Go to SearchCIO.com Searchlight

Remember this? Still unimpressed by the iPhone 5?

Leading off this week’s roundup, from our sister site SearchCIO-Midmarket.com, we have a CIO whose gold medal-worthy green tech innovation is truly energizing London’s Olympic Park. Also, read about how speeding to market with software could kill a trading firm, and read about the CIO’s role in IT transformation.

As chronicled on the SearchCIO-Midmarket.com blog, CIO Symmetry, the CIO of the London summer games scored big, lighting up Olympic Park with green tech innovation. And he didn’t even have to put on a Speedo.

Speed is great for sprinters and the like but can be downright dangerous for makers of stock-trading software. Perhaps Wall Street’s third stock-trading fiasco in five months will drive home this point.

Winning by changing the rules doesn’t sound very sportsmanlike. Unless we’re talking victory over network hackers — then by all means we ought to hear out the argument for changing the rules of writing code.

Think social collaboration is a frivolous pursuit? Perhaps this bar graph can convince you otherwise.

Finally, be sure to check out this week’s CIO Matters column, in which SearchCIO.com’s Editorial Director Scot Petersen looks at the role of the CIO in the midst of IT transformation.

• If, upon seeing Google’s new Nexus Q streaming media device, your first reaction was “I wanna crack it open and see what’s inside!” this is the story for you. Geek.
• Problematic moniker aside, we love the idea of Girls Who Code, a collaborative effort among tech companies including IBM, GE and Twitter aimed at opening opportunities for young women in computer science.
• IBM engineers analyze data related to Boston traffic and come up with software solution. Oh please, in the name of all the dashboard saints, get the app for that, Beantown.
• Did everyone change their darn LinkedIn passwords? Good. Now read these pro tips on protecting data .
• Nothing lasts forever – except everything you do online. Here’s the bazillionth “shining” example, courtesy of Forbes contributor Deanna Zandt.
• Did we say nothing lasts forever? We hope this nerd love does.  At  least we know the site will go on, even if their hearts don’t.

As you reflect and relax with family and friends this weekend, we hope you’ll spend a little time with this week’s roundup. We kick it off with bits from the social media realm, including why your CEO is hurting the company if he/she isn’t living a rich social media life; a few reasons why Facebook had a thumbs-down kind of week; and why social media and silos don’t mix. Finally, we hope you’ll take a few moments to help out with important research at The CIO Leadership Institute by taking their survey on social media.

• Funny, he seems so bubbly at the company meeting. Forbes looks into a recent IBM study that claims a CEO’s lack of a social media life may be to the detriment of the company.
• Unless you count the release of its rather Instagram-y camera app, Facebook had a pretty crummy week. Blogger Nigel Cameron offers up three simple reasons no one seems to want to be in a relationship with FB since its IPO.
• It’s called social media for a reason – keeping it siloed is against its nature (oh, and a waste of money).
• What happened in Utah could happen anywhere, a simple little mistake cost millions of dollars, scores of data and a CIO’s job — so what can we learn from the little big breach?
• Still on the fence about bring-your-own-device, or BYOD? Ugh, just do it all ready, says Mashable, rolling its eyes and handing you these five easy steps to BYOD transformation.
• It’s a long weekend, so we know you have the time to take this survey from The CIO Leadership Institute — you can use the hand not holding the hot dog to tap the screen or click the mouse. Thank you!

When it comes to tech innovation, a lot of managers talk the talk, but relatively few give their workers time to walk the walk.

Poorer countries are proving that starting with less can be a springboard to tech innovation. Case in point: How India and some African nations — places with little legacy telephony infrastructure — are revolutionizing mobile banking.

You’re willing to share your favorite movies and pictures of your cat, but will you share your organ donor status on Facebook? Experts in the field of organ donation say this bold step in social media could make a world of difference for those in need.

As with any study, we take this with a grain of salt and consider the source, but it’s still a little unsettling to hear the suggestion that 90% of websites using Secure Sockets Layer encryption aren’t entirely secure.

Can you speak up? I’m wearing long sleeves. When art and technology mingle, the resulting body of work can be a little strange.

“We have a lot to learn there,” said Schmidt, founder and CEO at security consulting firm JAS Global Advisors LLC. “Employees need to be trained to feel like they have a stake in maintaining the security of their organizations. They can’t act like they are protected by what can seem like a gigantic security apparatus.”

Schmidt was talking to me about what security experts saw in 2011 that was new or different, and about the threats most likely to plague CIOs this year. He works with a lot of government agencies and Fortune 100 companies in risk-prone industries like defense and energy. While intentional insider threats are “as old as the hills,” in his view it’s the unintentional security threats — those regular old phishing attacks coupled with human error — that pose the clear and present danger. Attacks like the single email attachment, for example, that was crafted to trick the HR department at RSA — a security firm! — and that in a flash compromised millions of the world’s most trusted identification tokens.

His message to CIOs: Educate, educate, educate employees, and make them part of the security team — or ships will sink.

