IT Infrastructure - News

 

• Provide management with a comprehensive understanding of the total effort required to develop and maintain an effective recovery plan;
• Obtain commitment from appropriate management to support and participate in the effort;
• Define recovery requirements from the perspective of business functions;
• Document the impact of an extended loss to operations and key business functions;
• Focus appropriately on disaster prevention and impact minimization, as well as orderly recovery;
• Select project teams that ensure the proper balance required for plan development;
• Develope a contingency plan that is understandable, easy to use and easy to maintain; and
• Define how contingency planning considerations must be integrated into ongoing business planning and system development processes in order for the plan to remain viable over time.

While many CIOs have confidence in their company's potential for future growth, a number believe that business leaders face ongoing pressures. For example, the competition for what appears to be a shrinking pool of talent is expected to increase. It is difficult to hire and retain the 'right' employees. Given how crucial talent is to achieving a company's objectives, more CIOs are looking for fresh approaches to attract, engage and retain a workforce that will remain loyal to their company. And current employees could see the biggest benefit from this trend as many CIOs are looking to promote from within.

 

• Provide management with a comprehensive understanding of the total effort required to develop and maintain an effective recovery plan;
• Obtain commitment from appropriate management to support and participate in the effort;
• Define recovery requirements from the perspective of business functions;
• Document the impact of an extended loss to operations and key business functions;
• Focus appropriately on disaster prevention and impact minimization, as well as orderly recovery;
• Select project teams that ensure the proper balance required for plan development;
• Develope a contingency plan that is understandable, easy to use and easy to maintain; and
• Define how contingency planning considerations must be integrated into ongoing business planning and system development processes in order for the plan to remain viable over time.
  

• What are the legal implication - What is the impact of the Stored Communication Act - Record Retention and Destruction?
• What happens to the data and audit trail when an employee leaves the company?
• What about lost or stolen devices?
• How is a device configured to receive and transmit corporate data?
• What kind of passwords are acceptable to use?
• What kind of encryption standards are acceptable?
• What types of devices are allowed and what types are not?
• What about jail broken, rooted or compromised devices?

Metrics are an essential tool in helping executives reduce costs while delivering more value-and thus is an invaluable lever of high performance. Metrics also provides companies with the concrete baseline and comparative data they need to identify performance gaps and ways to bridge them.

The role of the CIO and CTO is changing as more enterprises more towards a "Value Added" role for the Information Technology function.  Those changes are depicted in the detail job descriptions that have been created for all of the functions with IT -- especially for the CIO and CTO.

It is also difficult to be proactive. That is important when you consider the 80/20 rule, where 80 percent of the intrusions you can see and can avoid with proactive security. The other 20 percent are unknown and hidden, what are known as Advanced Persistent Threats (APTs). With those you need a little more predictive ability in order to get a level of resiliency.

The most urgent actions are those that give people a better understanding of the threat environment, and that give them the ability to apply appropriate actions and resources to mitigate the risks and threats. And that they understand that it is really hard to have 100 percent security, but that they can have controls in place that are good enough to protect assets that are business/mission critical.

It has been found that only 6 percent of mid-sized companies that suffer catastrophic data loss survive - 43 percent never reopen, and 51 percent close within two years of the disaster. Implementation of a reliable DR strategy has traditionally been expensive and overly complex, largely because of equipment and networking requirements along with costly replication csoftware licenses As a result, many small and medium businesses (SMBs) were required to make difficult compromises, such as limiting disaster coverage only to critical applications, employing manual recovery processes on dissimilar equipment, or simply backing up to tape and hoping they will have access to working backups when needed.

Many companies are therefore forced into operating their businesses with insufficient protection in terms of application coverage, acceptable downtime and reliability of recovery.

Sales in the companyÂ’s Information Systems and Global Solutions (IS&GS) segment decreased $92 million, or 3 percent, during the forth quarter, which ended Dec. 31, compared to the last quarter of 2010. It also declined by $540 million, or 5 percent, for all of 2011, compared to the previous year, according to financial figures released Jan. 26.

Overall though, the business segment was hit by the fiscal pressures the government is under, which keep agencies from spending as much on IT products and services in 2011. Executives expect the segment's annual operating margins in 2012 to be similar to the annual 2011 figures.

IT Job Market Employment Trends

    

In a new report, Celent said the tumultuous state of the banking industry since 2009 continues to affect tech spending. For instance, when Celent published its report on worldwide banking last year, it appeared that a turnaround had begun. "This is no longer the case; there is still plenty of uncertainty," Celent stated.

Having an effective recovery strategy and a set of coherent disaster recovery plans is essential to helping avoid downtime during a crisis. The need for enhanced quality, efficiency, and predictability for disaster recovery and business continuity has increased significantly, highlighting the necessity of a well-defined set of recovery plans and regular testing. However, as the required scope of critical processes, production applications, and enterprise demands increases, sustaining the timeliness and effectiveness of a recovery plan can become increasingly difficult.

For most organizations, disaster recovery is extremely labor intensive, often requiring the manual coordination of hundreds of recovery tasks. So although the importance of having an effective disaster recovery plan is clear, organizations often find it difficult to achieve the level of protection they need.

In a survey of 500 IT pros, a staffing firm found the vast majority (89 percent) are currently happy with their jobs. Nearly two-thirds (64 percent) said they intend to stay with their current employer, and 25 percent said they'd only leave if the right opportunity came along. Just 11 percent are unhappy with their current position, which includes 4 percent of respondents who are actively searching for a new job.

    

Part of the reason IT pros are staying put is caution. Employees are nervous about unemployment levels, an unstable economy, and the possibility of a double-dip recession. Marketplace paranoia is keeping people where they are.

In addition, companies are working hard to keep their current IT teams intact. A lot of employers are creating environments that are hard to leave. Perks such as the opportunity to telecommute, flexible schedules, and onsite daycare are helping with retention efforts. They've made it endearing so that people think twice about moving on to something else.

When the information security function adopts governance, it raises its game, engaging with senior management and other corporate governance functions. This not only minimises information risk and reputational damage, it also delivers continuing added value from information technology.

New technologies are constantly increasing the complexity of business information, while more sophisticated technology and processes are needed to manage it. Furthermore, that information is simultaneously more critical to the business and more susceptible to attack or abuse.

Information security governance enables the direction and oversight of information security-related activities across an enterprise, as an integrated part of corporate governance. It shows customers, business partners, shareholders and regulators that information is being protected according to industry best practice. It provides the agility to deal with incidents quickly and effectively, and enables better management of all of information security activities – decreasing the chances of headline-grabbing incidents.

Local disk-based data protection strategies improve backup efficiency and reliability over tape-based ones. Consolidation of edge data to the core data center may introduce further efficiencies. Data de-duplication can drive both backup-to-disk and consolidation adoption.

While security in the cloud services environment is clearly a concern for many IT security professionals, there is still a lack of assurance within the external supply chain as whole.

The message on security is getting through to businesses, there is no consistent language to determine whether the service provider will operate the controls to a level that assures the client that their risks are managed appropriately. This proves that the current security mindset is little more than managing risks to achieving compliance rather than empowering organizations to understand the controls required to manage the risks to their information.

All organizations on both sides of the public/private sector divide, have an explicit obligation under law to ensure that personal and corporate information is managed in a safe manner.

The current compliance overload over the past four or five years has led to an inordinate focus on managing risks to compliance rather than understanding the risks to information - and this focus has meant that we look to overuse of technical controls to show due diligence to ensure that when a breach occurs, that penalties will not be levied; it is not designed to reduce the likelihood of breaches themselves.

This approach is unsustainable, as it does not look to the implementation of the controls and fails to address the business risk management issue that exists in most organizations. This is turn has no more benefit to the business than placing money in the shredder.

The current lack of corporate information governance in today's businesses will soon result in increased penalties. This proves that the current focus on compliance risk management as we know it is nearing an end, and something else is required to assist organizations to understand and manage the risks to their information going forward.

Key business dynamics could alter this progress. Include the possibility of double-dip recession in the United States and European countries, continuous credit and derivative losses that threaten business expansion. These developments would cause many business to reduce their total IT spending budgets and make lower-cost, lower-automation system improvements. Business will, however, continue strategic cost reduction initiatives that drive ITO and BPO spending.

A number of technologies are generating interest but little spending or are early in their growth cycle. For example, research and development for mobile business infrastructure applications is accelerating although spending on mobile is still very low compared with spending on other distribution channels. The continued growth of the installed base of mobile devices will eventually create "network effects" that accelerate adoption beyond mobile status information into more customer relationship management applications.

Social media and peer-to-peer (P2P) transactions and IT spending are in their infancy. The combination of social media with P2P transactions could spur P2P application development.

They can cause a loss of customer and partner confidence. Ultimately security breaches can damage a companyÂ’s brand and its ability to do business. As mobility becomes a more important part of routine operations, companies who are developing a mobility strategy must address the issue of mobile security. To do that, itÂ’s important to understand the vulnerabilities.

There are four areas of vulnerability in mobile business operations:

• Lost or stolen devices
• Unauthorized data access
• Risks arising from combining personal and work use in one device
• Gaps in device management and policy enforcement