Archive for April, 2009

« Older Entries

Kevin Mitnick Speaks About IT Security

Wednesday, April 29th, 2009

Kevin Mitnick is a reformed computer hacker who now provides security consulting

Kevin Mitnick is a reformed computer hacker who now provides security consulting

I had an opportunity to attend a very large IT health care show up in Chicago awhile back and I was surprised to discover that Kevin Mitnick, the somewhat infamous computer hacker, was scheduled to give a speech.

Now even though I don’t move in computer security circles that much, I know about Kevin Mitnick. I know about him because I read Tsutomu Shimomura’s book Takedown: The Pursuit and Capture of Kevin Mitnick, America’s Most Wanted Computer Outlaw-By the Man Who Did It. If you’ve never read the book, I can recommend it. In a nutshell, Mitnick was a hacker who had evaded capture until he ticked off Shimomura who is a computer security pro. After he did that, Shimomura went after him with a vengeance and eventually helped the authorities catch him and send him to jail.

Now here in America, we all enjoy a good comeback story and that’s basically what Kevin’s been living. He has reinvented himself as a computer security consultant and by all accounts appears to be making a very nice living for himself.

Kevin Mitnick's Business Card Contains Lock Picking Tools - Talk About Unique!

Kevin Mitnick's Business Card Contains Lock Picking Tools - Talk About Unique!

Since getting out of prison, Kevin’s been quite busy. He’s an author and he’s written two books: The Art of Deception: Controlling the Human Element of Security and The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers.

Kevin is actually a pretty good speaker. The focus of the speech that he gave was to remind CIOs that no matter how much they have invested in firewalls, RSA tokens, and passwords that change every 90 days, it’s social engineering that they need to fear the most.

Kevin’s speech basically consisted of stories in which he would tell how he had broken into various computer systems using a variety of low-tech methods. These included making phone calls and asking for cell phone source code (thanks Motorola!) or simply doing dumpster diving to collect scraps of paper with usernames and passwords on them.

Kevin pointed out that one of the most valuable items that he had ever gotten his hands on was the corporate directory for GTE. Once he had this, he had everyone’s phone number and knew who was the boss of who. With this info, he could place calls to get more and more information.

Kevin’s stories and his continuing success on the right side of the law this time should serve as a reminder for all of us that at the end of the day, it’s the people who work in an IT department that are your weakest link in security. If you fix this issue, then you’ll be much closer to having a secure organization.

Have  you ever had a problem with someone trying to gain access to your department / network by using social networking? What do you do to prevent “dumpster diving” from being successful at your place of work? Would you ever hire a convicted hacker to help you improve your cyber security? Leave me a comment and let me know what you are thinking.

Tags: , , , , , , , , , , , ,
Posted in security | No Comments »

What Can HP Teach You About How To Run Your IT Department?

Monday, April 27th, 2009

HP's CIO Has Taken Bold Steps That Can Teach Us A Few Things

HP's CIO Has Taken Bold Steps That Can Teach Us A Few Things

When I say “HP” what is the first thing that pops into your mind? In my case it’s a flashback to the HP 12C calculator that became welded to my hand while I was working on my MBA. These days, HP does a lot more and we all probably have some HP printers or PCs laying around somewhere. However, it’s what HP’s CIO Randy Mott has been up that has caught my attention.

Let’s start with results because otherwise Randy’s story really isn’t worth telling: HP has cut IT spending from 4% or revenue to about 2% of revenue, 70% of staff’s time spent on new development with just 30% being spent on support, shrunk 85 data centers down to just 6, 6,000 applications shrunk down to 1,500. Wow – sure looks like Randy must be walking on water, eh?

Any CIO would lust after results like these. However the devil is, as always, in how Randy got them. Chris Murphy over at InformationWeek did some digging and found out that Randy had to do a number of things that would make even the strongest of us think twice.

Randy’s most important strategy: he realized that it was not just enough to identify the big areas of HP’s IT department that needed to be transformed, what he needed to do was to go after all of them at the same time as one big, huge, effort.

Here’s what he took on (all at once): portfolio management, IT workforce effectiveness, world class IT organization, global data center consolidation, and a single enterprise data warehouse. Whew! You could build a CIO career on any one of those.

To accomplish all of this, HP needed to get their metrics right. Here’s what they measured:

  1. On-Time Delivery: Just like pizza, this is what really can make an IT department have some credibility. HP went one step farther – it’s weighted so delivering big projects on time counts for more than delivering a bunch of little projects on time.
  2. Time Spent Innovating: This measures how much IT time is spent working on new things as opposed to doing support tasks.
  3. Time-Phase Boxing: Similar projects should take the same amount of time to do similar phases. This metric serves as a warning flag if a project is starting to go off course.
  4. Collaboration: how many different locations are involved in a project? The goal here is to keep this number as low as possible.
  5. Cost / Benefit Analysis Validation: In a nutshell, this is an agreement BEFORE the project starts as to what it’s going to cost and what value it’s going to deliver. This metric tracks how close the team is to completing the CBA and nobody starts the project until it’s complete.

Do you think that your IT department could take all of these major initiatives on at the same time? Which of these metrics do you think would provide you with the best insights into how your IT projects are doing? What metric should be added to this list? Leave me a comment and let me know what you are thinking.

Tags: , , , , , , , , , , , ,
Posted in CIO | 6 Comments »

The Problem With Apple: Product Or Platform?

Wednesday, April 22nd, 2009
Apple Is Starting To Play A Bigger Role In Every IT Department - Are You Ready?

Apple Is Starting To Play A Bigger Role In Every IT Department - Are You Ready?

In the world of IT we deal with lots of different questions: what project to take on, how best to align with the business, how to improve processes. One thing that we don’t really spend much time thinking about is if our applications should run on Microsoft or Apple platforms. Hmm, has Apple missed the boat here?

I bring this up as a discussion point because, let’s face it, Apple makes some fantastic products. Starting with the Mac, they went on to produce the PowerBook, the Newton (come on, you remember that one), the iPod, the iPhone, etc. However, they’ve never really been a platform company.

I’m playing games with words here and perhaps I should better explain myself. Michael Cusumano over at the Communications of the ACM gave this some thought awhile back and I think that he was on to something. He defined a platform as being something that had open interfaces and for which further development was encouraged and licensed. Apple doesn’t do this.

From an IT perspective, this causes a number of problems. There’s no question that Apple products are “sexy” and easy to use. However, since there is all too often only one source for features and applications, an ecosystem comparable to that which developed around Microsoft products never arose.

No big deal you say – Apple products are only found in graphic design shops and educational environments. Well, up until the iPhone came out I would have agreed with you. However, the runaway success of the iPhone and the demand for iPhone apps from the Apple store is starting to make it look like a dominate mobile computing platform.

As more and more of your staff start showing up sporting Apple iPhones, you are going to start to feel pressure to come up with ways to iPhone enable your IT department’s apps. This can be done, it’s just that you’ll find that it’s not as easy as connecting a Microsoft PC to your network.

Times are changing and Apple still makes great products. However, since they are not in the business of making platforms you’ve got your work cut out for you…

Do you already have Apple products that people are trying to hook into your network? Have you started to support these products? Does your staff have iPhones? Do they want to use these iPhones to access your network? Leave me a comment and let me know what you are thinking.

Tags: , , , , , , , , , , , , ,
Posted in technologies | 10 Comments »

IT Value: How To Measure The Revenue Of IT

Tuesday, April 21st, 2009

If you had to name the #1 problem that most CIOs face, what would it be? There are a lot to choose from, but in my opinion, the biggest problem that is holding CIOs and IT departments back from being considered a key component of the firm’s success is that all CIOs get to talk about is costs.

These days, HP does a lot more and we all probably have some HP printers or PCs laying around somewhere. However, it’s what HP’s CIO Randy Mott has been up that has caught my attention.

Let’s start with results because otherwise Randy’s story really isn’t worth telling: HP has cut IT spending from 4% or revenue to about 2% of revenue, 70% of staff’s time spent on new development with just 30% being spent on support, shrunk 85 data centers down to just 6, 6,000 applications shrunk down to 1,500. Wow – sure looks like Randy must be walking on water, eh?

Any CIO would lust after results like these. However the devil is, as always, in how Randy got them. Chris Murphy over at InformationWeek did some digging and found out that Randy had to do a number of things that would make even the strongest of us think twice.

Posted in Uncategorized | 2 Comments »

Why Don’t IT Alliances Work Out?

Monday, April 20th, 2009

IT Department Alliances Can Make Everyone Stronger - If They Are Done Correctly

IT Department Alliances Can Make Everyone Stronger - If They Are Done Correctly

You would think that the more alliances that your company / IT department makes with other firms, then the better that they would become at making them. After all, practice makes perfect – doesn’t it? It turns out that this is not always the case.

Koen Heimeriks has spent time studying 200 firms that had formed more than 3,400 alliances. What he has found just might surprise you.

He found that those firms that had the most experience striking up alliances actually had worse results when compared to those firms who had moderate experience.

Why the difference? It turns out that there are two problems that develop in firms that already have  a number of alliances:

  1. they have a tendency to become overconfident in their alliance building skills, and
  2. they can develop learnings about alliances that are in actuality based on unsupported ideas about cause and effect.

So what can make an IT department’s alliance with another firm actually work out well? It turns out that it’s the methods and procedures that the firm uses to create alliances that will determine their eventual success. Established firms that already have many alliances will probably have rigid and inflexible business processes for making decisions and selecting partners.

However, IT departments with fewer existing alliances will have more flexibility built into their processes. An example of this would be where employees who have worked on previous alliances share information with the employees who are trying to create a new alliance. This type of discussion can lead to experimentation and allows novel approaches to each alliance opportunity.

So in the end, what does all of this lead to? Heimeriks reports that the larger firms who had many alliances and a more rigid alliance creation process had an alliance success rate of around 50%. Those firms that had fewer alliances and a more flexible alliance creation process had an alliance success rate of around 71%. Sure looks like flexible processes are the key to successful IT alliances!

Does your IT department have any alliances with outside firms? Would you say that you have a lot or a few of these alliances? Are they generally successful or not so successful? Do you feel that your alliance creation processes are fixed or flexible? Leave me a comment and let me know what you are thinking.

Tags: , , , , , , , , , , , ,
Posted in process | 2 Comments »

« Older Entries