On SearchCIO, we’re kicking off a series of video interviews from last month’s MIT Sloan CIO Symposium profiling how some notable CIOs got their start.
First up is AT&T CIO and MIT Sloan CIO Leadership Award winner Thaddeus Arroyo, who attributes his lofty rise in IT and becoming a CIO to a “divergent” professional journey that included lateral moves which allowed him to become the well-rounded leader he is today. Arroyo chatted with SearchCIO executive editor Linda Tucci about the benefits of seizing the “least comfortable” career opportunities.
For Dell global CIO Andi Karaboutis, working in the business in various roles and essentially becoming a customer of IT provided her with the “best IT training.” Senior news writer Nicole Laskowski sat down with the CIO Leadership Award finalist to discuss how her stint in the business equipped her with the tools to view IT from a business perspective.
Kristen Darby’s path to CIO for Cancer Treatment Centers of America started out in her family’s automation and lighting-design business, where she discovered a talent for software development. She pursued accounting before finally rediscovering IT and the benefits it can bring to healthcare. Check out her interview with assistant editor Emily McLaughlin in which she recounts her IT journey.
And there are more of these videos to come — stay tuned to SearchCIO!
More on SearchCIO…
Come one, come all, and check out our Essential Guide on crafting an enterprise cloud blueprint. In the latest installment in our CIO Briefings series, get guidance on deciding between public, private and hybrid cloud models; navigating among various as-a-service offerings; choosing from among a plethora of cloud vendors; creating an integration plan; and more.
In Searchlight, McLaughlin ties the value of CIOs developing skills that pertain to various areas of IT to news from Apple’s Worldwide Developers Conference earlier this week. A key takeaway from the conference was Apple’s reveal of its programming language Swift, which lets users create their own apps after they’ve mastered the syntax. The company’s goal, according to the head of Apple’s Developer Tools department, is to make programming fun — and cultivate a generation of future programmers and IT leaders!
Now that big data is part of the IT lexicon, one data expert thinks CIOs should also be paying attention to small data. How exactly are they different, and is small data sometimes better? The answer isn’t as clear-cut as you might think. In this Q&A, Laskowski sits down with Kirk Borne, a George Mason University professor and expert on all things big data, to discuss exactly what small data is.
The words customer analytics usually have people thinking social media, or maybe even just Twitter. But one social media contrarian isn’t buying it — your customer service department might already have the goods, he says. In advance of next week’s Useful Business Analytics Summit in Boston, Laskowski caught up with moderator and customer analytics expert Tom H.C. Anderson to talk about why social media data isn’t always the way to go.
Is your enterprise ready to take advantage of infonomics — in other words, treat your corporate data as an economic asset? In our June CIO Decisions e-zine, we tackled that question and more, including how Dell’s CIO turned her IT team into a business partner; whether more data trumps clean data; and how to cautiously deploy disruptive technologies when taking humans into account. And in the latest CIO Citings, managing editor Rachel Lebeaux gathered some meaty quotes from the last issue. Get insight from various IT leaders and experts on the prevalence of next-generation mobility, big data analytics in more in today’s enterprises.
Our new features writer Kristen Lee is on a roll! On the TotalCIO blog, she writes about the impact of shadow IT on the likelihood of data breaches; according to a recently released study, the probability is three times higher. Get the details and see how you can prevent costly breaches from occurring.
How are new technologies impacting your IT service management (ITSM) strategies? We decided to take that question to the Twittersphere. We also asked tweet jammers for advice on how to account for the resulting technology skills gap. Plus, participants dished on their top sources of stress when crafting ITSM strategies around new technologies, as well as best practices for problem management. In these recaps, see what tweet jam and ITSM expert Jerry Luftman and other #CIOChat participants had to say about revamping current ITSM processes as enterprises digitize.
And on SearchCompliance…
Managing digital records today means facing the ever-increasing costs of business analysis, regulatory compliance and a host of other concerns. Expert contributor Jeffrey Ritter points out that while it’s tempting to jettison traditional records management techniques in companies’ quest to eagerly adopt new technology, there are some tried-and-true information governance strategies they should cling to.
The Federal Trade Commission is taking a more proactive role in protecting consumer data in response to businesses’ widespread data collection and sharing. In the most recent installment of SearchCompliance’s IT Compliance FAQ series, contributor Caron Carlson addresses common questions surrounding how the FTC has focused on the activity of data brokers and other businesses to improve data security and privacy.
That’s all we’ve got for this week! Watch out for more updates in next week’s Symmetry roundup; before then, keep on top of our news and tips by following us on @SearchCIO, @SearchCIOSMB and @ITCompliance.
Kicking off this week is SearchCIO senior news writer Nicole Laskowski’s Data Mill, where she addresses a looming question on everyone’s minds during the MIT Sloan CIO Symposium’s big data panel: Is the big data market converging? Learn why the answer isn’t as simple as you might think; plus, find out how Apache Spark competes with MapReduce, what the future could hold for Google’s driverless car, and how digitization is changing competition within — and across — verticals.
Switching gears, Laskowski writes about how the impact of high-profile data breaches (a la Target) has changed the equation in risk management conversation. At Boston’s 2014 CFO Technology Conference, CFOs and other attendees posed questions to security experts on matters ranging from data breaches, passwords, Software as a Service applications and more.
Elsewhere on SearchCIO…
Apple’s buyout of Dr. Dre’s Beats Electronics and Google’s diversity report monopolized tech news this week. In Searchlight, associate editor Emily McLaughlin highlights an important reality behind these headlines: diversity in IT, in more ways than one. Apple’s purchase might seem a blunder at first blush but, as CEO Tim Cook explained, it’s Beats’ people and their creativity that his company is after. And the harsh reality Google’s report illuminated about the lack of diversity in its workforce (already true in many tech firms) has triggered calls to action for greater transparency and turning to untapped talent sources.
What exactly is “fog computing?” features writer Kristen Lee asks in a TotalCIO blog post. Cisco argues it’s synonymous with Internet of Things (IoT), while others, like Forrester’s James Staten, thinks it’s all hype: “What they call fog we already call mobile and IoT.” But regardless of the name, edge computing is a notion CIOs should consider as more and more devices (like jet engines!) become part of IoT and data continues to balloon.
If there’s one thing we learned at last week’s MIT conference, it’s all about the customer, and a small jeweler business is taking this to heart with its social media strategy. Contributor Christine Parizo recounts how Wixon Jewelers uses social media monitoring and engagement to manage its online reputation and ensure its customers are happy.
How can global sourcing give your company a competitive advantage? Next week’s World BPO/ITO Forum might provide the answer. Editorial director Christina Torode previews the show and its focus on innovative sourcing strategies in an interview with speaker Vishal Ahluwalia.
On that sourcing note, if you’re thinking of taking advantage of cloud and are looking to brush up on the facts, look no further than SearchCIO’s quiz. Review our recent coverage and get some guidance on just what moving some or all your apps or infrastructure to the cloud might mean for your IT staff, business operations, service delivery and bottom line.
We’ve covered aplenty how a strong security strategy can give enterprises a competitive edge, but how exactly can a small business with limited resources leverage security as an asset? Executive editor Linda Tucci talks to Robert Jimenez, IT specialist at Scooterbug, about how he invested in cloud-based security to do just that.
Your turn: If you’re unsure whether your security program can go head to head with today’s breed of cybercrime, have we got a tool for you! Check out SearchCIO’s cybersecurity quiz to review our recent stories and get up to speed on why a strong cybersecurity strategy is valuable to your business and your customers.
Heading over to SearchCompliance…
Today’s digital market, in which consumers and machines are increasingly connected, “data is the new currency,” aptly put by Dell CIO Andi Karaboutis. This means data breaches are a dime a dozen. From MIT’s symposium, associate editor Fran Sales covers panelists’ take on how CIOs and compliance officers should face their fears and take a proactive risk management approach.
One of the fundamental tools IT should utilize to deal with data- and intelligence-driven threats: systems logging. From the RSA 2014 Conference earlier this year, SearchCompliance caught up with Tenable Network Security’s Marcus J. Ranum to discuss what the CSO calls the most important tool in security and why it’s a key element in building a strong, analytics-driven security strategy.
The MIT Sloan CIO Symposium, which focused on how CIOs can use digital technology to help transform their enterprises, dominated conversations across media platforms this week. On SearchCIO, read the five takeaways Senior News Writer Nicole Laskowski gleaned from the show that can help CIOs and other senior execs head up the digital journey, including broader IT-business alignment, creative new channels of customer engagement and more.
On the TotalCIO blog, meet SearchCIO’s brand-new features writer, Kristen Lee! In her take on MIT, Lee concentrates on two themes: One, CIOs need to draw from their peers’ strengths and ideas to bolster their own IT strategies; two, they need to integrate machine smarts into that collective intelligence. She dedicates another blog post to the Internet of Things and the challenges it brings up for CIOs around business process integration, common architecture, security and more.
In the latest Searchlight, Associate Editor Emily McLaughlin gives a rundown of MIT’s lively “CIO, CDO, CMO Perspectives on Digital Transformation” session, where the focus was not on which C-level exec should take the digital helm, but rather on best practices for how each can facilitate a digital transformation across the business. And on TotalCIO, Associate Editor Fran Sales digs into each nugget of advice from the panel, including partnering across functions, measuring customer engagement and more.
Also on Searchlight: other tech headlines from the week, including eBay’s data breach, Martha Stewart’s drone and a calf fitted with (spotted!) high-tech prosthetics.
Elsewhere on SearchCIO…
In his latest column, CTO Niel Nickolaisen tackles today’s digital reality from another angle: looking at the business perks and downsides of our consumer’s digital footprints. On one side of the coin, the rich information from these footprints provides microtargeting fodder for company’s marketing campaigns; on the other is the oft-mentioned issue of privacy.
It doesn’t just take CIOs and IT execs to extract value from big data. A key message at the recent CFO Technology Conference was that CFOs need to get in on the conversation as well. In her latest Data Mill, Laskowski explains that financial execs need to look at how big data funds are distributed, which will help organizations boost IT productivity and effectively extract insight from that data. Plus, she discusses how businesses should leverage online platforms (not ads) to refresh their content marketing campaigns.
Delivering virtual desktop infrastructure has more than nifty technological aspects to offer — it also has the potential to deliver huge business value. In our latest Ask the Expert, CTO Brad Maltz explains why, in today’s consumer-driven IT market, using VDI to deliver on user experience translates into ROI for the business.
Southwest Airlines, Pixar and PayPal may serve different industries, but they’ve got one thing in common, according to expert contributor Joseph Flahiff: They’re agile. In other words, they’re flexible enough to adapt to customer needs or industry changes such as mobile. Read Flahiff’s tip on the four aspects of agility to learn how to make your business nimble.
The demands of increasing data and technology innovations has CIO expert Harvey Koeppel waxing urgent about the value of modernizing business processes, particularly in the realm of IT service management (ITSM). In our latest CIO Matters column, read Koeppel’s take on how customer expectations, the cost of service delivery and newer skill sets factor into the necessity of constantly evolving your ITSM practices.
Now, we want your take: How do you think CIOs must adapt their current ITSM processes to today’s reality of mobile, cloud and anytime-anywhere computing — not to mention the ever-present IT skills gap? Join us and our tweet jam expert, Jerry Luftman, founder of the Global Institute for IT Management, for our next #CIOChat Wednesday, May 28, at 3 p.m. EDT and share your thoughts on how IT leaders must transform their ITSM processes.
In SearchCompliance matters…
Since the 2008 financial crisis, the U.S. Securities and Exchange Commission has been emphasizing the role that corporate culture plays in its investigations. On our IT Compliance Advisor blog, Site Editor Ben Cole describes why, given the SEC’s emphasis on transparency and a willingness to cooperate, it’s important to build your culture around business ethics rather than financial gain.
For this month’s #GRCchat, we recruited former Federal Communications Commission CIO Robert Naylor as our tweet jam expert on the topic of minimizing data breaches’ impact on businesses. Check out our latest recap to get Naylor’s and other tweet jammers’ two cents on balancing network monitoring with budget restrictions, as well as using risk assessments to prioritize areas that need protection.
The future looms large this week on SearchCIO – starting with recent findings from a Pew Research survey indicating that IT and everyday life will be infiltrated by wearable tech and the Internet of Things (IoT) in the next decade. In this week’s Searchlight, Associate Editor Emily McLaughlin writes how these disruptors will pose yet another challenge for CIOs as they tackle the techs’ security risks and big data implications. Also headlining: The FCC approves rules that allow pay-for-priority on the Net; in wake of Jill Abramson’s replacement at The New York Times, the paper focuses on digital strategy; and a text-911 plan starts to roll out.
Another disruptor stole the limelight at TechCrunch Disrupt New York, where Senior News Writer Nicole Laskowski homed in on a feature many intrepid startups have in common: the leading role application programming interfaces (APIs) play in their mobile apps. APIs allow these startups to achieve two things: improve customer experience on the front end and build deeper relationships with their service providers on the back end. Read about open APIs and other disruptive technologies from the show in this week’s Data Mill.
Our April tweet jam on prescriptive analytics found participants waxing poetic about the importance of building trust by demonstrating the value of good data through open conversation; trust is an equally important player to well-crafted algorithms when it comes to data decision making. Executive Editor Linda Tucci asked whether machines will take over in the next stage of prescriptive analytics, but tweet jam expert Tom Doub believes a “new normal” of human-machine interaction will take place, as it has in years past.
In other SearchCIO happenings…
In the latest profile in our CIO Innovators series, Tucci chats with Sigal Zarmi, CIO of GE Capital Americas, about how she balances her two customer bases: internal employees and the business’ external customers. Find out how Zarmi boosts internal productivity by improving customer experience – for example, by automating internal processes through GE Americas’ self-service site.
Over at TotalCIO, Laskowski digs deeper into TechCrunch Disrupt’s theme of user experience by looking at the rocky road that Jawbone, known for its wireless speakers and activity-tracking wristbands, took from a military consumer base to a civilian one. Find out how, by getting hardware, software and data teams to focus on the common goal of customer experience, Jawbone’s CEO was able to get them to start learning from each other.
Over at SearchCompliance…
Site Editor Ben Cole sat down with Branden Williams, EVP of strategy for compliance service provider Sysnet, at this year’s RSA conference to talk payment card industry (PCI) cybersecurity strategy in the face of increasingly sophisticated cyberthreats. Check out this Q&A to get Williams’ take on overcoming PCI compliance hurdles, addressing emerging cyberthreats, and leveraging analytics-driven security methods.
As an increasing number of businesses move their operations to the cloud, governance, risk management and compliance (GRC), as well as thorough vetting of cloud providers, are now even more crucial players in ensuring data security. Contributor Christine Parizo looks at questions to ask providers, how organizations can maintain cloud GRC and how to mitigate risks inherent in various cloud models.
How valuable is your data? If you’re a CIO or chief financial officer and manage data every day, you’d probably say very — which begs the next question: Exactly how much value does your data have? Infonomics, or the economics of data information, could help you answer that question. SearchCIO Senior News Writer Nicole Laskowski details how data can boost your market value. In part two of her feature, Gartner analyst Doug Laney lists six ways CIOs can measure the value of their data assets.
To that end, what should you do with all your open data? In this week’s Data Mill, Laskowski has the answers, culled from Laney’s presentation at the recent Gartner Business Intelligence and Analytics Summit. Laney lays out a number of use cases that have leveraged open data to create benchmarks, develop predictive indicators, generate ideas and more. Laskowski also recently shared analyst Don Sommer’s “tipping points” that will shake the BI and analytics market — and readers had a lot to say about it. In the latest CIO Chatter, we dug into the reader buzz on the battle between old and new BI vendors.
In this consumer age, perhaps it’s no surprise that data discovery is shifting into the hands of customers. Laskowski blogged from TechCrunch’s Disrupt New York conference, where she explored the potentially disruptive “discovery retail” business of Birchbox and how its consumers are taking advantage of the company’s data-driven business model.
Elsewhere on SearchCIO…
Get ‘em while they’re hot off the e-presses! May’s CIO Decisions e-zine focuses on the latest in innovative and disruptive technologies: Find out how the mobility age should skew CIOs’ mobile strategies toward the customer, how the connected car is reshaping business for better or worse, and more. Then, download a copy of SearchCIO’s latest handbook on cybersecurity strategy, where, in light of the changing face of cyberthreats, we offer advice on how to use a strong cybersecurity program as a competitive differentiator.
This week’s Searchlight column addresses the public uproar this week over the Federal Communications Commission (FCC) chairman’s proposed net neutrality rules. Chairman Tom Wheeler’s proposal — a set of Open Internet rules that might allow companies to pay for high-speed access to their content — has drawn opposition from various individuals, companies and interest groups, among them Amazon, Facebook and Google. Plus, read about the sign-off of Target’s CEO, leaked info on Amazon’s 3-D smartphone and more in this piece by Associate Editor Emily McLaughlin.
SearchCIO’s Essential Guide on enterprise IT sourcing strategy, the latest installment in our CIO Briefings series, targets IT sourcing from all angles, including business process outsourcing, video advice from experts, the use of cloud services, the fine print behind an IT sourcing strategy and more.
One of the leading questions in last week’s #CIOChat on prescriptive analytics concerned whether this brand of business analytics can be applied to all industries. Centerstone Research Institute CEO Tom Doub, our tweet jam expert, as well as other practiced participants, agreed: While it’s good to take precautions (Target’s diaper analytics snafu comes to mind), the pros of prescriptive analytics can outweigh any of its potential restrictions. We also discussed how using the right data mining algorithms can spell out competitive advantage.
Finally, in CIO Citings, Managing Editor Rachel Lebeaux tackles the question: Can prescriptive analytics — the brand of BI that predicts the best course of action using existing data — really work for your industry? Luckily, this collection of quotes from experts who use prescriptive analytics across a broad range of industries — including a media company and a nonprofit institute targeting healthcare — should set your minds at ease.
Let’s head over to SearchCompliance…
It’s no surprise information managers are constantly besot with requests to enable more and more workers’ personal devices. Doing so, however, exposes companies to significant risk and regulatory complications — which is where a strong information governance and mobile strategy comes into play. In this SearchCompliance tip, expert Jeffrey Ritter details the policies and procedures enterprises should have in place to avoid bring-your-own-device snags.
Another issue with which organizations must contend in today’s ever-changing security landscape: the sheer number of regulatory mandates to which they must adhere. In this SearchCompliance video, Site Editor Ben Cole speaks with Brian O’Hara, chief information security officer at security consulting firm Mako Group, about the steps businesses must take to adapt in this landscape and how to dovetail governance, risk and compliance (GRC) processes with their overarching business strategy.
Harken, tweet jammers! Former FCC CIO Robert Naylor will be our guest expert in SearchCompliance’s upcoming #GRCchat, hosted by @ITCompliance. On Thursday, March 15, at 12 p.m. EDT, join us as we chat about the timely topic of mitigating the business impacts of information security breaches.
Data scientists know that rich, interactive visualizations can turn complex data sets into something employees (of all backgrounds) can dig in to and discover new insights and ask new questions of. But maybe it’s time to deliver that same kind of “discovery” service into the hands of customers for other than data mining purposes.
Meet Katia Beauchamp and Hayley Barna, co-founders of Birchbox, a “discovery retail” cosmetics business launched in 2010. Customers who sign on to the Birchbox service receive a box every month containing four or five cosmetic, grooming or lifestyle samples. Customers get a chance to try something they’ve never bought before — without making a costly, up-front investment. If they like it, customers can return to the Birchbox site to buy a full-sized version, or go to any other retail outlet, for that matter, to make their purchase.
“The mission behind Birchbox is to make it easy, efficient and fun to buy beauty products online,” Barna said at TechCrunch’s Disrupt New York earlier this week.
What will come as no surprise to CIOs and IT leaders is the potent ingredient at the center of the Birchbox business model: Data. “We are data junkies!” Beauchamp recently exclaimed on Twitter. And when faced with a question at Disrupt New York about a Birchbox contingency plan if consumers scale back their cosmetic cravings, Beauchamp turned to data. “No need for a contingency plan,” she said. “We continue to monitor how consumers are spending their time with us, how they’re spending their money with us, and that informs what goes into the box. We will always be data driven.”
The co-founders see the boxes as “the beginning of the conversation we have every month with our customers,” Beauchamp said at Disrupt New York. And, based on data alone, it’s a conversation that’s getting louder and louder. To date, Birchbox has 800,000 paid subscribers who receive a box every month, according to Barna. And, starting this summer, customers in the New York City area will be able to visit the first Birchbox brick-and-mortar store, where data will play a big role in helping Barna and Beauchamp measure the store’s success.
“For us, we’re thinking about it as a laboratory,” Barna said.
“We’re going to see the numbers and how it will impact our online business, customer acquisition, the lifetime value of businesses who engages with us in that space,” Beauchamp said.
Those kind of data points are, no doubt, helping attract investor interest. Last month, Birchbox raised $60 million in a Series B funding round from firms such as Viking Global Investors and First Round Capital.
The funds will be used to grow the discovery retail business, Beauchamp said at Disrupt New York. That could, in part, help finance future acquisitions — specifically those that will push Birchbox into new markets. In 2012, Beauchamp and Barna picked up the Paris-based JolieBox, which paved the way for Birchbox to sell services and products in France, Spain and the United Kingdom. While the acquisition made good business sense, it also benefitted the Birchbox customer base.
“Through our expansion to Europe, we were able to bring European brands to the United States for the first time,” Barna said. “It’s been great for our customers.”
She probably has data to back up a statement like that one.
Are chief digital officers a boon to the business, or might they eventually be the bane of the CIO? That’s one of many questions we explored on SearchCIO this week.
Digital strategy is where it’s at; combine that with customer engagement and you have a winning formula. Just ask Taco Bell, which posted on Facebook its exchange with a customer about his request for a customized speedo; unsurprisingly, user interaction exploded. In this week’s Data Mill, Senior News Writer Nicole Laskowski digs into how the organizations can take advantage of that winning formula in the form of the chief digital officer (CDO).
Indeed, with digital innovation topping companies’ priority lists, the glamorous-sounding CDO role is rapidly growing. But it won’t always be so rosy for the CDO, panelists at the recent CDO Summit in New York agreed: As organizations go all-digital, other chief officer roles likely will evolve to take on digital responsibilities, leaving less and less for the CDO role to manage. Check out Associate Editor Emily McLaughlin’s tweet-laced coverage in this conference recap.
Elsewhere on SearchCIO…
Security takes center stage (once again!) in this week’s Searchlight. In the wake of last year’s epic credit-card breach, retail giant Target is rebounding with its biggest move yet: appointing heavyweight Bob DeRodes as new CIO. Target’s CEO says that DeRodes, who was a senior information technology advisor to multiple government bodies, is well-positioned to “lead our continued breach responses and guide our long-term digital strategy.” Read the full column and find out what else the Web is buzzing about this week.
Speaking of data breaches, it’s time to go back to the basics to combat today’s breed of data-driven cybercrime. That was IT execs’ resounding response when asked what new security technologies they recommend. In our latest Future State column, Editorial Director Christina Torode explores how security oldies-but-goodies such as systems logging are worthy means of battling data-driven security problems.
On that note: If you’re using cloud, you’ve probably heard that security breaches are almost inevitable, so how should you prepare for sneak attacks and mitigate the consequences? Security experts offer their advice in the latest CIO Symmetry blog post by Laskowski.
Our CTO contributor Niel Nickolaisen has a few things to say about cybersecurity as well. He advises fellow IT leaders to adopt a hybrid security approach, relying on both experts’ knowledge and your own homegrown intelligence. Read his tip on how to use risk assessment profiling as a foundation for a strong hybrid strategy.
It’s no surprise security is a point of focus this week — and really, this year. Check out the results of TechTarget’s recent survey of enterprise IT priorities for 2014 and you’ll see that various security initiatives — including mobile and network security — easily make the top 10. Click through our slideshow by Associate Editor Fran Sales for more on enterprise tech investments in 2014.
Other SearchCIO happenings…
Thanks to the monopolies of cable TV, we buy ridiculous cable bundles of 200+ channels even though many of us would be happy with just five. Are Internet service providers (ISPs) headed in the same direction? In this week’s CIO Matters column, guest CIO contributor and “netizen” Ravi Ravishanker examines the implications of the D.C. Circuit Court of Appeals’ ruling, which found that the Federal Communications Commission can’t impose net neutrality on ISPs. Find out how that could lead them to serve up preferential treatment to companies with the big bucks.
It’s quiz time again! The IT outsourcing landscape is constantly evolving and there are ever-more components to consider, so review our recent coverage and make sure you’re up to date on outsourcing management considerations.
Over on SearchCompliance…
Security is dominating the compliance sphere as well, as seen in the rise in intelligence-driven security. SearchCompliance editor Ben Cole sat down with Kim Jones, chief security officer and senior vice president Vantiv Company LLC, at the RSA 2014 Conference to discuss what counts as intelligence-driven security, its limits and how to use it to drive sound decisions.
Meanwhile, the latest installment in the IT Compliance FAQ series answers the top questions on Heartbleed, the OpenSSL bug experts are calling one of the worst in Internet history. Make sure you’re aware of its ins and outs and that you’ve taken the steps necessary to address potential vulnerabilities.
And onto chattier matters: If you missed last week’s #GRCchat on Twitter, our tweet jam recap has all the juicy info on the role of information governance in meeting GRC requirements in the digital, big data age. Calendar note: Quell your #GRCchat hankerings with our next SearchCompliance tweet jam, scheduled for May 15 at 12 p.m. EST (topic TBD).
It’s not if, it’s when. That’s how a Massachusetts Technology Leadership Council panel of security experts talked about the potential for security breaches in the cloud. That inevitability might be one of the reasons why enterprise CIOs are still reluctant (though less so than they used to be) to head to the cloud, a luxury small and mid-sized businesses simply cannot afford. The good news for those in charge of SMB IT: There are ways to diligently prepare for a sneak attack that can help mitigate the potential damage.
In this SearchCIO small business IT tip, Nick (aka Rattle) Levay, CSO at security provider Bit9 in Waltham, Mass.; Chris Ray, chief information security officer for targeted marketing firm Epsilon; and Chris Wysopal, co-founder and CTO at Software as a Service security provider Veracode, address the question: “How do you prepare your company to respond to a breach?” Here are their pointers:
Reach out to business teams, law enforcement and security trainers
Chris Ray: Make sure you have other departments involved up front [such as] legal and corporate communications. Have a preexisting relationship with external law enforcement, consult with them. … I’m also a firm believer that if you don’t have a large team, leverage someone else and do not take this all upon yourself. There are plenty of companies out there that have forensic retainer services. Get that in place [because] when something happens, you don’t want to be scrambling around trying to get a contract signed. Have someone available. And when you do a retainer-type service, they’ll offer so many hours of free training to help you in your program. Having that in place is, by far, one of the most important things to make sure you do.
Visualize worst case scenarios
Nick Levay: I understand that a lot of small organizations can’t do a full written response plan, but as someone whose responsibility it is to do security, you should spend some time working through some of your worst-case scenarios and doing mental preparations. That’s because at any given point, you could come into work one day and find out it just turned into the worst day in your career. At that time, it’s going to be important to senior management that you are calm and in control. If you can do that, all of those interactions with executives, help desk, the legal department … all of that stuff gets easier if you can convey calm and control. The only way you can do that is by working through worst-case scenarios in your head.
Organize drills to provide hands-on experience
Chris Wysopal: One of the things we do, and we do this quarterly, are “table top exercises.” So we all get into the board room — the security team, people from IT, people from corporate communications, the corporate council — and come up with the different scenarios that could potentially happen. Usually it’s about a two- to three-hour exercise, and the person leading rolls out the information you’re discovering. I guess it helps if you play Dungeons & Dragons. It’s been very helpful for us when we’ve had incidents that just resulted in downtime that could have been a security incident but turned out to be some sort of human error. Having those processes in place so people know to get together and work through it is invaluable.
Get to know the business
Levay: If you’re in charge of security and response for a company, you have to understand the business. If you are a pure technical person and you only understand the technical infrastructure and you don’t understand how the business works, it’s going to be hard to run a security response. That’s one of the things about practicing security that makes it so intellectually challenging when you really get to the management levels: You need to understand the business really well. Not necessarily as well as the CEO or the CFO does, but you need to understand the business mechanics: where the money flows, where the crown jewels are, how the groups interact with each other. Otherwise, you’re not going to be able to make informed decisions.
Cybersecurity is front and center on SearchCIO this week.
With cyberattacks coming from every corner, CIOs and security experts believe a strong security program can be a competitive differentiator for their companies, similar to how car safety determined the rise and fall of certain brands in the auto industry. But can these security evangelists convince the rest of the business that a function traditionally viewed as a cost can help the bottom line? Executive Editor Tina Torode looks into various infosec case studies in this week’s feature.
Speaking of ‘cyber’ matters — the perimeter defense is officially dead. That’s according to our expert contributor Harvey Koeppel, who addresses common cyberdefense myths in this week’s CIO Matters column and explains why it’s time to play some cyberoffense.
Koeppel isn’t alone in the call for modernizing cyberdefenses. Ed Amoroso, CSO at AT&T, proclaimed at New York’s recent Landmark CIO Summit that it’s time we scrap outdated perimeter defenses and — wait for it — head for the cloud to shore up enterprise security. Executive Editor Linda Tucci reports in our TotalCIO blog.
Also on SearchCIO…
Senior News Writer Nicole Laskowski looks into how Thomson Reuters used crowdsourcing to search for engineering talent, with a twist: through internal competitions. See how Mona Vernon, head of Thomson Reuters’ innovation data lab, got her crowdsourcing project off the ground, and what problems she suggests are crowdsource-worthy.
Meanwhile, wondering what the analytics landscape will look like in a few years? You’re in luck, because some high-profile BI experts have lots of ideas. At Gartner’s Business Intelligence and Analytics Summit, BI heads from the likes of Cisco, GE and Caesar’s Entertainment exchanged views on hiring chief digital officers, predictive analytics and more.
The latest on Searchight: Facebook tuned in to users’ penchant for creating private content, particularly in the mobile realm — and now has $2.5 billion in Q1 revenue to show for it. Take a hint from the social media giant on how to engage your users; plus, news on Apple considering environmental sensors, Obama’s soccer match with a humanoid robot, and more.
Lastly, remember the prediction that by 2017 CMOs will spend more on IT than CIOs? Forrester Research analyst Andrew Bartels digs into three big reasons why CIOs are still very much in control — and should be — of their business’ tech budgets, despite the increasing technology appetites of their colleagues at marketing.
And on SearchCompliance…
What’s so noteworthy about the Department of Health and Human Services’ announcement of an upcoming pre-HIPAA-audit survey? After all, the Office of Civil Rights has been auditing covered entities since 2012. As Ed Moyle covers in this SearchCompliance tip, what’s different in this new round of audits is that business associates will now be in the regulatory bull’s eye. Find out how business associates should address this challenge.
Hear ye, hear ye: The latest issue of our SearchCompliance handbook has arrived! Read up on the latest happenings in cloud risk management, governance and compliance, including the questions you need to ask cloud providers to gauge GRC readiness, and how cloud strategies are involving to take security into account.
If you missed April’s #GRCchat tweet jam on information lifecycle management, please check out our recap to catch up on how IT organizations are dealing with mounting data and the resulting governance issues by fortifying their information management strategy.
And on that chatty note — get ready for another #CIOChat tweet jam! Join SearchCIO next Wednesday, April 30, at 3 p.m. EDT to talk predictive and prescriptive analytics. And be on the lookout for next week’s CIO Symmetry roundup; plus, get our news and tips in real time by following @SearchCIO, @SearchCIOSMB and @ITCompliance.
There is a war going on in IT between old and new business intelligence — and it’s slated to be a tough matchup. A story getting a lot of attention on SearchCIO this week came out of Dan Sommer’s session at the Gartner BI and Analytics Summit. Scroll through the comments to learn whether readers are choosing old BI or new BI — but not until you’ve formed your own opinion!
In today’s Searchlight column, learn about this year’s IT-heavy crisis management plan at the Boston Marathon. Also read about Microsoft’s forced update, how you can buy a fancy Toshiba Satellite Pro laptop and the first Heartbleed-related arrest.
Also on SearchCIO…
Does cloud spell the end of corporate IT? Not for CIO Don Baker and CTO Michael Beckley. These two corporate executives are exploiting cloud computing for business gains. This feature story by SearchCIO contributor Dina Gerdeman can also be found in our recent cloud computing ezine.
If IT professionals aren’t worried about cloud technologies taking their jobs, maybe self-service BI tools will have them shaking in their boots. In Monday’s Data Mill column, Nicole Laskowski shares why data scientists might be deemed useless by enterprise organizations in the near future.
In small business news, contributor Christine Parizo shares why it’s important to find a website developer that fits your corporate culture as well as fulfill your organization’s requirements.
In this video from the RSA 2014 Conference in San Francisco, security architect Robert Shullich sits down with site editor Ben Cole to discuss how many companies don’t understand the scope of their data assets and why this ignorance creates big information security holes.
What info management processes are needed to separate corporate and personal data to avoid privacy issues? Jeffrey Ritter, Esq., founder of the Ritter Academy, offers his expert opinion on protecting information assets, whether personal or corporate.
Watch SearchCompliance for recaps from this week’s information lifecycle governance-themed #GRCchat. Interested in joining our next tweet jam? Pencil SearchCIO in for a predictive/prescriptive analytics-themed #CIOChat on Wednesday, April 30, at 3 p.m. ET.