20th Annual ICT
for Sustainable Economic,
Business and Social Development
Conference at the United Nations
July 10-11, 2008
“SOA” (Service Oriented Architecture)
This morning, we embarked on part one of a three-part discussion on unlocking the hidden potential of information technology (IT). We discussed service-oriented architecture (SOA) extensively. This coming afternoon, we’ll look closer at information security, including protecting the perimeter, the impact of pervasive devices, and the desire for enterprise data protection (protecting data, in any form, wherever it goes). Also, be sure to come back tomorrow (Friday, July 11) for a discussion on green-tech.
All of the speakers today talked about “unintended benefits.” To delve deeper, two speakers join us: Sandy Carter at IBM and Andres Fortino at NYU Polytechnic University.
We’ve learned today that IT is not merely a service department. IT is a business enabler and a business driver.
...But there are drivers to IT and business alignment.
On the IT side, proprietary solutions do exist in your often-suburban mall sprawl of an organization. As a result, you may be locked into legacy solutions, proprietary applications and integration, or lack thereof, so complex that it is difficult to evolve or leverage what you have.
The business side presents just as many daunting challenges. As Sandy Carter mentioned earlier today, the businesses you support are moving at the speed of light. They are constantly adjusting based on changes in supply, demand, competition, in multiple offices domestically and abroad, as well as compliance. Moreover, as Tami Cannizzaro talked about, tracking end-to-end processes is an additional challenge.
There’s something that’s been alluded to, but not explicitly stated today. That’s the concept of “recession-busting IT.” Increasing fuel prices, as well as the monetary and lifestyle impact of climate change, has impacted us all. The answer for most of our businesses is not necessarily raising our prices to our customers. It is about finding efficiencies. IT is the answer. Being “green” is more than just focusing on the datacenter.
SOA is key to this solution. SOA is what we at InfoWorld internally call a “market maker” technology. To us, market maker conditions occur when commodity technologies converge to create a new high-level application of tech that adds x-factor-like impact to their organization and their customers.
Across going on ten SOA Executive Forum events and multiple research studies, there are five key trends we see:
Glass Half Full? Glass Half Empty? When we talk about enterprise security, we all typically take the latter approach. After all, threats are happening. Threats are increasingly more sophisticated. Threats may not always be visible. And threats may come from employees, business partners and customers who have legitimate access to your information, but misuse or fail to protect it.
But, from my perspective, sitting in this room today, there may be a silver lining ... And one that connects with the "unintended benefits" theme and helps us fulfill the promise of the efficiencies gained by SOA that was discussed this morning ... specifically that we are using security protocols and policies to ensure that the right people are receiving access to the right information. Instead of merely keeping "bad people" out, good security policies allow the "right people" in. This is the unspoken security threat ... Specifically that the best people that are empowered to make the decisions that make your organization “agile” are actually able to. This is not often the case. It’s easy to lock down a system, but this should not be the only consideration.
To help us discuss some of the key points from today’s afternoon discussion on information security, we’re joined by: A.T. Smith, Deputy Assistant Director of Investigations for the US Secret Service; Felix Ramirez, Director of the NY Metro Chapter of ISACA; and Simone Seth, Program Committee Chair and Board Member of the ISSA.
Before we conclude today, I’d like to share some brief results from InfoWorld primary research.
For many moons InfoWorld and, one of our sister companies, IDC have worked together on an annual survey looking at the state of enterprise security systems and regulatory compliance issues that are of importance to IT security purchase decision makers. Using the results from a study we fielded last October and into November, we can develop a profile of current and future challenges and threats facing enterprise IT security, while also measuring vendor preferences for security solutions. Today we’ll highlight some summary data and findings from the study, based on 433 respondents that qualified to complete the study.
Regarding respondent’s companies current security system. Almost half of all respondents (43%) stated their companies control their security system internally. Whereas 22% use a mixture of outsourced and internally managed point solutions, 20% use a patchwork of point solutions, and 10% have an integrated security management system.
We asked about their confidence in their company’s current security system. About half, 47%, indicated that they are very or extremely confident.
However, these respondents believe their executive management’s confidence is higher. Fifty-seven percent (57%) of respondents believe that their company’s executive business managers are very or extremely confident in their current enterprise security system. This indicates a significant disconnect that may impact IT’s ability to solve the increasingly sophisticated threat.
We also asked about official security and risk notification policies. Over half (55%) of all respondents have a formal, documented security policy in place at their organization. Of those respondents who have this policy, 91% indicate that their employees are trained in that policy. We also asked if their company has an official policy for notifying customers when their private data may be at risk. Only 54% did. Now this is across all company sizes and inclusive of all industry. Obviously, the data will be different and higher if we looked at highly regulated businesses.
As for top security challenges: The most frequently cited security challenge facing respondents’ companies over the next 12 months is the fact that employees underestimate the importance of following the security policy (23%) (Rating 5 on a 5-point scale where 5 is a significant challenge). This parallel’s the story that GSN’s Jacob Goodwin told earlier today. Other top security challenges from the study included: increasing sophistication of attacks (17%), budget too small to cover necessary security purchases (17%), business executives underestimate the importance of following security policy (17%) and preventing the exposure of confidential information (15%).
Before the excellent external thread discussion and case study, the role of insider threats were discussed. Given that employee adherence to a security policy impacts behavior and risk, how obvious should security solutions be to the user? Should it be transparent to the user or otherwise?
From your perspective, should organizations attempt to lock-down or prohibit the use USB drives or items like iPods?
In your opinion, what is the single most important thing a company can do to improve their overall level of IT security?
At InfoWorld, we have a variety of newsletters, articles, and topic centers on various security topics. You can find a variety of InfoWorld newsletters by visiting InfoWorld.com and clicking on the newsletter link in the upper right hand corner of the site. Also, we have a dedicated topic center on enterprise data protection, available at http://www.infoworld.com/topic-center/data-protection.
Looking forward to tomorrow, be sure to come to tomorrow’s event to learn more about green-technology. The conference will be discussing the impact of climate change and how ICT can help, the role of computers in advancing scientific breakthroughs, energy efficient storage, and ways that CIOs can pragmatically implement green-technology.
Editor at Large
Friday morning, July 11, 2008
|Addressing Global Environmental Sustainability through ICT
So-called ‘Green ICT’ initiatives are proliferating as private and public sector organizations alike are stepping up their commitments to being responsible environmental citizens. But while technologies and techniques such as the deployment of more energy-efficient computers and closed-loop ICT recycling programs will certainly help reduce the respective carbon footprints of participating organizations, these systems and methodologies do have their limitations.
One way to address the planet’s environmental challenges – “perhaps the only way” – is through bio-mimicry, or the process of mimicking the designs and biological systems inherent in nature, said Andrew J. McKeon, Assistant District Manager, The Climate Project. The Climate Project is a nonprofit public awareness organization based in Nashville, TN.
McKeon, the first presenter for the Green ICT segment, explained how humans can draw from biological systems. McKeon went on to say these systems are both energy-efficient and information-intense. “A single DNA strand for a mouse contains more information than the Encyclopedia Britannica,” said McKeon. McKeon noted some of the more innovative approaches being taken to address the world’s environmental challenges, including how researchers are testing the viability of bio-fuels “that don’t take food away from hungry people,” promote the use of algae-based fuels.
Meanwhile, several factors are contributing to the escalation of ICT-driven power and cooling consumption in the United States. For example, U.S. businesses have to contend with a recent surge in government regulations, such as the Sarbanes-Oxley Act of 2002, which have led to a “massive” increase in corporate storage, said Thomas McDorman, Vice President and General Manager of Enterprise Storage Solutions at Western Digital.
For its part, Western Digital has introduced several energy-saving innovations over the past few years, including hard drives that can automatically go into idle mode on laptops when they aren’t being used.
For the time being, at least, researchers such as the Oak Ridge National Laboratory will continue to increase their computing capacity in order to delve into the world’s thorniest climate issues. Climatological models such as the ones produced by Oak Ridge “will require extraordinary computational capability,” said Thomas Zacharia, Associate Laboratory Director for the world’s most powerful open scientific computing facility.