CIO Symmetry


December 13, 2011  3:33 PM

Cloud security planning should be part of strategy from beginning

Scot Petersen Scot Petersen Profile: Scot Petersen

What are you doing about cloud security planning? I say planning because, in a survey of attendees at the recent SearchCompliance.com Making the Case for the Cloud virtual seminar, more than half of the IT professionals responding said they don’t have a cloud strategy in place — though 100% said they would within the next year.

The point is that a cloud security strategy should be part of a cloud plan from the beginning. How that plan gets formulated is up for grabs, however. Responding to an instant poll taken during one seminar session on cloud incident response, 45% said their cloud security plan consists of reliance on SAS 70 Type II audit reports; another 32% said they rely on service contracts and lawyers to sort out the details; and 23% answered that they “can’t get management on board” for any security plan.

That’s pretty shocking. Even overlooking the 23% who are throwing up their hands, the other two options are not much better, certainly not by themselves. The SAS 70 standard was not designed with cloud security in mind.

According to IT security consultant Kevin Beaver, the speaker in the incident response session, SAS 70 had its place but is being phased out. “But it’s not that simple,” he said. “The bottom line is, you have to dig in deep; you can’t just assume that if everything checks out in the SAS 70 Type II audit report, everything must be fine. Because that is not the case, based on what I am seeing in my security work.”

First steps for cloud security planning? Get a good lawyer, a good security consultant and your CEO, and put them in a room together. Order lunch. And get down to business.

December 8, 2011  7:17 PM

Good interview questions drive project management success

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

We all know that the secret to project management often can be boiled down to your team members. We’re currently in the process of collecting nominations for our SearchCIO-Midmarket.com IT Leadership Awards and often when I contact the nominated leaders to confirm their nomination information, they protest that they themselves were only leading a team. (I love those protestations, by the way, as it’s the sign of a great leader and it means that our IT Leadership Award nominations are spot on.)

Today, instrumental VP at Google Marissa Mayer is speaking at LeWeb in Paris. During the Q&A portion, she was asked what the secret is to be a great project manager. She thinks project management lives and dies through the interview with potential team members. Because Mayer’s candidates are already technically vetted before they ever get to the interview table, she is free to really get a feel for the potential team member through a series of surprising interview questions.

For instance, her favorite question is “What’s the coolest thing you’ve seen in the last six months?” Their answer will reveal what kinds of things they are exposed to and how those exposures influence them. Mayer also asks “What do you own that you love?” which is designed to reveal what the candidate is emotional about and helps Mayer grok how well the person will be able to emotionally connect to the products that they are designing and the Google customer experience.

That’s some pretty psychologically brilliant questioning. One could make some fairly sound judgments about a candidate who answered “my new iPhone 4S with the Siri personal assistant” versus “the Christmas ornament that my great grandmother left me in her will.” Which of those things is the right answer, according to Mayer? I suspect it might be the latter.

By the way, we’re still accepting nominations for the SearchCIO-Midmarket.com IT Leadership Awards. And no, we won’t think you’re being narcissistic if you nominate yourself. You can’t get ahead in the IT industry without celebrating your own successes, and this is a perfect time to do just that.

The comments invite you to share the coolest thing you’ve seen in the last six months. Who knows, it just might get you an interview with Google’s Marissa Mayer!


December 6, 2011  9:31 AM

Cloud computing services adoption could be the answer for security

Scot Petersen Scot Petersen Profile: Scot Petersen

About a year ago I moderated a panel on cloud computing services adoption in health care. A quick poll of the audience indicated that security was the No. 1 reason why their organizations were not using the cloud or were taking their own sweet time in figuring it out.

The panel of technology vendors tried to assuage fears that security issues could hinder cloud opportunities. One panelist compared the situation to online banking: What once was unheard of is commonplace now.

Still, adoption has been slow — and not coincidentally, because health care is an industry where data privacy has to be part of the fiber of its being. And if the state of security in health care is any indication, the industry has more pressing problems than deciding whether it should go cloud.

That could be the problem, however. Despite the myths about the cloud, maybe it’s where some companies can find more security than they are currently able to enforce themselves. For more information on strategies for making cloud the next step in your enterprise and security strategies, check in on the SearchCompliance.com cloud security virtual seminar Wednesday, Dec. 7.


December 5, 2011  7:41 PM

Can you use the Kindle Fire for business?

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

Each week, we mine the Web for the jewels of knowledge that appeal to CIOs. This week, we’re looking at the trend of using the Kindle Fire in business, what compels women to quit their IT teams and the expanding reach of the Data.gov website.

 We’re still not entirely on board with the iPhone 4S voice-controlled assistant Siri; apparently Siri has a problem understanding the Indian accent.

 The half-life of a tech worker is about 15 years, according to Matt Heusser. We’re feeling old right now, how about you?

 Get ready for some BIG big data. The White House is open sourcing its Data.gov website and taking it global.

 With the holiday tech season in full swing, this year’s big mover and shaker is Amazon.com’s Kindle Fire tablet. The company plans to ship almost 4 million Kindle Fire units in Q4 2011. But can you use it for business?

 Tired of all of those blog posts about how to keep women in information technology? Here’s how to get those women to quit so you don’t have to worry about it anymore.

 You might want to watch your credit card statements over the next few weeks. The hacker group Anonymous is pulling a Robin Hood: It’s attacking the finance industry by removing funds from credit card accounts and donating the stolen money to charities around the globe. (If you see something odd, notify your financial institution for reimbursement.)

 Where do you fall in the argument about using the iPad 2 versus the Kindle Fire for business?


December 2, 2011  3:58 PM

Are you at risk? Huge Java vulnerability now weaponized and exploited

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

It’s every CIO’s worst nightmare — that panicked call when you least expect it, delivering the worst possible news: “The firewall has been breached.” We know that you do everything possible to avoid that gut-dropping moment, so we’re letting you know that today might be the best day possible to force your users to do a Java software update. It seems that Oracle Corp. detected a major Java vulnerability a few months ago and fixed it. But now the folks who live to create chaos and disorder have picked up on the weakness too. According to the National Vulnerability Database (NVD):

“Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.”

 How bad is this? The NVD has scored it 10 out of 10. This isn’t Jabba the Hutt bad or even Darth Vader bad — it’s The Emperor of all Java Vulnerability bad.

 Java is historically a bit of a screen door for corporations in the first place. It doesn’t use the same engine for updating as Windows or Adobe Flash do, and the Java software update tends to get overlooked by IT. Considering that it’s a huge, overreaching software that affects users of Windows, Linux and Mac OS X, it’s the perfect opportunity for malicious programmers to exploit and “weaponize.” Even if you deployed a Java software update in mid-October, you might still be at risk — JRE 7 and 6 Update 27 and earlier are still at risk, according to security expert Brian Krebs.

Krebs managed to sneak into one of the exclusive hacker cybercrime communities and obtained a hacker video demonstrating how the hackers can exploit the Java vulnerability. It’s worth checking out, if only to see exactly how the criminals can easily take control of your users’ machines.

And of course, it would be worth the time to take a peek at your Java software update and make sure that your users aren’t going to accidentally stumble on an infected page or ad while using Mozilla Firefox or Internet Explorer — especially if they are still using Windows XP. There’s no time like the present.


November 30, 2011  3:20 PM

First, ‘bring your own device'; now, a zero email policy

Scot Petersen Scot Petersen Profile: Scot Petersen

The wave of optimism that began with advancements in smartphones and tablets that could enable a new generation of bring-your-own-device employees has been taking some strange zigzags of late.

 The first “zig” is that a major health care provider is taking steps to restrict workers’ Internet access as a result of an out-of-control malware problem.

 The latest “zag” comes from Thierry Breton, CEO at Atos, a French IT services firm. He wants to institute a zero-email policy within the next two years.

 This could be a shock to old-school users, who still live and breathe in their email application eight hours a day. But it could be a boon to up-and-coming Millennial-generation workers, who spend most of their time on devices communicating through social networks.

 In my case, I’m playing in both the old and new schools. I take notes on my iPad, then email them to myself for future reference. That might go against the common sense of Nicolas Moinet, information and communication professor at Poitiers University in France: “We have now reached crazy situations where employees go to a meeting, continue to send emails and then ask colleagues present to send them an email to know what was said during that meeting.”

 There’s a level of the absurd in this, but banning email? Like cutting off employees to the Internet, this latest attempt to get control of things will end up causing more problems. I like the out-of-the-box thinking espoused by Breton, but we need to rein in some workable solutions.


November 28, 2011  7:04 PM

Social media networking tips for finding new CIO positions

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

There’s nothing like the first day back after a major national holiday to make you feel like you’re drowning in task items. Cheer up, we’ve got your back. We’ve combed the Web and picked only the best and most interesting selections, ensuring that you’re up-to-date on last week’s high points. We’ve got social media networking tips, an automated elevator-pitch helper and help for resuscitating languishing CIO positions.

If you’re not sullied by Dropbox’s bad reputation for security breaches, John Jantsch gives you five ways to make Dropbox more useful.

One of the biggest social media networking tips is to protect yourself: Don’t let oversharing give crooks an upper hand.

Everyone needs a solid elevator pitch, whether it’s for a project you’re excited about or for yourself as you look at new CIO positions. Harvard Business School’s Elevator Pitch Builder offers helpful word suggestions while you craft your pitch.

Do you ever feel like everyone in your company hates the IT department? You’re right, they do.

Poor AT&T. Not only does Lance Ulanoff think the AT&T-T-Mobile merger is DOA, but the recent business customer phone-hacking was tied to terrorist funding.

File this under “You get what you pay for”: India is losing a huge chunk of its outsourcing business to offshore Filipino call centers, even though the workers in the Philippines are paid slightly better than their Indian counterparts, driving the overall cost of outsourcing up a smidge.

While the content of CIO positions doesn’t change, the context is a struggle, says John D. Halamka.

Using social media as a networking tool takes some finessing. It’s not as simple as setting up a profile and letting the job offers come to you. Here are some social media networking tips for using LinkedIn to find a better job.


November 22, 2011  8:19 PM

Celebrate a colleague with our CIO awards

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

We all know those amazing IT leaders who make a difference in our companies day in and day out but often go unrecognized by the IT world at large. Not everyone can pull a Steve Jobs or a Bill Gates, after all, but I have witnessed solid and amazing innovation in midmarket companies time and again. That’s why we want to celebrate and award those CIOs and IT leaders who are blazing trails and making exciting things happen within midmarket companies.

Our SearchCIO-Midmarket.com IT Leadership Awards are open for nominations. We’re looking for not just the brave and the daring technological advancements, but also those individuals who excel at building culture or embracing green IT as part of their inherent strategy. These CIO awards celebrate all manner of IT excellence, whether it’s building a culture where millennials feel comfortable or Gen Xers find places to lead inside and outside the org chart, or by introducing new technologies to the IT department, either through innovations in data center cooling or exciting BYOD policies. Of course, it could be something else that we haven’t even considered, which is why I’m so excited to be a part of these SearchCIO-Midmarket.com CIO awards. I can’t wait for the CIO award nominations to dazzle us with the creativity and inspirational leadership that I know is out there.

Do you know someone who deserves to be recognized for their outstanding IT leadership with one of our CIO awards? Someone who is always thinking of better ways to optimize and motivate their teams or drive business value through technological contributions? Someone who has figured out a way to really engage the customers of an organization, whether internal or external? Or is that person you? Let us know!

We’re looking forward to sharing with you stories about the outstanding IT leaders on SearchCIO-Midmarket.com throughout next year. We’ll also award six amazing individuals with American Express gift certificates as well as engraved glass trophies, suitable for bragging rights in the office. As well, recognized IT leaders will receive exclusive invitations to IT industry networking events throughout the country.  We’re also going to award one of those IT leaders with the title of IT Leader of the Year — and oh yeah, they’ll get an iPad2, too.

And because we’re not above bribery, if your nominated IT leader is one of those exceptional elite, we’re also going to give you an American Express gift card. Consider it a CIO awards finder’s fee.

There are no catches. Well, one: You can only nominate one person, so choose carefully. Ready, set, go get ’em!


November 21, 2011  8:50 PM

Will the outsourcing model be the death of CIOs?

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

Each week, we scour the Web to track down interesting news pieces and commentary to help you maximize your surfing potential and information consumption. This week, we’ve got analysis of the Kindle Fire’s marketing strategy, concerns about the IT outsourcing model, and tips for negotiations and job interviews.

Is the outsourcing model going to be the death of IT? Vlad Mazek thinks you might be surprised.

 Despite rigid restrictions, North Korea has just reached 1 million active cell phones. Considering that a North Korean citizen was actually executed last year for calling South Korea, that speaks to some hardcore desire for mobility.

 Looking for your next job? Erica Swallow has tips to take control of your next job interview.

Amazon would like you to believe that the Kindle Fire is a service rather than a product. We’re not so sure we buy the rationale.

 The iPhone was a technological breakthrough. Or was it? New Yorker columnist Peter Thiel doesn’t think so.

 Everyone wants to be the smartest person in the room. Lewis Howes thinks that might be your biggest problem.

 Next time you find yourself hammering out your outsourcing model, follow these three easy lessons on better negotiations.


November 17, 2011  10:12 PM

Can the future of Yahoo withstand the dot-com bubble 2.0?

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

San Francisco’s Yahoo billboard has been a landmark in the city for over a decade. I always get a little thrill when I zoom over the 101 and spot its cheeky little sayings and delightful midcentury stylistic design. Sadly, the Yahoo billboard is coming down this month.

Is the future of Yahoo in jeopardy? Yahoo is one of the last remaining standouts from the dot-com era. The billboard went up during the days when the Nasdaq was ripe with tech stocks, and it has witnessed its fellow tech billboards fall by the wayside along with the companies they represented. Remember using AltaVista? Encarta? How about Go.com? Remember when Apple was just a boutique brand favored mostly by artists and the truly eclectic? Remember when social media was little more than logging onto a special interest forum and then the truly pointless SixDegrees?

We often speak about the end of the dot-com era while ignoring the fact that we’re smack in the middle of another one. Some pundits are labeling it bubble 2.0. I’m not sure they’re entirely wrong. Startups are climbing, and cloud computing makes for fast and easy tech in just about everyone’s hands. Facebook is worth an astronomical amount. Groupon’s IPO earlier this month was the biggest in the U.S. since Google’s, which is pulling in respectable amounts of cash, thanks to its constant innovation and reinvention (case in point, Google’s digital music store opened this Thursday). Despite a few financial pundits who are shaking their heads at Groupon’s future growth potential, it’s plain that there’s still an appetite for dot-com commerce.

But what does this mean for the future of Yahoo in the Internet landscape? With other tech giants making huge inroads into the cultural lexicon, Yahoo seems to be floundering. It fired Carol A. Bartz two months ago in a messy PR nightmare, advertisers don’t seem to be biting, and the company’s attempts at engaging Web 2.0 dynamics are turning up with a Fail Whale.

What do you think? Is the future of Yahoo at risk? Is the Yahoo billboard’s demise a sign of tough times to come for the Internet giant? The comments are hanging on your every word.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: