Copy data — when used as a term and not meant as an imperative — is a problem that every organization has, said Phil Goodwin, research director of IDC’s Storage Systems and Software research practice. Copy data is when multiple copies of files and documents and other electronic data are made for disaster recovery, business continuity, test, development, and backup reasons. Though helpful in some cases, it can also become an expensive problem when copy data sits in an organizations’ storage and slows down application performance.
IDC estimates that as much as 60% of the IT organization’s storage hardware budget is spent on housing copy data, Goodwin said. IDC also predicts that by 2018 IT will spend $51.37 billion on copy data.
“It’s a problem that probably every IT organization has, either because they copy data over and over and over out of essentially paranoia or they simply copy it and have extra copies as a result of benign neglect,” Goodwin said, adding that the copy data issue within organizations is often a “hidden issue” with the business side left in the dark by IT.
“If you have to deal with it on a manual basis [copy data] is ridiculously time consuming. It’s just not to [IT’s] advantage to bring it up [to the business] unless they have a way to deal with it,” Goodwin said. So many CIOs and IT organizations don’t.
Within the last five years, however, copy data management solutions have emerged that can help mitigate the pain of copy data, Noel Yuhanna, principal analyst at Forrester Research who serves enterprise architecture professionals, said in an email. Solutions from Actifio and Delphix, for example, are based on using a master copy of the data. Then from the master copy, virtual copies are made and changes to the data are tracked and updated. Another copy data management solution from Catalogic Software creates a catalogue of all the copies of data an organization has and provides them with a dashboard to manage it.
Yuhanna said an alternative copy data management solution is sub-setting where a master copy is made but, instead of creating virtual copies, smaller copies of the master copy are made and only the data that is needed is retrieved.
Managing the copy data problem
So how can IT organizations stay on top of the proliferation of copy data in their organization, save money, and get a leg up with the business?
Yuhanna advises CIOs to first identify how much data is being duplicated and for what purpose. Then, identify how many copies of the same data are being used. If there are multiple copies of certain data, then that would be a good candidate for copy data management or sub-setting solutions, he said.
Addressing and finding a solution to the copy data problem would result in the CIO and IT organization saving money.
A reduction of copy data by 20%, would be a significant savings.
“The CIO can go to senior management contemporaries and say, ‘You know, we did this evaluation and found that we’re going to be able to save… $2 million on hardware savings’. That’s pennies per share for the CEO,” Goodwin said. “So when [CIOs] provide that kind of savings to the organization it really casts IT in a very positive light, that [the CIO and IT are] attending to their organization and delivering value and savings to the company.”
CKE Restaurants, parent company of Hardee’s and Carl’s Jr. fast-food chains, is finding out that if you want to sell people food they didn’t know they wanted, leave it to an algorithm. Recently, the Carpinteria, Calif., company rolled out self-service kiosks at select Hardee’s restaurants. The Dell Optiplex 3030 terminals, which run on Microsoft Windows 8, are decked out with 24-inch screens featuring high-resolution pictures of Hardee’s comestibles.
The self-service kiosks not only allow customers to personalize whatever fast fare they’re ordering down to the pickle and type of condiment but also come with a rules engine that turns out to be a genius at upselling — i.e., the sales technique of suggesting other things to add to a purchase (French fries, a warranty, get the second one at half price).
“With the regular employee, you’re going to try to get 80% to 90% compliance rate in upselling the customer, whereas the computer is going to do it every time,” Tom Lindblom, CKE’s chief technology officer, told me. Do it every time — and do more of it.
“The complexity of the rules can be far greater than what you could do with a person. I can apply all kinds of scenarios to the items you’ve just ordered and decide what else I should offer you — a flowchart of scenarios that would be reasonable to ask a person to follow,” Lindblom said.
A simple example: If you come in at 9 a.m. and order breakfast but omit a beverage, the screen may prompt you to buy a coffee. But if you come in at 9 a.m. and order the quarter-pound Bacon Velveeta® Patty Meltdown, the rules engine is more likely to suggest a soft drink. Customers who buy a shake with that beef patty, however, might be prompted to finish off their meal with a cookie, rather than be nudged to buy a soft drink.
Self-service kiosks bring home the bacon
“What we are finding in general with the kiosks is more customization,” Lindblom said. Some people may just prefer to interact with a kiosk rather than with a human being, or it may be the rules engine really does do a better job at upselling. Bottom line: “The level of customization we’re seeing is appreciably higher than if you walk up to the front and order through the cashier,” he said.
Originally aimed at “hungry Millennials,” the digital interface has proved popular with all demographics. “What we’ve been pleased with is that we have seen customers of all ages embracing them and interacting effectively with them. From ease of use, from a customer perspective and from sales results, we’ve been very happy,” Lindblom said.
The software’s recommendations are based on the customer’s current transaction and do not factor in past transactions. “We don’t track that information,” he said.
To learn more about Lindblom’s mobile strategy for CKE, hop over to SearchCIO and check out “No easy answers for enterprise mobile application development.”
If businesses want a fresh and competitive mobile strategy, they’ll need to break mobile out of the bubble it’s been living in. “We’re in a post-mobile world,” said Kelly Manthey, vice president of strategy and innovation at Solstice Mobile, a mobile consulting firm in Chicago.
Manthey wasn’t trying to be provocative; instead, she wanted to convey to attendees of the Digital Strategy Innovation Summit in New York City that mobile devices and mobile app dev can no longer be considered a novelty in the workplace. It’s time to bring mobile into the fold and integrate it with other processes.
One tip? Rather than lamenting on how mobile technologies are taking the place of physical interactions, start thinking “digical,” Manthey said. In other words, figure out ways digital and physical interactions with customers can play off of each other to provide a better overall experience. That’s what health care startup Doctor on Demand and leading retailers such as Nordstrom and Macy’s are doing.
Last summer, Nordstrom spent $350 million to acquire fashion startup Trunk Club, a Chicago-based personalized shopping service for men that’s using digical to its advantage. After signing up online, customers talk with a personal stylist in person or have a Trunk Club fitting where they discuss personal preferences. After that, the interaction turns digital, with the stylist selecting several articles of clothing, sharing them with the customer for review and then shipping the “trunk” directly to the customer. Trunk Club members pay for what they plan to keep and can return the rest.
Nordstrom’s acquisition is “an extension of their brand to really enhance the physical with an awesome digital experience,” Manthey said, and pushes the 114-year old retailer into the subscription service.
Macy’s goes ‘digical’
A month after Nordstrom acquired Trunk Club, another retailer made headlines for its pursuit of digical. Macy’s announced plans to roll out Shopkick iBeacons, which use Bluetooth Low Energy to interact with smartphones in the vicinity, at all of its stores nationwide.
While the Macy’s mobile app gives customers a chance to browse through merchandise digitally when they’re out of the store, iBeacons can interact with customers when they’re in the store to, say, remind them of items they flagged online, deliver coupons or alert them to sales. “We know that while people are doing search and discovery and using mobile devices and using the Web to do some initial shopping and get some feedback, they’re actually doing most of the purchasing in the store,” Manthey said.
But retailers aren’t alone. Manthey pointed to the medical startup Doctor on Demand as another example of digical. The startup, founded by Dr. Phil (yes, that Dr. Phil) and his son, gives customers a chance to video visit with a medical professional via a smartphone or laptop. “You basically have a Facetime session with a doctor,” Manthey said.
The digital service isn’t cheap ($40 for 15 minutes with a medical professional), and if the problem is more complex than a cold, a skin rash, a sore throat — common ailments that bring patients into the doctor’s office — they can opt for an in-person experience.
Even the Mayo Clinic wants to figure out how to streamline the patient experience by marrying digital and physical interactions together. In partnership with the startup Better, the Mayo Clinic supports a mobile app that acts as a companion for patients, Manthey said. The app hooks into the clinic’s vast database when patients are searching for information about symptoms they’re experiencing and, for a fee, they can also call up trained medical professionals who are available 24/7.
Neither application will replace going to the doctor, Manthey said, but they may make visiting with the doctor less stressful — and maybe even more enjoyable.
Apache Spark, an open source big data processing engine, is trying hard to become the new darling of big data. But is the technology enterprise-ready? The answer to that question is it’s getting there.
Databricks, founded by the inventors of Apache Spark to provide a commercial offering of the technology, made it clear at Spark Summit East in New York City that enterprise-readiness will be a major focus for the company over the next six to 12 months. In fact, the company has already started down the enterprise-readiness road. Last fall, Databricks began providing a limited cloud offering of Spark on Amazon S3.
“Our vision with Databricks Cloud was to solve these problems, provide an integrated environment, security and so forth,” said Patrick Wendell, a Databricks co-founder. But, he added, there’s more to do.
During a summit panel discussion, Martin Van Ryswyk, executive vice president of engineering at DataStax, advised Wendell to think security. “When people want [an] enterprise [version], they want the kind of meat and potatoes features of a platform,” Van Ryswyk said. “The really cool groundbreaking functionality has got to be there, but they want it with a couple of basics: You need security.”
In more ways than one. Not only does the technology, itself, need to be secure, but the product has got to deliver in order to avoid putting its enterprise customers’ jobs in jeopardy. “They’re betting their company on you, and you can’t let them down,” Van Ryswyk said, “It’s got to be up, it’s got to be available, it’s got to be economical.”
Van Ryswyk knows what he’s talking about. He’s been helping make DataStax, a commercial provider of the open source distributed database system Apache Cassandra, enterprise-ready. “Over the last five years, we’ve taken Cassandra from a wild and wooly open source project to something that’s being used at some of the biggest companies in the world,” he Van Ryswyk said. DataStax customers include Netflix, Thomson Reuters, eBay and ING.
One practical tip? Van Ryswyk said they test DataStax Enterprise on 1,000 nodes every day. “Under load, taking loads in and out of a cluster, injecting faults,” he said. “That’s the kind of things enterprises are going to do quickly.” He can back up the claim with his own experience with the technology. Three years ago when he joined DataStax, customers used 30- to 40-node clusters on average. Today, it’s not unheard of for customers to use 1,000-node clusters. “That happens quickly as you become a chosen technology. You’ve got to be ready for it,” he said.
Although the IoT is being defined by the business right now, CIOs will end up running it, Frank Gillett, principal analyst serving CIOs at Forrester Research, wrote in a briefing.
It’s a pattern we’ve seen before with PCs, websites, and smartphones, all started as “do-it-yourself” projects by the business but ultimately falling into the CIO’s realm of responsibility, Gillett writes. He predicts this will happen with the IoT as well and CIOs will ultimately be called to manage the growing complexity of connected devices for their company.
But CIOs should prepare now for the challenges that the IoT will inevitably bring— “especially as the business tries to integrate Internet-of-Things data into core business processes running in enterprise applications,” Gillett wrote.
Five challenges IoT brings to the table
Every company will face the challenges (as well as the opportunities) that come with owning and managing connected assets, Gillett wrote. CIOs who are part of companies that sell physical products will face even more challenges, including helping the business design, build and operate connected products, Gillett added.
Whichever category you fall into, Gillett said CIOs will face these five IoT challenges:
1) New technologies, new protocols, new standards: The IoT will require CIOs to manage and integrate a slew of technologies, networks, protocols and data formats, Gillett wrote, as well as force CIOs and companies to come up with new standards in order to try to organize the chaos.
2) Handling data, analytics, and business logic: Sensor devices are often smart enough to do local data filtering, analysis, and store the business logic on the device to enable quick responses. The issue with this is that the data, analysis, and business logic live outside of the core enterprise applications and processes, Gillett wrote.
3) New security challenges: The IoT will bring with it a mixture of familiar and new security issues, Gillett wrote. CIOs will have to figure out how to make sure devices are tamper-proof, figure out which identity, authentication, and encryption technologies work, and “how to ensure the chain of custody all the way through cloud services and back to enterprise apps,” Gillett wrote.
4) New demands on the network: The surge in connected devices will challenge enterprise network admins with a new type of network node that will have widely varied requirements, Gillett wrote. For example, some devices will continuously stream data (like security cameras) while other devices will need low latency and high quality service for “speedy responses to crucial events” (like manufacturing production systems), he wrote.
5) New quantities of time-series data: Current analytics tools will not be able to handle the new amount of time-series data the IoT will bring, Gillett wrote. “Analyzing voluminous time-series data turns out to be hard to do with existing tools, so a new generation of analytics technology is appearing to accelerate time-series analysis, such as those from TempoIQ or Hitachi High Technologies,” he wrote.
Five steps CIOs can take now to avoid a mess later
Though the challenges the IoT brings seem daunting, Gillett believes that it is early enough in the development of the IoT that CIOs have the opportunity to avoid technology messes if they act and get involved now. This means CIOs will have to work with the app development team, the security team, the enterprise architects, and the product line-of-business teams.
Here are five steps CIOs can take:
1) Train your developers in new software skills: The IoT will require a new app dev mindset among developers, Gillett wrote. Typically, developers write code that takes input from humans, he wrote, not from sensors in connected products or assets. In order to use real-time connectivity and sensor data effectively, developers will have to learn new techniques, technologies and approaches in order to manage everything as well as come up with new ideas for enhancing the customer’s experience, Gillett wrote.
2) Integrate silos: As companies buy and use more connected devices, business leaders will start to wonder why they have to use separate vendors for each connected asset, Gillett wrote. He used the example of integrating the X-ray system, the CAT scanner, the gurney tracking system and the electronic pharmaceutical cabinets together in a hospital with other hospital management systems. Gillett advised CIOs assign an enterprise architecture team with the job of building an inventory of connected assets and their characteristics in order to make this integration of assets happen. The team should also plan for a unified console as well as integration with enterprise applications and analytics.
3) Explore IoT platform services: “Building connectivity into new products is not a do-it-yourself (DIY) task for the faint of heart,” Gillett wrote. He urges CIOs to explore services like Axeda, ThingWorx, and Xively to help enable connectivity and manage the CIO’s and company’s products. These platforms include services like support for M2M protocols, device management support, and support of IoT-specific protocols and analytics.
4) Work with the security team: Gillett advises CIOs to bring in their security teams to help with the mapping and management of connected devices. The security team should review and report on the inventory of connected assets as well as the associated policies and procedures for installing, monitoring, and updating the connected assets, he wrote. Gillett also advised that CIOs make sure they find, and account for, unknown IoT devices that may be part of facilities, fire protection, manufacturing, warehouse systems, etc.
5) Work with the product managers and business strategists: Gillett said that it is important that the CIO or a CIO representative work closely with product managers and the business side when it comes to dealing with the IoT. The CIO’s involvement with the product managers and the business side should be on an ongoing basis so that the CIO can work with them on things like data formats, security, and enterprise data integration.
Let us know what you think about the story; email Kristen Lee, features writer, or find her on Twitter @Kristen_Lee_34.
NEW YORK CITY — Money laundering is a team sport. “The process of cleaning dirty money involves moving funds through an intricate and interconnected series of accounts,” said Katie Levans, marketing director at Tresata, a predictive analytics software vendor.
It’s a team sport that’s paying off — for criminals, at least. Globally, laundered transactions total more than $2 trillion a year, Levans said. And, in the United States alone, billions are spent each year to curtail those activities — investments that have, for the most part, proved rather fruitless. “When it comes to actual seized money from successful AML [anti-money laundering] convictions, that total is less than 0.2% of all global laundered transactions,” Levans said at Spark Summit East, an event named after the open source big data processing engine that came out of the University of California at Berkeley’s AMPLab.
The current anti-money laundering reality has led some financial intuitions to make decisions that meet government regulations but create unintended — even detrimental — consequences, Levans said. Earlier this year, for example, the Merchants Bank of California was pressured by the U.S. government to stop wire transfers to Somalia, a country that’s been known to funnel funds into the hands of what the United States sees as terrorist organizations.
But the all-or-nothing approach created new problems. By cutting off all wire transfers to Somalia, people who depend on funds coming from relatives in the United States were also cut off. “Somalia is one of the poorest countries in the world, relying heavily on remittances for schooling, food, housing and other humanitarian aid,” Levans said. (It should be noted, Merchants Bank is not alone. Wells Fargo and US Bancorp stopped wire transfers to Somalia years ago, and other banks followed suit.)
Merchants Bank made the decision after it determined it was too hard to document who was actually receiving the wire transfer, according to a report by the LA Times. A lack of visibility also happens to be a problem for even the more advanced money laundering schemes, according to Levans. The investigations are highly manual, which also means they’re slow, expensive and sometimes inaccurate; technology products on the market today only analyze at an entity level (an individual or business) or a transaction level, failing to provide visibility into the relationships that create these intricate money laundering networks.
Tresata is attempting to change that. Partnering with Databricks, a company founded by the creators of Apache Spark, Tresata is rolling out a new tool called Teak, an anti-money laundering application that uses Spark for data processing and is delivered in the Databricks Cloud. The goal is to help financial institutions drill into relationships between entities and networks, giving banks a more comprehensive view of how people, businesses and the transactions between them are linked.
According to Tresata CTO Koert Kuipers, Spark was selected because it helps deliver key characteristics needed to detect patterns of fraud at a network level: Spark’s in-memory capability provides speed; it provides search engine capability that processes all data on the graph; and it’s scalable. Most importantly, Kuipers said, it provides “graph traversal,” which helps users quickly explore how entities are connected.
Having the right talent in your organization is crucial to success. When a company is lagging and just can’t seem to pull ahead of the competition in its marketplace, one solution is to acquire a startup that can do what, so far, your company has not been able to do.
“[It] is becoming a requirement for differentiation,” she added.
And while simply buying a startup in order to get the talent you need is certainly effective, it is not the only way to achieve this. In fact, you may have the IT people necessary to drive innovation already within your organization, but “you kind of have to look at your people and they will tell you where they belong,” Barbara Gomolski, managing vice president for CIO and executive leadership research at Gartner said at the Fusion 2015 conference last week.
Some employees within the IT organization are better suited to what she called “mode one” (the startup mode) and generally are the multi-taskers that like to move quickly, Gomolski said. Others are best suited for “mode two” and are the people who are detail oriented and like digging deeply into a problem.
“Your people will almost gravitate naturally based on their work style,” Gomolski said. CIOs should observe their employees and see who has the skill sets, the work ethic, the mindset that fits either “mode one” or “mode two”, she said.
Beware a house divided
While having two modes running within your organization has its clear benefits and is even essential to differentiating yourself and getting ahead, analysts said, it also has the potential to pull your team apart.
One thing to be careful about when it comes to utilizing bimodal IT within an organization, Gomolski said, is having the people within “mode one” labeled as “the cool kids” and the people within “mode two” labeled as “everybody else”.
“What I think you really have to be careful [of] is [the mentality that] mode one is hot and sexy and young and fresh and mode two is where you go to die. We don’t want to create that kind of a karma in the IT organization,” Gomolski said.
In fact, her point of view is that both are needed because it’s the two modes working together that, in the end, create success. “Mode one” may be the startup where innovation happens, but “mode two” is “where we actually scale and make it industrial grade,” she said. “So that is really on us to say, ‘Look, they’re equally important’ because, let’s face it, we cannot do everything in mode one nor would we want to.”
In 2007, Apple introduced its first generation iPhone. Yesterday, it announced the launch of its much-anticipated iWatch. It’s just one example of how consumer technology is marching on at an unprecedented rate. But as CIOs well know, the continual hardware upgrades, not to mention the rapid iteration of software development cycles that are the driving force of the Apples and Googles of the world, can be unsettling — or worse — for the enterprise workplace.
The constant evolution of technology has the potential to make an older generation of employees feel even older and, alas, seem even more irrelevant to a company’s Millennial contingent. The good news? There’s an easy solution to the tech generation gap, according to Tom Koulopoulos, chairman at the Delphi Group, a consultancy in Andover, Mass. It’s called reverse mentoring.
“If you walk away with nothing else, walk away with this actionable item: Create a reverse mentoring program within your organization,” Koulopoulos said to the C-suite executives gathered at Fusion 2015, which is hosted by WTN Media in Madison Wis. Reverse mentoring is exactly what it sounds like. “It’s mentoring turned on its head,” Koulopoulos said. It turns senior executives into mentees who learn about the ins and outs of “youth technologies” from the company’s Millennial hires. Mentees are free to ask questions about the benefits of Instagram or how often they should tweet — or why they should be using Twitter at all.
Reverse mentoring is not a new concept. Jack Welch, the legendary CEO at General Electric, was a big proponent of the practice. According to a video interview, Welch introduced reverse mentoring in 1999 after meeting the CEO of a global consumer finance company who relied on younger hires to help him become better acquainted with ecommerce. “That was one of the best ideas I’d heard in a long time,” Welch said. When he returned home, he championed a similar program at GE. While Welch made reverse mentoring mandatory at GE, other companies like Cisco keep the program completely voluntary, Koulopoulos said.
And traditional mentoring doesn’t have to go away; reverse mentoring simply becomes an extension of it, he said. Despite its potential impact, reverse mentoring is nascent, seen at less than 10% of organizations today, Koulopoulos said.
MADISON, WISC. — When Daniel Adamany left EMC in 2007 to build an IT consultancy, his list of startup priorities didn’t include building company culture. “Now it’s pretty much all I think about,” said Adamany, CEO of Ahead LLC, at Fusion 2015, a gathering of C-level executives hosted by WTN Media.
The shift in the pendulum was triggered by his own experience as the leader of his firm. In 2007, Ahead employees all knew each other. They shared the same vision and mindset, which kept the fledgling company’s business goals top of mind. But as the company grew and matured, the culture that seemed such a natural part of the business deteriorated. “It was ugly for a little while,” Adamany said, so much so that at times, even he dreaded going to work.
Initially, he tried to ignore the problem or accept the new reality, but things got worse. He realized he had to reestablish a company culture that lifted rather than dragged the business down — a leadership challenge that required patience on his part and hard work.
Today, the Ahead culture isn’t something he sets and forgets, Adamany said; it’s an ongoing project, which sometimes benefits from bringing in a hell-raiser or two, or what Adamany referred to as “aliens.”
Don’t beg, borrow or steal culture
Part of the difficulty in moving the pendulum back to a more productive environment was that Adamany was unsure where to start. “It was something I wanted to change, but I didn’t know how to change it,” Adamany said. He tried borrowing cultural strategies from other companies — like Netflix’s nine behaviors and skills — and grafting it onto Ahead, but “it didn’t work because it wasn’t us,” he said. So, rather than stew or ruminate about what caused the culture to disintegrate, he began considering the company’s strengths.
It wasn’t an exercise for the CEO alone. “We surveyed the company,” Adamany said, asking employees to list three characteristics that made Ahead special as a company. Together, he and the team landed on three traits: Ahead’s ability to collaborate, innovate and drive (aka execute).
After the surveys were tabulated and the word clouds constructed, Adamany didn’t let the idea of collaborate, innovate, drive recede into the background. “We had to get people to believe,” he said. He held a kickoff where the characteristics were discussed, and he introduced the company’s CID — collaborate, innovate, drive — awards, a peer-nominated recognition system that comes with a $50 gift card. Award winners are eligible for quarterly CID awards; and quarterly winners are eligible for the annual CID award. The recognition program took a little while for employees to warm to, but, Adamany said, it eventually picked up steam.
CID now plays such a significant role at Ahead that Adamany uses it as a guide during annual reviews or when considering potential hires. And it isn’t for internal use only. Click on the “About Us” tab on the company website, and there it is — collaborate, innovate, drive — below a block of text that reads How Ahead stays Ahead.
“It’s bigger than words,” Adamany said. “It’s a mode of operation. And it’s working.” Last year, Ahead grew 33%, which outpaced company growth for the last four years.
The appropriate use of aliens
But growing — and maintaining — a company culture isn’t all employee surveys and awards programs. Once the input is gathered and the culture is defined, it also has to be enforced. “When people go against the grain of your culture, you’ve got to do something,” Adamany said. “You cannot allow that to persist.”
It won’t be easy, but bad behavior left unchecked could have significant long-term repercussions leaders will want to avoid. That’s if the culture is working. If it isn’t, Adamany suggested introducing an alien to the mix, i.e., a strong personality who challenges the established norms. Sometimes an alien can shake things up by providing such a different view, it causes the bad culture to crack.
Not only can aliens help neutralize bad behavior, Adamany said, they can also be used to stretch the culture in good ways — by injecting fresh, creative thinking into a situation. “For instance, we’ve been building up our cloud practice, and we knew that we needed a different approach,” he said. “So we hired somebody that fit really well into our culture but thought totally differently when it came to approaching the topic.”
In other words, he told the C-level executives in the audience, figure out how to “use aliens appropriately.”
The responsibility of securing the enterprise has been pushed onto the CIO, Linda Ban, the Global C-suite study director at IBM, said at the Fusion 2015 Conference of CEOs and CIOs in Madison, Wisconsin. The trend was one of the findings of IBM’s recent Global C-suite Study, which surveyed over 4,000 people from all C-level positions.
Ban was not the only one at Fusion who addressed this issue of the CIO taking charge of security. Asif Naseem, President and CEO at PDS, an IT services, solutions and technologies provider, also spoke about how security now dominates the CIO’s agenda because of unavoidable emerging technology trends and because cyberattacks are increasingly malicious.
Naseem added that each emerging technology trend brings more and new vulnerabilities and risks that the CIO has to address within his or her own organization.
IoRT (Internet of Right Things)
Of the ever-increasing number of mobile apps and devices being used by employees, for example, “no more than half of these devices entering the network are secure,” he said.
Furthermore, the rise of Internet of Things (IoT) brings new security concerns with it, Naseem said, adding that “99% of the devices that can be connected, aren’t.” Yet.
But the statistic begs the question, Naseem said: “If a device can be connected should it be?”
Having hundreds of millions, even billions, of devices connected to the Internet creates a larger surface for attack, Naseem said.
He urged the audience to instead think of IoT as IoRT, or “Internet of Right Things”, and only connect devices that will bring value from being connected to the Internet.
Avoiding these new trends, emerging digital technologies, and the risks that they bring with them is impossible, said Sean Wessman, senior manager for Ernst & Young (EY) Cyber Security, during his presentation on building new and competitive business models securely. This is especially the case as millennials increasingly enter the workforce.
To prove his point he cited Gartner’s statistic that 30% of millennials would rather have an iPhone than a raise. In addition, Gartner also found that 46% of vehicle drivers aged 18 to 24 would choose Internet access over owning a car.
As C-suite leaders are forced to embrace digital technologies, Wessman said, they have to think about “systems of trust.” That’s really the challenge that’s upon us as the CIOs and the leaders of IT… in our organizations, is how do we establish systems of trust?” he told the Fusion audience. One way is to think about security is in phases, he said.
The three phases of cybersecurity maturity
In a survey of CIOs and IT leaders EY Cyber Security has done for the past 18 years called the Global Information Security survey, the Ernst & Young security practice has found there are three phases of cyber security maturity companies must go through:
Activation is the first phase, Wessman said. “If we’re doing secure software development, activation is defining a policy or standard for… secure application development. That’s the early phases. It establishes the governance in the organization that allows us to do something of this nature.”
Adaptation is the second phase. “How do we adapt our software development lifecycle to apply to the new areas where we may do software development?” Wessman said.
For example, the risks that come with development on a mobile device are different from the risks when developing for a on a web-enabled device or for an internal financial control system and so on, he said.
The challenge then is: “How do we adapt our policies and our standards to apply to these different environments that have clearly different requirements and different threat vectors and different threat outcomes?” Wessman said.
Anticipate is the final phase of cyber security maturity.
“If we have trouble managing thousands of devices today, how are we going to manage millions of devices?” Wessman said. “If we have to anticipate then all of a sudden maybe we can think about things differently.”
Wessman used the example of James Roth, CISO at Aetna, a healthcare benefits company, and how Roth recognized it would be impossible to manage defects in his software development cycle on the backend. So Roth studied the way code was developed in his company and it turned out that “across all platforms, 90% of the code redevelopment was from open source code repositories and libraries because coders don’t want to do the same thing twice,” Wessman said.
Roth’s innovation approach to solving the problem? Rather than focusing on managing defects on the backend, Roth decided to secure the base of code on the front end, namely: “Only allow [their]developers to leverage code that has been through security process so that at the backend [they] have far fewer defects to manage across the lifecycle of these many devices, bringing the cost down.”
Wessman cited this as a prime example of how being forced to anticipate what will come next can help IT leaders to think differently and solve potential problems.
Let us know what you think about the story; email Kristen Lee, features writer, or find her on Twitter @Kristen_Lee_34.