CIO Symmetry

December 2, 2011  3:58 PM

Are you at risk? Huge Java vulnerability now weaponized and exploited

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

It’s every CIO’s worst nightmare — that panicked call when you least expect it, delivering the worst possible news: “The firewall has been breached.” We know that you do everything possible to avoid that gut-dropping moment, so we’re letting you know that today might be the best day possible to force your users to do a Java software update. It seems that Oracle Corp. detected a major Java vulnerability a few months ago and fixed it. But now the folks who live to create chaos and disorder have picked up on the weakness too. According to the National Vulnerability Database (NVD):

“Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.”

 How bad is this? The NVD has scored it 10 out of 10. This isn’t Jabba the Hutt bad or even Darth Vader bad — it’s The Emperor of all Java Vulnerability bad.

 Java is historically a bit of a screen door for corporations in the first place. It doesn’t use the same engine for updating as Windows or Adobe Flash do, and the Java software update tends to get overlooked by IT. Considering that it’s a huge, overreaching software that affects users of Windows, Linux and Mac OS X, it’s the perfect opportunity for malicious programmers to exploit and “weaponize.” Even if you deployed a Java software update in mid-October, you might still be at risk — JRE 7 and 6 Update 27 and earlier are still at risk, according to security expert Brian Krebs.

Krebs managed to sneak into one of the exclusive hacker cybercrime communities and obtained a hacker video demonstrating how the hackers can exploit the Java vulnerability. It’s worth checking out, if only to see exactly how the criminals can easily take control of your users’ machines.

And of course, it would be worth the time to take a peek at your Java software update and make sure that your users aren’t going to accidentally stumble on an infected page or ad while using Mozilla Firefox or Internet Explorer — especially if they are still using Windows XP. There’s no time like the present.

November 30, 2011  3:20 PM

First, ‘bring your own device’; now, a zero email policy

Scot Petersen Scot Petersen Profile: Scot Petersen

The wave of optimism that began with advancements in smartphones and tablets that could enable a new generation of bring-your-own-device employees has been taking some strange zigzags of late.

 The first “zig” is that a major health care provider is taking steps to restrict workers’ Internet access as a result of an out-of-control malware problem.

 The latest “zag” comes from Thierry Breton, CEO at Atos, a French IT services firm. He wants to institute a zero-email policy within the next two years.

 This could be a shock to old-school users, who still live and breathe in their email application eight hours a day. But it could be a boon to up-and-coming Millennial-generation workers, who spend most of their time on devices communicating through social networks.

 In my case, I’m playing in both the old and new schools. I take notes on my iPad, then email them to myself for future reference. That might go against the common sense of Nicolas Moinet, information and communication professor at Poitiers University in France: “We have now reached crazy situations where employees go to a meeting, continue to send emails and then ask colleagues present to send them an email to know what was said during that meeting.”

 There’s a level of the absurd in this, but banning email? Like cutting off employees to the Internet, this latest attempt to get control of things will end up causing more problems. I like the out-of-the-box thinking espoused by Breton, but we need to rein in some workable solutions.

November 28, 2011  7:04 PM

Social media networking tips for finding new CIO positions

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

There’s nothing like the first day back after a major national holiday to make you feel like you’re drowning in task items. Cheer up, we’ve got your back. We’ve combed the Web and picked only the best and most interesting selections, ensuring that you’re up-to-date on last week’s high points. We’ve got social media networking tips, an automated elevator-pitch helper and help for resuscitating languishing CIO positions.

If you’re not sullied by Dropbox’s bad reputation for security breaches, John Jantsch gives you five ways to make Dropbox more useful.

One of the biggest social media networking tips is to protect yourself: Don’t let oversharing give crooks an upper hand.

Everyone needs a solid elevator pitch, whether it’s for a project you’re excited about or for yourself as you look at new CIO positions. Harvard Business School’s Elevator Pitch Builder offers helpful word suggestions while you craft your pitch.

Do you ever feel like everyone in your company hates the IT department? You’re right, they do.

Poor AT&T. Not only does Lance Ulanoff think the AT&T-T-Mobile merger is DOA, but the recent business customer phone-hacking was tied to terrorist funding.

File this under “You get what you pay for”: India is losing a huge chunk of its outsourcing business to offshore Filipino call centers, even though the workers in the Philippines are paid slightly better than their Indian counterparts, driving the overall cost of outsourcing up a smidge.

While the content of CIO positions doesn’t change, the context is a struggle, says John D. Halamka.

Using social media as a networking tool takes some finessing. It’s not as simple as setting up a profile and letting the job offers come to you. Here are some social media networking tips for using LinkedIn to find a better job.

November 22, 2011  8:19 PM

Celebrate a colleague with our CIO awards

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

We all know those amazing IT leaders who make a difference in our companies day in and day out but often go unrecognized by the IT world at large. Not everyone can pull a Steve Jobs or a Bill Gates, after all, but I have witnessed solid and amazing innovation in midmarket companies time and again. That’s why we want to celebrate and award those CIOs and IT leaders who are blazing trails and making exciting things happen within midmarket companies.

Our IT Leadership Awards are open for nominations. We’re looking for not just the brave and the daring technological advancements, but also those individuals who excel at building culture or embracing green IT as part of their inherent strategy. These CIO awards celebrate all manner of IT excellence, whether it’s building a culture where millennials feel comfortable or Gen Xers find places to lead inside and outside the org chart, or by introducing new technologies to the IT department, either through innovations in data center cooling or exciting BYOD policies. Of course, it could be something else that we haven’t even considered, which is why I’m so excited to be a part of these CIO awards. I can’t wait for the CIO award nominations to dazzle us with the creativity and inspirational leadership that I know is out there.

Do you know someone who deserves to be recognized for their outstanding IT leadership with one of our CIO awards? Someone who is always thinking of better ways to optimize and motivate their teams or drive business value through technological contributions? Someone who has figured out a way to really engage the customers of an organization, whether internal or external? Or is that person you? Let us know!

We’re looking forward to sharing with you stories about the outstanding IT leaders on throughout next year. We’ll also award six amazing individuals with American Express gift certificates as well as engraved glass trophies, suitable for bragging rights in the office. As well, recognized IT leaders will receive exclusive invitations to IT industry networking events throughout the country.  We’re also going to award one of those IT leaders with the title of IT Leader of the Year — and oh yeah, they’ll get an iPad2, too.

And because we’re not above bribery, if your nominated IT leader is one of those exceptional elite, we’re also going to give you an American Express gift card. Consider it a CIO awards finder’s fee.

There are no catches. Well, one: You can only nominate one person, so choose carefully. Ready, set, go get ’em!

November 21, 2011  8:50 PM

Will the outsourcing model be the death of CIOs?

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

Each week, we scour the Web to track down interesting news pieces and commentary to help you maximize your surfing potential and information consumption. This week, we’ve got analysis of the Kindle Fire’s marketing strategy, concerns about the IT outsourcing model, and tips for negotiations and job interviews.

Is the outsourcing model going to be the death of IT? Vlad Mazek thinks you might be surprised.

 Despite rigid restrictions, North Korea has just reached 1 million active cell phones. Considering that a North Korean citizen was actually executed last year for calling South Korea, that speaks to some hardcore desire for mobility.

 Looking for your next job? Erica Swallow has tips to take control of your next job interview.

Amazon would like you to believe that the Kindle Fire is a service rather than a product. We’re not so sure we buy the rationale.

 The iPhone was a technological breakthrough. Or was it? New Yorker columnist Peter Thiel doesn’t think so.

 Everyone wants to be the smartest person in the room. Lewis Howes thinks that might be your biggest problem.

 Next time you find yourself hammering out your outsourcing model, follow these three easy lessons on better negotiations.

November 17, 2011  10:12 PM

Can the future of Yahoo withstand the dot-com bubble 2.0?

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

San Francisco’s Yahoo billboard has been a landmark in the city for over a decade. I always get a little thrill when I zoom over the 101 and spot its cheeky little sayings and delightful midcentury stylistic design. Sadly, the Yahoo billboard is coming down this month.

Is the future of Yahoo in jeopardy? Yahoo is one of the last remaining standouts from the dot-com era. The billboard went up during the days when the Nasdaq was ripe with tech stocks, and it has witnessed its fellow tech billboards fall by the wayside along with the companies they represented. Remember using AltaVista? Encarta? How about Remember when Apple was just a boutique brand favored mostly by artists and the truly eclectic? Remember when social media was little more than logging onto a special interest forum and then the truly pointless SixDegrees?

We often speak about the end of the dot-com era while ignoring the fact that we’re smack in the middle of another one. Some pundits are labeling it bubble 2.0. I’m not sure they’re entirely wrong. Startups are climbing, and cloud computing makes for fast and easy tech in just about everyone’s hands. Facebook is worth an astronomical amount. Groupon’s IPO earlier this month was the biggest in the U.S. since Google’s, which is pulling in respectable amounts of cash, thanks to its constant innovation and reinvention (case in point, Google’s digital music store opened this Thursday). Despite a few financial pundits who are shaking their heads at Groupon’s future growth potential, it’s plain that there’s still an appetite for dot-com commerce.

But what does this mean for the future of Yahoo in the Internet landscape? With other tech giants making huge inroads into the cultural lexicon, Yahoo seems to be floundering. It fired Carol A. Bartz two months ago in a messy PR nightmare, advertisers don’t seem to be biting, and the company’s attempts at engaging Web 2.0 dynamics are turning up with a Fail Whale.

What do you think? Is the future of Yahoo at risk? Is the Yahoo billboard’s demise a sign of tough times to come for the Internet giant? The comments are hanging on your every word.

November 15, 2011  5:10 PM

Confronting the malware problem: Is cutting the cord the answer?

Scot Petersen Scot Petersen Profile: Scot Petersen

Throughout 2011, and editors have been writing about creating new efficiencies in IT and empowering a new generation of users through mobility. At the same time, however, the malware problem continues to get worse and as a result, is threatening the freedoms employees now take for granted.

Dr. John Halamka, CIO at Beth Israel Deaconess Medical Center in Boston, issued a wake-up call in a recent blog post: “If attacks are escalating and our existing tools to prevent them do not work, what must we do?” he wrote. “Alas, we must limit inbound and outbound traffic to corporate networks.”

BIDMC will start restricting access on a limited basis to see if that reduces the amount of malware in its network. Halamka goes on to say that the next step could be whitelisting, which will enable users to visit only authorized websites and will block personal email accounts.

It’s surprising that Halamka, who is known as a technophile’s technophile — the “Geek Doctor” — has come to this conclusion; but since he has, there’s no doubt that much more conservative IT managers are thinking the same thing. In many workplaces, the outcry against restrictive use policies will make Occupy Wall Street look like a meeting around the water cooler.

I have to admit that, despite many IT managers’ efforts to enforce policies and to educate users on security and malware prevention, the average IT user still is woefully ignorant of the effects of his or her Internet usage. Is it time to take users to the woodshed and teach them a lesson once and for all? Maybe, but such a policy should be exercised carefully and with role-based restrictions, because the productivity drain could cost a company more than a security breach ever would. It also could create anger, frustration and yes, even depression, among users who have become used to open access.

As Halamka writes, “It’s truly tragic that the Internet has become such a swamp, especially at a time that we want to encourage the purchase of consumer devices such as tablets and smartphones.”

Yes, it is. And maybe this wake-up call will really begin to transform employees into responsible Internet users. All I can say is, it had better.

November 14, 2011  8:36 PM

Tweak your corporate Twitter policy or risk getting p0wned

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

Each week we scour the Web and bring you the freshest scoop from around the blogosphere. This week, we’re serving up tasty helpings of corporate Twitter intellectual property questions, IT leadership paradigms, and whether you should stash away your R&D team members in a secret cave and mine their brains for innovative ideas.

Is the only way to beat internal bureaucracy in innovation by creating a secret R&D division independent of the rest of the company? It’s crazy but it just might work: It’s happening right now at Google’s top-secret creativity tank.

 Looking to tweak your corporate Twitter strategy? Mitch Joel’s confessions of Twitter snobbery might give you some ideas on what not to do.

 Are you sitting down? That’s the problem. According to researchers, the standard office chair might be the most unhealthy thing in your IT department.

 Do you obsess over small imperfections in your IT infrastructure and the day-to-day doldrums? If so, you’re thinking like Amazon’s Jeff Bezos.

 The world’s very first 16-core PC microprocessor was born yesterday. You won’t be surprised that it’s going to be used for cloud computing.

The U.S. Senate voted down the resolution that would have overturned Net neutrality legislation in the U.S.

Battery woes abound for Apple. The iPhone 4S iOS 5.0.1 upgrade was supposed to fix the battery-draining woes of the iPhone 4S — but it didn’t actually help all that much. Meanwhile, the first-generation iPod nano’s overheating battery increases the risk that the device will catch fire. You can get your antique iPod nano replaced but here’s a warning — you’re going to get another antique iPod nano. One would assume the replacement won’t spontaneously combust as well.

Think you own your company’s corporate Twitter account? PhoneDog, a mobile review site, claims a former employee “stole” his corporate Twitter account by changing the password and the identifying features, essentially hijacking more than 17,000 followers in the process.

November 11, 2011  2:20 PM

New social media platforms Tumblr and Pinterest make waves

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

Everyone and their neighbor has heard about Twitter and Facebook, but CIOs should have some new social media platforms on their radar. They’re all part of the social media trend called instablogging. That’s right, those social media magpies are bored writing 140-character tweets and now publish to their networks by clicking a single button.

Tumblr is a combination of Twitter and blogging, but with a visual slant. This social media upstart has seen tremendous growth in its use throughout 2011; according to the Nielsen Media Q3 2011 Social Media report, it’s now the third-most-visited social media website after Facebook and Blogger. Yep, it was even more popular than Twitter and LinkedIn this year, tripling its usage compared to 2010.

Just as Tumblr is a clone of Twitter and Facebook, it has its own cadre of clones as well. Pinterest, for instance, is akin to a visual link aggregator — like Twitter with images. As such, it works best with visually interesting concepts and photographs, but a single “pin” can propagate throughout the Pinterest network like wildfire. While the visual Pinterest is still in private beta, it seems to have found instant success with female users — a highly covetable consumer segment. Expect Pinterest to be a major player in 2012, and make sure you’re watching your company’s brand and reputation play out in this space.

Similar to Pinterest, Instagram takes a user’s smartphone’s internal camera and runs with it, melding user-created photographs with social media platforms. It allows unlimited characters for text, and integrates with most of the major players, like Twitter and Facebook. It would be very easy for an employee to innocently share photos of something humorous (but potentially embarrassing) around the workplace and blast it out to their enormous social network. Are you cringing right now?

These new heirs to the Twitter and Facebook throne should serve as a reminder to revisit your social media policy regularly. Make sure that the wording is inclusive, covering not just a single social media network, but all current and future social media platforms as well.

The important thing to note is that this latest generation of social media offerings allows users to connect and interact with users outside their social networks. Unlike Facebook, your customers don’t have to be “friends” with someone to see what they’re publishing. Facebook’s privacy issues are constantly ruffling feathers, but the new kids on the social media block aren’t concerned with who sees what. These users seem to understand that what they put on the Internet is, you know, on the Internet. This should be a relief — at least when it comes to concerns about proprietary information leaking out. But then again, there’s always that misguided worker in every bunch.

Another important thing to note is the sense of discovery with your company’s online audience. Savvy customers are leaning away from Google searches, with its misleading SEO tricks and system-gaming. Traditional search logic could fall by the wayside as Jane or Joe Consumer rely less on “Googling” and more on what their private curators and tastemakers on the latest crop of social media sites have to say. The CIO who figures out how to harness that tidal shift will be a force of nature.

November 8, 2011  7:58 PM

A new take on building CIO community

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

We’re always trying to consider what’s on the minds of CIOs today. We write tips and news articles about it. We interview CIOs and profile them. But much of that commentary happens in a controlled environment and one-on-one with a writer or editor.

The SearchCIO360 dinner event changed all that. New to TechTarget, this event brought together 15 CIOs from the Boston area and beyond. They met late last month at a local restaurant near our offices in Newton, Mass.

During dinner we had CIOs from large corporations in spirited debate with CIOs from midsize corporations about such subjects as business-technology convergence, cloud computing, IT consumerization and the future of the CIO as a career. One CIO from a midsize business defended his company’s BYOD policy, while the CIO of a large, multinational financial company said, “I love the iPad, but I can’t allow it in my company because I can’t secure it.”

Most importantly, this event was an opportunity for CIOs from companies of different sizes and from diverse industries to meet and share contact information, which they all did.

Look for more SearchCIO360 events next year in your area. These events are for you, the senior IT executive, so if you want to be part of a new and growing senior IT professional community, we encourage you to join in.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: