Are CIOs being seduced by digital eye candy instead of thinking about profitability? In the latest Data Mill, Mark McDonald, managing director at Accenture, gives tips on how CIOs can maximize profit and avoid relying on the old way of doing things when forging a new digital strategy.
PayPal’s is buying mobile wallet startup, Paydiant, for about $300 million. Features Writer Kristen Lee talks to market analysts and gets their take on the acquisition and its implications.
The highly anticipated Apple Watch has arrived. Will it be the enterprise’s next big device? In this week’s Searchlight, Associate Editor Fran Sales discusses the Apple Watch and investigates how it could affect the enterprise.
As mobile computing technology evolves and data proliferates at an increasing rate, how can business make the most of the situation? In this feature story, Senior News Writer Nicole Laskowski explains that companies need to join the two forces—mobile computing and data–in order to compete effectively.
How can CIOs best manage cloud data and applications while mitigating risk? In this SearchCIO Essential Guide, we explore cloud risk management best practices that can help your company master the private, hybrid and public cloud and maximize business value.
Think your cloud governance strategy is on point? Take our quiz to test your knowledge of cloud computing management essentials that can make for a smooth cloud transition and help your business avoid IT risks.
Staff shortages in the current threat-laden environment can be dangerous to a company’s security and compliance strategies. How can you satisfy the need for talent and keep your business’ security practices on track? SearchCompliance expert Jeff Jenkins shares his experience with staff shortages and gives tips on how to deal with the situation and find the right employees.
On the IT Compliance blog, Sales discusses private companies’ surprising lack of motivation when it comes to strengthening cybersecurity, recent legislation around consumer data processing and the corporate failures predicted for 2015.
Meanwhile, over on the TotalCIO blog, Laskowski explores the benefits of reverse mentoring in helping older workers stay up to date on the latest technology through Millenials’ assistance.
Knowledge workers might soon be competing with machines for jobs. In this week’s Data Mill, analytics thought leader and author Tom Davenport explains the business benefits of computer augmentation and lays out five strategies for surviving rising automation.
What happened at this year’s Mobile World Congress in Barcelona? In this week’s Searchlight, Fran Sales presents highlights from the event, including mobile payment breakthroughs, the push for global Internet access and Blackberry’s transition into a software company. Also in Searchlight: Apple Pay fraudulent activity and Hilary Clinton’s use of personal email.
In the latest CIO Decisions e-zine, SearchCIO experts address a now-timeless quandary: cutting versus keeping legacy IT systems. Find out how to decide which systems are worth keeping and hear legacy systems management success stories.
Are CIOs ideal picks for next-generation CEOs? Some IT leaders think so. In this TotalCIO blog post, Executive Editor Linda Tucci talks to experts and outlines the trending CIO-to-CEO discussion. Also on the TotalCIO blog, Features Writer Kristen Lee covers the Fusion 2015 conference by discussing the Internet of Right Things and the three phases of cybersecurity maturity. The Fusion conference also addressed how entrepreneurs can construct a successful company culture, as Senior News Writer Nicole Laskowski writes in her blog post.
For private sector companies struggling with high-tech compliance, the U.S. Securities and Exchange Commission’s new Regulation SCI could be the answer. SearchCompliance expert Jeffrey Ritter highlights five things all IT teams should know about Regulation SCI.
What are the biggest IoT security challenges facing the enterprise? In this #CIOChat recap, participants list the top IoT security risks and share their lessons learned from BYOD policies.
Think that because your business is not the size of a Target, JPMorgan Chase or Sony means that you’re immune from today’s breed of cyberthreats? Think again. Just because small and medium-sized businesses (SMBs) don’t have the financial resources or the brand reputation many enterprises do doesn’t mean hackers aren’t targeting them, recent studies show.
Why exactly are SMB organizations in these hackers’ crosshairs? It isn’t so much as what’s on their networks, but how attackers can use those networks. “The hackers are looking at that network as another means, as another jump-off point, to go out and get some other networks. They want to turn your network into basically a botnet,” said Page Moon, CIO of Focus Data Solutions, an IT and Web hosting firm, at an IT Nation 2014 session in Orlando, Fla., last year. In other words, SMBs’ systems are a potential entry point into other, larger networks.
And what do SMB IT pros believe is their top cybersecurity vulnerability? Employees. According to a 2014 study by digital security firm Gemalto, which surveyed 438 IT professionals who work in SMB organizations, 77% of these IT pros believe employees to be the single weakest link in their security infrastructure, and a similar percentage — 75% — say that employees, particularly the risk of them unintentionally leaking data, are their top cloud security concern. And there might be a reason for these fears. According to the findings, the two security challenges that top the IT pros’ lists are social engineering (48%) and BYOD management (42%), which both involve employees.
Social engineering threats expected to rise
The first of these security hurdles, social engineering, is a particularly devious form of cyberthreat because it exploits the fact that many SMBs — their employees and IT pros alike — are lacking in security education; for instance, many believe that only back-end operations are vulnerable to the latest cyberattacks, said Moon. And this security gap has a wider scope, according to the authors of Symantec’s 2014 Internet Security Threat Report (ISTR), which examined trends in 2013. “While the ease of installation and cost of maintenance may have decreased, many new administrators are perhaps not familiar with how to secure their servers against attacks from the latest Web attack toolkits,” the authors write. SMB IT admins also aren’t necessarily diligent about security, such as staying up to date with the latest patches, they said.
Social engineering is lucrative for hackers. For example, 62,000 attacks of one common type of social engineering, spear phishing, raked in $233 million in October 2013 alone. Not a shabby profit, considering that one can buy a spam service to send out half a million phishing emails for only $75, according to RSA, the security division of EMC Corp. And spear phishing aimed at SMBs has been on the rise in recent years: In the Symantec study, 41% of the IT pros who work in companies with 1 to 500 employees reported this type of attack in 2013 — a 5% increase from the previous year. And according to Angel Grant, senior manager for anti-fraud solutions at RSA, social engineering attacks are poised to increase this year.
Employee education reduces risks
It’s clear that it’s not just Fortune 500 companies that are the targets. So how can SMBs arm themselves with the limited resources that they have? For starters, implementing the best security tools and technologies you can afford, perhaps cloud-based security apps, is certainly critical. But you also need to educate your employees. The benefits that come with equipping employees with the knowledge of how to effectively deal with threats are quantifiable — doing so can reduce security risks by up to 70%, according to companies surveyed by the Aberdeen Group recently.
It’s important to note, however, that training employees doesn’t just mean teaching them best practices on creating complex passwords or how to spot suspicious emails, but also changing how they approach their interactions online in general, said Chris Hadnagy, founder of security training company Social-Engineer. “If you just want people to follow the rules — don’t think, just do — you create an easy environment for [hackers],” he told Inc.
Application security is becoming self-aware. A new tool called runtime application self-protection (RASP) could help CIOs boost their IT security, but some experts question whether it’s enterprise-ready.
What can you do to compete against service providers and take back control of your organization? SearchCIO expert Niel Nicholaisen offers a few tips on how to build a better IT service model.
This week, Google launched a set of business-focused technologies that allows employees to run their personal and corporate apps on their android device. Is Android for Work set to take the enterprise by storm and give Apple and Microsoft a run for their money? In this week’s Searchlight, Associate Editor Fran Sales discusses the program’s pros and cons. Plus, FCC ‘s net neutrality proposal passes and a sex bias lawsuit rocks Silicon Valley.
DevOps is a hot trend in IT that’s making companies more flexible and competitive. But, according to Gartner analyst David Cearley, the approach as it is typically practiced today doesn’t go far enough. Cearley explains why security needs to be included in DevOps models and gives tips on how to do it.
Speaking of security, SearchCIO expert Harvey Koeppel dishes on next-generation security risks and how to formulate a new strategy in a mobile culture where the number of mobile devices now outnumbers the number of people in the world.
New PCI DSS 3.0 requirements focus on making sure data security becomes a part of companies’ everyday business processes. But how will they affect your company? In this FAQ, SearchCompliance contributor Caron Carlson explains the changes to expect with the latest version of PCI DSS.
Also on SearchCompliance, learn why continuous monitoring, third-party vetting and other IT best practices are vital to long-term mobile compliance and security. Plus, the latest IT Compliance Advisor blog post broaches the subject of the extra privacy fee that comes with AT&T’s high-speed service as well as Google’s privacy inspections agreement with a European data privacy regulator.
Making the move to the cloud doesn’t need to be complicated. Over on the CIO Symmetry blog, Features Writer Kristen Lee gives expert tips on how to migrate to the cloud and mitigate risks, and what to do after migrating to the cloud.
As explained in my previous post, “Tips for a smooth cloud migration,” the first big hurdle in a cloud migration is figuring out how to get all your data over to the cloud safe and sound.
“Those are good things to worry about and good things to get through,” Lilac Schoenbeck, vice president of product marketing and product management for iLand, a cloud provider, said during a webinar on cloud migrations. But once all the data has been successfully moved to the cloud, more planning still needs to be done. Failing to do so could put an additional management burden on the IT team, Schoenbeck said.
Here is one cloud provider’s tips on how to prepare for and manage the day-to-day once you’ve migrated to the cloud.
Find a provider with a clear, straightforward management environment.
Cloud providers can put heavy demands on the IT team. For example, they can require the IT team to understand their particular kind of scripting, as well as configure their particular management tools, Schoenbeck said. It’s important for IT leaders to figure out what the day-to-day will look like and how much additional work will be put on your staff. “[There are] different types of clouds, different underlying hypervisors, different systems are going to throw off different kinds of metrics,” she said, adding that these conditions could mean that the successful cloud migration could in fact become “an ongoing burden on your team.”
A good strategy? Find a cloud service that has an environment close to your on-premises environment, so it will be easier to operate and easier to evaluate if something goes wrong, Schoenbeck said.
Don’t get stuck with an unexpected bill.
“We always want to know what our costs are going to be. One of the big concerns moving to the cloud is maybe these costs could be very variable, and I might be stuck with a bill I didn’t anticipate,” Schoenbeck said.
She outlined two ways to mitigate that risk.
First, an IT leader or company could go with a provider who uses a reservation pricing model, which means that your costs are fixed month-to-month and you’ve basically reserved a pool of resources in the same way that you might have an on-premises pool of resources to allocate however you like,” Schoenbeck said.
The second option is a pay-as-you-go or the bursting model. With this model Schoenbeck said it’s important “to look for [a provider] who’s going to be really transparent on what you’ve spent so far and, in fact, even predictive about what you will be spending if your behavior continues as it is.”
This visibility will also allow IT leaders to communicate with stakeholders, the procurement team, and whoever else might want or need to know what the bill will likely be at the end of the month, she said.
Look for a provider with a customer-driven roadmap.
Schoenbeck said that some cloud providers will invest very little in management support. As your company juggles more and more projects in the cloud, it then becomes “more and more difficult to operate [and] you don’t actually have anybody… to help ease the way.”
That’s why it’s always important to look at the support options that come with the cloud service you’re planning to migrate to, Schoenbeck advises. She suggests that IT leaders choose a cloud provider that is going to work with you and work with what you need so that the management burden is minimized.
“Often times that’s going to make a big difference in what this means for your team operationally,” Schoenbeck said.
Migrating to the cloud may be a top mandate for CIOs, but it is no easy feat. In fact, cloud migrations “are notoriously difficult” and about 80% of them fail, Mark Broghammer, director of solutions engineering at iLand, a cloud provider, said during a webinar about cloud migrations.
So how can you migrate to the cloud and mitigate risk?
Here are some suggestions Broghammer has for CIOs and companies to think about as they plot their cloud migration strategies.
Long term analysis, the method often used to try to gauge whether an application will work, doesn’t always help you predict whether an application or server will work well with the cloud service you are planning to migrate over to. “The fact is, you don’t know how an application’s going to work in the cloud,” Broghammer said.
This is where load testing, or performance testing, is helpful, Broghammer said. With load testing, a cloud testing provider can test an application or applications against the actual number of users expected. Based on the results of the test, a CIO or company can then gain better insight into how that cloud service will work for them and what the performance of their applications will look like when they actually migrate over to that cloud service.
Migrating physical vs. virtual workloads
We live in a hybrid IT world and companies aren’t uniform across the board when it comes to the type of technologies they’re using. Some companies have a mixture of legacy systems, on-premises, and off-premises services.
“The point is, how can you be cost efficient if you’re running many types of projects on systems being handled by different teams both internally and externally?” Broghammer said.
Different providers often have different systems in place and different processes. Therefore if you have a hybrid environment of different projects on different systems it can be difficult to coordinate everything. That’s why it’s important to make sure your providers have a single approach for the physical and virtual workloads that you are planning to migrate to the cloud, Broghammer said.
He added that now that there are multiple hypervisor program options out there, companies also need to make sure the same processes and systems are in place when choosing a hypervisor program to help them with their migration.
“When migrating, again, make sure the models of migrating different platforms follow the same technology set, or stack, that you’re using for those particular workloads,” he said.
Methods of sending data to the provider
There are several methods for getting your data over to your cloud provider, but the typical ways include physically shipping a drive with your data and/or replicating data.
When it comes to physically shipping a drive, it’s important to ask yourself: are you 100% comfortable with this method? Sure, you can send an encrypted drive, Broghammer said, but the fact is that that the drive and the data on it will pass through the hands of many people. “And the potential loss of that data could set you back in your timeframes,” Broghammer warned.
His suggestion? “I would tend to favor an over the wire approach” because the data would pass through fewer hands and there is added protection with service sockets layer (SSL) business process management (BPM).
Another option is replicating and colocating data.
“Where the data becomes a bit more stagnant (in other words, data that is just sort of sitting there and not much is being done with it) you need to have a multi-site or multi-location strategy with that,” Broghammer said. Even though you may be migrating certain pieces of your architecture into a cloud environment, Broghammer advises that you still may need to colocate and replicate the data.
Let us know what you think about the story; email Kristen Lee, features writer, or find her on Twitter @Kristen_Lee_34.
CIOs are at a critical point in their evolution, and they need to find a way to stay relevant in a corporate culture, according to author Jill Dyché. In part one of one of her two-part feature story, Senior News Writer Nicole Laskowski chats with Dyché about how to cure the CIO identity crisis. In part two, Dyché explains the key factors that kill innovation.
Is the connected car the next big step toward an IoT-dominated future? In her latest Searchlight entry, Associate Editor Fran Sales highlights the buzz around a possible Apple car and discusses how it can help CIOs drive the conversation around IoT security. Also in Searchlight: U.S. spyware in foreign networks and Snapchat’s big funding proposal.
Speaking of IoT security, check out this #CIOChat recap to hear what SearchCIO followers and guest expert Harvey Koeppel have to say about mitigating IoT security risks amid a notable lack of precedent.
Hadoop is a powerful technology, but is it secure? In the latest Data Mill, read why Hadoop security is a different beast from traditional security, see a list of current Hadoop security projects, and get the latest 2015 budget expectations.
Mobility’s disruptive forces are at it again! SearchCIO expert Niel Nickolaisen explains how mobile technology is shaking up next-generation information security and how CIOs can make the most of it.
Our new handbook has everything you need to know about application consolidation in one place. Learn from experts’ success stories and discover the best ways to consolidate your applications and maximize their business benefit.
Think you know what the future holds for mobile networking? Take our quiz to assess your knowledge and review recent mobility and networking content.
It’s almost time for the next #CIOChat! Join SearchCIO editors and fellow tweeters Wednesday, Feb. 25, at 2 p.m. EST to talk about the death of the CIO as we know it. We’ll be discussing the challenges of modern CIOs and how CIOs can stay relevant in a digital enterprise. See you there!
When it comes to legacy systems, deciding what stays and what goes is no easy task. Hear from enterprise CIOs on the importance of strategizing and finding the right balance between the costs and value of your legacy systems.
Chief innovation officers are leading the charge and tasked with shaking up enterprise culture, but they can’t do it alone. Innovators at Hyatt, Merck and Nestlé Purina explain how new language, celebrating failures and a strong understanding of innovation culture are vital for business transformation.
Tim McDermott, chief innovation officer for the Philadelphia 76ers, is helping Millennials get back in the game and drive innovation for the team. Hear how he is embracing the youthful workforce and redefining business as usual.
A few months into 2015, Features Writer Kristen Lee checked in with CIOs to see what cloud projects they’re working on and what IT goals are on the horizon. The verdict: Office 365 and hybrid cloud top their CIO checklists.
Box, the cloud storage and file sharing company, is hoping to ease your cloud security worries with the introduction of a new service called Enterprise Key Management (EKM) that would give companies more encryption control. In this week’s Searchlight, Associate Editor Fran Sales breaks down the mechanics and explores the implications of this service.
Is your startup keeping its eye on the prize? Do you still have the passion necessary to take your startup to the next level? SearchCIO expert Bryan Barringer uses his own experiences to explain how to keep your startup focused and prevent failure.
The intersection of social, mobile, analytics and cloud (SMAC) is a disruptive force that is driving present and future business innovation. In the latest Essential Guide, learn tips on SMAC strategy and governance, hear from companies with successful SMAC integration and peek into the future of enterprise SMAC technologies.
Not every provider-company relationship lasts. Leaving your private cloud provider can be very legally tricky, but, luckily, David Rutchik, a partner at Pace Harmon LLC, is here to advise CIOs and companies how to prepare for the breakup.
Are you prepared for the new security paradigm? In this CIO Decisions e-zine, we explore how companies can strategize around data protection in order to stay ahead of their attackers and protect their valuable assets.
HIPAA compliance requirements mean well, but is proving a challenge for HIPAA business associates and other non-healthcare industries. SearchCIO expert Daniel Allen gives tips on navigating the choppy waters of HIPPA data privacy compliance requirements.
Over on the TotalCIO blog, Senior News Writer Nicole Laskowski talks building strategic partnerships to help drive business innovation, while Lee dishes on making a successful mobile wallet by having it double as a marketing platform. Meanwhile, on the IT Compliance Advisor blog, Sales explores the FCC’s net neutrality proposal and the implications of the Anthem breach.
Speaking of net neutrality, it’s almost time for the next #GRCChat! Join SearchCompliance editors and fellow tweeters Thursday, Feb. 19, at 12 p.m. EST to talk net neutrality in the wake of the FCC proposal. We’ll be discussing the potential effects on innovation and the future of net neutrality practices. See you there!
Does talk of distributed storage leave you feeling confused? Tired of the messy definitions and explanations out there? Senior News Writer Nicole Laskowski has you covered. In this week’s Data Mill, data expert Tim Berglund explains data storage systems in straightforward, coffee-shop terms.
It’s time to get your application consolidation education. Executive Editor Linda Tucci talks to two CIOs in the educational system for their take on app consolidation efforts. First up: Utah State University’s Eric Hawley discusses his team’s consolidation plans, which involve quick access to mobile data, CRM consolidation and the building of APIs. Then, Deepak Agarwal , CIO at the School District of Palm Beach County, shares his app consolidation success story and talks about the challenges and benefits of updating legacy apps.
Want to know when and how to use a diversified cloud strategy? In her two-part story, Features Writer Kristen Lee talks to cloud experts about using a diversified cloud strategy to offset provider instability, and the complexities and sophisticated management skills involved in such a strategy.
The Federal Communications Commission (FCC) recently made a bold move on net neutrality. This week’s Searchlight explores the implications for CIOs. Plus: Anthem hacked, Google and Uber butt heads, and Target hires a new CIO from the UK.
Our latest e-handbooks have arrived! Find out how retail companies are capitalizing on big data in our latest SearchCIO handbook on big data in retail. In SearchCompliance’s newest handbook, learn how to keep mobile data compliant and get expert tips on bring your own device management success.
New cyberthreats are everywhere — are your information security controls regimented? In this video interview, SearchCompliance editor Ben Cole talks with Christopher T. Pierson, executive vice president, general counsel and CSO at Viewpost, about the importance of continually monitoring and adapting security controls in the midst of increasingly sophisticated cyberthreats.
To that point, disaster recovery is expensive, especially for small businesses. Here on the CIO Symmetry blog, learn the options, benefits and use cases for disaster recovery as a service.
To what extent will wearables affect existing governance, risk and compliance policies? In this #GRChat recap, participants consider the effect of wearables in the workplace on established policies and how organizations can ensure data security and compliance.
Disaster recovery (DR) is expensive — and not just because traditional disaster recovery services come at a very high price. Other factors contribute to the financial toll of DR: underfunded DR budgets, poor DR planning and testing procedures, and technological deficiencies, all of which contribute to the failure of critical applications, data center outages and data loss. These, in turn, can amount to anywhere from a few thousand dollars to a whopping $5 million in losses, according to a 2014 study by the Disaster Recovery Preparedness Council.
To small and medium-sized businesses (SMBs), many of which lack the necessary resources to properly implement or test an effective DR plan, these circumstances can be disheartening. Luckily, cloud computing and virtualization have been playing a greater role in DR — and opening up more, and less costly, options for SMBs.
The cloud, in particular, is “ideal as a data protection scheme,” according to George Crump, president of analyst firm Storage Switzerland. That’s because “you get a secondary site, it’s generally several disaster zones away, and it really is generally made for that effort,” he said. And unlike traditional DR schemes, the business doesn’t have to manage the off-site data center itself.
Where DRaaS fits in your business continuity scheme
Disaster recovery as a service (DRaaS), a particular breed of cloud DR, is taking off among SMBs, and not only because of its pay-per-use pricing model. DRaaS allows businesses to replicate and host their virtual machines (VMs) in the cloud so that, in the event of a catastrophe, they don’t have to wait to move all of their data back to their data center — they can just start up those VMs. This means significantly reduced recovery time. Plus, DRaaS providers offer their own service-level agreements, DR planning and testing, network operations, support, and even self-service admin tools — more enticements for SMBs that aren’t adequately staffed or equipped to fully handle DR themselves.
Moving to DRaaS isn’t such a huge leap for SMBs, according to SearchCloudStorage Site Editor Andrew Burton. “It’s a good deal for SMBs, as many are heavily virtualized, and as such are probably already using a backup software product that has the ability to replicate VMs to the cloud,” he said.
This all might sound too good to be true, but the statistics prove otherwise. For instance, in a 2013 study conducted by cloud backup provider Intronis Inc. and analyst firm The 2112 Group, more than 50% of SMBs that rely on an IT service provider for backup and recovery are using cloud-based technologies. And a 2012 survey by research firm Aberdeen found that midsized businesses suffered 50% fewer instances of downtime and 20% of the financial losses of those who used in-house DR; they also recovered three times faster than the latter group.
DRaaS options and use cases
SMBs aren’t the only ones availing themselves of the perks of DRaaS. Both established DR and backup vendors and burgeoning startups are making swift moves in this space. VMware, for example, added cloud disaster recover features to vCloud Hybrid Service, its infrastructure as a service offering. And startup Zerto just garnered $26 million in funding last year, which went into its Cloud Fabric product, which transports virtualized workloads between cloud providers.
Bit9, a software security company based in Waltham, Mass., is one midsized company that’s benefited from the DRaaS feature offered by cloud storage provider TwinStrata. The feature allows users to start up vSphere servers in the cloud and run live copies of data and apps without having to rebuild their servers. Combined with Veeam’s Backup & Replication product, which enables IT director Bill Suarez to replicate to multiple locations while making synchronous backup copies at another location, “we could have our email flowing again within a business day,” he said.
You and your DRaaS provider are on the hook
DRaaS doesn’t come without warnings and downsides. For instance, once a DRaaS provider runs your apps in the cloud, you need to make sure you fully understand what that provider’s cloud computing service-level agreement entails, Crump explained. Plus, moving data to the cloud takes up a lot of bandwidth, and you need to make sure you and your provider can accommodate it. And, after the catastrophe has passed, you need to have worked out a plan with your provider on synchronizing the application data in the cloud with your primary servers, all without disrupting critical processes.
According to Crump and fellow Storage Switzerland analyst Erick Slack, make sure to ask your provider the following questions:
- Do you have the infrastructure to run the applications I need?
- Can you allocate the compute resources to run these applications at my desired performance level?
- Can you guarantee uptime?
- Can you offer the same level of support if a regional catastrophe brings down multiple clients’ data centers?
If your DRaaS provider can’t meet these requirements, Crump said, it could be time to look elsewhere.