CIO Symmetry

September 26, 2016  9:23 AM

Cybersecurity advice to live and work by

Jason Sparapani Jason Sparapani Profile: Jason Sparapani
Cybercrime, cybersecurity, hacks

The news that internet company Yahoo had information stolen on a half billion accounts in 2014 is further proof of this simple truth: Hacks are widespread and increasingly spectacular.

To counter the escalating and ominous threat of costly data breaches, companies need strong defenses in place, said former CISO and independent consultant Candy Alexander. She picked the brains of four cybersecurity experts at a panel discussion in Boston this month.

The talk, sponsored by Women in Technology International, focused on steps companies need to take to protect against hackers. The panelists left the small audience with these nuggets of cybersecurity advice:

Look at people, process and technology. Patty Patria, CIO at Becker College, in Worcester, Mass., stressed this trio of focus areas. Employees need to be trained on cybersecurity practices, processes need to be in place to determine what the most sensitive data is and a variety of tools need to assessed and acquired. And someone needs to orchestrate it all.

Patty Patria

Patty Patria (left), CIO at Becker College, speaks on a recent cybersecurity panel in Boston. Fellow panelist Janet Levesque, CISO at RSA, looks on.

“If you don’t have somebody on your staff who has the expertise in understanding how to do those assessments and look at people, process and technology, go hire somebody to do that.”

Make cybersecurity everyone’s business. Janet Levesque, CISO at security company RSA, said organizations need to help their employees understand that cybercriminals pose a threat not only to the company but also to them and to their families, too. As part of an awareness campaign this year, RSA plans to ask all its employees to talk to one family member about safely navigating the internet, Levesque said.

“If they understand security awareness at that level, then they translate those personal actions into their professional behavior.”

Gary Miliefsky, Janet Levesque

SnoopWall CEO Gary Miliefsky (left) speaks at a discussion on cybersecurity best practices in Boston while Janet Levesque, CISO at RSA, listens.

Assume you’ve been hacked. That’s because you might have, said Gary Miliefsky. The CEO at SnoopWall, which sells data breach technology, said many companies don’t find out that their computer systems have been infiltrated for months. The cure, he said, is looking beyond prescribed technology like antivirus software and shop for tools that go after those who want in. One example is a honeypot, a decoy system that tricks hackers into thinking they’ve found the real thing.

“Antivirus can’t solve all your problems because it’s reactive technology,” Miliefsky said.

Michelle Drolet

Michelle Drolet, CEO at Towerwall, gave cybersecurity advice at a recent discussion in Boston. On the left is SnoopWall CEO Gary Miliefsky.

Be strategic. Michelle Drolet, CEO at data security company Towerwall, said companies need “an overarching security policy” that covers components such as user awareness and responsibilities, vulnerability management — which identifies and addresses flaws in hardware or software — and cybersecurity tools.

“Building a solid information security program strategically for your organization is like building a house,” Drolet said. “You need that foundation.”

To get more cybersecurity advice, read the SearchCIO report on Women in Technology International’s recent panel discussion.

September 23, 2016  5:44 PM

Privacy concerns come rolling in with Google’s new AI-powered messaging app

Mekhala Roy Mekhala Roy Profile: Mekhala Roy

This week, Google rolled out its new messaging app Allo, which is drawing a lot of attention because of its use of artificial intelligence. In Searchlight, Associate Site Editor Brian Holak talks to analysts to find out the security and privacy issues associated with this chat alternative. Also in Searchlight: Yahoo confirms 2014 data breach had affected half a billion users.

Should Robotic process automation (RPA) be on the CIO’s radar? Senior Executive Editor Linda Tucci talks to IT veteran Allan Surtees to find out how he implemented RPA to speed up ‘swivel chair’ work that was previously being done by the staff at Gazprom Energy. Tucci also talks to analysts to get their take on RPA — the technology that can function as a catalyst for digital transformation, according to analyst Cathy Tornbohm.

Want to know how blockchain works? We’ve got you covered. In this infographic, Content Development Strategist Emily McLaughlin delineates how the technology, which is the foundation for the bitcoin digital currency, works; how to implement blockchain; it’s societal impact; what experts have to say and also provides a quick overview of terms associated with blockchain.

Data breaches are increasingly becoming more sophisticated and more common and the average cost of such a breach has increased by 29% from 2013, according to a 2016 Ponemon Institute study. Features Writer Jason Sparapani writes about a panel discussion on the steps that organizations should take to protect their data from such attacks. The event was sponsored by the Boston chapter of Women in Technology International.

In this SearchCIO handbook, we look into the role that the CIOs can play when it comes to enterprise mobile development application and the strategies and skills required to build such applications.

Over on our SearchCompliance site, I outline the main points from a report by the Institute for Critical Infrastructure Technology that highlights how such records are sold on the deep Web by the hackers and the impact medical identity theft has on victims.

In this roundup of recent GRC news, read about why Wells Fargo was fined $185 million; Compuware survey finds U.S. businesses with European clients are not ready for the European Union General Data Protection Regulation; hacker group called ‘Fancy Bear’ hacked into Olympians’ medical records and former secretary of state Colin Powell is the latest target of political hacking.

September 16, 2016  5:25 PM

Where are self-driving cars headed?

Mekhala Roy Mekhala Roy Profile: Mekhala Roy

This week, Uber rolled out self-driving vehicles in Pittsburgh. In Searchlight, Senior Executive Editor Linda Tucci talks with industry experts to find out what implications it will have on the auto industry and the trends that CIOs should watch out for. Also in Searchlight: the Galaxy Note 7 recall, changes at HP, hybrid cloud rules.

Contributor Mary K. Pratt writes about how Craig Patterson helped Lucas Metropolitan Housing Authority (LMHA) to achieve its mission of serving its community effectively, by convincing them to move to the cloud.  Patterson is the acting CIO at LMHA and also the president and CEO of his Texas-based management consulting firm Patterson & Associates.

On our TotalCIO blog, Features Writer Jason Sparapani writes about how the Sept. 7 Apple event got him thinking about the future of mobile devices in businesses. “When Apple introduced the iPhone 7 last week, with no headphone jack, and its wireless earbuds, it was sketching out a future in which devices connect – to other devices, to the internet, to people — without cords,” he writes.

This week on our SearchCompliance blog, I highlight the main points from a panel discussion on Preparing your Employees to be the Compliance Front Line at the recent Thomson Reuters Compliance and Risk Forum in Boston. During the session, panelists spoke about how organizations can prevent employees from engaging in ethical misconducts by providing them with training about the company culture from day one and how it is important to show employees that the company values proper ethics.

Please follow @SearchCIO, @SearchCIOSMB and @ITCompliance to get updates on new stories throughout the week.

September 9, 2016  4:57 PM

iPhone 7 is coming. CIOs, are you paying attention?

Brian Holak Brian Holak Profile: Brian Holak

Why should CIOs care about the new iPhone 7? Because employees and users care. In this week’s Searchlight, Features Writer Jason Sparapani details the key announcements from Apple’s recent event and explains the new iPhone’s significance for the enterprise and CIOs. Also in Searchlight: Hewlett Packard Enterprise has offloaded its non-core software assets onto British software company Micro Focus and Google has plans to acquire Apigee in order to improve APIs.

Smart cities are on the horizon. How are we going to get there? Reach out to everyone, according to experts at Perkins Solutions. Sparapani explains in this TotalCIO blog post.

Over on SearchCompliance, contributor Jeffrey Ritter details the value of well-designed compliance records management — specifically how it can generate new business revenue for businesses by feeding big data analytics engines valuable data. Plus, on the IT Compliance Advisor blog, Editorial Assistant Christian Stafford rounds up this week’s top GRC-related news, starting with Apple’s EU tax troubles.

Please follow @SearchCIO, @SearchCIOSMB and @ITCompliance for our new stories throughout the week.

September 2, 2016  5:24 PM

Time to bid adieu to traditional authentication methods

Mekhala Roy Mekhala Roy Profile: Mekhala Roy

This week, the news of the four-year-old Dropbox hack resurfaced. We now know that over 68 million users’ data were compromised. “What’s interesting about this hack is that it highlights how long stolen credentials can lie dormant on the dark web and then rear their ugly heads far into the future, often still valid,” Stephen Cox, chief security architect at SecureAuth, told associate site editor Brian Holak. In Searchlight, Holak talks with security experts to find out how multifactor authentication can help thwart such security breaches.

The Perkins School for the Blind in Watertown, Mass. is launching a mobile app designed to help the blind and visually impaired with locating bus stops. Features writer Jason Sparapani talks to officials at Perkins Solutions and one of the app developers at Raizlabs to find out how the app can help improve GPS accuracy. Also, read about how the mobile bus stop app came into being.

“The economics of process robotics promises to shake up the outsourcing sector, creating a new dialog among vendors, business executives and CIOs,” writes senior site editor John Moore.  In this feature, Moore talks to industry experts to find out how robotic process automation can affect the outsourcing sector.

SearchCIO contributor Stan Gibson writes about the growing popularity of augmented reality technology and the benefits of AR applications, which are set to become an essential part of the IT leaders’ mobile strategy.

The September issue of our CIO Decisions e-zine is out! Sparapani delves into the Google Apps for Work vs. Microsoft Office 365 debate; editorial director Sue Troy talks to Carl Lehmann to understand the hype surrounding the blockchain market; CEB’s Andrew Horne discusses the role that CIOs can play in their organization’s digital transformation and Moore writes about Arby’s use of the internet of things platform.

How can companies achieve success in a platform enterprise and what role does a CIO play? Holak interviewed Sam Palmisano, former CEO at IBM and current chairman at The Center for Global Enterprise, to find the answer. In another video interview, Palmisano discusses why traditional businesses need to shift to the platform business model and the challenges they will face during the transition process.

Sangeet Paul Choudary, founder of Platformation Labs, spoke with SearchCIO staff at the recent MIT Platform Strategy Summit about the main goal of a platform business model and highlighted the three main elements needed to achieve this goal.

On Total CIO, SearchCIO senior news writer Nicole Laskowski writes about the fate of the chief digital officer position.

This week on our SearchCompliance site, information governance expert Jeffrey Ritter discusses how connecting compliance and information governance programs can help generate new revenue for businesses.

Please follow @SearchCIO, @SearchCIOSMB and @ITCompliance to get updates on new stories throughout the week.

August 29, 2016  10:52 AM

What does the WhatsApp privacy policy update signify?

Mekhala Roy Mekhala Roy Profile: Mekhala Roy

Last week, the news of WhatsApp updating its privacy policy hit the stands. In Searchlight, executive editor Linda Tucci spoke with industry experts to find out how businesses can use mobile messaging platforms to communicate with customers to drive the customer-brand relationship and why the growing popularity of mobile messaging services should interest CIOs.

As more organizations embrace agile practices, a lack of agile project status reports is becoming the norm. In this tip, Joseph Flahiff, president and CEO of Whitewater Projects, delves into the factors that contribute to this trend and suggests ways to reverse it.

In this tip, Bob Egan, founder and CEO at The Sepharim Group, discusses the reasons behind the rise in mobile security issues and explains how the Johari Window technique can be applied to tackling these concerns.

In TechTarget’s annual IT priorities survey, 41% of respondents said they planned to increase their cloud spending in 2016. To help IT leaders and executives look closer at the state of cloud, we put together this infographic that showcases information on businesses’ cloud use collected from surveys conducted by Gartner, Clutch and Softchoice.

What is a platform enterprise? Associate site editor Brian Holak interviewed Sam Palmisano, former CEO at IBM and current chairman at The Center for Global Enterprise, to find the answer.

SearchCIO staff spoke with Sangeet Paul Choudary, founder of Platformation Labs, at the recent MIT Platform Strategy Summit in Cambridge, Mass. to discuss the platform business model. In these videos, learn the differences between a platform business model and the traditional pipe model; who needs to be involved when launching a platform business model; the key challenges that IT leaders in traditional businesses will have to face when setting up a platform model and why C-suite collaboration is key to digital business success.

In part one of this four-part webcast series on mobile cloud, analyst Kurt Marko identifies the business advantages of using mobile apps, and in part two he talks about why the cloud can alleviate some mobile app development challenges. In part three Marko lists the top MBaaS vendors and how organizations can benefit from their services, and in the final part of the webcast he provides recommendations to CIOs about implementing mobile cloud architecture.

Senior news writer Nicole Laskowski writes that if CIOs want to be technically forward, “they should start talking artificial intelligence, machine learning and software-defined security.” On TotalCIO, Laskowski highlights how these emerging technologies were featured in Gartner’s latest Hype Cycle report.

This week on our SearchCompliance website, Daniel Allen, president of N2 Cyber Security Consultants and N2 Connected Vehicle Technology, discusses a two-pronged approach to dealing with ransomware, a malware that is becoming increasingly common.

In this GRC news roundup, read about how U.S. voting machines could become a target for hackers in November, Mega Financial Holdings being fined $180 million for violating compliance regulations and how a data leak released by a group called “Shadow Brokers” unveiled a possible NSA hack.

Please follow @SearchCIO, @SearchCIOSMB and @ITCompliance to get updates on new stories throughout the week.

August 12, 2016  4:06 PM

Delta outage sparks disaster recovery concerns

Mekhala Roy Mekhala Roy Profile: Mekhala Roy

This week, the news of Delta Air Lines’ computer outage soared high, while Delta flights remained grounded. Over 2000 flights were cancelled and delays still continue. In Searchlight, associate site editor Brian Holak talks with industry experts to find out what IT executives can learn from the outage and why organizations need to step up their disaster recovery plans.

For CIOs, innovation often takes a back seat to “keeping the lights on” IT functions. We recently asked IT leaders, “What have you done in the past 12 months to reduce time spent on ‘keeping-the-lights-on’ IT functions?” Check out our photo story to find out what they have to say about implementing innovation strategies and the steps they have taken to spur innovation within their organizations.

Niel Nickolaisen, the chief technology officer at O.C. Tanner Co. and frequent contributor at our SearchCIO website, shares his thoughts on who should be in charge of a company’s mobile application development. He also discusses how his organization has benefited from its enterprise mobile application development process.

This week on our SearchCompliance website, information governance expert Jeffery Ritter shares his take on the business benefits of big data mining and understanding data provenance. In part one of this four-part webcast, Ritter explains how businesses can use well governed information to generate new revenue. In part two of the webcast, Ritter highlights six steps to support this mission. In part three of the webcast, he talks about how organizations can benefit from increasing data transparency and details his “velocity principle”. Stay tuned for the final part of the webcast.

Is your organization investing enough time and money in its GRC program? Did you know such investments can help boost an organization’s risk management strategies? SearchCIO contributor Mary K. Pratt explores how Airlines Reporting CISO Rich Licato improved the company’s IT GRC program. Pratt also talked with industry experts to find out the benefits of such investments.

The EU-U.S. Privacy Shield is here. Is your company considering self-certifying under the new framework? In part one of this two-part Q&A with BakerHostetler privacy lawyer Melinda McLellan, find out what factors your organization should be considering before joining the transatlantic data transfer framework. Stay tuned for part two of the Q&A.

Please follow @SearchCIO, @SearchCIOSMB and @ITCompliance to get updates on new stories throughout the week.

August 5, 2016  5:52 PM

Intel CIO hire puts spotlight on IT gender gap

Brian Holak Brian Holak Profile: Brian Holak

This week, Intel’s executive IT ranks saw a shift from one woman CIO to another. But that doesn’t mean the gender gap has closed — far from it, in fact. In this week’s Searchlight, Executive Editor Linda Tucci discusses the appointment of Paula Tolliver as Intel’s CIO and what it says about gender politics in the tech industry.

Do you want unlimited vacation time? Your best bet is a startup, but the flextime perk may be coming to a big company near you soon. In this article, SearchCIO Contributor Mary K. Pratt explores how some companies are turning to unlimited vacation time to attract and hold onto talent. Will it work?

Companies’ regulatory management isn’t just an IT concern; it has also become a business concern. For that reason, it’s no longer in the best interest of the company for tech teams to operate independently, according to SearchCompliance Expert Kevin McDonald. Here, he explains why IT and compliance process alignment is increasingly becoming a business priority — and what that means for IT teams.

Are you familiar with SLO and SLA? The two terms are often confused, but in this expert tip you’ll learn the key differences.

Please follow @SearchCIO, @SearchCIOSMB and @ITCompliance for our new stories throughout the week.

July 29, 2016  3:43 PM

Verizon homes in on digital content with Yahoo buy, dissent shrouds Privacy Shield

Fran Sales Fran Sales Profile: Fran Sales

This week, Verizon bought Yahoo for $4.83 billion, ready to stake its claim in the online content and marketing industry. But experts are hesitant to applaud the deal, saying that the telecom giant will likely face hurdles as it integrates the struggling internet business. In Searchlight, associate site editor Brian Holak talks with industry professionals to find out whether Verizon can successfully compete in the digital content industry.

Privacy Shield, the new EU-U.S. data transfer pact that finally got the green light from regulators this week, took up a lot of the spotlight. First, on SearchCIO, features writer Jason Sparapani explores European dissent around the “robust” framework that replaces Safe Harbor and how enforcement will work. And over on the Total CIO blog, Sparapani details how businesses can use Privacy Shield to boost their reputations as customer-centric organizations. Lastly, on the IT Compliance Advisor blog, we summarize why companies should sign up to the framework fast, and what benefits there are from doing so.

“Technology is the backbone of our customer service,” said JetBlue CIO Eash Sundaram at this year’s MIT CIO symposium – a statement that shouldn’t come as a surprise to companies that pride themselves in providing good customer service. But Sundaram’s career has a twist – he is also chair of a venture investment firm. On Total CIO, executive editor Linda Tucci talks about this latest development in the transformation of the CIO role.

Mobile security is now the No. 1 technology priority among the IT decision makers 451 Research polled this year. Why? Because as companies increase their mobile capabilities, they have also introduced new vulnerabilities into their risk profiles. In response, IT leaders are incorporating more layers of security into their mobile environment, as opposed to securing just one aspect of it.

Scaling your startup business doesn’t just involve scaling your product or service — that’s akin to continuously plugging more lights into an outlet until you blow a fuse. Leadership and agility expert Joseph Flahiff lays out the three key areas of scaling a business that organizations often miss: culture, leadership and organization.

So-called third platform technologies — social, mobile, big data analytics and cloud – are crucial to driving business innovation, and CIOs have a key role to play when it comes to enabling those innovative technologies. In a Total CIO blog post, assistant site editor Mekhala Roy speaks with Fred Magee, adjunct research advisor at IDC, about how to employ multi-tiered strategies to help with implementing innovation.

That rounds up the news for the week. Please follow @SearchCIO, @SearchCIOSMB and @ITCompliance for our new stories throughout the week.

July 22, 2016  4:56 PM

CIOs play a part in Privacy Shield; “promiscuous” users change mobile security

Fran Sales Fran Sales Profile: Fran Sales
CIO, cybersecurity, Mobile security, Privacy Shield, templates

This week, the U.S. and the European Union approved Privacy Shield. If you haven’t already heard, it’s the set of laws that replaces Safe Harbor, the overturned laws that governed the transfer of Europeans’ data across the Atlantic. Privacy Shield has a similar aim to Safe Harbor, but it also has more specific rules, harsher penalties, and highlights data governance as a critical tool for organizations that seek to comply. In this week’s Searchlight column, features writer Jason Sparapani lays out the rules’ framework, how and why CIOs should take action, and the importance of collaboration.

If I asked you of one big think you think is reshaping how companies are securing their employees’ mobile devices, I bet the word “promiscuity” doesn’t come to mind. But this trend of “promiscuous” employees, or those who indiscriminately use their mobile devices for business and personal use along with their enablement and the convergence of mobile devices and PCs, are changing the game for mobile security. Sparapani sat down with security expert Dionisio Zumerle to get his take on exactly how. Zumerle also talks about why traditional management and security tools won’t work to secure mobile devices.

How are your fellow IT peers handling every new technology innovation and market shift? With its Information Technology Priorities Survey, TechTarget has been polling them every year since 2010 to find out. In our latest Essential Guide, we break down 385 IT professionals’ project priority lists and their IT budget and spending expectations for 2016.

Who doesn’t like free templates? We’ve updated two installments of our popular series, in which we compile a list of free, downloadable IT templates for CIOs gathered from around the web. First, take a look at a sampling of free project scope templates to help you clearly document project goals, deliverables, tasks, costs and deadlines and keep your projects on track. Then, head over to this collection of free cost-benefit analysis templates for a systematic approach to determining the risks and benefits of a project or business decision.

A group of global financial organizations have put their heads together and drafted a set of broad principles to combat infrastructure-related cyber risks. Called the “International CyberSecurity, Data and Technology Principles,” the paper urges policymakers, businesses and other stakeholders to find common ground when creating new cybersecurity standards and regulations. Find out more about the standards in this SearchCompliance FAQ.

What exactly is OPSEC? If you need a refresher on the term, we’re here to help. It stands for “operational security” and refers to the analytical process for classifying data assets and setting up the controls that are needed to protect these assets. Read the rest of the SearchCompliance definition to learn about the OPSEC five-step process.

Please follow @SearchCIO, @SearchCIOSMB and @ITCompliance for our new stories throughout the week.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: