The hype vs. reality debate is nothing new to IT, from the first PC to today's iPad. But ignore the hype at your own peril. If there's an overhyped term today, it is cloud computing. Everyone is on the cloud computing discussion, but will it really deliver as promised? Is this not just vendor driven for revenue? Check out this breathless prophecy:
"We can't even imagine today the potential of cloud computing as we look forward. But given the intersection of higher processing power, cheaper cost and the ubiquitous access to broadband networks that for the first time are able to deliver content in ways that we couldn't imagine before ... transformation that's going to fundamentally change the way we live our lives."
Wow! If you thought that this was spoken by Marc Benioff, guess again. It was Vivek Kundra, President Barak Obama's federal CIO, speaking on "The Economic Gains of Cloud Computing" April 7.
Kundra's viewpoint is not surprising in one sense, in that the government has also been an early adopter of technology. But it is surprising in contrast to the conventional wisdom of many CIOs in corporate America. There are CIO's discussing the new shift in IT being cloud computing, and how this without a doubt a game changer. Is it? Is it not just the latest magazine read and management direction because everyone is doing cloud and we don't want to get behind. What value will it deliver to the business? What competitive edge does it bring to the table? Remember the big outsource your IT craze and the big organizations that outsourced their entire IT department to offshore organizations? How many of them are now bringing that all back in house - didn't work out so well. We have to stop following the few, and listen to our business needs and deliver what is best for the business. Cloud computing may not work for all organizations, and it doesn't have to.
I propose to you that we will see a hybrid approach to cloud computing. There will be SaaS offerings that make sense to the business, and the application meets a business need. There will be IaaS offerings that meet a business need around web services, burstable needs, DR, etc. Don't be so quick to jump on the cloud computing band wagon and make significant mistakes. Take the time to map out the business capabilities, needs and how you can help the business with IT enabling solutions. Be the leader in your organization on cloud computing as the CIO. Drive the discussions and ensure IT stays engaged, IT governance remains in tact, and that whatever services are aquired fit a need and not a stigma.
Good Luck!
About Me
- Scott Arnett
- Scott Arnett is an Information Technology & Security Professional Executive with over 30 years experience in IT. Scott has worked in various industries such as health care, insurance, manufacturing, broadcast, printing, and consulting and in enterprises ranging in size from $50M to $20B in revenue. Scott’s experience encompasses the following areas of specialization: Leadership, Strategy, Architecture, Business Partnership & Acumen, Process Management, Infrastructure and Security. With his broad understanding of technology and his ability to communicate successfully with both Executives and Technical Specialists, Scott has been consistently recognized as someone who not only can "Connect the Dots", but who can also create a workable solution. Scott is equally comfortable playing technical, project management/leadership and organizational leadership roles through experience gained throughout his career. Scott has previously acted in the role of CIO, CTO, and VP of IT, successfully built 9 data centers across the country, and is expert in understanding ITIL, PCI Compliance, SOX, HIPAA, FERPA, FRCP and COBIT.
Wednesday, June 30, 2010
Tuesday, June 29, 2010
IT Jobs & Job Seekers - Where we at?
2010 Moster Information Technology Job Market Report (Sponsored by Kelly IT Resources)
Half of the IT survey respondents were employed. Of those, 82% were employed full-time, 6% part-time, and 12% with either contract or temporary work. This group has been employed, on average, for 20 years and has had over six employers, showing that the days of staying at one company for an entire career are well-over.
A remarkable 54% of employed IT respondents are either “unlikely” or “neither likely nor unlikely” to stay at their current employer for the next year. This high number shows the steep frustration that current employees are feeling, as they have stuck with their employer through pay cuts and extra work during the past tumultuous year.
Employers need to listen closely. We asked those employees who intend to leave their job in the next 12 months what their employer could do to keep them. A notable 41% of respondents detailed non-cash incentives and changes that they desired, 21% wanted to be hired from contract to a full-time position or given a promotion or role change, and 19% said nothing – they were leaving their job no matter what their employer did.
What do you think of this report? On target? In a previous blog discussion it was noted that we lost much of the human element of our jobs these days. Have companies burned valuable bridges these days under the cloak of poor economy? Have companies exploited the hard times as a way to move the dial on what they offer for benefits, salary and work environment? Is it an easy out to say "all the other companies are doing it" - but is that really true? Shouldn't your company be a leader?
I remember 20 years ago when a company wanted to fight to be the leader, encouraged employees to grow and get all the training you could. What changed? Global economy? What role did our GE Jack ole boy play in this as we moved jobs oversees? What about the performance process and metrics we use today to evaluate employees - helpful? Terminate the bottom 10% of your performers - accomplishes?
I propose to you that the job market has changed, as has the job seekers. I think companies have changed, keeping in mind companies are nothing but people. So we have humans doing this to humans - the company is nothing more than people. I do think the race for global presence has changed us, the leaders that bought into Jack Welch nonsense has hurt Corporate America, and we seek to say we are a global company. We lost some vision along the way, we lost some compassion and innovation between the spreadsheet cells.
I have colleagues email me asking what they should do as a job seeker, stay or go? Find a new career? My recommendation is to find that which makes you happy, and keep in mind jobs will come and go. Family first, work to live, enjoy life and make the best of it. Stay positive, focused and worry about that which you can change. Work hard - but don't work all the time. Life is very short, and don't miss it by working around the clock.
Good luck!
Half of the IT survey respondents were employed. Of those, 82% were employed full-time, 6% part-time, and 12% with either contract or temporary work. This group has been employed, on average, for 20 years and has had over six employers, showing that the days of staying at one company for an entire career are well-over.
A remarkable 54% of employed IT respondents are either “unlikely” or “neither likely nor unlikely” to stay at their current employer for the next year. This high number shows the steep frustration that current employees are feeling, as they have stuck with their employer through pay cuts and extra work during the past tumultuous year.
Employers need to listen closely. We asked those employees who intend to leave their job in the next 12 months what their employer could do to keep them. A notable 41% of respondents detailed non-cash incentives and changes that they desired, 21% wanted to be hired from contract to a full-time position or given a promotion or role change, and 19% said nothing – they were leaving their job no matter what their employer did.
What do you think of this report? On target? In a previous blog discussion it was noted that we lost much of the human element of our jobs these days. Have companies burned valuable bridges these days under the cloak of poor economy? Have companies exploited the hard times as a way to move the dial on what they offer for benefits, salary and work environment? Is it an easy out to say "all the other companies are doing it" - but is that really true? Shouldn't your company be a leader?
I remember 20 years ago when a company wanted to fight to be the leader, encouraged employees to grow and get all the training you could. What changed? Global economy? What role did our GE Jack ole boy play in this as we moved jobs oversees? What about the performance process and metrics we use today to evaluate employees - helpful? Terminate the bottom 10% of your performers - accomplishes?
I propose to you that the job market has changed, as has the job seekers. I think companies have changed, keeping in mind companies are nothing but people. So we have humans doing this to humans - the company is nothing more than people. I do think the race for global presence has changed us, the leaders that bought into Jack Welch nonsense has hurt Corporate America, and we seek to say we are a global company. We lost some vision along the way, we lost some compassion and innovation between the spreadsheet cells.
I have colleagues email me asking what they should do as a job seeker, stay or go? Find a new career? My recommendation is to find that which makes you happy, and keep in mind jobs will come and go. Family first, work to live, enjoy life and make the best of it. Stay positive, focused and worry about that which you can change. Work hard - but don't work all the time. Life is very short, and don't miss it by working around the clock.
Good luck!
Friday, June 25, 2010
Firewalls, IDS, DLP - How do we manage it all?
Companies have to address security in some form and fashion or level of degree. Many IT shops still feel we have a firewall and virus protection, good enough. Is it? Other IT shops try to do IDS, IDP, and SIEM type solutions. Are they doing them all correctly? Can they do them all?
While threats to network and information security have existed since the dawn of the information age, the complexity and scale of attacks have exploded in recent years, presenting enterprises with daunting challenges as they struggle to defend an increasingly vulnerable perimeter. With cyber crime now more lucrative, and far less risky, than the illegal drug trafficking trade, it is hardly surprising that the level of criminal talent devoted to the Internet has risen tremendously. Consequently, threat levels and attack impact have skyrocketed. For example, in just a few years, Distributed Denial-of-Service (DDoS) attacks have jumped in size from dozens to hundreds of gigabits per second — a result of increasingly sophisticated malware and growing zombie armies. That is significant changes - can you manage that?
Unfortunately, traditional perimeter defense solutions have not kept pace with the rapid growth in risk. While enterprises currently have an arsenal of threat-specific tools at their disposal, these rigid, centralized defenses do not provide the flexibility or scale necessary to combat the outsized, adaptive threats facing today’s IT infrastructure.
Cloud-based security services offer an innovative approach to helping organizations address the limitations of traditional perimeter solutions by adding a globally distributed layer of defense. This instantaneously scalable layer is designed to deliver a level of protection that is orders of magnitude greater than any centralized defense.
In addition, cloud security solutions offer unprecedented flexibility across a broad set of protective capabilities. This allows companies to leverage just-in-time defenses that help them adapt to rapidly changing risks and protect against unknowable future threats, while avoiding the costly proposition of having to correctly predict — and pay for — their security needs in advance.
The other thing I find at many companies is that we put all these security solutions in place, but we never take into account the FTE requirements to maintain, support, or operate the solution. Shelfware, that solution purchased with best intentions that eventually ended up on the shelf because we did have the resources to implement or maintain the solution. Many shops have gotten into the SIEM solution - purchasing things like EMC enVision - but never put a plan around all that data collection. What is important, what is not, and who is reviewing this data. It quickly becomes overwhelming and falls to the sidelines.
What would be wrong with putting your firewall, IDS and other security infrastructure solutions into the cloud? More so, as a managed service in the cloud, perhaps part of your MPLS solution. It is difficult to have all the necessary staff to maintain all these solutions, keep up on training and skills and ability to ensure they are configured appropriate. Use your existing staff to monitor and interact with your service provider, but really focus your staff now on clients, awareness training, data classification, and other important tasks that just don't get done.
Therefore, leave defending the perimeter to the experts, and your internal team defend the core and clients. That combination is a good recipe for success and is very manageable. We have to think big picture and new ideas! Stay engaged and stay positive!
While threats to network and information security have existed since the dawn of the information age, the complexity and scale of attacks have exploded in recent years, presenting enterprises with daunting challenges as they struggle to defend an increasingly vulnerable perimeter. With cyber crime now more lucrative, and far less risky, than the illegal drug trafficking trade, it is hardly surprising that the level of criminal talent devoted to the Internet has risen tremendously. Consequently, threat levels and attack impact have skyrocketed. For example, in just a few years, Distributed Denial-of-Service (DDoS) attacks have jumped in size from dozens to hundreds of gigabits per second — a result of increasingly sophisticated malware and growing zombie armies. That is significant changes - can you manage that?
Unfortunately, traditional perimeter defense solutions have not kept pace with the rapid growth in risk. While enterprises currently have an arsenal of threat-specific tools at their disposal, these rigid, centralized defenses do not provide the flexibility or scale necessary to combat the outsized, adaptive threats facing today’s IT infrastructure.
Cloud-based security services offer an innovative approach to helping organizations address the limitations of traditional perimeter solutions by adding a globally distributed layer of defense. This instantaneously scalable layer is designed to deliver a level of protection that is orders of magnitude greater than any centralized defense.
In addition, cloud security solutions offer unprecedented flexibility across a broad set of protective capabilities. This allows companies to leverage just-in-time defenses that help them adapt to rapidly changing risks and protect against unknowable future threats, while avoiding the costly proposition of having to correctly predict — and pay for — their security needs in advance.
The other thing I find at many companies is that we put all these security solutions in place, but we never take into account the FTE requirements to maintain, support, or operate the solution. Shelfware, that solution purchased with best intentions that eventually ended up on the shelf because we did have the resources to implement or maintain the solution. Many shops have gotten into the SIEM solution - purchasing things like EMC enVision - but never put a plan around all that data collection. What is important, what is not, and who is reviewing this data. It quickly becomes overwhelming and falls to the sidelines.
What would be wrong with putting your firewall, IDS and other security infrastructure solutions into the cloud? More so, as a managed service in the cloud, perhaps part of your MPLS solution. It is difficult to have all the necessary staff to maintain all these solutions, keep up on training and skills and ability to ensure they are configured appropriate. Use your existing staff to monitor and interact with your service provider, but really focus your staff now on clients, awareness training, data classification, and other important tasks that just don't get done.
Therefore, leave defending the perimeter to the experts, and your internal team defend the core and clients. That combination is a good recipe for success and is very manageable. We have to think big picture and new ideas! Stay engaged and stay positive!
Thursday, June 24, 2010
Banning Facebook is waste of time, Gartner says
Betty White stated on SNL that Facebook was a big waste of time. Having teenage children I find it is fun to them, a waste of time though, but also an opportunity for dad to teach them about protecting confidential information. They don't realize what they put out there is visible to the world and there to stay.
According to a Gartner Inc. social media security expert, banning Facebook, and other social networking services like LinkedIn and Twitter, is an exercise in futility. To boot, securing social media in the enterprise is not a responsibility that should fall to information security teams.
Tuesday at Gartner's Security and Risk Management Summit, research director Andrew Walls told attendees that although infosec pros may worry that social networking will lead to uncontrolled malware outbreaks, phishing, breaches of confidentiality and trade secrets, and even damage to the corporate reputation, trying to take control of, or even block its use is akin to monitoring employees' home phone calls and rifling through their postal mail.
Do you agree with that assessment? I believe if an organization wants to block direct access to these sites is can be done, but should they? Each CEO has to ask his/her self what benefit does allowing your employees access to these sites bring, or what benefit blocking them brings. At the root of it is staff productivity, and security isn't responsible for monitoring and managing the productivity of the organization - right?
Some of these same arguments exist in organizations around if employees should have access to the internet. Employees shop online at work, follow sports, and the list goes on. This again is around staff behaviors, not security. I say most viable strategy for managing social media is a governance policy that clearly defines what an enterprise wishes to control and what behaviors are expected. Ultimately, it's a communications policy, which can be enforced by security teams, but must be defined by other business groups like marketing, communications, public relations or the CEO's office.
Risk management really needs to address this topic. Clarify the ownership of the risk - you might manage it, but you're doing so on behalf of someone else. Define the deliverables, metrics … define current usage patterns. These social media networks needs to be monitored though - who is going to do that? Who is going to find what your employees are posting out there about the company, or company secrets? When you do find something out there in violation of the policy - what is the action required? I don't see many organizations that have a clear defined social networking policy for the workplace.
Do you find Facebook of value to the company? Allowing employees to have access to this media really a game changing value? Does it give you a competitive advantage? Perhaps those employees that argue the value are the biggest users of these sites?
If you don't have a written acceptable use policy for social media sites, and you manage to that policy - block them. If you don't have the means of monitoring them, if you don't have data leak prevention tools - block them. You need to have the safe guards in place before letting enterprise users go wild on Facebook. Security is a concern with these sites. Malware, viruses, identity theft, and the list goes on. I know of several friends that had their accounts compromised on Facebook, is it worth it?
Personally - I find Facebook a big waste of time.
According to a Gartner Inc. social media security expert, banning Facebook, and other social networking services like LinkedIn and Twitter, is an exercise in futility. To boot, securing social media in the enterprise is not a responsibility that should fall to information security teams.
Tuesday at Gartner's Security and Risk Management Summit, research director Andrew Walls told attendees that although infosec pros may worry that social networking will lead to uncontrolled malware outbreaks, phishing, breaches of confidentiality and trade secrets, and even damage to the corporate reputation, trying to take control of, or even block its use is akin to monitoring employees' home phone calls and rifling through their postal mail.
Do you agree with that assessment? I believe if an organization wants to block direct access to these sites is can be done, but should they? Each CEO has to ask his/her self what benefit does allowing your employees access to these sites bring, or what benefit blocking them brings. At the root of it is staff productivity, and security isn't responsible for monitoring and managing the productivity of the organization - right?
Some of these same arguments exist in organizations around if employees should have access to the internet. Employees shop online at work, follow sports, and the list goes on. This again is around staff behaviors, not security. I say most viable strategy for managing social media is a governance policy that clearly defines what an enterprise wishes to control and what behaviors are expected. Ultimately, it's a communications policy, which can be enforced by security teams, but must be defined by other business groups like marketing, communications, public relations or the CEO's office.
Risk management really needs to address this topic. Clarify the ownership of the risk - you might manage it, but you're doing so on behalf of someone else. Define the deliverables, metrics … define current usage patterns. These social media networks needs to be monitored though - who is going to do that? Who is going to find what your employees are posting out there about the company, or company secrets? When you do find something out there in violation of the policy - what is the action required? I don't see many organizations that have a clear defined social networking policy for the workplace.
Do you find Facebook of value to the company? Allowing employees to have access to this media really a game changing value? Does it give you a competitive advantage? Perhaps those employees that argue the value are the biggest users of these sites?
If you don't have a written acceptable use policy for social media sites, and you manage to that policy - block them. If you don't have the means of monitoring them, if you don't have data leak prevention tools - block them. You need to have the safe guards in place before letting enterprise users go wild on Facebook. Security is a concern with these sites. Malware, viruses, identity theft, and the list goes on. I know of several friends that had their accounts compromised on Facebook, is it worth it?
Personally - I find Facebook a big waste of time.
Wednesday, June 23, 2010
Data Deduplication Really a Big Deal?
Data deduplication is dramatically improving IT economics by minimizing storage footprint requirements, backup windows, and network bandwidth consumption in distributed enterprises and datacenter locations alike. Many vendors now have backup solutions out on the market that offer deduplication features. Worth it?
In real-world environments, deduplication is accelerating backup and recovery efficiency and driving down IT costs. The real driver is the ability to keep pace with the near doubling of storage growth annually. This growth is fueled by new applications, the proliferation of virtualization, creation of electronic document stores and document sharing, and the retention or preservation of digital records. With many budgets under pressure, the need to curb data growth is one of the top priority items - reduce capital and operating costs. From a physical perspective, many data center managers are also dealing with infrastructure concerns in terms of power, cooling, floor space and DR. Deduplication is a technology that not only aids in accelerating storage efficiency by reducing cost but also alleviates physically constrained data centers.
Deduplication also addresses challenges associated with management, backup, and network inefficiency. As data grows, there is an increasingly disproportionate relationship between the number of IT personnel and the amount of storage requiring management. Deduplication reduces the data footprint, keeping this ratio in balance. In addition, as the gap between server processing power and disk continues to widen, many companies are looking for ways to improve performance throughout their environment over a WAN, within disk storage subsystems, and across limited backup windows. Data deduplication technology can optimize available physical and virtual infrastructure by sending less data over local or remote network links. It can also improve service level response times and help meet shrinking backup windows. Deduplication also makes use of random access media, improving recovery times, data security, and reliability.
So how does it work? Data deduplication is most often associated with subfile comparison processes. This is different from single-instance storage (SIS), which compares data at the file or object level. Subfile deduplication examines a file and breaks it up into "segments". These smaller segments are then evaluated for the occurrence of redundant data content across multiple systems and locations. Deduplication is also different from compression, which reduces the footprint of a single object rather than across files or pieces of a file. Additionally, deduplication data can also be compressed for further space savings. Like a Unitrends product.
Some of the benfits of deduplication: drive down cost, improve backup and recovery, change the economics of IT, and reduce the carbon footprint. So given these benefits, it would seem it makes sense. I would recommend your due diligence on the vendor and product selection. Not all work as advertised, nor worth the investment. I would also start with your remote offices and focus on the WAN sites first and then proceed from there.
If you are still on tape for your backups, I would focus on getting to a new media first. Reliability of tape solutions is not acceptable to the enterprise, nor is the lack of security. I will have a future discussion around D2D, Tape, and D2D2D type backups. Keep checking this blog each day.
In real-world environments, deduplication is accelerating backup and recovery efficiency and driving down IT costs. The real driver is the ability to keep pace with the near doubling of storage growth annually. This growth is fueled by new applications, the proliferation of virtualization, creation of electronic document stores and document sharing, and the retention or preservation of digital records. With many budgets under pressure, the need to curb data growth is one of the top priority items - reduce capital and operating costs. From a physical perspective, many data center managers are also dealing with infrastructure concerns in terms of power, cooling, floor space and DR. Deduplication is a technology that not only aids in accelerating storage efficiency by reducing cost but also alleviates physically constrained data centers.
Deduplication also addresses challenges associated with management, backup, and network inefficiency. As data grows, there is an increasingly disproportionate relationship between the number of IT personnel and the amount of storage requiring management. Deduplication reduces the data footprint, keeping this ratio in balance. In addition, as the gap between server processing power and disk continues to widen, many companies are looking for ways to improve performance throughout their environment over a WAN, within disk storage subsystems, and across limited backup windows. Data deduplication technology can optimize available physical and virtual infrastructure by sending less data over local or remote network links. It can also improve service level response times and help meet shrinking backup windows. Deduplication also makes use of random access media, improving recovery times, data security, and reliability.
So how does it work? Data deduplication is most often associated with subfile comparison processes. This is different from single-instance storage (SIS), which compares data at the file or object level. Subfile deduplication examines a file and breaks it up into "segments". These smaller segments are then evaluated for the occurrence of redundant data content across multiple systems and locations. Deduplication is also different from compression, which reduces the footprint of a single object rather than across files or pieces of a file. Additionally, deduplication data can also be compressed for further space savings. Like a Unitrends product.
Some of the benfits of deduplication: drive down cost, improve backup and recovery, change the economics of IT, and reduce the carbon footprint. So given these benefits, it would seem it makes sense. I would recommend your due diligence on the vendor and product selection. Not all work as advertised, nor worth the investment. I would also start with your remote offices and focus on the WAN sites first and then proceed from there.
If you are still on tape for your backups, I would focus on getting to a new media first. Reliability of tape solutions is not acceptable to the enterprise, nor is the lack of security. I will have a future discussion around D2D, Tape, and D2D2D type backups. Keep checking this blog each day.
Tuesday, June 22, 2010
Data Center Blues
Many organizations are facing some serious data center blues these days. Aging facilities, overloaded electrical plant, inefficient cooling, and shortage of floor space. Executive management is now asking themselves if now is the time to build a new data center, remodel or look at other options. On top of this, is the political pressure under the “Green IT” label and that we should be good corporate citizens.
Does it make more sense to build your own data center, use a colocation center to house your gear, or lease turn-key space from a wholesale data center provider like IO Data Centers? The size of a requirement has historically been a key decision point in sorting out the economics of data center expansion. But capital, control and speed to market are also important considerations in determining the best approach, more so if we are talking a global infrastructure.
A significant number of enterprise companies still prefer to build their own data centers, usually out of a desire to control all aspects of their operation. Security is often a guiding principle for companies that build their own facilities. Many financial services firms build stand-alone data centers to ensure that their critical IT assets are not sharing space with other companies. But hasn’t security, audit and controls come far enough that this is no longer a road block?
I find that many companies that do this study ask their IT department to conduct the study. Wrong choice. I would not have anyone inside the company conduct this study, but a 3rd party. There has to be an analysis of everything from facilities, property, operations, applications, infrastructure – the list is significant. You want a bias free evaluation that is provided to executive management. Then you bring in your IT management team, business leaders and have a open and honest discussion about best approach. Cost is not always everything; you do have to look at security, disaster recovery, performance, and operations.
I would also look at revitalization of your technology in your data center. It could be enough to buy you some more time to conduct an appropriate study. Virtualize as many of your servers as you can, along with your storage. I would also aggressively go after legacy application retirement, data retention and archive your data. In addition, can you do a hybrid solution around DR infrastructure? Does it make sense to have another Exchange environment running on premise – can that be move to Microsoft? Can you use a baremetal recovery solution for better asset allocation? All good options to pursue.
One more thing – you need a solid disaster recovery plan. You need to develop your plan – a written plan. Test the plan, have a dry run of a disaster. You and your staff need to know what to do in the event of a disaster that has impacted your facility or operations. This has to be a holistic DR plan – including staff, facilities, systems, data and infrastructure. I highly recommend CPSI Inc for your DR planning and design. Start now – to late to think about it the morning after.
Data centers are expensive – and given where many of the data center providers are today, compared to just 5 years ago – it is time to really look at Buy vs Build.
Does it make more sense to build your own data center, use a colocation center to house your gear, or lease turn-key space from a wholesale data center provider like IO Data Centers? The size of a requirement has historically been a key decision point in sorting out the economics of data center expansion. But capital, control and speed to market are also important considerations in determining the best approach, more so if we are talking a global infrastructure.
A significant number of enterprise companies still prefer to build their own data centers, usually out of a desire to control all aspects of their operation. Security is often a guiding principle for companies that build their own facilities. Many financial services firms build stand-alone data centers to ensure that their critical IT assets are not sharing space with other companies. But hasn’t security, audit and controls come far enough that this is no longer a road block?
I find that many companies that do this study ask their IT department to conduct the study. Wrong choice. I would not have anyone inside the company conduct this study, but a 3rd party. There has to be an analysis of everything from facilities, property, operations, applications, infrastructure – the list is significant. You want a bias free evaluation that is provided to executive management. Then you bring in your IT management team, business leaders and have a open and honest discussion about best approach. Cost is not always everything; you do have to look at security, disaster recovery, performance, and operations.
I would also look at revitalization of your technology in your data center. It could be enough to buy you some more time to conduct an appropriate study. Virtualize as many of your servers as you can, along with your storage. I would also aggressively go after legacy application retirement, data retention and archive your data. In addition, can you do a hybrid solution around DR infrastructure? Does it make sense to have another Exchange environment running on premise – can that be move to Microsoft? Can you use a baremetal recovery solution for better asset allocation? All good options to pursue.
One more thing – you need a solid disaster recovery plan. You need to develop your plan – a written plan. Test the plan, have a dry run of a disaster. You and your staff need to know what to do in the event of a disaster that has impacted your facility or operations. This has to be a holistic DR plan – including staff, facilities, systems, data and infrastructure. I highly recommend CPSI Inc for your DR planning and design. Start now – to late to think about it the morning after.
Data centers are expensive – and given where many of the data center providers are today, compared to just 5 years ago – it is time to really look at Buy vs Build.
Monday, June 21, 2010
HealthCare - Secure?
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted by the U.S. Congress in 1996. How serious have we taken the HIPAA regulations, and just basic IT security best practice?
Let me tell you about some of my recent experiences with a healthcare organization here in Wisconsin. Upon arrival to the hospital, I noticed good physical security, parking lot cameras, controlled entry, and was impressed. Walking in the door and down the hall, that impression quickly changed to shock. I immediately noticed wireless access points hanging from the hall ceilings about 30 feet apart all the way to our destination. What is more shocking is the fact someone did a really good job with the label maker. I saw the IP address, MAC, and other important information – labeled on each access point. Interesting I thought. Perhaps would be best to put these items above the ceiling tile.
We arrived to our destination, and we had to sit down with registration and check in. The employee at the registration desk was typing away on the computer and asked us to wait a few minutes, she is just finishing up another patient. Ok, I’m not in a big hurry, it is 6am, so we can sit here and wait. Keep in mind she is sitting so that I am facing her right hand side, and the computer is to my right facing her. I can not only read everything on the monitor, the paperwork on the desk right in front of us is very readable. So I am thinking to myself, that is clearly a HIPAA violation. I am reading all this patient information. Upon her completion and getting to us, I mentioned this to her, and to my surprise she got up and got me a brochure on HIPAA and told me that they have a privacy policy. Ok, policy but no practice?
One more story, we had a follow up visit to the doctor’s office, part of this same organization, and waiting to check in the nurse sitting at the reception desk is talking to a patient on the phone. What was shocking was that she is confirming information with the patient on the phone – name, SSN, DOB, address, doctor, last visit, and talking about a prescription and symptoms and so forth. I learned a great deal about the patient just standing there listening. I am thinking to myself, why not take this call or make this call from a private office and not in the lobby with 12-15 patients sitting in the waiting room listening to the same stuff I am. I followed up that same day with a letter to the privacy officer and to date, have not gotten a reply. Is this unique to this organization? Probably not.
Security, privacy and controls are essential to HealthCare more today than just a few years ago. Electronic medical records, patient access to their records, online prescriptions and the list goes on, puts these organizations at a clear crossroads. Security has to take a high priority in these organizations, and additional resources.
I have had the distinct pleasure to see Cencio Solutions Corporation (www.cenciocorp.com) in action on data leak monitoring, forensics and response to events. My opinion is that every HealthCare organization needs to be a customer to this group. There is an immediate need to monitor patient records, data movement, and usage. In addition, in the even something does happen – how will you respond? Forensic Services is an essential component to any enterprise security framework, and having this group available to you is key. A holistic approach to security includes a comprehensive framework that includes several categories, some of them being privacy, data protection, and a response team. Develop your framework, communicate it and test against it. Remember - you are responsible for your security.
Good luck!
Let me tell you about some of my recent experiences with a healthcare organization here in Wisconsin. Upon arrival to the hospital, I noticed good physical security, parking lot cameras, controlled entry, and was impressed. Walking in the door and down the hall, that impression quickly changed to shock. I immediately noticed wireless access points hanging from the hall ceilings about 30 feet apart all the way to our destination. What is more shocking is the fact someone did a really good job with the label maker. I saw the IP address, MAC, and other important information – labeled on each access point. Interesting I thought. Perhaps would be best to put these items above the ceiling tile.
We arrived to our destination, and we had to sit down with registration and check in. The employee at the registration desk was typing away on the computer and asked us to wait a few minutes, she is just finishing up another patient. Ok, I’m not in a big hurry, it is 6am, so we can sit here and wait. Keep in mind she is sitting so that I am facing her right hand side, and the computer is to my right facing her. I can not only read everything on the monitor, the paperwork on the desk right in front of us is very readable. So I am thinking to myself, that is clearly a HIPAA violation. I am reading all this patient information. Upon her completion and getting to us, I mentioned this to her, and to my surprise she got up and got me a brochure on HIPAA and told me that they have a privacy policy. Ok, policy but no practice?
One more story, we had a follow up visit to the doctor’s office, part of this same organization, and waiting to check in the nurse sitting at the reception desk is talking to a patient on the phone. What was shocking was that she is confirming information with the patient on the phone – name, SSN, DOB, address, doctor, last visit, and talking about a prescription and symptoms and so forth. I learned a great deal about the patient just standing there listening. I am thinking to myself, why not take this call or make this call from a private office and not in the lobby with 12-15 patients sitting in the waiting room listening to the same stuff I am. I followed up that same day with a letter to the privacy officer and to date, have not gotten a reply. Is this unique to this organization? Probably not.
Security, privacy and controls are essential to HealthCare more today than just a few years ago. Electronic medical records, patient access to their records, online prescriptions and the list goes on, puts these organizations at a clear crossroads. Security has to take a high priority in these organizations, and additional resources.
I have had the distinct pleasure to see Cencio Solutions Corporation (www.cenciocorp.com) in action on data leak monitoring, forensics and response to events. My opinion is that every HealthCare organization needs to be a customer to this group. There is an immediate need to monitor patient records, data movement, and usage. In addition, in the even something does happen – how will you respond? Forensic Services is an essential component to any enterprise security framework, and having this group available to you is key. A holistic approach to security includes a comprehensive framework that includes several categories, some of them being privacy, data protection, and a response team. Develop your framework, communicate it and test against it. Remember - you are responsible for your security.
Good luck!
Friday, June 18, 2010
Private Cloud
We all have heard by now about Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service, and so on. The discussions around all of this is external clouds, external service providers and moving off premise. Should organizations look to have an internal cloud? What is the private cloud?
There are several drivers to this new phenomenon, and a couple are: costs, speed to implement and a pay as you go mentality. Companies almost always consider software as a service (SaaS) as a cost-advantage over on-premise in the short run due to its quick implementation times and pay-as-you-go pricing. But many companies are starting to question the long-term value of SaaS, wondering if the rent versus own model necessarily has a cost crossover point and if so, when? As SaaS continues to move into a broader range of applications and into larger, more strategic deployments, you should examine your long-term value with SaaS solutions.
Many publications, authors, and professionals seek to explain the private cloud is nothing more than the internal IT department competing with external service providers. In addition, there are others that explain the private cloud nothing more than virtualization. But is it really? Isn’t virtualization a component of a enterprise private cloud? To answer that we need to clearly define what a private cloud is.
Private cloud (also called internal cloud or corporate cloud) is a marketing term for a proprietary computing architecture that provides hosted services to enterprise users that sit behind a firewall.
Advances in virtualization and distributed computing have allowed corporate network and datacenter administrators to effectively become service providers that meet the needs of their "customers" within the corporation.
What Makes the Private Cloud Different?
• IT is built differently
– e.g. pooled architectures, service orientation
• IT is consumed differently
– variable consumption, expectations of infinite capacity
• IT is run differently
– low-touch administration
• IT is governed differently
– traditional methods of IT control will no longer work
• IT organization will evolve
– roles, required skills and organizations need to support the new technologies, processes, governance and usage behaviors
Deploying Cloud Computing internally is really a technical, culture and delivery change. Rather than running Web-based and rich client applications over the Internet, a private cloud employs cloud computing within a company's own local or wide area networks. The term implies that the same virtualization and highly flexible and scalable methods used in huge Internet-based data centers are also used in the private clouds in the enterprise. Thus the thoughts around internally competing for the business IT needs.
To me, Private Cloud really encompasses the following key components:
• Application Delivery Strategy
• Virtualization Strategy
• Self Service Strategy
• Auto Provisioning Strategy
• Asset Resource Strategy ( Server Pools, SVC Storage Controllers)
• Dynamic Infrastructure Delivery Strategy
• Management Dashboards, Reports
• Performance and Capacity Management
• Governance
The goal would be to allow the business go to a intranet page and request the IT Assets they need to support a given application, or business capability. This self service would kick off some provisioning, work flows (like approvals, notifications) and resource allocations. The challenge is to maintain a controlled environment, communications and allocation follow ups. I hear many times from CTO colleagues that assets remain allocated beyond the need or use, and the business never reports back the release of the asset. There needs to be a periodic review of the need, usage and performance.
I would also leverage the virtualization investment many companies have made with VMWare and utilize many of the tools they have to meet this objective. In addition, EMC has some great Private Cloud technologies and designs. Don’t try to re-invent the wheel here, but this is early adopter technology and there are some leaders out there doing the right things.
One more suggestion, don’t fight the business on Cloud Computing, it will only build walls between IT and the business. Take the initiative to start the discussions and offer to help them look for the solutions they desire and point out service provider security risks, disaster recovery challenges, and short falls in a constructive manner. Be the leader and put forth a team approach to the topic and see what the business capabilities the business seeks, and how IT can deliver all or part of a technology to support that capability requirement. Good Luck!
There are several drivers to this new phenomenon, and a couple are: costs, speed to implement and a pay as you go mentality. Companies almost always consider software as a service (SaaS) as a cost-advantage over on-premise in the short run due to its quick implementation times and pay-as-you-go pricing. But many companies are starting to question the long-term value of SaaS, wondering if the rent versus own model necessarily has a cost crossover point and if so, when? As SaaS continues to move into a broader range of applications and into larger, more strategic deployments, you should examine your long-term value with SaaS solutions.
Many publications, authors, and professionals seek to explain the private cloud is nothing more than the internal IT department competing with external service providers. In addition, there are others that explain the private cloud nothing more than virtualization. But is it really? Isn’t virtualization a component of a enterprise private cloud? To answer that we need to clearly define what a private cloud is.
Private cloud (also called internal cloud or corporate cloud) is a marketing term for a proprietary computing architecture that provides hosted services to enterprise users that sit behind a firewall.
Advances in virtualization and distributed computing have allowed corporate network and datacenter administrators to effectively become service providers that meet the needs of their "customers" within the corporation.
What Makes the Private Cloud Different?
• IT is built differently
– e.g. pooled architectures, service orientation
• IT is consumed differently
– variable consumption, expectations of infinite capacity
• IT is run differently
– low-touch administration
• IT is governed differently
– traditional methods of IT control will no longer work
• IT organization will evolve
– roles, required skills and organizations need to support the new technologies, processes, governance and usage behaviors
Deploying Cloud Computing internally is really a technical, culture and delivery change. Rather than running Web-based and rich client applications over the Internet, a private cloud employs cloud computing within a company's own local or wide area networks. The term implies that the same virtualization and highly flexible and scalable methods used in huge Internet-based data centers are also used in the private clouds in the enterprise. Thus the thoughts around internally competing for the business IT needs.
To me, Private Cloud really encompasses the following key components:
• Application Delivery Strategy
• Virtualization Strategy
• Self Service Strategy
• Auto Provisioning Strategy
• Asset Resource Strategy ( Server Pools, SVC Storage Controllers)
• Dynamic Infrastructure Delivery Strategy
• Management Dashboards, Reports
• Performance and Capacity Management
• Governance
The goal would be to allow the business go to a intranet page and request the IT Assets they need to support a given application, or business capability. This self service would kick off some provisioning, work flows (like approvals, notifications) and resource allocations. The challenge is to maintain a controlled environment, communications and allocation follow ups. I hear many times from CTO colleagues that assets remain allocated beyond the need or use, and the business never reports back the release of the asset. There needs to be a periodic review of the need, usage and performance.
I would also leverage the virtualization investment many companies have made with VMWare and utilize many of the tools they have to meet this objective. In addition, EMC has some great Private Cloud technologies and designs. Don’t try to re-invent the wheel here, but this is early adopter technology and there are some leaders out there doing the right things.
One more suggestion, don’t fight the business on Cloud Computing, it will only build walls between IT and the business. Take the initiative to start the discussions and offer to help them look for the solutions they desire and point out service provider security risks, disaster recovery challenges, and short falls in a constructive manner. Be the leader and put forth a team approach to the topic and see what the business capabilities the business seeks, and how IT can deliver all or part of a technology to support that capability requirement. Good Luck!
Thursday, June 17, 2010
Fireside Chat - June 2010
Over the past few years I have been asked a few times for my opinion on why management and culture at many companies has changed. Have the organizations gotten colder? Has the economics played a role in that?
When was the last time your manager took you to lunch and asked for your input? Showed genuine concern for your well being and happiness? Took interest in your career and your goals or dreams? May be not in a long time, but probably not ever. Wonder why? Have we lost that human touch to our management styles? Has everyone signed up for management by spreadsheet?
I always put forth an effort to take staff members offsite to have a lunch, in a relaxed, neutral environment. Why? Many times companies say we can’t afford that – but really? If you take the time to really listen to your staff, and not just words, but body language, frustrations and habit changes – you can take action to correct that which is wrong and keep your staff engaged and happy to return to work each day. I find many managers in organizations today don’t like confrontation. Whether it is good or bad confrontation, it is easier to use email, and a spreadsheet to meet their objectives than it is to walk the floor, go to lunch or have a staff meeting. When was the last time your manager came by your cube and said hi or thanked you for coming in today? Everyone is so busy in meetings, dealing with issues or problems that we forget to maintain some of our key assets – you.
