CIO · Cloud

3 ways enterprises can reduce their cybersecurity risk profile

IMG_5834

If you are an executive (CIO, CISO, CEO) or board member, cybersecurity is top of mind. One of the top comments I often hear is: “I don’t want our company (to be) on the front page of the Wall Street Journal.” Ostensibly, the comments are in the context of a breach. Yet, many gaps still exist between avoiding this situation and reality. Just saying the words is not enough.

The recent Equifax breach brings to light many conversations with enterprises and executive teams about shoring up their security posture. The sad reality is that cybersecurity spending often happens immediately after a breach happens. Why is that? Let us delve into several of the common reasons why and what can be done.

ENTERPRISE SECURITY CHALLENGES

There are a number of reasons why enterprises are challenged with cybersecurity issues. Much of it stems from the perspective of what cybersecurity solutions provide. To many, the investment in cybersecurity teams and solutions is seen as an insurance policy. In order to better understand the complexities, let us dig into a few of the common issues.

Reactive versus Proactive

The first issue is how enterprises think about cybersecurity. There are two aspects to consider when looking at how cybersecurity is viewed. The first is that enterprises often want to be secure, but are unwilling or unable to provide the funding to match. That is, until a breach occurs. This has created a behavior within IT organizations where they leverage breaches to gain cybersecurity funding.

Funding for Cybersecurity Initiatives

Spending in cybersecurity is often seen in a similar vein as insurance and comes back to risk mitigation. Many IT organizations are challenged to get adequate funding to appropriately protect the enterprise. It should be noted that no enterprise will be fully secured and to do so creates a level of complexity and cost that would greatly impact the operations and bottom line of the enterprise. Therefore, a healthy balance is called for here. Any initiatives should follow a risk mitigation approach, but also consider the business impact.

Shifting to Cybersecurity as part of the DNA

Enterprises often think of cybersecurity as an afterthought to a project or core application. The problem with this approach is that, as an afterthought, the project or application is well on its way to production. Any required changes would be ancillary and rarely get granular in how they could be applied. More mature organizations are shifting to cybersecurity as part of their core DNA. In this culture, cybersecurity becomes part of the conversation early and often…and at each stage of the development. By making it part of the DNA, each member of the process is encouraged to consider how to secure their part of the project.

Cybersecurity Threats are getting more Sophisticated

The level of sophistication from cybersecurity threats is growing astronomically. No longer are the traditional tools adequate to protect the enterprise. Enterprises are fighting an adversary that is gaining ground exponentially faster than they are. In essence, no one enterprise is able to adequately protect themselves and must rely on the expertise of others that specialize in this space.

Traditional thinking need not apply. The level of complexity and skills required is growing at a blistering clip. If your organization is not willing or able to put the resources behind staying current and actively engaged, the likelihood of trouble is not far way.

THREE WAYS TO REDUCE CYBERSECURITY RISK

While the risks are increasing, there are steps that every enterprise large and small can invoke to reduce their risk profile. Sadly, many of these are well known, yet not as well enacted. The first step is to change your paradigm regarding cybersecurity. Get proactive and do not assume you know everything.

Patch, Patch, Patch

Even though regular patching is a requirement for most applications and operating systems, enterprises are still challenged to keep up. There are often two reasons for this: 1) disruption to business operations and 2) resources required to update the application or system. In both cases, the best advice is to get into a regular rhythm to patch systems. When you make something routine, it builds muscle memory into the organization that increases the accuracy, lessens the disruption and speeds up the effort.

Regular Validation from Outsiders

Over time, organizations get complacent with their operations. Cybersecurity is no different. A good way to avoid this is to bring in a trusted, outside organization to spot check and ‘tune up’ your cybersecurity efforts. They can more easily spot issues without being affected by your blind spots. Depending on your situation, you may choose to leverage a third-party to provide cybersecurity services. However, each enterprise will need to evaluate their specific situation to best leverage the right approach for them.

Challenge Traditional Thinking

I still run into organizations that believe perimeter protections are the best actions. Another perspective is to conduct security audits with some frequency. Two words: Game Over. While those are both required, security threats today are constant and unrelenting. Constant, evolving approaches are required today.

As we move to a more complicated approach to IT services (SaaS, Public Cloud, Private Cloud, On Premises, Edge Computing, Mobile, etc), the level of complexity grows. Now layer in that the data that we view as gold is spread across those services. The complexity is growing and traditional thinking will not protect the enterprise. Leveraging outsiders is one approach to infuse different methods to address this growing complexity.

 

One alternative is to move to a cloud-based alternative. Most cloud-based alternatives have methods to update their systems and applications without disrupting operations. This does not absolve the enterprise from responsibility, but does offer an approach to leverage more specialized expertise.

The bottom line is that our world is getting more complex and cybersecurity is just one aspect. The rate of complexity and sophistication from cybersecurity attacks is only growing and more challenging for enterprises to keep up. Change is needed, the risks are increasing and now is the time for action.

Business · CIO · Cloud · Mobile · Social

My top most used business tools and applications when traveling

img_5228

What better way to kick off 2017 than to talk about the tools I find to be most useful? I wrote a post back in 2012 that outlined many of the tools I used back then. As many of you know, I travel a lot. Just about every week I am on a plane going somewhere in the world. Compared to many of my fellow corporate executives, it ranks in the excessive category for a CIO.

Considering the amount of travel, I am often asked what tools I find to be most useful. First, it is important to understand that I work under a minimalist perspective. That means, I try to travel with the least amount that I can. The lighter the load, the happier the experience.

LUGGAGE

First rule of travel: Carry-on, do not check luggage unless you absolutely must. There are many reasons for this. If you travel a lot, you need to invest in good-quality luggage. While I have a full collection of Tumi luggage, which I swear by, there are two pieces that I use most frequently:

Tumi Alpha 2: International Expandable 2 Wheeled Carry-On

Tumi Alpha 2: Compact Laptop Brief Pack

These two pieces offer the most flexibility when traveling both domestically and internationally and fit my technology needs very well.

HARDWARE

Ok, on to the technology part of the post. There are two fundamental components that I have used for years now; an iPhone and an iPad. With rare exceptions, these are the only two devices I travel with. Here are the details of what I am currently using:

iPhone 6s Plus: The iPhone offers the ability to make calls while traveling internationally. It also syncs with the iPad. The 6s Plus is the first time I am using the larger screen. In hindsight, the smaller screen size is probably a better choice for me. While the larger size is nice from a real estate perspective, the size is excessive for most things. In addition, it is almost impossible to do anything on the phone with only one hand.

iPad Pro 9.7”: This is an upgrade from the iPad Air, iPad 3 and original iPad I used previously. The iPad platform offers the ability to do a myriad of things using a single device (see software below). The physical size is both compact and not obtrusive when sitting on a desk or table in a meeting. I use the version with Wi-Fi & Cellular. I find that most Wi-Fi networks at hotels, airports, train stations, conventions are simply unreliable. Not to mention the security of those networks. Cellular access allows bypassing many of the issues and LTE is plenty fast.

Apple Pencil: This is a new, and welcome addition to the list. The Apple Pencil finally provides the ability to take detailed handwritten notes and drawing without the relatively crude capabilities that stylus’ offered.

Logitech Create Keyboard: The new Logitech Create keyboard for the iPad Pro not only offers a nice, protective keyboard plus case, but also integrates with the Pro’s Smart Connector and has a spot to hold the Apple Pencil. A good keyboard is a must if you write while on the road. By using the Pro’s Smart Connector, there is no need to use Bluetooth, or charge the keyboard. The keyboard itself is both backlit and has large keys suitable for larger hands. One side note, if you are flying economy, the keyboard and iPad combination is usable, unlike many laptops.

Bose SoundTrue Headphones: These are some of the most comfortable headphones you will find! The do not rely on putting pressure on the ear canal…which can lead to headaches and ear aches. While not noise-cancelling, they are the next best thing. I can wear these all day without ear fatigue.

Bose QuietComfort 25 Noise-Cancelling Headphones: These are a must for long-haul flights. I typically do not travel with them unless traveling across the country or internationally. If you have not experienced noise-cancelling headphones, I find that they dramatically reduce fatigue from long flights. One side note, I have found that the Airbus A380 is the quietest commercial airplane flying today…even more so than the Boeing 787 Dreamliner. The A380 is so quiet that you almost do not need noise-cancelling headphones.

Tumi 4-Port USB Travel Adapter: It offers (2) 2A USB ports and (2) 1A USB ports plus includes the different international plug adapters in a nice small package. The Tumi adapter is fused and a perfect addition to eliminate all the different bricks and adapters.

Mophie Powerstation XL: Battery packs are pretty much a necessity these days. However, I find that both the iPhone and iPad offer full-day coverage. The exception is when I travel to conferences and/ or am on the phone and/or iPad non-stop all-day. Or if I am going from breakfast meetings to evening events non-stop. Unlike finding a power outlet which then ties you to that spot while charging, the Mophie provides on-the-go charging.

Apple Airport Express: Traveling Internationally brings on a new set of issues. There are still hotels that offer Wi-Fi in the lobby, but wired connections in the room. This creates a problem when only traveling with an iPad. To combat the issue, I throw this small, self-contained, router in the suitcase when traveling internationally. Note that this is becoming less of an issue. As a side note, when traveling with the family, I use this router to connect all our devices without having to connect each device directly to the hotel Wi-Fi. Each of the phones and tablets are already configured to use the secure Wi-Fi setup on the router. Plus, it gets around many hotels that limit the number of devices connected in a room.

Apple Lightning Adapters: When presenting, you never know which interface you will need. Thankfully, both the iPhone and iPad use the same Lightning adapters. I travel with both VGA and HDMI adapters. I can then choose whether I present off the iPhone or iPad. Note that when presenting, it will quickly drain the battery…so plan accordingly.

SOFTWARE

Now on to the applications…

Microsoft Office for iOS: The first versions of the Microsoft Office apps for iOS were incredibly limited in functionality. However, the more current versions of Word, Excel and PowerPoint are both feature-rich and integrate well with Box.

Box: Box provides an enterprise-grade solution that syncs well with both desktop and mobile devices. The iOS app allows me to choose which files and/or folders I wish to sync for off-line use. This is great for working on documents while on an airplane. The application also allows me to share file/ folder access with others to collaborate.

iThoughts: When creating a presentation, or brainstorming an idea, iThoughts provides a great mind-mapping tool.

Notability: Notability is one of the best note-taking tools I have used. The combination of Notability with the Apple Pencil has practically replaced the need for paper & pencil. When meeting with folks and needing to draw, it makes for a great whiteboard solution. I can take notes, draw pictures and quickly send copies via a myriad of ways including email and text.

Twitter/ Tweetbot: If you are on Twitter, one of these two apps is a necessity. I find that Tweetbot offers several features not available in the native application. However, they are getting closer with each release.

LinkedIn: Connecting via LinkedIn is key to engaging with others. The app, while not perfect, is a good companion while on the road.

WordPress: If you post to blogs based on WordPress, the app is a must. For my post workflow, I still write and edit posts in Word and then cut/ past into WordPress. This provides a backup and place to search across posts locally.

Skype: Skype makes it much easier to work with parties in different countries. Skype provides the ability to call and video-conference across geographies.

Slack: There are a myriad of different communication tools on the market today. Different teams use different tools. However, I find that several of the groups I work with prefer to use Slack.

Kayak: Kayak recently discontinued their Pro product by centralizing everything into their base app. I use Kayak as a single point to manage all travel (air, hotel, car, etc). You simply forward the email with your travel information and Kayak parses the details into ‘trips’. I then sync this information into my calendar to see everything in one place.

United: As a United Million Mile Flyer, and based from SFO or LAX, United provides some of the best flight choices to the locations I travel most. The app allows me to change flights, change seats, book flights and get status updates on-the-go.

Miscellaneous iOS Apps: In addition to the third-party apps listed above, I also use the native iOS apps including Mail, Safari, Calendar, Notes, Reminders, Music, Messages, Photos, Maps, Contacts, etc. One thing I value with the iOS platform is the ability to sync data and settings across devices.

Miscellaneous Apps: There are several other apps that I use, but they are less for business and more for personal uses. The iPad platform gives me the ability to work, play, read news, watch movies, read books all on one device. Again, less is more.

 

Hopefully that provides a glimpse of what I found to be most useful when traveling. I welcome your suggestions and recommendations too!

CIO · Cloud

IT transformation is difficult, if not impossible, without cloud

IMG_2135Information Technology (IT) transformation is all the rage these days. It started as a lofty objective among Chief Information Officers (CIOs) and shifted to a stark requirement for businesses to remain competitive. Even those beyond the IT organization are pushing IT transformation including the rest of the C-Suite and Board of Directors. Why? Without it, companies struggle to remain competitive and potentially suffer catastrophic failure. Simply put, IT has become so important to a business’ success that transformation is now a requirement for remaining competitive in business.

At the same time, the maturity of cloud-based solutions leads to a fundamental requirement for IT transformation. Cloud is no longer just a discussion among IT professionals. Cloud is now a discussion among C-Suite executives and the Board of Directors. Essentially, IT transformation relies on cloud as a significant lever in a company’s arsenal.

THE RIGHT CLOUD CONVERSATION

However, not all cloud conversations are the same. While many in IT will focus on the technical merits (and hurdles) that cloud provides, C-Suite executives and Boards are looking at the leverage it provides for economic growth and business agility. If the CIO and IT organization are only focused on cloud for technical merit, it will inevitably fail. A conversation pitting one technology against another is missing a key component: context. What is the context in which one technology provides value over the other? And the answer needs to be in terms that convey clear business value.

The reality is that cloud is nothing more than a tool that provides significant leverage. The real question is: What leverage can cloud provide in terms of business advantage not technical merit.

TRADITIONAL IT FAILURE

Historically, IT managed most of the solutions internally due to a lack of alternative solutions. Now it is time to get beyond doing everything internally. Regardless if you are in a heavily regulated and compliance industry such as Financial Services or Healthcare, there are mature solutions. In addition, those regulations and compliance requirements do not apply to every system and piece of data that IT manages.

In addition, new requirements coming from Internet of Things, Machine Learning, data integration and mobile will continue to rip apart traditional IT architectures. In essence, traditional architectures have no hope of keeping up with the increasing flow of data and complexity of solutions. IT desperately needs to change to keep up and get ahead of this onslaught.

GETTING PAST THE BASICS

In order for CIOs to build trust for transformation, they need to get the basics under foot. This statement is non-negotiable. Fundamental functions like email, phone systems, file sharing need to work without incident. These solutions are becoming more complex, but not business differentiating for any given organization. Yet many IT organizations continue to insist on running these functions internally. Sadly, many of the reasons given for this approach no longer hold true.

At the same time, mature cloud-based alternatives exist that provide greater stability, function and agility. Not only does running commodity functions create a distraction for the organization from business-differentiating functions, it also creates an incredible amount of risk to basic business functionality. Unfortunately, failures to get the basics right will continue to plague the CIO and rest of the IT organization by extension.

FOCUS ON THE RIGHT OBJECTIVES

To be clear, I am not saying cloud for cloud sake. There is a right and wrong place to leverage cloud. The IT organization needs to take a holistic approach to identify how best to leverage cloud. However, for commodity services, cloud should be a mandatory requirement at this point. And those organizations still trying to run commodity services internally…and failing…are only hindering their company’s progress.

It is time we (as IT leaders) take a serious look at our role and consider how best to leverage the tools at our disposal. Transformation is a requirement. Cloud is a requirement. The question is really how to chart the path forward. What we have done in the past will not serve us well in the future. And remember…time is not your friend.

Cloud · Data · IoT · Mobile

Intel playing a key role with Cloud, Mobile, IoT & Analytics

In the past couple of weeks, I spent time with the Intel team in Oregon to see their work in leading areas including Cloud, Mobile, Internet of Things (IoT) and Analytics. Before I get too far down the path, one may be asking what Intel, a chip manufacturer, is doing in some of these areas. As it turns out, Intel is actually one of the largest software developers today. Intel also plays a leadership role in driving adoption and bridging the gaps in these leading areas.

SUPPORTING THE MOVE TO CLOUD

Today, 75% of current cloud demand comes from consumer services. By 2020, 65-85% of applications will be delivered via cloud infrastructure. The key for Intel (and others) is to move from consumer applications to enterprise applications. Intel’s approach is to leverage Jevon’s Paradox. The easier computing is to access, the faster the adoption. One of the key areas Intel is working on is orchestration software that is transparent vs. opaque.

Simply put, the industry is simply not moving fast enough. Friction exists in several key areas with adoption:

  • Fragmented solution stacks
  • Complexity in deploying solutions
  • Lack of key features

While these may seem straight forward, the path is not always the most direct. Intel IT is a great test bed of methodology, technology and culture. Today, any developer in Intel IT can go request their own instance for compute & storage.

One of the areas related to cloud is Intel IT’s move to Software Defined Networking (SDN). Prior to SDN, the process of Landing, Security Setup (ACL), Load Balancing and Auto IP Provisioning took an average of 31.99 days(!). After SDN, the process is nearly instant. The biggest challenges were Immature Technology (71%), Existing Network/ Processes (64%), Lack of Knowledge/ Training (29% and Cost (25%).

To Intel, cloud is not the end-game and does not see enterprises completely divesting of data centers. Intel’s perspective is that every CIO wants to get to a hybrid cloud scenario.

ENGAGING IN THE MOBILE ECOSYSTEM

Today, there are 1.9 billion smartphones. Each smartphone has an average of 26 applications. Each application has (on average) 20 transactions with a data center every day. That turns into 1 trillion data center transactions…every day!

Imagine the challenges of scale using traditional data center technologies. The sheer amount of data, let along transactions, is massive. And this is just what we see from the mobile endpoints.

THE INTERNET OF THINGS (IoT)

There is a significant opportunity for any of the IoT players by turning data into value. With 50 billion ‘things’ and 35 zettabytes of data, there is quite a bit of upside for even the most narrowly focused of companies. Intel is working with companies to enable the two categories of the IoT.

THE DATA AND ANALYTICS OF CANCER RESEARCH

One example is Intel’s partnership with Oregon Health & Science University (OHSU) to assist with their cancer research programs. OHSU is one of the country’s leading cancer research institutions. Intel has engaged with OHSU on multiple levels. However, one of the core activities when doing cancer research is genome sequencing.

Today, a single patient genome generates more than 1 terrabyte of data. That’s 1TB+ per patient. With 1.65 million cancer patients in the US alone, that equates to 4 exabytes of data for genome sequencing. Today, <1% of cancer patients are actually sequenced due to a number of issues including costs. Imagine if all cancer patients were sequenced. Now imagine if patients for other diseases were sequenced. One can quickly see that we are just scratching the surface on data analytics in healthcare and have a long way to go!

SUPPORTING THE OVERALL EFFORT

As the scale for workloads moves from rack-scale to larger, specialized implementation, Intel is ready with custom silicon. Cloud providers, such as Amazon AWS, have already taken this approach to leverage a myriad of features that best support their service offering. Expect others to follow suit as their scale increases.

 

Today, the breakdown of Intel’s market by workload is as follows:

Screen Shot 2015-11-03 at 9.53.29 AM

 

It is impressive to see how much of the workload pie is squarely focused on technical computing today. Consider how this will change as the adoption rate of cloud and analytics increases.

All that being said, Intel’s core is still building infrastructure technology. Their new 3D xPoint memory technology is about to turn the industry on its head. Consider that xPoint addresses many of the concerns with NAND memory today and presents significant opportunities for applications in need of low latency, fast system recovery and high-endurance. Large in-memory databases, gaming and genomics analysis are just a few of the leading contenders that will benefit from 3D xPoint memory technology.

Screen Shot 2015-11-03 at 9.52.07 AM

 

In summary, Intel is far from just a ‘chip manufacturer’. They are constantly innovating their silicon expertise while taking a leadership role in many of the hot technology areas. While many still struggle with basic block-and-tackling of cloud adoption, there are many significant opportunities that lie ahead of us both commercially and personally.