unsuspecting users click on a banner ad that then attempts to install malicious code on the users computer. Alternatively, the ad directs users to a web site that instructs them to download a PDF with heavily-obscured malicious code, or they are instructed to divulge payment details to download a PDF properly.
Downloadable documents: Users are enticed into opening a recognizable program, such as Microsoft Word or Excel, that contains a preinstalled Trojan horse.
Man-in-the-middle: Users may think they are communicating with a web site they trust. In reality, a cybercriminal is collecting the data users share with the site, such as login and password. Or, a criminal can hijack a session, and keep it open after users think it has been closed. The criminal can then conduct their malicious transactions. If the user was banking, the criminal can transfer funds. If the user was shopping, a criminal can access and steal the credit card number used in the transaction.
Keyloggers: Users are tricked into downloading keylogger software using any of the techniques mentioned above. The keylogger then monitors specific actions, such as mouse operations or keyboard strokes, and takes screenshots in order to capture personal banking or credit card information.

Security and data breaches are on the rise

webmaster — Mon, 12 Sep 2011 04:04:37 -0700

When criminals compromise financial institutions and other corporate targets, often the victims like to keep it as quiet as possible. At least the new wave of very public assaults shines a bright light on the poor state of security. Businesses, government agencies, and educational institutions reported 50 percent more data breaches in 2008 than in 2007, exposing the personal records of at least 35.7 million Americans.

The financial consequences of such breaches can be severe. Many organizations lose customers and revenue because of the violation of trust incurred from a breach. Due to the growing number of state privacy laws, most breaches require that thosewhose information is compromised must be notified.Most organizations now pay for credit monitoringservices for several years for all those impacted by a breach these services typically cost about $100 per
person per year. And in some cases, organizationsare subject to fines for revealing personal information.

The lack of even elementary training is one problem. Another is that people don't get penalized for failure. In the vast majority of cases, neither end-users nor IT professionals face penalties for their role in a security disaster.

Disaster Planning Needs To Consider Excessive Success of Business Operations

webmaster — Mon, 05 Sep 2011 12:32:50 -0700

Changing business conditions are a double-edged sword. Almost any risk - whether it comes in the form of an opportunity or a threat - requires a response from your business. If the business responds inappropriately or too slowly, the business could lose ground to its competitors.

For example, while too much success may not sound like a threat to the business, it can become one if the business is not prepared to handle a surge in customer demand. For example, when Victoria's Secret televised a fashion show during the 1997 American football Super Bowl, the company was unable to scale to meet the ensuing demand for access to its Web site, resulting in significant performance degradation and customer dissatisfaction.

On the other hand, a disruption in business operations and services, whether from a natural disaster, a terrorist strike, a cyber attack or a simple malfunction, can seriously reduce your revenues and even do long-term damage to your brand. Industry estimates indicate that upwards of 40 percent of organizations without business continuity and recovery plans will go out of business within a few years of a major disaster.

The best response to the threat of disaster is to combine several disparate risk-management strategies into a single, integrated resilience strategy that will allow your organization to adapt and respond rapidly to opportunities, regulations and risks - in order to maintain security-rich business operations, be a more trusted partner and enable growth.

The Janco Disaster Recovery Plan & Business Continuity Template is just such a solution.

Employed IT professionals have trouble making ends meet

webmaster — Fri, 19 Aug 2011 11:38:03 -0700

A significant percentage of employees are living paycheck-to-paycheck, with a notable share of them missing routine bill payments, according to a recent survey from CareerBuilder. Even a six-figure income may not be enough to stave off bad times a surprising number of those making more than $100,000 per year are having trouble in meeting expenses.

42% employees live paycheck to paycheck
46% of females live paycheck to paycheck
38% of males live paycheck to paycheck
14% of employees who make more than $100,000 live paycheck to paycheck
6% of employees who make more than $100,000 say they cannot make ends meet
21% of professionals are making ends meet by reducing 401K contributions
34% of employees do not participate in retirement savings plans
20% of employees missed a bill payment this last year
24% of females missed a bill payment this last year
17% of males missed a bill payment this last year

Things that employees will not give up

Internet connection 56%
Driving 46%
Mobile Phone 42%
Cable TV 27%
Eating out 11%

IT service management issues that CIOs face

webmaster — Sun, 14 Aug 2011 15:25:45 -0700

The key service management business questions facing CIOs and senior IT managers today are:

What are the service management impacts with the ever-increasing technical complexity on margins and customer satisfaction?
Where are the areas where margin-improvement opportunities exist?
How can IT minimize the maintenance-contract price pressure to drive new service-revenue opportunities to the bottom line?
How does improved service management translate into a competitive advantage?
What is the future as the IT function moves from fixing problems to driving product value?
What are the challenges of off shoring support and how should the enterprise address them?

Mobile Device Security Policy

webmaster — Thu, 11 Aug 2011 12:18:11 -0700

Your organization needs to identify and develop mobile security policies to be deployed which will provide adequate protection. The level of protection has to be aligned with the level of risk that your organization is willing to accept. These policies should ensure that the many regulatory or compliance concerns that might be applicable are addressed. The mobile security policy should be integrated within your overall information security policy framework. Key elements to address in the mobile device security policy are:

Physical security of the device
Address lost or stolen devices
Acceptable uses of the device
Encryption
Password protection
Storage
Backup
Access Control
Authentication
Monitoring

Like every other security policy, your organization must regularly review its mobile device security policy, particularly after the acquisition of new mobile devices, configuration changes and in the wake of security incidents involving mobile devices.

Microsoft bad mouths US IT Programmers

webmaster — Sat, 06 Aug 2011 11:31:13 -0700

Redmond giant has been chastised for failing to take the lead when new technology rears its head or for being 'out of touch' in general. On that note, Microsoft took a bit of a hit earlier this week, when the company's general counsel lamented the shortage of good IT workers. His solution? Petition the U.S. congress to raise cap on green cards so it can import more high-tech help.

That caused a kneejerk reaction among programmers, who contend that Microsoft can't find people to fill their apparent 4,551 job openings because they limit their searches to younger, less expensive workers. The idea that older programmers lack modern skill sets (in cloud and mobility for example) has tempers flaring as well, with many doubting that their younger counterparts wield them either. "I doubt the ones they are bringing over on H-1B visas necessarily have those skills," said the communications director for WashTech, an affiliate of the Communications Workers of America, "They give them a three-week crash course and then call them a Java programmer."

Defining a successful CIO

webmaster — Mon, 25 Jul 2011 08:01:54 -0700

In order to be successful CIOs need to keep their eyes on the horizon and fostering innovation. Regardless of each CIOs style, there are essential actions that CIOs can take.

CIOs must deliver on meeting business operational objectives - Organizations that demand high-performance IT need CIOs to focus on managing essential IT activities and getting information to decision makers faster and more accurately. The business expects CIOs operating with a mandate to concentrate about half of their efforts on the fundamentals of delivering IT services.
CIOs must focus on delivering quality services - CIOs focused on cross-enterprise growth continuously tune business processes and internal collaboration to gain tighter integration. Like all CIOs, those working with an expand mandate are responsible for the fundamentals - a well-run digital infrastructure that offers data security, integrity and system availability. Yet, they must also continually refine operations to optimize efficiency and seek substantial competitive advantage with the help of IT.
CIOs must look into the future and be ahead of the enterprise's competition - CIOs look beyond the boundaries of the organization to simplify business processes and generate real-time insights up and down the value chain. Organizations that operate with a mandate expect IT, more than anything else, to be a provider of industry-wide solutions to support business. CIOs need exhibit an entrepreneurial spirit and enable the radical redesign of products, markets and business models. CIOs are seen as critical enablers of the organization's vision and focus on delivering fundamental IT services or business process efficiency.

Compliance versus security

webmaster — Sat, 16 Jul 2011 04:48:42 -0700

Regulatory compliance is an important corporate initiative as the complexity and scope of the regulatory environment continues to increase. Coupled with the rise in cyber attacks and insider threats, organizations are now searching for a more effective, sustainable, and scalable approach that will achieve their compliance objectives while improving the overall security posture of the organization.

The mandatory nature of regulatory compliance, combined with specific and quantifiable penalties for non-compliance, has directed a large portion of overall security spending toward compliance efforts. It is hard to argue with this objective, because the goal of compliance spending is to protect corporate profitability and avoid increased costs from non-compliance and possible brand damage. However, when security projects are focused solely on meeting a minimal set of audit criteria rather than minimizing risk, much of the potential benefit of this funding is wasted.

The challenge for security teams is to ensure that security expenditures are directed toward a comprehensive risk mitigation program aligned to the risk tolerance and business objectives of the organization. Allowing the "accredit and forget it" approach to drive security priorities is like cramming for an exam. You may pass the exam (or the audit), but you are unlikely to retain the benefits you would have gained from careful study and planning. Passing an audit for PCI DSS, for example, is a good achievement. But even PCI DSS, considered one of the most prescriptive mandates, is only a minimum security standard and does not guarantee protection against data breaches. Case in point: Both Heartland Payment Systems and T.J. Maxx had achieved or were achieving PCI compliance when their systems were breached by a global identity theft ring, resulting in two of the largest breaches of credit card data in history. Ask yourself: Does compliance drive your security program without always improving security?

Clouds impact on CIOs and IT departments

webmaster — Tue, 12 Jul 2011 06:48:51 -0700

CIOs have to deal with business managers who hire the equivalent of several IT departments using a credit card and their normal operational budgets. In fact, 65 percent of all business mangers maintain an IT budget of their own -- carved from their normal operational budget -- for SaaS or cloud services they can buy directly, rather than going through IT.

What does this mean to IT jobs? Some statistics give an indication:

By 2014, one-third of all IT organizations will be providing cloud services to business partners rather than providing IT internally.
By 2015, spending on public cloud services (including SaaS) will make up 46 percent of all new IT spending. SaaS will make up three-quarters of that spending, giving SaaS and cloud providers the leading role in vendor relations with your company.

Security policy basics defined

webmaster — Sun, 03 Jul 2011 12:27:25 -0700

Solid security starts with a written document. A valid and sufficient security ploicy exists only when it is documented and implemented. A written security policy is the foundation upon which a viable real-world security infrastructure is based.

The areas that should be included are:

Acceptable Use Policy defines what are and are not an allowed activities on company premises, with company equipment, and when using company resources. It often defines actions that are specifically prohibited, such as accessing pornography, pirated content, or running a side-business. These prohibitions are enforced with consequences in the event an employee is found in violation.
Privacy Policy clearly defines what is and is not private when working on company equipment or when on company property. There are a variety of laws and regulations that address privacy. When privacy protection is legally mandated, a company must enforce and protect privacy in compliance with the regulations. Some organizations choose to grant additional privacy beyond that mandated by law.
Password Policy defines the minimum length of a password, the types of characters allowed or required in the password, minimum and maximum age of the password, and the prevention of password re-use. The password policy might also include account lockout parameters which define the number of unsuccessful logon attempts granted before an account is temporarily or permanently disabled.
Disposal and Destruction policy defines when and how to get rid of stuff. There is always waste to be disposed of in every organization. Whether coffee grounds, sensitive printed documentation, or old storage devices, there needs to be a plan other than just tossing it in the bin.
Storage and Retention Policy defines ata such as customer information, financial history, auditing data, etc., must often be retained for years or indefinitely. It is important to thoroughly plan out the technology, storage location, and security of the process of backing up and storing this information.
Incident Response Policy addresses: preparation, detection, containment, eradication, recovery, and post-mortem review. The goal or purpose of this policy is to minimize downtime, reduce loss, and improve availability.
Change Management Policy includes installation of new software, updating device drivers, application of patches, modifying configuration, and even physical reorganizations.
When change is not controlled and monitored, then security is at risk. A change management policy imposes a procedure to evaluate, test, and approve changes before they are allowed into the production environment.
Firewall Policy dictates and defines how firewalls are to be implemented throughout the infrastructure.

Disaster Planning and Server Consolidation

webmaster — Sat, 18 Jun 2011 07:14:23 -0700

The cutting edge of virtualization technology may have set its sights on virtual PCs, unified network fabrics and other esoteric applications, but server consolidation remains the primary driver for most data centers. In fact, only a handful of enterprises have begun the process of virtualizing their server farms, according to most recent surveys, although the pace is likely to pick up as energy costs and competitive pressures drive organizations to increase performance even while paring down their hardware infrastructures.

But as those who have already taken the virtual plunge have no doubt realized, consolidating servers is not just a matter of powering up the virtualization layer and then pulling equipment out of racks. There is a long list of factors to consider with any centralization project and a wide range of land mines that need to be avoided to prevent service failures. One of the main concerns is the resiliency of remaining hardware.

Best practices for records management

webmaster — Sat, 04 Jun 2011 09:44:38 -0700

Records Management best practices include:

Policies and Procedures for creating and storing records in both paper and electronic format that are demonstrably supported by an organizations executives, including the Chief Executive Officer, Chief Financial Officer, Chief Information Officer, Chief Legal Counsel, and Chief Compliance Officer
A thoroughly documented Records Retention Schedule that lists Records Series (categories) and the expected retention period in months and years (based on legal, regulatory, and best practices research)
An organizational File Plan that lists primary records types by functional unit so that information can be located without dependence on any one employee
A Vital Records Program that identifies and protects those records that are critical for immediate restart of an organizations business processes following a disaster
A Records Management Implementation and Training Program that works with identified Records Coordinators in primary functional units to train them in the policies, procedures, workflow, and systems required to assure quality recordkeeping occurs
Increasingly, the presence of a dedicated hardware/software electronic records system repository so that employees have a place to store personal computer files, electronic mail messages, and any other electronic documents for long term retention based on a formally defined Records Retention Schedule and business rules
Periodic Audits to assess the clarity of procedures, effectiveness of training, and that provide an enforcement vehicle

Will CISCO cut H1-B employees before it cut American citizens?

webmaster — Thu, 02 Jun 2011 10:21:21 -0700

Cisco Systems begins what may be the biggest round of layoffs in its history.Cisco is one of the biggest sponsors of H-1B visas in the country. The question many are asking will they cut American citizens ahead of H-1B workers strictly in the interest of cost savings.

According to Reuters, it is estimated CISCO will eliminate up to 4,000 jobs in coming months. That would represent 4 percent of Cisco's 73,000 permanent workers. It also has an undisclosed number of temporary contractors. Cisco cannot point to bad market conditions or a weak economy as excuses for wielding the ax to its payroll. Instead, Cisco CEO took responsibility for mistakes in managing Cisco, saying it needs to focus on its core businesses and be more disciplined about expanding into new areas. Cisco said that it planned to trim its workforce as part of a plan to cut some $1 billion in costs from its annual budget.

Security tokens a costly issue

webmaster — Sun, 29 May 2011 16:27:20 -0700

When it comes to IT security, it is easy to simply stick with what you know. However, the threat landscape and the needs of your users are rapidly changing, and technology must evolve even more quickly to stay ahead of them. This paper addresses five critical factors all IT buyers should consider before renewing or extending their security token implementation and presents phone-based authentication as not only a more secure, but also a cost-effective and user friendly alternative.

Don't make a vital mistake by overpaying for outdated authentication technology. With all of the new legislations, there are more security requirements that need to be met. Requirements like Sarbanes-Oxley, HIPAA, PCI-DSS, and ITIL, are primary concerns of CIOs as executive management is depending on IT to have the right security policies and procedures in place.

Records management requirements

webmaster — Thu, 26 May 2011 11:09:44 -0700

Are you confidently up to date on the recent changes to recordkeeping management? Test your knowledge:

Do the new I-9 rules affect how you handle immigration records?
How does the Lilly Ledbetter Fair Pay Act change the retention requirements for your payroll records?
What's the general retention rule of thumb you can safely apply to almost any HR record?
How long must you retain: applications, resumes, FMLA certifications, payroll records, safety records and much more?
Are you officially overdue for reviewing your files to ensure all employee information is up to date?
Your recordkeeping duties change when you "reasonably anticipate" litigation. But what does THAT mean? And which records must you retain in such cases?
70% of corporate records are stored electronically. Do you know the new Federal Rules of Civil Procedure for storing and deleting company e-mails?

What makes a good CIO

webmaster — Thu, 19 May 2011 16:22:10 -0700

What separates a rookie from a pro?

Rookies learn by trial and error. Pros have an actionable plan about what to say and how to act.

Whether youve been in a leadership role for a while, are new to it, or have it as one of your career goals, you know that one of the biggest challenges all leaders face is to be taken seriously.

Disaster Recovery / Business Continuity is Not the Place to Cut Costs

webmaster — Sat, 14 May 2011 06:45:20 -0700

In today's business environment, many enterprises are looking for way to reduce their expenses by cutting overhead. Often this takes the form of reducing headcount, particularly in areas that are regarded as ancillary or non-core components of the enterprise.

Disaster Recovery and Business Continuity often are placed in that category and, as a result, can be an early casualty of many cost-cutting programs. Whether it is an internal Disaster Recovery and Business Continuity team losing staff members, or a part-time Disaster Recovery and Business Continuity manager with less time to spare from the day job, Disaster Recovery and Business Continuity programs can be neglected and will quickly become out of date and ineffective, particularly in a rapidly changing organization. As anyone who has ever had to manage a Disaster Recovery and Business Continuity event knows, there are few things more useless than an out of date Disaster Recovery and Business Continuity plan.

Of course, it is hard to make a case for Disaster Recovery and Business Continuity at a time when core functions are under pressure, but maybe that is just when it should be on the radar even more than usual. With share prices shaky and credit hard to find, the last thing any organization needs right now is the damage to its reputation and credibility that could arise from failing to effectively manage a high profile disruptive incident.

Arguably, during a recession companies are at their most vulnerable, which makes it the worst time to neglect anything, which contributes to resilience or reduces risk. However, if an organization is under financial pressure, how can it square the circle and achieve those reductions in overhead costs while still maintaining the effectiveness of its Disaster Recovery and Business Continuity program.

Big Brother is closer

webmaster — Thu, 12 May 2011 09:29:52 -0700

The 9th U.S. Circuit Court of Appeals in California ruled last year that using a GPS tracker was no different than physically trailing a suspect in public and that such surveillance was not protected by the Fourth Amendment so a warrant was unnecessary. The court protected federal agents even if they placed the device on a suspect's car which was parked in his or her own driveway.

In a different case last year, a federal appeals court in Washington D.C. ruled differently, insisting that collecting data from a GPS device from a person's car amounted to a search and required a warrant. Even though prosecutors argued that the device collected information that anyone on the street could obtain by following the suspect, Judge Douglas Ginsburg disagreed, noting that the GPS tracker's persistent, nonstop surveillance was different from physically tracking a suspect. Unlike one's movements during a single journey, the whole of one's movement over the course of a month is not actually exposed to the public because the likelihood anyone will observe all those movements is effectively nil.

Centralization, consolidaton, and virtualization can save Feds $18 billion

webmaster — Wed, 04 May 2011 08:06:42 -0700

The federal government can save $18 billion by virtualizing and consolidating government data centers.

This $18 billion amount comes from a new study about the government's own IT network. The report claims that $18 billion saved could pay the entire IT bill for the departments of Homeland Security, Veterans Affairs, Social Security Administration, Health and Human Services, and the Interior -- for an entire year.

The report is entitled "Federal Data Center Consolidation: Measure to Manage Report". It offers a status update on federal data center consolidation progress, an outline of the challenges federal agencies face, and recommendations on the optimal path forward.

Janco advises CIOs to manage the tablet surge

webmaster — Fri, 29 Apr 2011 08:42:23 -0700

With the recent introduction of the iPad 2, Motorola Xoom, RIM PlayBook, and new versions of the Samsung Galaxy Tab, tablet mania is taking the enterprise by storm.

A major research fim estimates that 69.8 million media tablets will be shipped in 2011, and analysts and forward-thinking tech managers say it's time for IT execs to do more than simply take notice of that surge.

As with the iPhone before it, the iPad is cropping up in all corners of the enterprise, brought in by C-level execs, sales folks and worker bees who purchased the device for personal use and, now hooked, are hungry to use it on the job.

Regardless of whether staffers work on their own tablets or are given corporate-issued gear, the influx means IT needs a systematic approach for managing, tracking, securing and supporting these devices, just like they do for any other corporate computing platform.

Specifically, Janco Associates advises CIOs to do the following:

Craft or amend usage policies to enforce security best practices for tablets, including use of multilevel passwords and device certificates, and the ability to remotely wipe the device if it is lost or stolen.
Establish tiered access to network resources to secure critical data and applications.
Re-architect application delivery mechanisms.
Determine what levels of support IT will provide, depending on whether units are owned by the employee or the company.

Cloud computing key to DR VC plans

webmaster — Wed, 06 Apr 2011 15:42:26 -0700

Tuned, pretested DR support capabilities and services are now helping midsize company managers reduce the risks of an extended business outage due to disaster, and at more reasonable costs than ever before. Today, it is possible to put in place disaster recovery technology and practices that may cost less per user supported than older technology that did not support DR.

Cloud computing is one possible answer to the need for such flexibility,providinga highly automated,dynamic alternative for the acquisition and delivery of IT services.Today users are tapping into public and private clouds for computingresources and services without having to address the underlying technology.Companies are leveraging the massive scalability and collaboration capabilities ofcloud computing to solve problems in ways that just werent possible before.Theyare deploying new services with greater speed and without additional capitalinvestment.As IT budgets continue to be stretched,cloud computing is enablingCIOs to do more with less.Virtualization,standardization and other fundamentalfeatures of cloud are lowering the cost of IT,simplifying IT service managementand accelerating service delivery.

Such operational efficiency is helping companies capitalize on the globally net-worked world.It is enabling CIOs to leverage the infrastructure more effectively tosupport the business goals of their company.By lessening the drag on data centerresources,cloud computing is enabling IT to hone in on real value creation,namely innovation.Rapid,technology-enabled innovation is vital to staying afloatin a highly volatile and uncertain economy.Cloud computing provides the platformfor optimizing operations while creating and delivering the kind of innovative serv-ices that differentiate and propel the business forward.

These new DR implementations have provided some midsize companies with the means to avoid shutdowns when and if their IT centers go offline - reducing expected disaster-induced outage hours (downtime) per year. Importantly, research shows these implementations can reduce costs by more than 35% compared with unprepared centers using older technology.

Advanced processes and technologies can ease the backup process, introduce more automation into the data replication process, and enable IT staff to protect more applications with restart and recovery capabilities.Executives of midsize businesses may wonder how to prepare for the possibility that a calamity could wipe out their IT operations. The words "disaster recovery" (DR) evoke images of the earthquake in Japan, or flooding in Chicago and Japan - events that took businesses of all sizes offline.

However, it's important to know that many business-disrupting outages result from causes far less dramatic than natural disasters. Everyday events - such as construction crews cutting through a power line, an air conditioning failure, a network provider interruption, or a security issue - can take systems offline. These interruptions happen more than most midsize business managers expect and with increasingly critical impact, as customers become more accustomed to accessing online information and placing orders online.

Ensuring business resilience requires IT managers to understand, budget andplan for the critical differences in DR approaches called for in virtualizedenvironments.

Remote worker and branch office security made easier by Janco

webmaster — Fri, 25 Mar 2011 15:03:50 -0700

The number of companies that have remote workers or branch offices is constantly growing. This expansion comes alongside greater use of the Internet for communication and collaboration. Typical examples of branch office IT deployments are retailers, travel agents, petrol stations or local sales offices.

The IT requirements at each location can be basic, and IT management skills at these branches often do not exist. However, the typical branch office environment needs often the same functionality as the head office when it comes to security - firewall, VPN, IPS, web and email security are all just as important to remote workers as those at headquarters.

Support and security of such branch office environments can be a significant challenge if not approached correctly. The primary challenges are deploying the same level of security to all branch offices and implementing security policies in an efficient way. The Security Manual Template addresses all of these needs.

Time To Revisit Disaster Planning

webmaster — Sun, 20 Mar 2011 14:12:06 -0700

Japan's tragedy reminds us of why disaster recovery planning is so critical for all business records and electronic data

Strategies for safeguarding business records and electronic data from devastating earthquakes, hurricanes, floods, fires, or other natural or manmade disasters should be reevaluated.

In the wake of recent events, thousands of people suddenly found themselves homeless, seeking refuge in public shelters and often being relocated to other cities and states. Paper records were destroyed, and survivors seeking medical treatment in the aftermath of the hurricane were often forced to rely on memory to reconstruct their and loved ones' medical histories, medication lists, drug allergies, immunization history, and other important information.

At the same time with companies in the global supply chain, found that they could not recover because of the loss of faclities and power.

Infrastructure to support DRP and BCP

webmaster — Wed, 16 Mar 2011 06:36:11 -0700

Enabling business continuity, reliable disaster recovery, and ongoing access to applications and data for employees, partners, and customers is critical. Failed applications can lead to lost data and lengthy recovery times, and can negatively affect the company's reputation\ and profitability.

While most companies employ some backup processes, they are difficult to test. Planned downtime for activities such as hardware maintenance either impacts business operations or must be done after hours. Small and midsize companies need proven methods for backing up and restoring systems while minimizing downtime.

Why are Disaster Recovery and Business Continuity Not Current and In-Complete

webmaster — Wed, 09 Mar 2011 03:59:14 -0700

There are plenty of partial, outdated, or ineffective disaster and business continuity plans out there - why is it so difficult to get it right?

Data collection: How do you collect the data for the disaster and business continuity plan in the first place? There is no one single source for everything you need, particularly if you are trying to integrate relevant external information such as support dates, power consumption, etc. Every vendor delivers this information in different formats, different frequencies, and different vehicles - ranging from data sheets to websites to release notes.
Data inconsistency: How do you handle the inherent inconsistencies in data? For example, OS version numbers are often conflicting; vendors change their product names or renumber versions over time, etc. Normalizing the data (making it adhere to consistent rules and categories) is a cumbersome task and the accuracy and consistency of the data needs to be reassessed at every step.
Categorization: If you want to categorize the information in the disaster and business continuity plan, you have to create the taxonomy (or hierarchical categorization) for the industry data. This alone is a significant task, there are many ways to slice and dice the universe of technology products, and no standards have been defined within the IT industry to define this information in a consistent manner.
Manageability: Any extensive technology disaster and business continuity plan is a large and complex data store. A spreadsheet is insufficient for storing and managing rich structured data for thousands of products and vendors. The disaster and business continuity plan should be able to track and maintain the complex relationships between technologies and categories (parent/child relationships, one-to-many mappings, and so on). Developing an appropriate, extensible data store is a complex undertaking.
Maintenance: As soon as you have finished the disaster and business continuity plan, you have to start updating it. The Information Technology industry is constantly changing, which means that your work is never done. If you go through a massive effort to produce a disaster and business continuity plan for a single business function, the value of that investment is lost if you cannot keep it up to date.

CIO and IT role in disaster recovery and business continuity planning and execution

webmaster — Thu, 03 Mar 2011 12:46:16 -0700

Business Continuity Planning is about more than IT and technology based systems. The CEO and executive staff must define what business processes need protection and the appropriate response, the CIO and IT have several innate characteristics that make them well suited to disaster planning and implementation.

Project planning: CIO and IT are accustomed to implementing new technology in a controlled fashion, giving experience in understanding and planning for the impact of change for maximum success.
People/Process/technology relationship understanding: Two areas in which having an understanding of this relationship are key to success. The implementation of new technology often changes process. Changes in process change the ways people interact with information systems. From advanced computers and applications to systems that allow physical building access, the CIO and IT understand the people/process/technology relationship better than any other team in the company. The CIO and IT also have an understanding of how supporting systems are critical to the delivery of, and access to primary information systems. From Active Directory and DHCP to routers and firewalls, the CIO and IT understand the key systems and the order in which they must be restored to deliver a complete service. This understanding facilitates business continuity and restoration.
Experienced in recovery management: In complex IT environments, something is usually broken or has a problem. The CIO and IT have the experience to quickly identify the problem, understand the impact and respond appropriately to the issue. This experience is vital in the high stress and dynamic environment of managing a disaster event.

Risk Management is focus of ISO 31000-2009

webmaster — Tue, 01 Mar 2011 13:01:01 -0700

ISO has announced that ISO 31000:2009, the new international standard for risk management, has been published.

Entitled 'ISO 31000:2009, Risk management - Principles and guidelines', the standard provides principles, framework and a process for managing any form of risk in a transparent, systematic and credible manner within any scope or context.

The standard recommends that organizations develop, implement and continuously improve a risk management framework as an integral component of their management system.

At the same time, ISO has published 'ISO Guide 73:2009, Risk management vocabulary', which complements ISO 31000 by providing a collection of terms and definitions relating to the management of risk.

All organizations, no matter how big or small, face internal and external factors that create uncertainty on whether they will be able to achieve their objectives. The effect of this uncertainty is risk and it is inherent in all activities. It can be argued that the global financial crisis resulted from the failure of boards and executive management to effectively manage risk. ISO 31000 is expected to help industry and commerce, public and private, to confidently emerge from the crisis.

ISO 31000 is a practical document that seeks to assist organizations in developing their own approach to the management of risk. But this is not a standard that organizations can seek certification to. By implementing ISO 31000, organizations can compare their risk management practices with an internationally recognized benchmark, providing sound principles for effective management. ISO Guide 73 will further ensure that all organizations are on the same page when talking about risk.

Prediction for CIOs and IT Focus

webmaster — Sun, 27 Feb 2011 16:10:42 -0700

An internationally known research firm has has issued IT predictions for the future:

Critical infrastructure will be disrupted and damaged by online sabotage.
New revenue generated each year by IT will determine the annual compensation of most CIOs.
Information-smart businesses will increase recognized IT spending per head by 60 percent.
Tools and automation will eliminate 25 percent of labor hours associated with IT services.
20 percent of non-IT Global 500 companies will be cloud service providers.
90 percent of organizations will support corporate applications on personal devices.
80 percent of businesses will support a workforce using tablets.
10 percent of your online "friends" will be non-human, meaning they will be automated social software.

On the jobs front, the most interesting of these has to be No. 2, that the CIO's salary will be tied to new revenue generated by IT. That assumes that IT is a profit center, rather than a cost center for the business in the not to distant future.

Mistakes Made by CIOs and CTOs

webmaster — Fri, 18 Feb 2011 11:28:50 -0700

CIOs and CTOs that fail typically commit 3 out of the 5 fatal errors. These errors are:

Cutting staff without thinking about the impact on the staff that remain
Choosing a vendor based on price without taking into consideration the quality and knowledge loss
Eliminating contactors and 3rd party service providers who have unique experience and knowledge of the enterprises IT functions and operations
Waiting too long before upgrading software, network and hardware
Consolidating space for equipment and people without considering the ramifications of the complexity of the consodidation

Many IT Pros Do Not Understand Security Risks and Costs

webmaster — Sun, 13 Feb 2011 00:24:06 -0700

InfoWorld - A broad spectrum of IT people, including those close to security functions, appear to have little awareness of key security issues impacting their organizations, a new survey shows.

The survey, which polled 430 members of the Oracle Application Users Group (OAUG) conducted by Unisphere Research and sponsored by Application Security Inc. included directors and managers of information technology, developers and programmers, database and systems administrators, systems architects, and analysts and professionals from the HR and financial functions.

About 22 percent of respondents claimed to be extensively involved in security functions, 60 percent claimed a limited or supporting role, and the rest said they were not involved with security at all. About 100 respondents belonged to companies with more than 10,000 employees.

What the survey showed was a surprising lack of awareness of security issues among the respondents. For instance, just 4 percent admitted to being fully informed about security breaches within their organizations. About 80 percent of those who said their organizations had suffered a data breach in the past year were unable to tell which IT components might have been impacted by the breach.

There appeared to be even less knowledge or acknowledgement of the costs associated with a data breach. Nine out of 10 of those who said their organizations had been breached said they had no idea of the resulting costs to their companies.

More than 53 percent said they had no idea about the budgets allocated for security spending, or were not privy to the data. One out of three respondents expressed a lack of understanding of security threats, while more than half expressed the belief that security efforts were being constrained by a lacking budget.

Cloud platforms give users varying degrees of control

webmaster — Wed, 02 Feb 2011 16:51:52 -0700

Different models of cloud computing have various ways of exposing their underlying infrastructure to the user. This influences the degree of direct control over the management of the computing infrastructure and the distribution of responsibilities for managing its security.

Software as a Service (SaaS) model - most of the responsibility for security management lies with the cloud provider. SaaS provides a number of ways to control access to the Web portal, such as the management of user identities, application level configuration, and the ability to restrict access to specific IP address ranges or geographies.
Platform as a Service - allow clients to assume more responsibilities for managing the configuration and security for the middleware, database software, and application runtime environments. The Infrastructure as a Service (IaaS) model transfers even more control, and responsibility for security, from the cloud provider to the client. In this model, access is available to the operating system that supports virtual images, networking, and storage.

Organizations are intrigued with these cloud computing models because of their flexibility and cost-effectiveness, but they are also concerned about security. Recent cloud adoption studies by industry analysts and articles in the press have confirmed these concerns, citing the lack of visibility and control, concerns about the protection of sensitive information, and storage of regulated information in a shared, externally managed environment.

Egyptian closure of Internet effects many high tech firms

webmaster — Mon, 31 Jan 2011 08:16:25 -0700

Over 120 companies in Cairo's smart valley are impacted by the closure of the Internet by the Egyptian government.

Egypt's move to block Internet access prompted Microsoft to respond. Microsoft said it "is constantly assessing the impact of the unrest and Internet connection issues on our properties and services. What limited service the company as a whole provides to and through the region, mainly call-center service, has been largely distributed to other locations."

Another tech firm with a presence in Smart Villages is Hewlett-Packard, which has asked it employees to stay at home. A partial list of other impacted compaines includes: 3 Developers, Abu-Ghazaleh Intellectual Property - AGIP, Advanced Applications Technologies, Advanced Computer Technology, Advanced Project System Company, Advice consultancy, Al Montada, Alcatel-Lucent, Amwal Al Arabia, Arab Bank, Arpuplus, Auraporta Middle East, AuraPortal Middle East, Bank of Alexandria - Intesa San Paolo Bank, Banque Misr, Basharsoft, Beltone Financial Holding , Biblioteca Alexandrina, Cairo Software Services, Carlyle, Center for Documentation of Cultural & Natural Heritage - CULTNAT, Chamber of Information Technology, CI Capital Holding, Citadel Capital, Commercial International Bank - CIB, Commerze Bank, Comptel, Compume, Consumer Protection Agency, Convergys, Corplease, Damlag, Data Charging and Policy Services, Datanil, Delta Group, Delta Rasmala Securities, E-Learning Competence Center, E-Marketing, EastNets-Egypt, Economic Research Forum, EFAD Real Estate, EFG Hermes Holding SAE, Egypt Post, Egypt Stock Exchange, Egyptian Company for Electronic Systems Development-NPC, Egyptian Competition Authority, Egyptian Financial Supervisory Authority-EFSA, Egyptian Supervisory Authority EFSA, Eitesal, El Borg for development and real estate investment, Engineering Consultants Group- ECG, Ericsson, ESLSCA (Ecole Superieure Libre des Sciences Commerciales Appliquees), Etisalat, Expert Investement, Federation of Egyptian Chamber of Commerce - IT Division, Finlink, First Capital LLC, Future Group, Global Development Network, Good Life Insurance Consultation, HC Securities, HP, Hongkong and Shanghai Banking Corporation - HSBC Egypt, Huawei, IBM, Icann, Information Technology Export Community-ITEC, Information Technology Industry Development Agency - ITIDA, Inotek, Intel, IT Synergy, Kern Egypt, Link Investment & Real Estate Development, Mahindra Satyam, Mahindra Satyam, MGM Financial & Banking Consultants Co, Microsoft Egypt, Millenmed, Ministry of Communications and Information Technology-MCIT, Mobinil, Naeem Holding, National Bank of Egypt, National Investment Bank, National Telecom Institute, National Telecommunication Regulatory Authority - NTRA, Nile University, Nile Ventures, Nokia Siemens Networks, Online Modern Solutions, Ontrack, Optumatics, Oracle, Ossama Badawy, Palm Hills Developments, Piraeus Bank, Prime Group , Purple Digital House, RAC, Salec, Samatel, Sarie-Eldin & Partners, Smart Village Real Estate Investment Company - SVREICO, Social Fund for Development, Software Engineering Competence Center - SECC, Surv fund, Synergy Consulting, Systel, Tadawol, Tagipedia, Tarek Nour Communications - TNC, TE Data, TEA Computers S.A.E., Technological Incubation Program, Technology Development Fund - TDF, Technology Innovation and Entrepreneurship Center-TIEC, Technopark, TecPlus, TekTrust, Tele Med International, Telecom Egypt, The American University in Cairo, The Egyptian Exchange, The Egyptian Insurance Supervisory Authority, The Information Technology Institute, Tribal Fusion Co., Valeo, Vodafone, Wipro, Wunderman, Xceed , and ZTE.

Cloud Computing is on the Rise

webmaster — Sat, 29 Jan 2011 12:20:25 -0700

While the cost of advanced storage solutions continues to decline, costs like power and cooling, to say nothing about management complexity, can make life more difficult and expensive for IT operations. The growing number of sophisticated workloads can make it tempting to "throw more iron at the problem," but IT professionals are increasingly adopting the following alternative approaches:

Server virtualization, which keeps physical server counts at manageable levels even as the need for workload-specific servers is addressed

Cloud computing and software as a service (SaaS), which provide access to advanced capabilities delivered online rather than resident onsite

Server proliferation has not been a problem for small businesses, where the average number of servers continues to be fewer than five. For midsize firms, though, server counts move into the teens and beyond as firms grow. Unlike small businesses, which have continued to add more servers over the past three years, midsize firms have actually had a slight decrease in the average number of servers they use. Virtualization is the answer, of course, with more
than half of the midsize firms surveyed indicating that at least one of their physical servers is virtualized. Server virtualization helps with power and cooling costs, of course, but also facilitates effective management as well as the opportunity to expand server resources without new hardware.

Cloud computing is also being deployed with increasing enthusiasm by midsize firms, with roughly 18% of firms having some cloud resources in place and another 18% planning to add cloud capabilities in the next 12 months. In theory, this means that one-third of medium-sized businesses could be relying on cloud computing in the next 12 months.

What do CIO need to do to update Disaster and Business Continuity Plans

webmaster — Thu, 13 Jan 2011 16:54:12 -0700

Businesses are increasingly dependent on uninterrupted operations and increased storage, but traditional capacity-based methods such as tape backup, duplication, vaulting, and others don't efficiently scale across a distributed enterprise. In addition, companies find they have too much data to protect, and that an effective disaster recovery strategy is too important to neglect.

Also, as neither budgets nor backup windows are growing, a re-think on data protection architectures and recovery approaches is necessary. CIOs must have:

A comprehensive approach to enhancing data protection and disaster recovery
Increase replication and backup throughput and reduce bandwidth requirements
Identify systems to be protected and identify critical interdependencies
Develop strategies that include cloud storage for backup and archive