Posts Tagged ‘security’

« Older Entries
Newer Entries »

CIOs Need Smart Storage, Not More Storage

Monday, September 21st, 2009
Where To Put Everything Is A CIO Sort Of Problem <p> (c) -2007) </p>

Where To Put Everything Is A CIO Sort Of Problem (c) -2007)

With a little luck we can all agree that storage is a boring topic to talk about – I mean when you store something, it’s just sitting there not doing anything. CIOs prefer to talk about data in motion – reporting new sales or opening new markets. However, it turns out that storing data is the foundation that the company is built on and CIOs need to do this the right way…

Times They Are A Changing

The days of blindly adding more cheap storage are over – storage has long term costs. CIOs need to revist this issue and create a solution that works for both today and tomorrow.

Steve Delahunty, who works for Booz Allen Hamilton, has been looking into the storage challenges that today’s CIOs are facing and he agrees that we’ve got some challenges facing us.

The old approach to storage was to simply add more cheap storage as needed. This doesn’t work any more for a number of reasons. Just adding more cheap storage is a big waste of money, power, and floor space in data centers.

The new approach to adding more storage that CIOs need to quickly adopt is to realize that when it comes to adding more storage they need to consider the full storage environment: data security, disaster recovery, environmental concerns, etc.

Why The Old Way Of Adding Storage Doesn’t Work Anymore

In the brave new world in which we live, most companies are experiencing double digit storage growth. Sure, we are collecting more information about our customers, managing our supply chains from start to finish, and creating new web portal with which to interact with our customers nearly every day.

However, our dirty little secret is that often the data that we are storing is no longer needed. This may represent a huge liability if our company is ever sued – can you image the cost and effort that it would take to search through all of that (useless) stored data?

If that wasn’t enough to convince you that the the old way of just adding more cheap storage was the wrong way to run an IT shop, then consider this: Delahunty’s research shows that the amount of power that data centers use has doubled in the past 5 years. On top of this, the national average for the cost of electricity has shot up by 44% since 2004.

The Right Way To Store Things

So what’s a CIO to do? First, you’ve got to change the way that you’re doing business when it comes to adding storage. Instead of just meeting requests for more storage, CIOs need to start to make sure that they understand the business requests behind storage needs.

What this means is that the IT department needs to get more involved in understanding just what they are being asked to store. As the requests come in, they need to take the time to classify the value to the business of the data that is being proposed to be stored. When data doesn’t met the “I must always have access to it” criteria, then that data either needs to stored on inexpensive off-line storage or simply discarded.

You may have already realized this – this type of data analysis cannot be automated, it’s a people job. IT staff need to be involved in the data classification process in order to ensure that good decisions are made.

Final Thoughts

Once upon a time, adding additional storage was something that CIOs didn’t have to spend a lot of time thinking about. Storage was cheap and getting cheaper every day and so it seemed like you could keep growing your storage farms forever.

Reality has caught up with us and environmental costs coupled with possible legal issues have turned the world of storage upside down. Now CIOs need a new strategy to deal with their company’s growing storage needs.

Classifying the data that you are going to be storing is the correct first step. Weeding out what doesn’t need to be stored and then using the classification system to move non-critical data to low cost storage solutions can solve multiple problems all at once.

CIOs who can add more storage the right way will have found a way to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

I’ve got a quick question for you: what is the next step in your career? What do you want to get promoted to? In fact, as long as we are talking about that, what comes after THAT promotion? If you want to become a CIO, then career ladder generally goes: IT worker, manager, director, executive director, CIO. Got a plan on how you are going to get to that next step?

Tags: , , , , , , , , ,
Posted in storage | No Comments »

Halt – Who Goes There? CIOs Need Good Identity Management

Monday, August 24th, 2009
CIOs Need To Solve Their ID Management Crisis<p>(c) 2007</p>

CIOs Need To Solve Their ID Management Crisis(c) 2007

As though keeping all of those servers up, applications running, and end users happy seems like enough to make being CIO a full-time job, now CIOs also have to take on the role of data cop? The answer to this question is “yes”, in all honesty, they really should already be doing it. Most company’s most valuable asset, after their employees, is their corporate data. CIOs need to find a way to make sure that they know who is accessing it and why.

Just What Is Identity Management?

Identity management is how an organization controls access to its information based on an individual’s rights and responsibilities. It turns out that most IT shops have been doing a pretty poor job of this.

All too often most of us rely on our old friends Mr. Username and Mr. Password. How many dictionary based cracking events do we need to see in the movies in order to convince us that this is a very poor way to secure our data?

The right way to start to authenticate identities better is to use a second-factor authentication system such as biometrics, tokens, etc. Additionally, using single sign-on technologies can help you bring disparate systems together and save the end users from having to carry around lists of usernames/passwords.

What’s The Best Way To Do Identity Management?

The first step to creating a workable identity management solution is to establish some policies. These policies need to lay out just who is allowed to access what information. Clearly, if you’re not allowed to use some piece of information as a part of your job, then you shouldn’t have access to it.

One of the biggest pitfalls that is found in IT departments today is the existence of multiple different “silos” of data that end up creating a confusing and mixed up environment for access control. Once again, implementing a single-signon solution can solve this problem.

Final Thoughts

Taking the time to design and implement a good identity management solution is very much like buying insurance for your IT department. You hope that you don’t really need it, but you know that you probably do and it’s the grown-up thing to do.

Taking the time to solve your identity management issues once and for all will allow a CIOs to have found a way to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

More firms are committing to implementing those really BIG process digitization projects. More often than not the CIO will find himself / herself in charge of not only the implementation of the new software application, but also the overall success of the project. How do you go about doing that?

Tags: , , , , , , , , , , , , , , ,
Posted in security | No Comments »

Application Whitelisting Only Works Sometimes – CIOs Need To Know The Facts

Wednesday, August 19th, 2009
Application Whitelisting Offers CIOs Another Way To Protect Their Networks

Application Whitelisting Offers CIOs Another Way To Protect Their Networks

It’s a battle out there: hackers and organized crime groups vs. your company. Whereas you have to worry about keeping the company successful and lowering costs, all they have to worry about is finding ways to break into your network. Doesn’t seem very fair, does it? There is some good news for CIOs: application whitelisting has arrived.

What is Whitelisting?

The problem with trying to protect your company’s network is that the bad guys are always trying new and innovative things. In order to block them, you have to stay on top of what the latest attach vector is and install defenses against it throughout your network. This can be a real time waster – it’s critical to do, but it contributes nothing to the company’s bottom line.

Whitelisting applications takes a 180-degree different approach to securing your network. Instead of trying to identify and block all of the bad malware variants that are trying to get into your network, whitelisting focuses on identifying all of the applications that SHOULD be allowed to access your network.

This of course means that you need to block everything that is not whitelisted. The theory is that all that malware that shows up will find the door to your network slammed shut on them.

Whitelisting Is Not For Everyone

In some enterprise IT environments, whitelisting is the wrong way to go. In these environments, using application whitelisting can actually drive up operational costs so high that things quickly get out of hand. Ill-suited IT environments are those in which workers need to be constantly installing new and changed applications on the fly in order to complete their tasks.

Where Whitelisting Works Well

That being said, there are IT environments in which application whitelisting works very well. These environments tend to be very static with very few application changes. A great example of this is call centers.

Another example where whitelisting has worked well is in the retail sector where cash register environments are very static and only need to be updated ever six months. Some companies have discovered that they have been able to do away with anti-virus protection (and the associated cost of maintaining it) on those machines.

Final Thoughts

The fight to secure the company’s network from the forces that would do bad things to it is never-ending for CIOs. However, this is not what CIOs should be spending their time on – there is not a bottom line benefit.

Whitelisting of applications provides yet another way to secure the firm’s network by taking a novel approach to security – don’t worry about identifying the bad guys, just worry about identifying the good guys.

Whitelisting won’t work for every environment, but in certain static IT environments it can work wonders. CIOs who can identify the right IT environments in which to use application whitelisting will have found a way to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

Most company’s most valuable asset, after their employees, is their corporate data. CIOs need to find a way to make sure that they know who is accessing it and why.

Tags: , , , , , , , , , , , , ,
Posted in security | 3 Comments »

Data Protection Secrets: CIOs Know That It Starts At The Endpoint

Monday, August 17th, 2009

CIOs Know That Managing Endpoints Is The Key To Securing Company Data <br> <div xmlns:cc="http://creativecommons.org/ns#" about="http://www.flickr.com/photos/john/47544223/"><a rel="cc:attributionURL" href=
Just imagine this scenario: you’ve just been made CIO of your firm when all of a sudden one of your competitors suffers a massive data loss because of outside hackers. Your CEO storms into your brand-new office and demands to know what you are doing to secure your firm’s data. What would you say?

The Old Way Of Doing Things

Good CIOs realize that a firm’s IT infrastructure can’t just be thought of “those boxes”. Instead, an IT infrastructure consists of three layers of devices: core servers and perhaps mainframes, a set of network connectivity devices such as routers and hubs, and then endpoints – the PCs and laptops that you and I use every day.

IT Networks Consist Of 3 Separate Levels Of Equipment

IT Networks Consist Of 3 Separate Levels Of Equipment

Since there are more endpoints than any other type of equipment in most corporate networks, CIOs realize that this is where must of their company data loss efforts must be focused.

In the past, securing network endpoints often meant that all one had to do was to load up some anti-virus software on every laptop and you could check this off of your CIO to-do list. Sorry – that no longer works.

Welcome To The Real World

As we enter the brave new world of policy management, we are seeing a shift to policy-based enforcement being used to control company data that is being used on enterprise network endpoints.

Using policy-base management of endpoints allows multiple areas to be managed. These areas include:

  • Configuration
  • Patch
  • Access
  • Application
  • Anti-virus

The Case For Using Policy-Based Management of Endpoints

Let’s face it – we are all have too much to do and too little time in which to get it all done. Establishing corporate IT polices allows a set of rules to be laid down that tell everyone what is and is not permitted. When you extend these polices to cover how you manage the endpoints of the company’s network, then all of a sudden you’ve made your life that much easier.

Policies allow you to prioritize the company information that you want to protect. Once you identify this information, you’ll then be able to realize just how much of it is being stored on the endpoints!

This new understanding then allows you to set up a systems security approach to making your PCs and laptops safe. By doing this you’ll be able to ensure that your network endpoints are now secure places to house that valuable corporate data.

Final Thoughts

There’s no way that any one person in an IT department can make sure that all of your PCs and laptops are secure all the time – even if you are the CIO. Yesterday’s piecemeal approach of placing an anti-virus application on each PC and then considering the job done was a poor solution.

Using a system’s approach and establishing company policies for how management of endpoints should be done sets up a much simpler way of ensuring that all endpoints are secure. CIOs that do this will have found a way to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

It’s a battle out there: hackers and organized crime groups vs. your company. Whereas you have to worry about keeping the company successful and lowering costs, all they have to worry about is finding ways to break into your network. Doesn’t seem very fair, does it? There is some good news for CIOs: application whitelisting has arrived.

Tags: , , , , , , , , , , , , , ,
Posted in security | No Comments »

CIO Cloud Computing: What The Future Holds

Wednesday, August 5th, 2009
When CIOs Look Into Cloud Computing's Future, What Do They See?

When CIOs Look Into Cloud Computing's Future, What Do They See?

Cloud computing is hot – there’s no denying that. However, as with all things in the information technology field, cloud computing isn’t standing still. Even as  you read these words, engineers are hard at work defining and refining just exactly what a cloud computing architecture looks like and how it behaves. Let’s take a peek at what the future holds…

Where The New Ideas Are Being Born

Although cloud computing research is going on in a number of small start-ups as well as at universities world-wide, the work that is being followed the closest is that which is being done by the very large firms. Here’s a quick run down of what they are doing:

  • HP /Intel / Yahoo: These three powerhouses have come together to launch the Cloud Research Testbed. The goal is to allow academic researchers to have access to supercomputing resources in order to try out new ideas such as computing chips that have been designed for cloud computing.
  • IBM Research: IBM has taken the global approach and launched its Research Compute Cloud. This cloud will be used to support business processes.

The 5-Year Plan

Something that has helped to propel cloud computing to the forefront of discussion in many IT departments is the simple fact that due to the economic downturn, there is no money left to design and build expensive computing architecture.

IT has for too long been seen as a department that simply maintains computing “boxes”. This adds very little value to the rest of the firm. It’s expected that small and midsized firms are going to be the ones jumping on the cloud computing bandwagon. The larger firms are expected to be setting up their own private clouds and only using public clouds when they temporarily need the extra capacity.

Improvements in cloud computing both this year and in the next few years should center around moving your applications from one cloud to another, have companies communicate better while in the cloud, and even sharing data in the cloud.

Final Thoughts

In the end, the best way to think about cloud computing is probably to view it as being yet another type of application deployment architecture. The real boon will be to software developers who will no longer be shackled by limited availability of computing hardware.

If the challenges that cloud computing is facing today, such as security, can be overcome then CIOs that discover how to best make use of this new resource will have found yet another way to enable the rest of the company to grow quicker, move faster, and do more.

Questions For You

Do you think that Yahoo and IBM are in a race to be the ones to define the cloud computing standards? Do you think that large firms will be successful in building their own private clouds? When do you think that public clouds will be “ready for prime time” and firms will start to use them over building out their own infrastructure? Leave me a comment and let me know what you are thinking.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

It can be a long and lonely journey through a recession for anyone, including CIOs. The company’s very survival may be at stake, the CIO’s job may be at risk, and of course there is that big unanswered question about what needs to be done to prepare for life AFTER the recession is over. Maybe Cisco’s John Chambers can offer us some insights…

Tags: , , , , , , , , , , , ,
Posted in cloud computing | 7 Comments »

« Older Entries
Newer Entries »