Wednesday was a busy — read: frustrating — day for many organizations using McAfee Inc.’s antivirus software or Google Inc.’s Gmail. Problems with the two popular services raised concerns about the potential downsides of automatic antivirus software updates, and could cause some CIOs to reassess their corporate email security policies.
I learned about these problems through my network. On Wednesday at 2:30 p.m., a friend in New Hampshire returned my email from that morning, apologized for the delay and explained, “Apparently there was an update for McAfee that went out and was thought to be a virus. It caused all of the computers here to shut down. We couldn’t do anything from about 11 a.m. until just now. The IT people who came around to fix it said it was a McAfee issue and that it affected all users globally.”
That turned out to be a pretty accurate explanation, as CNN reported that a buggy McAfee antivirus update “turned the software’s formidable defenses against malicious software inward, prompting it to attack a vital component of Microsoft Windows.” In addition to my friend’s business, the University of Michigan’s medical school and the Lexington, Ky., police were affected, some jails canceled visitations, and Rhode Island hospitals turned away non-trauma patients at emergency rooms and delayed some elective surgeries.
The Wednesday damage wasn’t done, however. That evening, an editor friend of mine tweeted,”#gmail is being hacked. anyone else receiving e-mails from friends with links and weird subject lines?” Sure enough, later on that night, I received a spammy-looking email from a friend’s Gmail address, which I quickly deleted.
(Aren’t I lucky to have such a Web-savvy group of friends to pass this information along quickly?)
The cause hasn’t been determined, but Google is wondering whether hackers are accessing user accounts via a bug in Gmail’s mobile interface. And this comes on the heels of reports that the attackers who breached Google’s system last year gained access to computer code for the software that authenticates users of Gmail, Google Calendar and other online programs.
If this is April Fools’ Day coming three weeks late, it’s not too funny. These are two very different cases, but they both funnel down to the sorts of issues CIOs contend with daily: antivirus software updates and corporate email security. It’s especially disconcerting for enterprises that have moved their email into the cloud with Gmail, where hacks like this one could border on disastrous.
Was your organization affected by either the McAfee antivirus software update problems or the Gmail hack? Is it corporate email security scares like this one that prevent you from pursuing cloud email in the first place?
For my story today on how CIOs are balancing the use of social media at their companies and security concerns (with great difficulty, BTW), I discovered something that all of you probably know. The business is touuuchy about talking about its use of social media, especially when coupled with the word security.
As I mention in the article, a number of CIOs I contacted for the story declined to be interviewed. A couple said their organizations were not into social media, or they were too new to the whole phenomenon to speak knowledgably about useful security tools. Fair enough. More startling was what happened to an IT executive I contacted whose HR and marketing departments are using social media. He used gateway security software from Websense as one line of defense and could talk about why he liked it.
Not so fast.
In the space of a few hours, my five innocuous questions got vetted up and down the executive ranks, from the head of communications to the head of marketing and over to the CIO. The communications department sounded the alarm, arguing that really “very few of our employees have access to social media sites.” That
fiction fact, “coupled with the fact that our own practices and policies are still in the early stages of development,” made the interview request problematic, according to the marketing executive. “I think these would be very difficult questions to navigate.
“And I certainly would avoid Q.5 ….” he said. Moreover he was “not really sure how much information on this topic we want to share externally at this point in time.” Even an industry trade story could get read by “consumer reporters and bloggers,” and thus out to “other media.” An hour later, yet another higher-up sent out the official kibosh: “We do not wish to participate in this interview.”
To be fair, this organization was not the only business to nix the request. (Motorola was not interested, either.) And I understand that CIOs and CISOs may have to avoid publicity when it comes to security measures. But social media? For business purposes? Who knew.
Here, by the way, is the notorious Q5. (OK, it is a little out there.)
5. Even with education programs, there will always be employees who, through maliciousness or laziness, pose a security threat to the business. Whose job is it to police these people? And are CIOs/CISOs and other technically trained people equipped (or should be expected) to deal with the human dimension in security?
The most tangible success measure of business intelligence technology is usage — and mainstream BI just isn’t there, and won’t be for some time, according to Gartner analyst Kurt Schlegel. The pronouncement came during a presentation at the 2010 Gartner Business Intelligence Summit in Las Vegas last week.
He’s predicting that this will change, however, given a boost by nine technologies that he believes will put BI usage on the same mainstream usage trajectory as that of the Internet.
Before 1993, few people used the Web, but technologies such as broadband, Web browsers and search engines changed all that. These technologies gave people ubiquitous access to information. Then Web 2.0 technologies came along, turning Web surfers into content creators, he said.
Schlegel believes emerging business intelligence technologies such as columnar databases, interactive visualization and scenario modeling, among others, will allow users to follow a similar adoption path for BI.
Here’s a rundown of the nine technologies Schlegel predicts will kick-start mainstream BI usage:
In-memory analytics: DakotaCare, a small managed health care network provider in Sioux Falls, S.D., was able to compress 140 million records with hundreds of columns of data on every claim paid since 2001 into a QlikView server. The server was on an x64 dual-core Xeon processor with 12 GB RAM.
“That is not a huge amount of memory,” he said. In-memory analytics are offered by niche players such as QlikTech International AB, as well as big BI vendors such as SAP.
Columnar databases: This lets you store data by columns, rather than rows. A columnar-based approach for data storage is better for data analysis, and, in turn BI, because it’s well-suited for complex queries of large amounts of data. Vertica Systems, Sybase Inc. and ParAccel Inc. are a few vendors in this space.
Cloud services: As BI evolves, companies will start to tap data from outside sources. He predicts that a group of SaaS providers will aggregate and offer data analytic services to fill this need in the cloud.
Interactive visualization tools: Many vendors such as Tableau Software, Tibco Software Inc. (with Spotfire) and Advizor Solutions Inc. display multidimensional data on a 2-D screen. Today, users don’t have to just look at static pie charts, but interact with them by drilling down into individual pie wedges. On top of that, users can interact with a variety of reports or heat maps and geographic maps. “These are tools that require no training — you don’t have to be brainiac number crunchers to use them,” he said.
BI integrated search: The concept: putting a search engine interface on a BI platform and being able to do ad hoc queries seems simple enough. This would really bring BI to the masses, but there aren’t many companies using this technology in production yet. Schlegel likes the idea of using the Internet as an index that spits back query results, but … “I don’t have any warm fuzzies about this technology yet. I just don’t have the [customer] references for this technology.”
Mobile BI applications: “The ubiquity of [mobile devices] makes me believe that this has got to happen.” He thinks there will be a huge explosion of analytic applications to the iPhone. For now, the most users can expect are static reports.
Data mashups: Let’s just say this is coming if Microsoft has anything to say about it. Microsoft PowerPivot for Excel comes out next month and will give users a free tool to download up to 100 million rows of data from different sources. Microsoft aside, users are going to grab hold of the ability to mash up data sources to create their own content. The best bet is to create sandboxes, or isolated areas, in which users can play and not prohibit the use of such tools, he said.
Scenario modeling: Is great for what-if scenarios: What if we moved sales to another region? What if there is an economic recession? Companies have to rely heavily on IT to go in and create alternate scenarios, but with scenario modeling, more business users can create their own what-if scenarios. Toyota is a classic example of why what-if scenario analysis is needed, he said, given its recent product quality issues.
Analytical master data management: IT typically tells the business what dimensions are being measured across a company and how they are being measured. In the future, Schlegel believes, users will be able to create their own data modeling environments and measures, submit those measures to an approval process and not have to rely on IT to make changes. Some tools that are starting to enable this capability include Oracle Hyperion Data Relationship Management and IBM Cognos Business Viewpoint.
This is a lot to take in, when many companies already have several BI tools in place and are looking to consolidate. Many are also grappling with how to get BI in the hands of everyday workers, although several of these technologies seek to address this dilemma.
Email me at email@example.com to let me know what technologies are on your radar.
I’m watching the Boston Marathon with one eye this afternoon, and catching up on the latest tech news with the other:
A keyboard on your hand sounds like sci-fi, but a former Microsoft Research intern has developed a working prototype called Skinput that does just that.
Next up in microblogging: Adding Twitter annotations. Will this change the way you Tweet?
Also check out the most recent stories from SearchCIO.com, dealing with identity management in cloud computing, the newest BI strategy approaches, cloud computing strategy and social media risks and benefits:
Identity management in cloud computing courts enterprise trust — Identity management in the cloud is a hot button: Enterprises are concerned about its security, but are attracted by the cost savings and management efficiencies it presents.
Gartner Business Intelligence Summit: New tech vs. old-school strategy — Gartner Business Intelligence Summit attendees are focused on establishing a BI strategy, recouping investments in existing BI tools and looking into emerging technologies.
Crafting a cloud computing strategy that covers cost and compliance — Our CIO columnist consults his peers about a cloud computing strategy that addresses cost, compliance and security concerns. Does cloud computing fit into his business needs?
Monitoring the benefits of social media, and the risks — Are there benefits to using social media in business? Of course, but it’s up to CIOs to understand the risks and help their company rethink its social media policies.
Although social media technologies aren’t generally a focus for SearchCIO.com, two stories this week highlighted some reasons why CIOs need to establish strong social media policies to monitor their staff’s Facebook, Twitter and other social media usage — or face the consequences.
You’re probably well aware of the benefits of social media in the workplace. They can function as excellent recruiting tools for HR, serve as user-friendly collaboration platforms for staff and boost a company’s customer outreach (McDonald’s, for instance, hired its first social-media chief this week.).
But CIOs must also consider social media’s pitfalls, especially if they haven’t drafted social media policies to guide their staff. According to Senior News Writer, Linda Tucci, IT consulting firm Burton Group Inc. pointed to these risks associated with compromised social media accounts in the workplace:
- Malware, phishing and spoofing
- Impersonation and blackmail from malicious outsiders
- Denial of service, security failures
- Jurisdictional issues over privacy and compliance from social media platform operators
Meanwhile, over on our sister site, News Writer Jessica Scarpati zeroed in on compliance concerns. According to the survey “Usage Trends, End User Attitudes and IT Impact“ from FaceTime Communications Inc., a unified communications security and compliance vendor, when asked if they could reproduce social network communications if required by an attorney, 65% of IT managers said they could not.
And although 77% of enterprises said they archive emails, only a fraction (19%) logs communications via social networks; 13% reported archiving tweets, the survey found.
The story also cites several good examples of social media gone wild in the workplace, as well as the fallout. Perhaps most shocking? Two nurses were fired from a Wisconsin hospital last year following allegations they had taken pictures of a patient’s X-ray — which showed an object lodged in his rectum — with their cell phone cameras. One nurse was accused of posting the photo to her personal Facebook page (she later deleted it).
Now, tell me whether you’ve seen the phrase “lodged in his rectum” in any other IT story you’ve read this week. (Actually, please don’t tell me, as I’m not sure I’d want to know the details.)
Do you have your own social media horror story to share? Or has your company established social media policies to clamp down on security and compliance concerns?
Of all the conversations I had with attendees this week at the Gartner Business Intelligence Summit in Las Vegas, it was actually one with Gartner analyst Debra Logan about CIO careers that surprised me the most. Logan is finding that more enterprises are hiring CIOs with legal expertise. Some are even hiring lawyers as their CIOs.
One big oil company that she advises hired a lawyer as its CIO because it views information as a risk, and in turn wanted someone who understood the risks involved in data management.
Apparently the role of the CIO, particularly those in heavily regulated industries, truly is becoming one of an information manager, as opposed to a keeper of technology, she said. As such, enterprises want a CIO who understands the legal ramifications of information dissemination and one who can establish policies and controls that will help avoid lawsuits.
There are several factors driving some enterprise to hire legal experts as CIOs, and, granted, this is coming from Logan’s view as an e-discovery expert. But for one, regulatory agencies are much more active now in changing and enforcing the rules of e-discovery.
“This is really causing legal people to ask ‘Just what is in that 27 terabytes of information? What’s going to come back to haunt us?’” she said, adding that a recent conversation with a lawyer informed her of a new set of changes coming down the pike from the Federal Rules of Civic Procedure on e-discovery.
As a result, enterprises want to start producing data far before a subpoena or a case is brought against them — the number of lawsuits has risen during the recession, because, unfortunately, it’s a way to make money, she said.
She’s not saying that the future CIO role is all about legalities. It’s more that CIOs should view themselves as information guardians, and managing information entails the ability to manage risk.
Although, it doesn’t hurt if you do take a legal course or two. Gartner, after all, recently sent one of its analysts to a course called Legal IT at the John Marshall Law School.
Read more on what attendees at the Gartner BI Summit had to say about their BI direction and technologies on their radar. BI coverage in coming weeks will touch on developing a BI strategy, emerging BI technologies and how Gartner rates the capabilities of the big BI vendors: IBM, Oracle, SAP and Microsoft.
Twitter exploded over the weekend with reports that the microblogging platform had acquired Atebits, the maker of the Tweetie app for the iPhone and Mac, leading other Twitter app developers to freak out over the implications. Meanwhile, word on the streets is that Google is looking to build an iPad clone – another clash of the titans that will continue to entertain long after the film leaves theaters.
At SearchCIO.com, we’re welcoming a new features writer, Laura Smith, into the fold, and we’re so lucky to have her! Check out her pieces on cloud computing interoperability and security, as well as Senior News Writer Linda Tucci’s piece on the CIO role in an M&A:
Cloud interoperability standards aim for vendor independence — Standards groups are developing cloud interoperability, portability and security standards in an attempt to ease the switch from one cloud provider to another.
Cloud security best practices foster rapid deployments — CIOs are developing their own cloud security best practices, such as auditing, risk assessment and contractual obligations, while the cloud industry plays catch-up.
Role of CIO in mergers and acquisitions in focus as M&A activity rises — With mergers and acquisitions expected to rise in 2010, the role of the CIO is increasingly important. In M&A activity, what separates successful from unsuccessful CIOs?
As an iPhone 3G owner, I was very excited to hear about the Apple iPhone’s newest operating system, the iPhone OS 4 software upgrade, planned for deployment this summer. Actually, I’ve never felt that my iPhone was lacking because I couldn’t run simultaneous applications, but I must admit I’ve been impressed by friends’ smartphones that provide sports scores, let users write e-mails and cook a five-course brunch — all at once.
My anticipation quickly dissipated when I learned that many iPhone OS 4 features — including, most notably, multitasking — wouldn’t filter down to the 3G (nor to the original iPhone and iPod Touch versions that preceded it). Yes, I might still have access to application folders (so I won’t need five full screens of apps) and the upgraded e-mail functions, but no multitasking for me. I immediately started to consider whether the software update would make it worth my while to trade up to a snazzy new iPhone this summer, 3GS or otherwise. TBD. Let’s see if my tax refund materializes.
It dawned on me that this is what enterprise CIOs must debate when it comes to computer hardware upgrades, and I expect the issue to be particularly pertinent in 2010. A recent Morgan Stanley survey of 150 CIOs found that technology budgets will be up 3.2% in 2010, a 1.5% increase from January, when the same survey was done. Computer hardware upgrades lead the spending spike, with a planned 4.1% increase, followed by a 3.7% increase in software spending.
I suspect a lot of this jump represents delayed demand. Many enterprises held off on computer hardware upgrades last year, when the recession was in its deepest doldrums, as they hunkered down and did more with less. Why buy new desktops when the old ones would do?
But while hunkering down and holding the line might have worked in 2009, it likely won’t fly in 2010, when companies are under increasing pressure to not only survive, but to show increasing revenues as well. So, what happens if a new software or delivery model is the key to building your revenue, but you don’t have the hardware to support it?
I’m guessing a simple tax refund won’t be enough to buy all those new desktops or laptops in your organization. What’s your strategy for computer hardware upgrades in 2010?
I’m a bit late with this post this week, but you can still catch up SearchCIO.com’s latest news on cloud computing, IT transformation, the evolving CIO role and IT business continuity and disaster recovery:
CIOs answer Vivek Kundra’s cloud computing services call to arms — Public-sector CIOs are adopting cloud computing services as a means to deliver better services, cut costs and even share resources with other agencies.
Innovation in IT helps CIOs transform IT and the business — Innovation in IT hinges not on big budgets and large staffs, but on enterprising CIOs who can transform IT processes through creativity and strategic planning.
The inside dope on what CEOs are looking for in the CIO role — Whether you have a plum CIO job or are out looking, knowing what CEOs want in a CIO is critical to your career. Headhunters dish on the good, the bad and lost causes in CIO job hunts.
IT business continuity, disaster recovery strategy guide for CIOs — IT business continuity planning and disaster recovery strategies remain big on enterprise CIO agendas this year. In this guide, learn about BC planning and DR technology solutions.
I spoke with Gartner analyst Dave Aron for my story today about the CIO role in a merger and acquisition. The topic seemed timely: A variety of reports suggest that corporate M&A activity is heating up, with the cash-rich players eager to buy the talent and products they need to compete effectively as the economy rebounds.
Aron is in the midst of updating a two-year-old study on the CIO’s role in a merger and acquistion, in particular, what distinguishes the successful from the unsuccessful CIOs in these high-stress situations. Of course, every deal is different, but Aron has discovered that many successful IT integrations follow predictable patterns. Here is the Gartner breakdown:
- 1. Hypothesis-driven planning phase: CIOs who play a meaningful role in M&As tend to form an early hypothesis about how the integration of the companies should go. Why? People are hungering for certainty in these situations. A CIO who can size up the acquisition and put forth a vision of what kind of integration would work best is a valuable resource.
- 2. Welcoming and signaling phase: This happens just after the deal is done “to wake everybody up to the new reality.” It might be that everybody gets their integrated phone numbers or badges or email accounts, Aron said. In this phase, IT moves quickly to let the acquired and the acquirers know that a new day has dawned.
- 3. Identifying early benefits from M&A: Just as it implies, this is when the IT department goes after the quick wins — be it presenting a single face to the customer, finding the cost savings in sourcing contracts or rationalizing regulatory compliance controls.
- 4. Main integration: One of the persistent myths of M&As is that IT integration has to be done quickly. Not necessarily so. It may be that it makes more financial sense to leave systems be (for a while). Rick Roy, CIO of CUNA Mutual, backed this advice up: “The first question if you are buying is always, are you going to integrate? Maybe not. In our world, we will eventually, but I will not touch infrastructure until well down the path of earn-out on the deal.”
- 5. Longer-term benefits: There are continuing benefits CIOs can help their companies wring from the deal, and it is the IT department’s job to find them.
An interesting coda: Positive uncertainty
The mantra that an M&A integration has to be done quickly may be outdated, but according to Gartner, that other mantra — make the tough decisions early — still holds true. Gartner found a lot of evidence that any kind of uncertainty, even “positive uncertainty ” (a situation where nothing bad is happening and there is a promise of good news) can really destabilize IT people.
I need to run that observation by an IT shrink.