CIO Symmetry


July 5, 2011  1:34 PM

Hacking activities mean security risk is everybody’s business

Scot Petersen Scot Petersen Profile: Scot Petersen

The LulzSec hacker group recently announced it was backing off its spree of network break-ins — but only after making off with gigabytes of sensitive documents from large private- and public-sector organizations. Meanwhile, other groups continue on with their hacking activities. Security vendor RSA is still picking itself up from having its token technology hacked earlier this year.

No one, it seems, is immune from security risk these days. But don’t take my word for it.

Howard Stringer, the CEO of Sony, whose PlayStation Network was down for weeks this spring after a breach, recently told Newsweek, “How can I sit here and tell you there will be no further vulnerabilities? We’re dealing with it. Now it’s a known hazard. Everybody is being hacked now.”

Not very encouraging, is it?

Security is no longer the domain of CISOs but also CEOs, who must take responsibility for security risk and how it affects corporate assets, the bottom line and the company’s reputation.

Like the cultures of innovation sponsored by so many of the CIOs whom we have spoken to this year, security risk culture must start at the top. “Dealing with it” just doesn’t cut it anymore.

July 1, 2011  2:35 PM

What IT/business alignment has in common with the TSA

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

I’ve been thinking a lot about Harman CIO Michael Ali’s discussion of IT/business alignment. We spend of lot of energy in IT worrying about how to align with the business, while our users are figuring out ways to circumvent IT completely. New initiatives are exciting within the organization, but users tend to view changes by what they can’t do instead of what they can, which is hampering IT/business alignment at its very core.

Then I had a flash of inspiration on the problem of IT/business alignment (bear with me): I travel a lot, both for business and pleasure, and like George Clooney in “Up in the Air” I have the security check down to a streamlined dance of removing my bag of liquids and my laptop from my bag and taking off my jacket and my shoes practically in the same motion. I used to be really grumpy about the TSA’s various regulations, but now I am just resigned to it as part of flying. I knew my spirit was officially broken when I had to choose between being photographed by the backscatter machines and being frisked by a TSA agent. (How bad has it gotten when walking around in your stocking feet at a public place is the least silly part of a process?)

IT is in danger of becoming the TSA of the organization.

If you were to measure the company’s general feel for IT outside of the department, would the employees be excited about what you’re accomplishing, or would they grumble about the firewall or how IT’s BYOD policies won’t let them legally use their iPads on the network or the fact that their laptop’s processer dates back to the Cold War? At my last company, I still remember the shock and awe when IT finally gave its blessing on a company-wide IM protocol. Instead of being excited about having new technology to play with, there was a huge rumor going around that the IT department was giving us IM to be able to spy on our conversations. Ridiculous, but true.

Crazy paranoia aside, think about how IT is perceived by the people who work in production or marketing or human resources. Do those people believe — really believe — that IT is enabling their productivity, or do they grudgingly feel like IT is holding them up when they’re late for a deadline and demanding that all of their liquids be placed in a quart-sized Ziploc bag? Think about how employee suggestions are considered: Is the first instinct to say “No,” or do you embrace IT innovation from everywhere in the company?

“All of the data suggests that midmarket companies will lead the economic recovery, and all of our data shows that those companies that leverage and exploit IT will be at the head of the pack,” said Andy Monshaw, general manager of IBM global small and medium-sized business division.

So forget about IT/business alignment, and worry about IT’s serious image problem. It could have an actual and measurable effect on your company’s bottom line.


June 28, 2011  5:35 PM

Even the Geek Doctor couldn’t save Google Health

Scot Petersen Scot Petersen Profile: Scot Petersen

My first thought when I heard that Google Health is shutting down is, “what’s the Geek Doctor going to do?” My second thought was shock.

Dr. John Halamka, aka the “Geek Doctor,” has been one of Google Health’s biggest boosters since the passage of the Recovery Act and the HITECH Act in 2009. He has touted the use of personal health record (PHR) services as a key piece of the coming digital landscape in health care. He made PHRs a standard part of his frequent presentations on the status of meaningful use requirements, even going as far as showing his own personal Google Health record.

All of which makes it more surprising when Google announced the “retirement” of its health record service as of Jan. 1, 2012. This is from the company where beta projects live forever.

John Moore of Chilmark Research, who predicted the demise of Google Health more than a year ago, posted an interesting recap of its downfall this week, while Microsoft officials are giving kudos to Google for its efforts and using the opportunity to sell Microsoft HealthVault to consumers.

But that is the problem — consumers. Google’s issues were more about the PHR model than their service, which was considered very user-friendly. Doctors and patients haven’t bought into the concept. When you consider issues of privacy and security, ownership of and access to the records, and integration with payer, provider and health information exchange systems, PHRs have come to resemble the quagmire that is the health care industry in general.

PHRs’ time may come, but they might have to wait until the transition to the digital hospital is complete – and that may take decades.


June 27, 2011  4:53 PM

Women in technology and science have an advantage

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

It’s a short week for a lot of people, but with vacations popping up, the work doesn’t go away. That’s why we’re rocking out an executive must-read list so that you don’t have to risk getting sucked down the rabbit hole that is the blogosphere. Here’s a quick executive summary of disaster recovery issues pertaining to zombies, the importance of working one’s network and the dynamics of women in technology and science.

  • What is the easiest way to kill innovation? Adam Hartung outlines several innovation killers, most easily identified by the statement, “We don’t do that around here.”
  • You think your data center is tough to cool? Try to make a tent in the Iraqi desert comfortable. The U.S. military spends more on air conditioning in Iraq and Afghanistan than NASA spends on, well, everything.
  • The town of Leicester, England, has got a bit of a business continuity and disaster recovery blind spot. Local government officials recently admitted that they didn’t have a plan in the event of a zombie apocalypse ,and then 150 zombies invaded their city council offices. Point taken!
  • Adaptive’s founder, Audrey MacLean, says that women in technology and science are more rare because little girls get stymied at an early age. The trick is in getting girls into tech while they’re still young.
  • Author and techno-speaker Scott Berkun asks, “What’s the difference between arrogance and self-confidence?” We’re pretty sure it has to do with the proverbial ability to write checks that your posterior can actually cash without requiring two forms of photo identification.
  • Maybe the women in technology and science just aren’t networking enough to get ahead. LinkedIn ranked many industries by gender and found some counterintuitive results: Guys in the cosmetics industry are better at networking, while women in ranching subscribe to the “good old boys” network.


June 24, 2011  2:05 PM

Vulnerability in Dropbox security leaves user accounts wide open

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

No bones about it: Dropbox security just took a huge dive in user confidence. This past Sunday, Dropbox user accounts — all of them — were open and accessible to the world, no password required. What’s worse — the fact that the Dropbox security team must not have adequately done QA on its patch that left all accounts unsecured, or the fact that they acted like nothing happened for almost a day, until they posted a very unemotional update to their blog?

My favorite part of the Dropbox blog notice: “The glitch was a programming error related to a code update and accounts were only vulnerable from around 1:54 pm PST to 5:46pm PST.” It’s like a subtle pish-posh on your worries for your data. Nothing to see here! Your files and data were only unprotected for four hours. Or, as I like to think about it, it only took Dropbox four hours before it noticed that it broke its own encryption.

Actually, it appears that Dropbox only noticed the error when one of its users, Chris Soghoian, discovered the issue and sent in a support request. The failure to acknowledge the concerns of its users and the fact that as of June 21, Dropbox still hadn’t notified all of their users directly, has made a lot of people upset. I’m not sure I can blame them: We’ve said before that the truest test of a company’s strength is how it reacts to bad situations exactly like this one.

We’ve recommended Dropbox as a nice free business app for your iPad in the past, and we’ve also reported on the FTC complaint that Dropbox security wasn’t up to par and recommended that you go through the extra step of adding a secondary encryption by using Dropbox and TrueCrypt. Undoubtedly, trolls in tinfoil hats will now use this as an opportunity to feed more cloud paranoia, but let’s look at this misadventure with a little perspective: Your own desktop is probably more vulnerable to outside attack than most cloud services, and rarely is a desktop vulnerability noticed in only four hours.

Yes, Dropbox promised it was free awesome encryption and data storage. So do a lot of cloud providers, and we’ve learned from many examples that there is no such thing as “too big to fail“. As CIO Marc Seybold said in this week’s news story, “You can put all the antivirus software in the world on the network, but something will still make its way past those defenses.” As with so many things, Dropbox and all public cloud options (hello, Google, I’m looking at you) have always been caveat emptor.

I’ll still use Dropbox as a convenient service for my own data storage, but just as before, I’m not putting anything on it that I wouldn’t want my grandmother (or a hacker) to see.


June 21, 2011  1:46 PM

Twitter hoax reveals another shift in information landscape

Scot Petersen Scot Petersen Profile: Scot Petersen

If Twitter were a person, it would just be turning 5 next month (they are so cute at that age). But in Internet time, Twitter has already gone through rehab, a foreclosure and a losing custody battle over the kids.

But Twitter is still a good person, right? “There’s nothingĀ  intrinsically immoral about Twitter,” writes Virginia Heffernan of The New York Times. As we have seen with tweeting athletes and celebrities, and especially with disgraced congressman Anthony Weiner, Twitter doesn’t kill careers — people do it to themselves.

The latest from the social media highlight reel is the Twitter hoax that was revealed last week. Erstwhile Tweeting celeb Amina Abdullah, aka the “Gay Girl In Damascus,” who was chronicling the political uprisings in Syria, was in reality an American male and his wife, who are living in Scotland, according to reports.

Social media scandals are no longer surprising, or even that exciting. What is interesting about this particular story was pointed out by my former colleague David Strom in his Strominator blog. He describes how an NPR reporter, Andy Carvin, tracked down the truth and broke the story — using Twitter and other social media tools to do it.

The lesson for all is being smarter about how to use social media tools. We have pointed out the great opportunities and opportunity costs of Twitter for business. But with social media in the hands of our country’s leaders, as Heffernan says, “we need more thoroughly digital minds – even if, like all minds, they periodically turn dirty – in public life.”


June 20, 2011  7:58 PM

Load your iPhone 4 and iPad 2 with powerful database-building apps

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

Now that summer is officially here, you’ve undoubtedly been busy covering for vacationing co-workers or trying to squeeze a few hours of R&R in for yourself. Here’s a quick rundown of the best of the blogs, in easy, bite-sized pieces, including the scoop on iPhone 4 and iPad 2 rumblings, an entertaining look at disaster recovery and tips to appease your inner Inspector Gadget.


June 17, 2011  1:55 PM

If you’re worried about business alignment, you’re doing it wrong

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

Why is IT so concerned with business alignment? That’s the question that Dr. Michael Ali, CIO at Harman, asked during his Forrester IT Forum keynote that left many of the IT professionals in the audience stumped. It seems like a no-brainer, right? IT is a different animal — anyone in IT will tell you that. But many business units will be quick to argue that they too are different — and special: Why aren’t they spending as much time and energy worrying about business alignment as we are?

Ali said he did a Web search and found many IT publications like SearchCIO-Midmarket.com focused on business alignment, but only a single mention of the term business alignment in the publications of other business revenue streams such as human resources and marketing.

“The right question is not ‘How do you ensure IT is aligned with the business?’ It’s ‘How do we generate business value?’ Because that’s what the head of HR is asking. They already assume they’re aligned. This is the question that you should be asking,” said Ali during the keynote.

Ali’s biggest tip is that CIOs should stop thinking like CIOs and think like CEOs instead — focusing on growing revenues and profits while staying legal and being a good corporate citizen. The key to generating business value, he added, is in allying with the right partners and making strategic leaps, such as getting away from owning IT architecture and instead own the architecting of said systems.

This call to action was echoed by Forrester Research Principal Analyst Marc Cecere, who warns that “IT is in danger of being perceived as irrelevant to the business.” With consumers feeling more and more comfortable with making technological decisions, and with younger workers empowered to download their own solutions off the grid, I humbly suggest that we’re seeing the stirrings of a coup that will change the face of business. That transition is going to be measured, not in decades but in fiscal quarters. It’s Moore’s Law; only instead of hardware, it’s a mental leap for your workforce.

The message is clear: Stop worrying about business alignment and worry about the burgeoning IT revolution. Now the choice is yours: Lead, follow or get out of the way.


June 16, 2011  2:13 PM

Public-sector CIOs leading IT transformation

Scot Petersen Scot Petersen Profile: Scot Petersen

I’m not sure about you, but my first impression of government’s use of technology is that they are still working off VAX computers and dumb terminals. But, really, it’s quite the contrary. Here are some leaders of IT transformation working in the public sector:

  • Vivek Kundra, the CIO of the U.S. — the first CIO of the U.S., I might add — is an enthusiastic supporter of cloud computing. Unfortunately, he has just announced that he is leaving his post in August.
  • Ed Bell, the interim CIO serving the House and Senate of the commonwealth of Massachusetts, has interesting ideas about business process automation, as we have written about in the past on SearchCIO.com.

“The CIO’s role is to help drive and nurture innovation and help the organization to understand realities … and find possibilities,” said Jackson. “It all starts with a business process or business engagement model, and you are wrapping technology around that.”


June 13, 2011  5:14 PM

TrueCrypt and Dropbox go together like peanut butter and chocolate

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

We’ve scoured the Web and compiled a crib sheet for the best and most interesting tidbits from around the IT blogosphere last week, including using TrueCrypt and Dropbox for data encryption, the Twitter API and the age-old debate of Google vs. Apple. Here’s what you might have missed:

There was some concern that a recent OAuth update in Twitter’s API would now allow third-party Twitter applications to access your private messages without authorization. Twitter attempted to soothe our worried brows over the possible loss of DM privacy, but we’re still twitchy over the whole thing.

Google vs. Apple: Which techno megagiant is cooler? It’s like asking whether Gandalf could beat Obi-Wan in a fight — does it really matter?

Everyone’s heard of an upside-down mortgage, but what about an upside-down workforce — millennials have difficulty finding jobs because the baby boomers won’t retire.

If you’re like most people, you subscribe to Groupon’s emails but have never actually bought a Groupon. We wonder how many of that 18% of buyers are actually using their Groupons before they expire?

One of our favorite personal IT bloggers, Jason Fitzpatrick, explores readers’ favorite tips and tricks for encrypting data. No surprises there –TrueCrypt and Dropbox are popular conjoined services.

About 1% of Citibank customers’ names, credit card numbers, mailing and email addresses were exposed to hackers last month, but Citibank chose not to reveal the breach to the public until last week, drawing harsh responses from industry experts. On the heels of Epsilon, Sony and Gmail, one has to wonder who is next. Hopefully not TrueCrypt and Dropbox!


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: