CIO Symmetry

September 5, 2008  3:29 PM

Don’t ignore internal security (and don’t write passwords on Post-it’s)

Kristen Caretta Kristen Caretta Profile: Kristen Caretta

Last year 8% of the IT budget went towards security. This year? 10%.

Khalid Kark, principal analyst at Forrester Research, Inc., presented security statistics at Forrester’s Security Forum 2008. For the past four years, CIOs said security was their top priority and despite the economy, three out of four said they would continue to spend ten percent of their IT budget on security. But how much of the budget is allotted for security against internal threats? Have we forgotten about the situation in San Francisco? Administrators were locked out of the system by one of their own — a top IT guy. And according to Forrester, the majority of security breaches involve internal employees.

Knowing that, I suppose I should have been prepared for the results of Cyber-Ark’s new survey. After polling 300 security professionals, the Cyber-Ark results claimed that 88% of IT administrators would steal valuable and sensitive company information if they were fired tomorrow. This isn’t like Jerry Maguire snagging the company goldfish on the way out – this is valuable company information! I’d like to know what’s going on to protect against that.

The Cyber-Ark survey also showed that “a quarter of the companies polled admitted to suffering from internal sabotage and security fraud in their workplace. One third said they believe industrial espionage and data leakage is occurring within their company.” Cyber-Ark CEO, Udi Mokady did offer some protection advice, suggesting securing privileged passwords, changing them often and managing them. And even though Cyber-Ark sells products that do just that (a teeny bit of a marketing pitch?) the results are difficult to ignore.

It’s not just malicious acts that threaten your companies security – employees who lose their laptop (or have it stolen from an office and then replaced…) also pose a security threat. IT sloppiness is also dangerous. The survey showed a third of the most powerful passwords are still being put on post-it notes. No comment necessary.

So how can you increase your security? Kark says it’s important to embrace change when it comes to security. He also provided three points to live by: have an open mind, educate yourself on new technologies and developments and utilize this education to solve the problems of today. Just because you updated your security system last year, don’t assume you’re as protected as you’d like to be today. As technologies change, so do the threats against them.

On a lighter note, Dr. Gary McGraw, CTO of Cigital, talked to us about software exploitation and EULAs (end user licence agreements). Apparently, the EULA you accept to access Microsoft’s Frontpage, disallows negative comments about Microsoft to be posted. Just a little tid-bit of information for you.

September 5, 2008  1:10 AM

Google’s Chrome: Not your average Web browser?

Kristen Caretta Kristen Caretta Profile: Kristen Caretta

Microsoft’s IE is facing some serious competition. With Mozilla’s Firefox, Apple’s Safari and Opera Software ASA’s Opera and recently Google’s Chrome, it seems Microsoft is falling back a bit. Computerworld reported Microsoft lost almost a full percentage point in the market share during the month of August. Recently launched Chrome, has already picked up one percent of the market in 24 hours.

Chrome has a privacy mode and a combination address-and-search bar. It also runs each tab as a separate process to prevent a single site to crash the browser. But what makes it special? Firefox and Safari have privacy modes (IE 8 Beta 2 also boasts a privacy setting dubbed “porn mode” by bloggers) and the address-and-search bar is nothing new… so what’s the appeal?

Chrome could turn into far more than a Web browser.

Designed to improve upon the way browsers handle JavaScript (used by Google’s spreadsheet and word processing programs), Chrome may turn into a much stronger platform – incorporating word processing, e-mail and photo editing. An all-in-one browser!

But being chock-full of all these added goodies is making Chrome look a little gluttonous. According to Craig Barth, chief technology officer at Devil Mountain Software Inc., Chrome is a pig. A memory hog, to be exact.

Researchers say Chrome uses more memory than IE 8. Pair that with an older PC and you can expect some slow performance. But can you blame a snail for being slow if he’s carrying his house on his back? Chrome is carrying quite a load (segregated-tab capabilities? JavaScript equipped?) so memory consumption is no surprise. But at this point, what’s more important for the user seeking a solid Web browser?

With so many companies using IE, will they be ready and willing to switch to Chrome? Chrome is raw and pure—built from scratch by Google (and not the descendent of an ancient Microsoft design… what was it, again? Mosaic?). But IE is well-known, understood and pretty much everyone knows how to use it. Because so few ready to retrain their staff and test their application compatibility, IE may remain on top of the business browser world.

But who knows? The shiny newbie may win out. After all, Chrome was just launched! Let’s see where they stand after a month – at least.

September 4, 2008  7:16 PM

Weekly Wrap-up

Kristen Caretta Glen Weaver Profile: The Weave

Oh my. Taking a look at our output this week, we can’t help but worry the summer good times are over. Brace yourself, scary news ahead.

Face it, you’re probably going to use your disaster recovery plan some day (if you have one). Attorney Jeffrey Ritter advises us on how to keep out of legal trouble when it happens.

In another “it can/will happen to you” scenario, we looked at exactly how bad your life will get if you’re not prepared for a software license audit.

Sorry to continue with the bad news, but we put out our CIO salary special report and it turns out this isn’t a good year for getting paid.

The good news is that the best band in the world plays Montreal Friday night and we’ll be there. May your weekend be as rocktastic as ours.

September 4, 2008  1:27 PM

Mark Zuckerberg now part of ‘The Establishment'; Ballmer back in club

Kristen Caretta Glen Weaver Profile: The Weave

A smattering of techies have made Vanity Fair’s annual “New Establishment” 100 list, as if this is something we need to catalog.

Never mind that by making the list annual, Vanity Fair never gives itself a chance to define what makes the new establishment, you know, new.

And certainly never mind the – as Gawker points out – calculated controversy of sticking Russian President Vladimir Putin at the top. (Oh, by the way, any bloggers fancy being shot in the head?).

Ok, our tech brethren, with parentheses representing last year’s rank:

3. Sergey Brin (3), Larry Page (3) and Eric Schmidt (new entry), Google
4. Steve Jobs, Apple, Disney and Pixar (2)
6. Jeff Bezos (6), Amazon
16. Steve Ballmer, Microsoft (returning)
25. Mark Zuckerberg, Facebook (new entry)
37. Larry Ellison, Oracle (20)
70. Jonathan Ive, Apple (37)

So those top three make sense, as much as any completely arbitrary list is going to make sense.

But then things get weird. Apparently Ballmer was booted while Bill and Melinda Gates were recognized for philanthropy last year (Bill has been tossed, along with Bill Clinton, this year).

Adding Zuckerberg. Makes sense.

But – and this gets to the crux of why these lists are completely stupid – what is with the massive drop for Ellison and Ive?

That’s a 13-step drop for Ellison, who just last week was named the most highly compensated CEO in America.

Ive was lead designer on iPod and iPhone. So 2007 was big for him, what with the announcement of the iPhone. But wasn’t this the year everybody bought one? And isn’t Jobs scheduled to give his latest iPod toy presentation next week?

My question is: When we are talking about the people who shape our daily lives, can we really measure their influence on a year-to-year basis?

What if Vanity Fair pulled out this list every five years, allowing us to look at the shuffle in rankings at broader intervals and determine what is changing in the character of this country and the people who lead and influence it? The magazine might actually be able to wring some insightful journalism out of its work.

Then again, these are dinosaurs at work here. I’ve just realized as I type that the inclusion of Matt Drudge of The Drudge Report, ranked 74, is supposed to represent the rise of the blogger. Matt Drudge, you may know, had his shining moment when he broke the Monica Lewinsky story.

That was 10 years ago.

September 2, 2008  2:33 PM

Weekly MSM Round-up

Kristen Caretta Glen Weaver Profile: The Weave

Summer isn’t over…technically. But since we’re past Labor Day, maybe people will go back to work and news will pick up? Maybe?

A few things did happen and slipped their way into the big papers these past few days:

Google is the little brat Microsoft babysat. Then Google grew up and started dating all of Microsoft’s girlfriends – search, office apps, etc. This time, the search giant has built a browser.

Fresh off losing the gold medal count, America is put on notice that we’re falling behind on innovation as well.

Reports of data theft are way up. Have you been robbed lately?

Newspapers will never stop writing stories about how the Nintendo Wii is good for you, as if you could replace a fitness program with a freaking video game. Now we have Tiger Woods involved. For profit. Imagine that.

August 29, 2008  1:34 PM

Be kind to your blogger

Kristen Caretta Kristen Caretta Profile: Kristen Caretta

Bloggers are showing up everywhere now. Every event, every topic, everything is being blogged about. BlogWorld reports over 57 million Americans read blogs and 22 of the 100 most popular websites in the world are blogs.That’s a lot of blogging.

Politicians are tapping into the power of the blog by inviting bloggers to their big events – and treating them very well once they’re there. During the Democratic National Convention (DNC), bloggers got respect , great seats (as well as a “bloggers lounge”) and a chance to have their voices heard… or rather, read.

CNN recently reported on the appearance and importance of bloggers at the DNC in Denver, stating, “…there’s a hunger for personalized information tailored to specific audiences.” Obviously the Democrats noticed this too because they issued 120 credentials for bloggers at the event. Especially when it comes to voting for the next president, people want to feel a connection to the cause. And comfortable.Reading a blog post that interests you (if done correctly) kind of makes you feel like you’re catching up with a witty, knowledgeable friend. It’s like a conversation, in some ways.

OK, I know what you’re thinking: blogs are important to relay news and current events, but why should blogs matter to me?

As you probably know, business blogs are popping up everywhere. Companies of all shapes and sizes have started blogging. From Microsoft to Kodak, from large corporations to small businesses — they’ve become an important part of the business landscape.


Well, aside from reaching out to millions of readers around the world, business blogs do a lot of good for the company. You have the opportunity to build customer relationships, test out new ideas and products, promote these new products and share your “guru-like” company knowledge. And, blogs also provide a little bit of healthy competition amongst your employees (Who has the best blog? Who looks the most knowledgeable? You get the picture…)

On top of all that, it seems blogs are here to stay. We were first introduced to blogs in 2005 and in three years they’ve gone from personal to professional. We’ve been able to weave them into practically every facet of our lives (go to Google and search for just about any topic and I can almost guarantee there’s a blog for it). From a business perspective, they’re a way to reach out from within the company without necessarily involving marketing or public relations. And they allow a little bit of your personality to shine through – a valuable aspect as human interaction falls to the wayside in our total techno-world.

It’s a good time to blog. Don’t have your own blog? Try your hand at one and let me know how it goes (may I recommend IT Knowledge Exchange (ITKE)?)

Questions/comments on it? Let me know! I’m always looking for something to blog about…

August 29, 2008  12:53 PM

IE 8 brings Web-surfing privacy and peace of mind (for users, anyway)

Kristen Caretta Kristen Caretta Profile: Kristen Caretta


Internet Explorer 8 (IE8) will have a new privacy setting. The new setting, dubbed “porn mode” by bloggers because it effectively erases all evidence of sites you’ve visited, was officially confirmed earlier in the week by Microsofts’s program manager, Andy Zeigler.

Zeigler sums up the change as one that gives users the choice to disclose private information, as opposed to being forced to through browser settings that save cookies, browsing history and the like. He mentions a few specific cases for needing the added privacy, such as purchasing a gift for a loved one online without ruining the surprise or feeling comfortable enough at a public Internet kiosk to do your personal banking.

Zeigler states in his blog that when developing IE 8, Microsoft took a look at the concerns users had with IE 7. Privacy stood out as a main concern – “the so-called, ‘over-the-shoulder privacy,’ or the ability to control what their spouses, friends, kids and co-workers might see” as well as the “so-called ‘3rd-party’ content on websites, some of which can gather data about how you browse the web.” People just didn’t want others seeing which sites they visited.

When enabled, Microsoft’s “InPrivate Browsing” tool will switch off cookies, browsing and search history and will automatically clear the cache at the end of the browser session. It also eliminates auto-complete and the storing of other form data.

How different is this really from Apple’s Safari browser and Mozilla Firefox’s security features? Microsoft may be just stepping up its game a bit, considering Mozilla now holds 19% market share. But there are some differences worth mentioning. When activated, the “InPrivate” icon is more obvious than similar privacy tabs and icons in Mozilla and Safari and IE 8 brings better support for W3 Web standards.

For those of us who are looking for more privacy, it sounds like a great thing. No longer tracked by cookies! But what about the companies who use these tracking devices to improve ad-targeting? Well, click-throughs may see a drop. And the specifically-tailored ads directed towards you and based on your Web-searching habits will also be diminished — possibly hurting sales. This may not sound too pertinent as of now, but it makes me curious. How will marketers be able to target Web surfers? I can’t help but wonder what they’ll be forced to come out with next. Will it be more invasive than what we’re faced with now?

And what does this mean for you and your employees? If you don’t employ web filtering so employees are free to visit sites all over the web, are you going to be more concerned over what the guy in the corner desk is really looking at when you’re assuming he’s getting his work done?


Will it have an effect on office culture? Even if employees are free to browse the Web, will their YouTube downloads or (or whatever it is they may download!) hog noticeable amounts of bandwidth and get the bandwidth police after them? One more thing to constantly be looking out for?

As if that’s the biggest worry…

August 29, 2008  12:25 PM

Weekly Wrap-up (Labor Day edition)

Kristen Caretta Glen Weaver Profile: The Weave

Dear people in the IT industry:

Please don’t all go on vacation at once, like you did this week. We’ve been trying very hard to reach you for comment on stories. Won’t anybody look out for the journalists?

We still did manage to get some work done and post some stories, of course. A wrap-up:

You all hate your boss, or have hated your boss at one point or another. You hate your boss so much that you’re looking for another job.

Late August, an exciting time for sports. Baseball is coming to the wire. Football, football, football. And this year we had the Olympics, as well. In honor, we took a look at all the sports-themed IT stories we’ve written recently.

The Real Niel laughs in the face of your antiquated cost-benefit analysis. (Side note: Niel would never laugh in anything’s face. He’s a totally nice guy.)

Ok, weekend time. Labor Day weekend time. We’re going to Cape Cod, along with everybody else in Massachusetts. One final blowout before the darkness descends.

August 26, 2008  3:07 PM

Joe Biden: RIAA stooge

Kristen Caretta Glen Weaver Profile: The Weave

Joe Biden, huh? Talk about strike three.

2000: Democratic vice-presidential nominee Joe Lieberman “loses” election. Flash forward to 2008 and this stuffy jerk – who spent part of his career going after Marilyn Manson – is plowing in fried tilapia at Olive Garden with John McCain.

2004: Democratic vice-presidential nominee John Edwards loses election. Flash forward to 2008 and Edwards is admitting to having an affair (possibly a love child too!) while his wife was recovering from the cancer.

2008: Now we get Joe Biden? Please.

Biden’s tech voting record has gotten a bit of attention over the last few days, primarily because it exposes him as a close ally of the Recording Industry Association of America (RIAA) and Motion Picture Association of America (MPAA), two industry groups that spent decades bilking their customers before Napster showed up and set things right. Let’s not forget the Payola scandals. This industry has long been about telling you what to like and selling it to you at an exorbitant price. reported on Sunday that Biden last year proposed a $1 billion program to monitor p2p networks. That’s right: $1 billion of your tax money to ensure nobody steals the new Metallica album.

Biden also “sponsored an RIAA bill” that would “restrict recording and playback of individual songs from satellite and Internet radio stations,” according to Again, that’s all about the RIAA deciding what you listen to – and what you buy – as well as helping maintain a grip on radio advertising.

I know what some of you are thinking: “It’s only $1 billion. The Iraq War alone costs about $2 billion every week.” You’re also thinking: “But file sharing is illegal.” Yes, it is. But I still remember the nearly $20 list price on Dr. Dre’s Chronic 2001. Napster broke soon after, ultimately helping to drive costs to $9.99 an album on iTunes. The RIAA’s thievery, legal as it was, was shameful. That Biden would play along with an industry that profited so disgustingly from its near-monopoly on popular music says a lot about where his priorities lie.

It also says a lot about his grasp of technology issues, especially when you also consider the fact that he once “sounded skeptical” about the need for net neutrality legislation, according to

Biden apparently missed the talking point that the proliferation of the Internet has changed the game for media distribution. He apparently doesn’t understand that it offers a once-in-a-century chance to provide something approaching equality of opportunity in this country. Don’t look for any post-Baby Boomer forward thinking from this guy.

Oh, and don’t even bother stealing the new Metallica album. It will be horrible. This band hasn’t put out a decent album since 1991 and show no signs of understanding why they were worthwhile in the 1980s. Their last four albums were so bad that it might even be possible to mathematically prove that Metallica has been terrible for more than a decade now.

August 25, 2008  7:18 PM

Oracle wins the cash war, but SAP is way more punk

Kristen Caretta Glen Weaver Profile: The Weave

The Oracle vs. SAP war has been a long and vicious one. The ERP giants battle constantly for market share and big-time customers. Meanwhile, their CEOs – Oracle’s Larry Ellison and SAP’s Henning Kagermann (who holds a co-CEO role) – have lived outsized personalities on the tech world stage. For every clash between the companies comes another reminder that they are led by two very different men.

Both men have made the news in the last few days. The Associated Press has declared Ellison the highest-paid CEO in America, with an estimated Fiscal Year 2008 take of $84.6 million.

And a New York Times profile on Kagermann points out that SAP had only a 26.7% profit margin last year, paling when compared to the stunning 35% Oracle pulled off.

It has been a tough year product-wise for SAP, especially in the midmarket, where the company’s Business ByDesign, an on-demand ERP, has failed to take off. And the German company’s acquisition of TomorrowNow turned into a complete disaster.

So Ellison must be kicking back in his absurd, Japanese village-themed mansion feeling pretty good about himself right now.

But wait. This round goes to Kagermann by a long shot. Why? Four good reasons. Continued »

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: