CIO Symmetry

August 29, 2011  3:00 PM

What really happened with the RSA breach

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

It’s been a busy week in tech, between the Earth shaking, hurricane preparations and the departure of one of tech’s most recognizable faces, Steve Jobs. Here’s our favorite pieces of tech news from last week, including an update on the RSA breach, how we’re evolving our management styles in the age of Web 2.0, and some happy birthday wishes to Linux.

• Remember the calamity last March with the RSA breach? The Finnish security company figured out how the RSA breach went down, and it’s a lot less tricky than you would imagine.

• In case you hadn’t heard, Steve Jobs retired last week. We hope that he gets the well-deserved, restorative rest that he deserves. And then we hope that he gets a reality TV show, because we’ll miss the Steve Jobisms.

• Could Apple’s iPad and iPhone competitors take Jobs’ retirement as an opportunity to rally?  Sony and Nokia’s stock prices jumped right after the announcement, but time will tell.

• With Web 2.0 and the shrinking globe comes a new paradigm for how we do business — so why are we still managing with the same principles that our parents used in the Mad Men age? Jon Husband suggests that the way we lead must evolve along with technology.

• Linux turned 20 last week! It’s almost old enough to order a beer legally! Man, do we feel old now.

• Did your offices rattle and roll last week? Several earthquakes hit the U.S. on Tuesday. This cool visual representation of the earthquake Tweets really demonstrates that our first instinct after a disaster is to broadcast it to the social media networks.

• This little multiple encryption tool is so tiny that it’s adorable! Even your great aunt could manage this pocket-sized safety measure.

• One of the hackers behind the notorious group Anonymous has been charged by the authorities. The 22-year-old Brit was allegedly involved with WikiLeaks and instigating denial-of-service attacks on a host of Internet companies, including MasterCard, Visa and PayPal.

August 26, 2011  1:32 PM

Lessons learned from Steve Jobs’ effective leadership style

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

You may have heard that Steve Jobs has decided to step down from his successful tenure as Apple’s CEO. Without a doubt, Jobs’ effective leadership style was directly responsible for Apple’s complete turnaround in the marketplace. The man is inspiring: He has a vision and very rarely wavers from it, even when his decisions about innovation seemed counterintuitive and spooked shareholders.

However, as CEO, he was always course-correcting how to get to that vision: He has been unafraid to admit that he doesn’t know all of the answers and invited CEOs of Oracle, Intuit, etc., to consult with him on whether he was pursuing the right innovation strategy for Apple. His example of an effective leadership style really underlines the importance of good networks and rock-solid mentors. Good leaders aren’t afraid to say, “Hey, what do you think of this idea?”

While he’s going out on top, he’s no stranger to setbacks. Remember, Jobs was actually fired by Apple in 1985 and yet bounced back to reinvent Pixar, one of the most beloved entertainment brands in the world, before going back to the mothership.

CIOs tell me they struggle with communicating back to the business. We’ve already looked at how IT alignment is a one-sided affair. Everyone at Apple was aligned with the leader’s vision. CIOs can take a page from Jobs and consider adopting elements of his effective leadership style. Jobs became an evangelist for his vision, and his team was confident enough to take up that torch and run with it. He also excels at not only knowing his customer but also in whipping that customer into a lather of excitement for corporate strategy. Not surprisingly, Apple is often cited as the epitome of brand loyalty, not just with the consumer but also with internal team members. Wouldn’t we all want to have our team members voluntarily tattoo themselves with our corporate logo?

Even with my Apple predilection, I’ll really miss Jobs’ effective leadership style. I’ll miss his enthusiasm and the similarly zany impressions on SNL. But most of all, I’ll miss his constant reminders that innovation is nothing short of “magic.” That’s a good reminder for all of us.

August 23, 2011  3:43 PM

HP takes a turn at re-engineering the corporation

Scot Petersen Scot Petersen Profile: Scot Petersen

Everyone is in the middle of IT business transformation these days.

You could call it re-engineering the corporation, downsizing, rightsizing or just plain old cost-cutting, however. Hewlett-Packard is taking “transformative steps,” said HP president and CEO Leo Apotheker last week in announcing major changes related to its mobile and PC businesses, as well as the acquisition of Autonomy.

When you think about the number of acquisitions HP has gone through in the last decade and the amount of unwinding it’ll need to do now as it is re-engineering the corporation, it boggles the mind. Certainly Apotheker is making the tough decision to get HP out of the WebOS and PC business while it still can (like IBM, when it sold off its PC business), knowing that HP can’t compete with Apple and Google/Motorola. Still, it’s amazing when you consider the potential size of the tabloid market.

But, ironically, the changes reflect the changing IT needs of its customers, which are being directed toward the very types of converged infrastructure and application transformation services that HP is supplying and focusing on for future growth.

It’s a good time for CIOs to look at their own transformation plans, and determine if HP is being a leader or a follower in re-engineering the corporation.

August 22, 2011  8:08 PM

Death to the HP TouchPad tablets! Long live the king!

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

It’s been a busy week in tech, with the demise of WebOS on everyone’s lips and the inevitable budget crunch as we prepare for 2012. Never fear: We’ve scoured the Web so you don’t have to! Here’s a tasting menu of the choicest bits, including the HP TouchPad tablet fire sale, rumors of an Amazon tablet, and what every CIO needs to know.

Last week Google bought Motorola, and this week HP plans to cease WebOS operations and purchase knowledge management system Autonomy. Tim Anderson details why a PC spin-off could backfire.

If you were quick on the draw, you might have been able to score a $99 HP TouchPad tablet during the HP fire sale over the weekend. But if you missed out, there are still some tips for finding a cheap HP TouchPad. Perhaps a great stocking stuffer?

Running an IT department is a bit like running a startup. We love taking inspiration from unlikely sources, like this list of things every startup CEO should know.

Sometimes we are our own worst enemy, and it’s definitely true when it comes to self-delusions that kill productivity. Who hasn’t been guilty of the sunk cost fallacy?

Are you ready for the release of iPhone 5? No, really. Get ready, because analysts are saying the release of iPhone 5 could be even bigger than you thought.

The body isn’t even cold yet, but Amazon might be rushing to fill the void left by the death of the HP TouchPad tablet with an Amazon tablet PC. We’re going to bet that it will come pre-stocked with Kindle software.

August 19, 2011  2:21 PM

Scorned employee exploits network security policy after layoffs

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

Picture this scenario: Employee A leaves the company to take another position. Your network security policy demands that you kill his ids and passwords, right? What about if Employee B leaves the company in a way that isn’t entirely voluntary? You certainly kill his access, tout suite, but do you do anything else?

If you said no, you might want to revisit your network security policy. Case in point: The U.S. subsidiary of Japanese pharma company Shinogi laid off some of its IT staff. One rogue employee fought back and took advantage of a lax exit procedure — he was able to basically shut down the company’s operations for a “number of days,” as well as systematically delete its VMware host systems from a free McDonald’s hot spot in New Jersey. The actions of the ousted employee (who in November will be sentenced to up to 10 years in federal prison) cost the company almost a million dollars of hard cost, not to mention the immeasurable compounding loss of productivity and corporate reputation.

What I’m most curious about is whether the rogue IT worker used his own account or a commonly known group admin account? My guess is that he used the latter, if only to hold onto some level of plausible deniability and because I’d have to believe that Shinogi had the common sense to at least delete the employee’s own accounts.

Most exit procedures deal with the corporate employee’s personal accounts, but if your IT department is like most, you likely have admin accounts with a well-known password shared by numerous users. I could probably still log into my old IT admin account at my previous employer if I wanted to, and I’d bet you $10 that the password is still — are you ready for this? — password. What’s worse, in a previous role supporting users at hundreds of manufacturers around the country, I often was able to show the users how to hack into their own network and locked-down systems, either with the default of password or with a systems password that someone somewhere had noted in our client accounts years ago but was still working.

Are you breaking into a cold sweat right now? You should be.

We’re often fantastic at barring the doors against outside attackers but, historically, large and midmarket companies drop the ball when it comes to protecting themselves from their own workforces. What’s your exit procedure? Is it standard network security policy for admin accounts and entire teams to change their passwords whenever there is a staff change, whether voluntarily or not? What would stop a rogue IT worker from taking vengeance on your company in the event of a job separation? The comments are dying to discuss the problems you’ve faced with exiting employees.

August 16, 2011  6:12 PM

How the Google acquisition of Motorola affects your mobile workforce

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

It’s been a busy week in tech. Google’s acquisition of Motorola has everyone wondering how it will affect their mobile workforce. Here’s a tasting menu of the choicest bits around the Web, including Google’s acquisition of Motorola and how you’ll have to pry the smartphones from the cold dead hands of your mobile workforce.

• While smartphones continue to drive our mobile workforce, we’re becoming so accustomed to the convenience that a recent Pew study on smartphone use found almost a third of users had experienced difficulty living their lives in the past month when they didn’t have their smartphones handy.

• If you’ve been following the social experiment of Jonathan’s card, it’s a sad note that Starbucks has officially put its foot down after blogger Sam Odio transferred $625 of the community pot to his own card.

• The politics of employee salaries are often about a sense of fairness as well as compensation, but if you can’t afford to bump up the salary, an increase in personal autonomy can help keep your rock stars from jumping ship.

• When considering how to inject innovation into your teams, don’t underestimate the importance of fun. Wooga’s CEO feels that playing is a core human desire.

• What does Google’s acquisition of Motorola mean? Great news for an Android mobile workforce, but some wonder if this takeover might not force Microsoft to buy Nokia.

• Does your company use webinars? Bob Darabant uncovers tricks and tips for truly effective webinars, and it’s a lot more about your technique rather than technology.

• Your mobile workforce might be powered by iPhones and Androids but did you know that Wall Street runs on Linux?

August 12, 2011  3:50 PM

IT cost reduction strategies: Can cloud computing help?

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

Ah, yes, these are the heady days of Q3, which means that it’s time to start working on your 2012 budget. Is your IT department feeling like a panhandler these days?

CIOs today are certainly no strangers to tough economic times and working up IT cost reduction strategies, but when the economy doesn’t seem to be getting any better, and as they wait out the possibility of a double-dip recession, CIOs are finding themselves at the end of their technological rope. Delayed buying decisions have left them with geriatric server, storage and networking infrastructure that is no longer nice to replace but necessary to replace. But with every pundit in the universe screaming about cloud computing — and when you’re working with a budget as dry as the Sahara after six years without rain — how do you justify new capital expenses to the business?

If we lift our heads above the noise, confusion and discomfort of economic austerity, IT infrastructure investment can be a good dollar-and-cents move you can easily justify to the business.

Cloud computing is often presented as a sort of panacea when it comes to IT cost reduction strategies and eliminating IT complexities. There are IT cost reduction strategies that involve moving to the cloud that will save on capital expenses and maybe even improve reliability and remote access. For midmarket companies, email infrastructure can be handed off to a cloud/Software as a Service provider. Lots of companies offer Microsoft Exchange, Lotus Notes or more generic Web-based mail and calendaring, and our old pal Google even offers Gmail as a service for businesses. These services often have highly redundant infrastructure to protect your data and offer better access for remote users and branch offices. They come bundled with security and spam filtering as well, further reducing infrastructure needs in the data center.

Life without spam — doesn’t that sound like a dream come true? I read recently that as much as half of any company’s bandwidth is consumed by spam. It’s like the gift that keeps on giving.

But as with most things, moving services to the cloud has its complexities. One argument against shipping off crucial IT services is whether we aren’t also eliminating the need for IT roles in the future. Of course, there are many IT functions that simply cannot be shipped off to the cloud. In-house applications, sensitive data and low-latency applications must stay in the company data center, as should the ownership of the technological advances developed by the company.

Don’t buy into the fear and panic, folks — we live in the most technologically advancing time in world history, and CIOs are at the wheel driving the change.

Even if you wouldn’t know it by looking at your 2012 IT budget.

August 9, 2011  5:13 PM

Is iPhone 5 ready to overpower competitors for business users?

Lmartinek Lisa Martinek Profile: Lmartinek

I was with some friends last week when we landed on the topic of phones. The conversation began when one person said she was planning to buy a new phone within the next couple of weeks, but it wasn’t long before her brother interjected. He began adamantly telling her she should wait for the iPhone 5 and described why waiting a few months would be a better decision than buying a new phone now.

This conversation illustrates what more and more people are realizing — the iPhone is the best way to go. Recent studies show that 35% of consumers plan on buying the iPhone 5. If that isn’t enough to put fear into iPhone competitors, then maybe this will: Only 47% of Android users will buy another Android, with 42% switching to an iPhone; BlackBerry is speculated to lose 67% of users to the iPhone. Meanwhile, Apple has a 94% retention rate.

People are waiting and ready to switch to the iPhone 5, and some iPhone competitors may be showing their fear. Over in the U.K., Vodafone has dropped HTC’s Evo 3D from release. Although no official comment was made, it is widely speculated that they fear facing the iPhone 5. It makes you wonder what other companies are really thinking.

And all of this is occurring without an official release date. You can find plenty of speculations online, though — the most widely accepted being a September or October release date. Regardless, when the next iPhone does release, it will undoubtedly outsell any other brand with consumers. But what about businesses that have yet to dive in? Apple has been making strides to improve the iPhone in the business realm. When a newer model is released, people will be willing to accept the idea that the iPhone is ready for business use. And with the expected features in the iPhone 5, like improved security and the already large collection of business apps, you have to ask: How long before Apple dominates it competitors not only with consumers, but also with businesses?

August 8, 2011  8:16 PM

Law and Order: Hacker Protection Unit

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

Every week, we scour the wealth of information on the blog circuit and give you the finer talking points to help you score erudite points around the Twitter water cooler. Here’s the latest sampling from last week’s blog posts, including the latest from the Black Hat conference, lessons in personality and personal space, and why it might be a good time to give your hacker protection a checkup.

How is your hacker protection? Last week, the Black Hat 2011 conference in Las Vegas drew thousands of security professionals. Meanwhile, the hacker groups LulzSec and Anonymous broke into 70 law enforcement websites. Anonymous also hit Syria’s Ministry of Defense website. What a world, what a world.

Midmarket companies are dealing with significantly more IT risk, making safety measures crucial for the concerned CIO.

Forget about reviewing prospective job candidates’ résumés — ask to see a photo of their workspace instead.

We all know that the best communicators use nonverbal communication, including using body language and personal space to their advantage. Some think it’s part of the reason that women and men have different styles in the boardroom.

For all those CIOs who use Gmail either personally or professionally, your life just got a little better — Gmail now supports a preview pane. Aw, yeah.

Seth Godin looks at the Palm example as a lesson about when a company needs to make the giant leap — or fall flat on its face.

Watch Google Chrome get hacked in real time. Lest you think hacker protection is all about information security, think again. Between the text hacking of Subaru Outback cars, this 10-year-old hacker, and this guy who claims he can hack into insulin pumps and kill people long-distance, just who is going to rock us to sleep tonight?

August 4, 2011  11:17 PM

Intrusion testing means thinking like a hacker

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

Back in the ’90s and early 2000s, I had two acquaintances who called themselves “hackers.” Being a burgeoning geek girl myself, I kind of figured that they were affecting the moniker to be cool. Back then, the image of a hacker was different, more like the Robin Hoods of the Internet age. It was before we really knew how destructive those forces could be regarding the loss of identity information and the carnage inflicted across the globe by nefarious groups bent on destruction or collapsing infrastructures. Think only back to the Sony security breach or the nightmare with Epsilon data loss, and you know that the popular opinion is that hackers seem less like Robin Hood and more like Freddy Krueger.

Flash forward to today: One of those hackers has his own security firm and consults with companies on vulnerability testing and intrusion testing, highlighting their weaknesses and blind spots and helping them do network security audits.

In this capacity, for instance, he foiled a large corporate system by tricking one of the company’s own employees into holding a door open for him. Then he set up shop in an unused conference room, logged into the network and spent two days downloading gigabytes of proprietary and confidential data. No one ever even questioned him about what he was doing there.

When thinking about security and intrusion testing, you have to think like a bad guy. Law enforcement does it all the time, hiring criminal informants and infiltrating crime syndicates by going undercover (at least, this is what my years of watching Dexter and The Wire tell me). Speaking of crime shows, not all hackers are that altruistic. That other guy with whom I was acquainted? He’s currently incarcerated for terrorist-like activities.

Have you engaged in third-party vulnerability testing of your network defenses? What was the outcome? Is intrusion testing worthwhile? How frequently do you perform a network security audit? The comments are eager to hear about how you defend your company against the dark arts.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: