I’m about to tell you something you’ve probably heard over and over: addressing a security breach right away is the best way to mitigate the threat.
Why am I telling you this? Because Heartbleed has struck again. This time stealing 4.5 million patients’ personal data including names, birth dates, and social security numbers from Community Health Systems (CHS), a Tennessee health network.
And CHS is not alone. UPS has reported that their customer’s credit and debit data may have been stolen at 51 of its franchises, with malware being uncovered in the registers at those locations.
Despite the great strides in security and improved defenses, there are still gaps in many organizations’ security systems, Associate Site Editor Fran Sales reports.
Constant vigilance is key, especially since it’s clear hackers are persistent and won’t be letting up anytime soon.
In other news, Microsoft’s former CEO Steve Ballmer is stepping down from its board citing his purchase of the LA Clippers as his motive; many Twitter users are unenthused by the companies experiment of injecting tweets into their timelines from users they don’t follow but are deemed “popular or relevant”; Facebook is taking a stand against fake-news by labeling parody news sites such as the Onion and The Daily Currant so there is no confusion — and more in this week’s Searchlight.
I’m going to go out on a limb here and say nobody likes to be unknowingly spied on. So when Edward Snowden broke the news that the National Security Agency was looking at and collecting people’s private information, the public at large was not happy. But data privacy is an issue that poses a particularly sticky challenge for CIOs.
As CTO Niel Nickolaisen asks in his piece on the digital footprint and whether it’s a boon or bane to business, “How do we each manage the two sides of digital tracking? Do we prefer privacy over the clear economic value of customer intimacy?”
It seems some vendors like SpiderOak, a service that allows users to privately store, sync and share their files, are coming down on the side of protecting customer data. The service encrypts stored information, Associate Site Editor Fran Sales reports in this week’s Searchlight column, and even unleashes a “warrant canary” to subtly notify users that the government has come calling for their info.
For CIOs, however, the decision not to mine customer data is not always so easy: As Sales notes, CIOs are often asked to take their customer’s data and turn that into new revenue streams. But Nickolaisen also predicts there will be regulations in the future that may force companies to choose privacy over profit; as such, he encourages CIOs to start experimenting with potential solutions.
In other news: Cisco plans to cut 6,000 jobs, Google released a diversity report that showed, not so surprisingly, that its workforce (particularly its tech sector) is overwhelmingly white and male, and more in this week’s Searchlight.
I’m here at the Gartner Catalyst Conference in sunny San Diego, where people from all walks of business have gathered to discuss pertinent issues in business and technology today. With hundreds of sessions on a wide range of topics, by the end of the day you’re likely to collapse into bed with new facts and strategies swirling in your head — this is certainly the case for me.
But one session in particular stood out to me from the conference’s first day: the story of McGraw Hill Financial — a leader in credit ratings, benchmarks and analytics for the global capital and commodity markets — and its hybrid cloud journey.
Srinivas Sarathy, an enterprise infrastructure architect at McGraw Hill Financial, took the audience through the company’s whole process: why it decided to go to the hybrid cloud, the tradeoffs, the challenges and the lessons learned.
“Delivering applications in an agile fashion is paramount to us being competitive in … our marketplace,” Sarathy said.
McGraw Hill has 17,000 employees spread across 29 different countries, and 40% of its revenue is generated through global markets. “So one of the benefits of cloud computing for us is to reach various locations without having to make a large upfront investment into infrastructure and data center facilities,” Sarathy said, adding that no one cloud is right for McGraw Hill and that’s why it went for a hybrid approach.
Here are more of McGraw Hill’s lessons learned from its hybrid cloud journey:
Consider cost, but still choose a capable provider
When moving to the cloud, cost tends to be at the forefront for business decision makers.
Software can be incredibly expensive, Sarathy said. “And when you’re talking about deploying it across the scale that I mentioned, it’s a multimillion-dollar investment, and you’re not even sure what’s going to happen two years from now — things may change. So it’s unfortunately a part that requires some tradeoffs, some compromises. The question is, what is the least amount of compromise that you can make in this journey?”
For McGraw Hill, having a well-thought-out sourcing strategy saved them a lot of time and money, and that started with choosing the right sourcing provider.
“You have to ensure that your sourcing provider has the capability,” Sarathy warned. “There are a lot of companies that are masquerading as having the capability, but sometimes that’s not necessarily true.”
Determine your outsourced vs. in-house needs for data support
Another challenge McGraw Hill faced once it moved to the cloud was data support. Once you outsource to the cloud, who is going to support it? Should you outsource support or build support skills in-house?
“What we found was the answer is a combination of a couple of things,” Sarathy said. “Certain capabilities such as architecture, code automation… some of those skills are skills that you do want to have in-house. Those are high value skill sets. And then obviously you need the skill and the specialization in terms of regular data support.”
Establish a cross-functional governance team
Companies tackling a hybrid cloud should make sure the CIO, security team, networking team and developer team are all part of the governance process, Sarathy advised.
“We ensure that they are part of these decisions so that these are choices that they are making for the company, as opposed to central IT imposing these decisions on them,” Sarathy said. “That governance process is key, because you want your application team to come along for the journey. Without all business units being part of this, you just don’t have the scale to justify the investments.”
Do your due diligence in choosing your CMP
Put in the necessary time to carefully choose a cloud management platform (CMP), Sarathy said.
“My advice would be to not necessarily think that one CMP will [take care of all your needs],” Sarathy said. “Invest in another CMP, probably a low-cost, open source software such as OpenStack, and experiment with that and accept the fact that the marketplace will change. So let’s not try to make a decision that has a long-term consequence.”
Pay heed to execution, talent and communication
What’s the most important aspect of strategy? Sarathy asked his company’s strategy leader that question. His answer?
“He said, ‘The most important thing about strategy is not the strategy, it is the etcetera.’ I said, ‘What is the etcetera?’ He said, ‘E.T.C.: execution, talent and communication.’ And it was a surprisingly humble answer to what I thought would be a very complex, sophisticated answer,” Sarathy said.
ETC is important because it’s only a matter of time before the executives ask you what you have delivered as a result of this large cloud investment, Sarathy said — how well you accomplished your goals, the resources you used and how you explained your wins (and losses).
Develop horizontal skill sets
When McGraw Hill began using Amazon Web Services, it didn’t have an AWS operations team in place in terms of server, database and regular support teams.
“So we worked … to form a team that was trained to support AWS,” Sarathy said. “That meant that we had to have people with multiple skill sets. Our server admin had to know a little bit about middleware, and the database guy had to know a little bit about storage, because in AWS you need the horizontal skill set more than the vertical skill set.”
And by horizontal skills, Sarathy means there is heightened value in areas such as software development where employees most likely will be asked to learn and acquire multiple skills.
“We are now truly a broker,” Sarathy said. “Our job is to broker services and marry the right solutions to the right business need.”
Could you be using the recent Russian hack to your advantage? If you’re a CIO, the answer is yes, according to Ronald Breaux, head of the privacy and data security Group at Hayes and Boone, an international law firm.
Associate Site Editor Fran Sales talked with Breaux about the massive theft and what it means for CIOs in this week’s Searchlight. Breaux’s advice is to strike while the iron is hot, so to speak, and use the theft as yet another lever to reinforce security compliance and to get the security budget required for today’s cyberthreat environment. Find his recommendations for upgrading your security protocols in Fran’s column.
In other news of note this week: the C-suite shakeup in the wake of Walgreens’ $15 billion merger with Swiss-based Alliance Boots, airline cyber-attacks and Google’s purchase of the smart messaging app Emu — in this week’s Searchlight.
If you’re a CIO who takes offense when someone questions your IT security program, it may be time to get out of your own way for the sake of your company. That’s the provocative view of Kevin Beaver, an information security consultant — floated in this week’s Searchlight news roundup by Associate Site Editor Fran Sales.
“The interesting thing, to me, that rarely comes up in these discussions is how the CIO can actually be part of the security problem. Not many, but quite a few CIOs view security as a threat to their jobs,” said Beaver. “If you point out security risks, then you’re pointing out their shortcomings.”
But, as Sales gently admonishes, this is no time for protecting egos or turning a blind eye to security. Guarding a company’s information assets will require the attention of everyone in the enterprise from the top down, as a new report published by the Department of Homeland Security makes clear.
Released this week, the report reveals that attackers use brute-force cracking to log into remote desktop solutions. Once they gain access, hackers deploy Backoff, a family of malware capable of memory scraping, keylogging, and command-and-control communication and injecting malicious stubs. With malware like Backoff to contend with, companies need a multilayered approach to security — and a lot of human vigilance. The column also includes the report’s tips for improving security.
In other news, Facebook is giving its mobile messaging user the next few days to download its dedicated Messaging app, Singapore has managed to integrate NSA’s mass surveillance and data mining into their society without laws getting in the way (hmmm!), and much more in this week’s Searchlight.
For my ongoing research on the economics of cloud, I interviewed Cynthia Nustad, CIO at Health Management Systems, Inc., on how she vets her cloud providers. For starters, Nustad said she looks at cloud as “more of a business technology strategy versus an IT project.” And, for that reason, she doesn’t negotiate without having the board of directors in the loop and a business partner by her side.
HMS provides cost-containment solutions for government and commercial healthcare programs. The Irving, Texas-based company crunches petabytes of data to let its customers know if the right party was paid for a claim and if the payment was correct. The cloud service providers Nustad generally contracts with must be able to handle heavy compute, to meet her company’s stringent security needs, and to lower costs.
Cloud vendors are treated no differently by her than traditional enterprise vendors. If, for example, she were comparing a Workday cloud solution to a PeopleSoft solution, she “would put them through the same paces. I wouldn’t cut the cloud any slack.”
Nustad says she also leans on her company’s procurement and vendor management team when considering a cloud vendor. “They’re like the important quarterback in these negotiations [with vendors],” she said. “You need a third party from the outside looking at the vendors without any bias.”
Look out for “stickiness”
Nustad says she pays particular attention to how easy it is to switch from one cloud provider to another. Many cloud vendors look for “stickiness”, or ways to keep you there as a customer, “but you don’t want that as a purchaser of those services,” and especially not as a CIO responsible for getting the best tools for the job at hand. “If one vendor really outdoes another in performance, price and quality, you need to be able to switch,” Nustad said.
But it can be tough to get vendors to be transparent about this issue, Nustad said, so going into negotiations with a strategy is important. She, for one, does not sign a contract that doesn’t spell out that her organization — not the cloud vendor — owns the data.
Nustad also pays close attention to the cloud vendor’s roadmap, to make sure it is in sync with her IT application strategy. “Are they moving their applications down a path that you would also build your applications out on?”
As for who she looks to for advice on how to vet cloud costs, outside of her own organization and company?
She relies heavily on the network in “CIO land” to get a sense of cost.
“If I really want to find out what one of my friends in the neighborhood has paid I just pick up the phone and call them,” Nustad said. “And that is one of the best ways to get market intel on cost.”
Let us know what you think about the story; email Kristen Lee, features writer, or find her on Twitter @Kristen_Lee_34.
If you’re doubting fully integrating mobile into your business model, take a good hard look at Uber. As reported in this week’s Searchlight, many finance professors argued Uber wasn’t worth the $17 billion price tag indicated by investors this spring. But their argument, it seems, was based on a false premise. Let’s call it, prehistoric thinking.
Uber is “already way past what the total addressable market was [and is] creating significant new value,” according to consultant Michael Davies, one of the speakers at “The Future of Mobile” event some of us at SearchCIO attended this week.
Put another way, Uber is one of those pesky disruptive innovation companies we’re all familiar with, thanks to Clay Christensen, the Harvard Business School guru. Taxi drivers aren’t the only ones being disrupted by mobile apps; it’s pretty likely many industries will be in danger of being disrupted before this mobile thing is over.
As Sales suggests: “If companies don’t make a concerted effort to incorporate mobile into their business strategies now, they are courting oblivion.”
(What are you waiting for? It seems Yahoo got that memo, announcing this week that it had purchased Flurry, the mobile add and analytics platform that runs on 1.4 million mobile devices.)
Also in this week’s Searchlight, Dropbox is adding new features that it hopes will lure more users, Facebook is testing a “buy” button that lets users purchase products from ads without ever leaving the Facebook site, and so much more.
I love my iPhone. Who doesn’t? It’s a great product, as millions of users would agree, but it’s not exactly the most efficient tool to get my day job done. That’s about to change, IBM and Apple hope, with their announcement this week that the two iconic brands — can we call them Big Blue Apple? — are teaming up.
The official take: IBM will build, from the ground up, enterprise-specific mobile applications for Apple’s iOS to support the management of employees’ mobile app use. Touting IBM’s big data and analytics capabilities and Apple’s “legendary consumer experience,” the partners promise they will “create apps that can transform specific aspects of how businesses and employees work using iPhone and iPad….” And “new levels of efficiency, effectiveness and customer satisfaction” will follow.
“This is a radical step for enterprise and something that only Apple and IBM can deliver,” Tim Cook, Apple’s CEO, said in the press release.
As SearchCIO’s associate editor Fran Sales points out in this week’s Searchlight news roundup, the mutual admiration was glaringly absent 30 years when Steve Jobs equated an IBM-centric victory with a return of the Dark Ages. Of course, today, the partnership not only makes sense, Sales reports, but when you combine IBM’s enterprise cred with Apple’s loyal followers in the enterprise (did I mention that 98% of them work for Fortune 500 companies?) you get a formidable alliance. Not only poor beleaguered BlackBerry should be worried — shares were down 9.4% in the wake of the announcement. The deal also has competitors like Google and Microsoft plotting their next moves.
Speaking of Microsoft, the rumors are official and they are cutting 18,000 employees from their roster of 125,000. This week, big tech is disrupting itself. Read all about it and more, here in Searchlight.
Silicon Valley companies are going back to high school; but not in the way that you’re thinking. They’re stalking the unhallowed halls for summer interns and paying them dearly for their wisdom, as chronicled in this week’s Searchlight news round-up.
The story of a 17-year-old still in braces flown out to Facebook for a one-on-one with Mark Zuckerberg and a place in the social network’s summer intern program makes for good copy. But it will probably also send shudders down the spines of CIOs. Finding talented IT folks is a perennial challenge for CIOs and it seems to get harder every year. When the LinkedIn CEO Jeff Weiner shouts to his 2014 crop of interns that “Talent is our No. 1 operating priority and our most important asset,” it’s clear the hunt for tech talent is ferocious.
At least out in Silicon Valley, somebody’s decided that technology belongs to the young. That tech sophistication is not something they’ve learned in school; it comes with the territory of being under 20 years old. While it’s doubtful your company will find its edge courtesy of a teenager this summer, the hunt for highschoolers does suggest CIOs keep an open mind when recruiting talent. Age matters.
Go to Searchlight for the details – and the rest of the news roundup, including: a fitness app that is proving useful for more than just fitness, troubled electronics firms being turned into farms and more!
I’m embarking on a month-long investigation into the economics of cloud computing and what makes the most financial sense for CIOs of certain companies in certain industries. I’ll be speaking with a wide variety of experts in the field from CIOs to analysts to consultants with the purpose of figuring out what works and what doesn’t. Along the way, I’ll be giving TotalCIO readers periodic updates on what I’m hearing.
For David Linthicum, senior vice president of Cloud Technology Partners (CTP), a Boston software and services provider specializing in cloud migration services, Cloud Economics 101 starts with a homework assignment.
“It really gets down to the planning and understanding of your own requirements. That’s kind of the boring answer I don’t think people want to hear,” Linthicum said.
Boring or not, CIOs, together with their business colleagues, need to identify what CTP has dubbed their “value drivers” for the cloud — that is, where and how the cloud can boost performance based on where the business is and where it needs to go.
Obviously, the value drivers for a big bank, for example, are going to be very different from those of a manufacturing company or a healthcare company and so on, but Linthicum recommends starting the analysis by examining the three areas in every business where there is potential for value to be found in moving to cloud:
- operational costs
- security and compliance issues
Identifying the operational cost savings of migrating to the cloud — “the whole Capex vs. Opex thing,” as Linthicum put it — is probably the most straightforward analysis for most companies. If a company is about to build another $10 million data center and they’re trying to avoid [the cost of ownership], using cloud computing can add to the bottom line,” he said. Or if a company foresees having a big bolus of data that will need processing and realizes it would take 500 more servers to do it, then outsourcing those operations to cloud could pay off immediately, Linthicum said.
In an area such as security and compliance, however, the ROI of moving to the public cloud will be more difficult to calculate. On first glance, many heavily regulated companies will decide the potential risks of the public cloud will outweigh its benefits. “They just want to maintain the systems and control them more closely than outsourcing them to Amazon or Rackspace or Microsoft [would allow].” But even in these cases, Linthicum recommends CIOs not jump to conclusions. “In the majority of cases, I find out that’s typically not the case,” he said.
For companies that absolutely need to control sensitive data, an alternative is to use a private cloud; however, this option may not be very economical in the end, because you still need to buy your own software and hardware, among other things, Linthicum said. (Much more on the economics of private cloud to come in the next update.)
Still, when it comes to security and moving to the public cloud, “there has to be some planning and some architecture,” Linthicum said, starting with a rigorous assessment of what kinds of data will be stored in the cloud and whether it contains sensitive information.
Probably the most overlooked reason for companies to move to the cloud is agility, Linthicum said. Companies have been so enamored by how the cloud can save them money on operational costs, they neglect to think about the revenue it can generate by helping their businesses move into new markets, acquire companies, and change and shift their core processes around new opportunities. “That typically is where cloud pays off,” said Linthicum.
The move to the multi-cloud
One trend Linthicum has noticed is the increasing move to the multi-cloud, or what he describes as “hybrid cloud on steroids.” Interestingly, the strategy has come to the forefront in part because of all the “shadow cloud IT” commissioned by the business and the need to find a unifying architecture for the sundry cloud services. Cloud management platform vendors such as ServiceMesh, VMware, and IBM sell technology that automates the movement of workloads in between the various cloud services a company may be using.
This cloud strategy is also beneficial for smaller companies and startups because they can leverage multi-cloud as an IT strategy in lieu of building their own data center or renting data center space.
For those CIOs who may be loath to embrace something that has emerged from shadow IT, Linthicum urges CIOs not to rush to judgment.
“When guys like me come in and kind of run the map for them, it does make sense for their marketing department to put their almost-100 TB of video files on a public cloud at $1,000 a month versus making [the marketing department] buy massive amounts of EMC servers, physical servers, for the data center [for] multimillions of dollars,” Linthicum said.
Let us know what you think about the story; email Kristen Lee, features writer, or find her on Twitter @Kristen_Lee_34.