Of course, there’s a problem there with that team mentality, as anyone knows who is witness to, say, the current state of politics or to the economic pain heaped on many Americans in recent years or — and here we’re going out on a limb — who has embraced social networking heart and soul. For employees threatened by layoffs, what motive is there to pitch in to prevent the ship from sinking if their part of the ship has already sunk? (In fact, companies have seen insider theft rise, said Schmidt, even among longtime, trusted employees. “Desperation is a powerful driver,” he notes.) Then there is the generation reared on free digital file-sharing, free encyclopedias and the habit of sharing — with everybody. How can CIOs drive home the notion that company data is precious when information has been so devalued and a company’s insiders feel like outsiders?

Now, it’s rare for me to hear something at an industry conference that makes me freeze in my seat, hold my breath and hope to hell no one notices I’m taking notes. But that was the case at this conference’s CIO Town Hall on mobility, where the audience was encouraged to talk about issues related to mobile computing.

For talk they did — about the financial costs associated with “bring your own device” versus company-owned mobile devices, for example. About disaster recovery for mobile devices. About the relative merits and shortcomings of the mobile device management vendors out there. (P.S.: Just because your name is Good doesn’t necessarily mean everybody thinks you are.) Whether virtualizing desktops is the answer to making mobility work in the enterprise. Whether it is the CIO’s job to give employees the device they want.

Click on the links and you’ll see that these are issues we’ve tackled on SearchCIO.com this year, as mobile computing is reshaping — at warp speed, it sometimes seems — how IT provisions and supports the technology employees use to do their jobs. But let me tell you, it was edifying to hear first-hand, nuanced accounts from CIOs across many industries about these topics and other problems we haven’t even considered — it was eye-opening, actually. People were not afraid to raise a problem and say they didn’t know how they were going to fix it. When Gartner Inc. says it’s early days for mobile computing, it’s right. The CIOs’ concerns revealed how few standards and best practices currently exist for managing the growing portfolio of consumer devices that are taking over enterprise computing. My promise is to keep tackling these problems one by one, in as much depth as possible.

Now, about the man in the uniform. I was too far away to see a nametag. I wouldn’t give his name anyway, given what came out of his mouth. Let’s go to the tape: The new chief of staff for a branch of the military came in with an iPad and wanted to use it. And so, the security folks for this military service decided to show him how unsecure it was. They hacked his iPad and were able to see a classified document on his desk through its camera. That woke him up, the man in the uniform said. He passed it along as a useful bit of intel for CIOs for when their CEOs demanded iPads.

On another note, I had a birthday yesterday, one of those ones that husbands can’t ignore, so my spouse dutifully stepped up. Guess what I got? Fortunately (or unfortunately for my career as a news reporter), I don’t have any secret documents on my desk.

Of course, sensitive information can be anywhere on the spectrum from embarrassing to potentially harmful — or dangerous, such as inside information from a financial institution, according to Tanya Forsheit, founder of the Information Law Group in Los Angeles. That’s why many states, independent of federal legal requirements, now are requiring companies to put in place such computer security measures as “programs, policies and procedures that are appropriate to the size of the company to mitigate risks,” she said.

Even if a data breach is just embarrassing, “the reputational harm is difficult to quantify, which is yet another reason” to think ahead, Forsheit said.

Some corporations even do their own hacking to test computer security measures, according to Darren Hayes, an expert in the field of computer forensics and security and a professor at Pace University’s Seidenberg School of Computer Science and Information Systems in New York.

“I know of corporations who have brought in the services of hackers, or even employed them full-time,” Hayes said. “But policy within law enforcement does not allow them to work with convicted hackers. It’s a problem, because they can’t bring in all the expertise that they need.”

The U.S. Navy offers scholarships for people with no criminal record who are interested in hacking, according to Hayes, who works closely with the New York Police Department and United Nations, among other organizations, to follow digital clues.

“There are not enough people out there doing this type of work,” Hayes said. “We need a lot more people.”

Hayes has a special sensitivity to security, having begun a 10-year career in the financial services industry in 1990 at Cantor Fitzgerald in the World Trade Center. At Pace, he manages the computer forensics laboratory, conducting research with students and publishing much of it in the Institute of Electrical and Electronics Engineers, or IEEE.

Technology improvements in tracking wanted criminals must be made to capture suspects like WikiLeaks founder Julian Assange, who was able to cover his digital trail before surrendering, according to Hayes.

Not much has been revealed about how the latest U.S. diplomatic cables wound up on the WikiLeaks site, other than to implicate 24-year-old Army Pfc. Bradley Manning, who is rumored to have used music files as a cover to download the cables onto CDs.

“Bradley Manning is not that tech savvy; he probably had help from someone,” Hayes said — which, coincidentally, is a strategy that unfolds in the pages of Red’s Query.

But unlike fiction, WikiLeaks has real consequences, by way of Manning’s imprisonment, before being convicted of the charge against him, in a fashion some are calling torture.

What if someone hacked into your data center and revealed your private emails or strategic data? Or those of an institution that you do business with?

Bank of America and its customers may soon find out, if threats from Assange are true. On the heels of the bank’s decision this week to join MasterCard, Visa and PayPal in refusing to process payments for WikiLeaks, the whistle-blowing organization put a warning up on Twitter:

“Does your business do business with Bank of America? Our advice is to place your funds somewhere safer.”

“I honestly believe [WikiLeaks] is not a technical leak, but malicious intent,” said Prateek Dwivedi, CIO of Mount Sinai Hospital in Toronto, about the WikiLeaks posts. Mount Sinai “does a lot of work” to prevent inadvertent data breaches, he said, “but if somebody wants to get in, they’ll get in. That’s what we have to worry about — how do we keep it from happening? I’m not a diplomat, and our documents don’t have trade secrets, but we do have information on people’s health.”

The hospital already has locked down everything it should, partly because the health care industry mandates it and partly because of Dwivedi’s “healthy paranoia,” he said. “We can make it really hard if it’s inadvertent, but everything comes down to policy,” including requiring people to take oaths not to leak sensitive or valuable information.

Yet corporate security policies and oaths can’t always control human behavior: physicians using a common-area fax machine, for example. For safer transfer of patient information, Mount Sinai is installing a secure link through a website that will replace fax transfers with encrypted PDFs. “The fax machine is not secure,” Dwivedi said. “We don’t even know who the fax is going to! As we implement new technology, we need to buy [more secure] products.”

Insisting upon secure PDFs instead of faxes is one way CIOs can update their corporate security policies.

But paramount is an overarching data management strategy, according to Gartner analyst Drue Reeves: Use document management to make sure you don’t have copies everywhere, and purge nonrelevant material. “Sometimes it’s okay to delete data,” he said. In fact, a lot of companies are forming internal groups to decide just what to chuck.

Other keys to corporate security policies: identity management (make people authenticate again and again), storage management and encryption, Reeves said.

And then, pray.

“Even if you do everything technically, if you have a determined hacker, you cannot stop them,” Reeves said. “Sooner or later, some company somewhere is going to be sued for negligence.”

As more corporate data resides on third-party infrastructures, that negligence could extend to cloud providers. They could be called on more often to adhere to the same security policies the corporations they serve have in place, according to experts.

With help from Reeves and others, I explored cloud liability in a series of articles on SearchCIO.com earlier this year. Perhaps it’s time for another take, as WikiLeaks “is yet another illustration of why organizations need to be focused on and cognizant of security risks,” said Tanya Forsheit, a founding partner of the Information Law Group, based in Los Angeles.

“This round was about diplomatic cables, but it could be the same thing in the corporate context, and we’ve seen suggestions in the media that that’s the next thing,” Forsheit said. “Regardless of whether it’s WikiLeaks or someone else, it’s a data breach.”

But cloud uptime? Now that is an even larger trust issue that CIOs just can’t seem to get past. At least, not the CIOs attending a recent gathering of public cloud services providers sponsored by the trade and investment arm of the British Consulate-General.

The CIOs and cloud services providers came together to hash out what it’s going to take to get enterprises onto the cloud. Security was an issue, of course, with data transparency and knowing who has access to their data among the concerns.

As for performance, one CIO said he would FedEx a terabyte of data to a public cloud provider for fear that the provider’s network couldn’t handle a data transfer of that load. One attendee said performance uncertainties in the cloud could possibly weaken your disaster recovery plan.

The CIOs also didn’t trust that their public cloud providers wouldn’t go out of business. CIOs have a long memory and haven’t forgotten that seemingly well-established hosting providers can go out of business — think Exodus Communications.

In 2000, Exodus was the darling of the hosting industry, with revenue of $818 million, stocks worth $90 a share and 42 colocation facilities — not to mention nearly 5,000 customers, including Microsoft, Yahoo and the New York Stock Exchange. Many of the company’s customers, however, were dot-com startups that failed to pay their hosting bills, pushing Exodus further into debt as it continued to build and acquire more facilities. (Some experts believe that the next wave of winners in outsourcing will be the ones that have large infrastructures that can support the entire services layer, from software to hardware. That would require big investments in infrastructure, like those Exodus made.)

Public cloud providers are not immune — a few bad infrastructure and financial planning decisions could bring the multitenant house of cards down. What happens to customer data then? Just as they asked during the dot-com bomb and downfall of application service providers, CIOs want to know how public cloud providers will deal with porting data and services to another cloud provider, or back in-house.

They don’t want their data to end up as an asset in bankruptcy court.

But this is a nascent industry, and CIOs are willing to wait for public cloud providers to grow up a bit. And as they grow, CIOs would like the providers to keep these other capabilities in mind:

• The ability to work offline, as well as online.
• The ability to manage multiple cloud services and relationships under one umbrella.
• The ability to speed up, not slow down, change management.

CIOs are sending clear messages to public cloud providers. It will be interesting to see how the providers live up to these demands — or maybe private clouds are the way to go?

Let us know what you think about this blog post; email Christina Torode, News Director.