Posts Tagged ‘identity’

Halt – Who Goes There? CIOs Need Good Identity Management

Monday, August 24th, 2009
CIOs Need To Solve Their ID Management Crisis<p>(c) 2007</p>

CIOs Need To Solve Their ID Management Crisis(c) 2007

As though keeping all of those servers up, applications running, and end users happy seems like enough to make being CIO a full-time job, now CIOs also have to take on the role of data cop? The answer to this question is “yes”, in all honesty, they really should already be doing it. Most company’s most valuable asset, after their employees, is their corporate data. CIOs need to find a way to make sure that they know who is accessing it and why.

Just What Is Identity Management?

Identity management is how an organization controls access to its information based on an individual’s rights and responsibilities. It turns out that most IT shops have been doing a pretty poor job of this.

All too often most of us rely on our old friends Mr. Username and Mr. Password. How many dictionary based cracking events do we need to see in the movies in order to convince us that this is a very poor way to secure our data?

The right way to start to authenticate identities better is to use a second-factor authentication system such as biometrics, tokens, etc. Additionally, using single sign-on technologies can help you bring disparate systems together and save the end users from having to carry around lists of usernames/passwords.

What’s The Best Way To Do Identity Management?

The first step to creating a workable identity management solution is to establish some policies. These policies need to lay out just who is allowed to access what information. Clearly, if you’re not allowed to use some piece of information as a part of your job, then you shouldn’t have access to it.

One of the biggest pitfalls that is found in IT departments today is the existence of multiple different “silos” of data that end up creating a confusing and mixed up environment for access control. Once again, implementing a single-signon solution can solve this problem.

Final Thoughts

Taking the time to design and implement a good identity management solution is very much like buying insurance for your IT department. You hope that you don’t really need it, but you know that you probably do and it’s the grown-up thing to do.

Taking the time to solve your identity management issues once and for all will allow a CIOs to have found a way to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

More firms are committing to implementing those really BIG process digitization projects. More often than not the CIO will find himself / herself in charge of not only the implementation of the new software application, but also the overall success of the project. How do you go about doing that?

Tags: , , , , , , , , , , , , , , ,
Posted in security | No Comments »

Practical IT Clouds: What To Do AFTER The Hype

Wednesday, May 20th, 2009
Cloud Computing Will Require A Whole Different Set Of IT Skills

Cloud Computing Will Require A Whole Different Set Of IT Skills

Talk about your latest buzz word overkill! Just when the “Web 2.0″ madness had just about hit its peak, along came “Cloud Computing” and took its crown. It’s looking like cloud computing is here to stay, so what’s an IT department to do once they get done studying the whole thing?

Your IT department will eventually use cloud computing. There, I’ve said it. If you don’t believe me, then go back and read those words to yourself out-loud several times until you do. It’s coming and there’s nothing that you can do to stop it. Just like outsourcing, it makes good economic sense and so all other objections will be worked out over time.

The idea that organizations can increase their computing power without having to buy, install, maintain, power, and cool more and more boxes is just too attractive to the bean counters to ignore. This puts IT in a tricky spot: our world is getting ready to be turned upside down – are you ready?

Here’s the problem: a lot of the support jobs that IT does today will go away along with “the boxes”. What nobody seems to realize is that they will be replaced by new IT jobs. If you’re running an IT shop, you’d better be ready!

Here are the new Cloud Computing tasks that are coming your way that you’re going to have to find ways to staff:

  • Extend: you’re going to have to come up with ways to create bridges between your existing network environment and the cloud. Oh, and then you’re going to have staff to maintain those bridges.
  • Pick: you’re going to have to pick a couple of cloud service providers. Once you’re in bed with them, you are going to have to have staff to monitor how they are performing and to provide the human interface to fix the issues that always show up.
  • Monitor: forget outages, what about day-to-day issues? You are going to need staff to monitor and mange the apps that you have running “in the cloud”.
  • Identify: who on your staff is allowed to do what? Since the old rules about getting access to boxes no longer apply, you’re going to need new rules and new staff to enforce and update them.
  • Encrypt: since you are now going to be storing data off site and “out there”, encryption becomes more than a nice-to-have, now it’s a necessity. Somebody on your staff is going to have to be double checking everything all the time to make sure that it REALLY IS encrypted.
  • Plan: for the worst. Data link outages are going to be a much bigger deal then they ever used to be. How will you handle being disconnected from your cloud for an hour, a day, a week? Somebody had better be put in charge of solving this problem and keeping this solution updated.
  • Mange: your bandwidth. Now that the link between you and your cloud has become critical to how the business runs, you had better have someone on it at all times.

We’re looking at a brave new future. Do you have the right staff with the right set of skills in order to make the most of it?

Is your IT shop currently using cloud computing or just thinking about it? How does the rest of the business feel about this? Do you have any plans on retraining your staff to work in a cloud computing world? How do they feel about this? Leave me a comment and let me know what you are thinking.

Tags: , , , , , , , , , , , , ,
Posted in cloud computing | No Comments »

Managing Wicked IT Problems

Monday, September 22nd, 2008
How to manage wicked IT problems

How to manage wicked IT problems

So we’ve chatted about Wicked IT Strategy problems – these are the ones that you really can’t solve. Given that, you’ve got a couple of different things that you can do. The easiest is to throw your arms up in the air, say “this can’t be solved”, and then work very hard at getting promoted so that it becomes someone else’s problem. Good luck with that approach! Let’s take a look at some other solutions for those of us who feel a deep burning need to make the world a better place for all…

Let us acknowledge that wicked IT problems can’t be solved. So your next best alternative is to come up with ways to cope with them. They aren’t going away, so you need to find some common ground that will allow you to live with them. As with all of us in IT, there are countless complicated solutions that you could probably come up with in order to address any problem. However, here are a couple of relatively simple actions that you can take that will yield real results:

Make everyone responsible for finding a way to manage the problem. This means that you need to reach out and drag in employees, customers, management, etc. and you need to make sure that you document everything that is said and establish clear means of communication between all parties. Because a wicked problem is so complex, it will take a wide variety of views and opinions in order to come up with unique ways of managing the problem. However, be careful! Don’t just collect inputs. Instead, make sure that everyone is involved in actually implementing their suggestions. Yes, having more people involved will make things more difficult, but because of the complexity of the problem they are all needed. Documenting all ideas and discussions will become more important when a plan is finally agreed on – the documentation will be needed in order to communicate the plan to the rest of the department.

Define what your department’s identity is. Although many different suggestions will be made as to how best to manage the wicked problem, it will be critical that whatever solutions are finally put in place are true to the IT department’s identity. The department’s identity is the cornerstone of its strategy and provides both direction and focus for the IT leaders. An identity is made up of a department’s values, competencies, and its aspirations. Staying true to these will allow critical decisions to be made quickly and painlessly.

But wait, there’s more that you can do to manage wicked problems. We’ll cover these next time…

Have you been able to assign responsibility for large problems to all of those who need to be involved? How did that work out – did the number of people who were involved make it hard to reach any sort of decision? Do you know what your IT department’s identity is and do you reference it when you are making decisions? Leave a comment and let me know what you think.

Tags: , , , , , , ,
Posted in strategy | No Comments »