Management by spreadsheet is running wild in Corporate America these days. What is that you ask? We put everything in our Excel spreadsheets, staff counts, performance metrics, budget, financial reports, and task lists. Not a bad thing, it is a great tool, but it is just that, a tool. It is one dimension, doesn’t not tell the entire picture. You need a holistic approach to financials, not just focused on that bottom number in the column. Making changes to all those cells along the way to that bottom number has an impact. An impact to some part of the organization, staff, tools, education, lost opportunity, or an increase to another side of the equation. It is essential to get all the aspects into perspective before making a management decision based off a spreadsheet equation. I propose to you, that if we engage staff, managers and external sources into some of our key decisions, we can have a 360 degree view of the impact – positive or negative. Put the spreadsheet aside, talk, listen and engage – only then can you have buy in to whatever decision you need to make.
Furthermore, it is essential to remember that every name on that spreadsheet is a person, an employee, a member of the community, perhaps a family man, a dad, a husband, a son, a wife, a daughter. You should never take that lightly. Whatever decision you make off your staff spreadsheet impacts many people. Remind yourself the name in that cell is a face, a person. Many times in management roles we have to make difficult decisions and perform difficult actions. Do it with dignity, professionalism and as a human first and a manager second. Sit down with the person, and discuss and in person please. Good news or bad news – do it face to face.
Economics has had an impact on the many actions corporations have had to make. That does not mean we let them off easy, because bottom line is that public companies are driven by stockholders. Stockholders vision many times is short time greed, so we chase bad decisions to make the quarter numbers look good for the sake of others. If a corporation reported we are taking bad performance numbers for the next 3 quarters because we are going to invest in our future technology – we are calling for the CEO’s job. We have corporations laying off staff, cutting positions, and taking away benefits because our quarter numbers will not look that good – we need 45% profit or better. Not that they are in the hole or losing money, but we have to play the numbers game. Be careful with this roller coaster!
I say to you that we do have managers in positions that may not be prepared or qualified to be in. Many of them have not had training or leadership development, others have no interest to be in the position. We can all be leaders, a management title doesn’t make you a leader, so take a look to see how you can have a positive impact on your team, department or company.
Stay positive, develop your skills, and make a difference!
When was the last time your manager took you to lunch and asked for your input? Showed genuine concern for your well being and happiness? Took interest in your career and your goals or dreams? May be not in a long time, but probably not ever. Wonder why? Have we lost that human touch to our management styles? Has everyone signed up for management by spreadsheet?
I always put forth an effort to take staff members offsite to have a lunch, in a relaxed, neutral environment. Why? Many times companies say we can’t afford that – but really? If you take the time to really listen to your staff, and not just words, but body language, frustrations and habit changes – you can take action to correct that which is wrong and keep your staff engaged and happy to return to work each day. I find many managers in organizations today don’t like confrontation. Whether it is good or bad confrontation, it is easier to use email, and a spreadsheet to meet their objectives than it is to walk the floor, go to lunch or have a staff meeting. When was the last time your manager came by your cube and said hi or thanked you for coming in today? Everyone is so busy in meetings, dealing with issues or problems that we forget to maintain some of our key assets – you.
Management by spreadsheet is running wild in Corporate America these days. What is that you ask? We put everything in our Excel spreadsheets, staff counts, performance metrics, budget, financial reports, and task lists. Not a bad thing, it is a great tool, but it is just that, a tool. It is one dimension, doesn’t not tell the entire picture. You need a holistic approach to financials, not just focused on that bottom number in the column. Making changes to all those cells along the way to that bottom number has an impact. An impact to some part of the organization, staff, tools, education, lost opportunity, or an increase to another side of the equation. It is essential to get all the aspects into perspective before making a management decision based off a spreadsheet equation. I propose to you, that if we engage staff, managers and external sources into some of our key decisions, we can have a 360 degree view of the impact – positive or negative. Put the spreadsheet aside, talk, listen and engage – only then can you have buy in to whatever decision you need to make.
Furthermore, it is essential to remember that every name on that spreadsheet is a person, an employee, a member of the community, perhaps a family man, a dad, a husband, a son, a wife, a daughter. You should never take that lightly. Whatever decision you make off your staff spreadsheet impacts many people. Remind yourself the name in that cell is a face, a person. Many times in management roles we have to make difficult decisions and perform difficult actions. Do it with dignity, professionalism and as a human first and a manager second. Sit down with the person, and discuss and in person please. Good news or bad news – do it face to face.
Economics has had an impact on the many actions corporations have had to make. That does not mean we let them off easy, because bottom line is that public companies are driven by stockholders. Stockholders vision many times is short time greed, so we chase bad decisions to make the quarter numbers look good for the sake of others. If a corporation reported we are taking bad performance numbers for the next 3 quarters because we are going to invest in our future technology – we are calling for the CEO’s job. We have corporations laying off staff, cutting positions, and taking away benefits because our quarter numbers will not look that good – we need 45% profit or better. Not that they are in the hole or losing money, but we have to play the numbers game. Be careful with this roller coaster!
I say to you that we do have managers in positions that may not be prepared or qualified to be in. Many of them have not had training or leadership development, others have no interest to be in the position. We can all be leaders, a management title doesn’t make you a leader, so take a look to see how you can have a positive impact on your team, department or company.
Stay positive, develop your skills, and make a difference!
Wednesday, June 16, 2010
Cisco VoIP & Telepresence - a Leader?
There is a lot of depate over Cisco's ability to deliver a solid voice solution to the enterprise. They don't have the PBX touch, feel or history, like an Avaya. While that maybe true, that is not all bad. Have a voice solution that is network aware is a better fit for many organizations. In addition, Cisco Call Manager has come a long way. Plus the telepresence technology is very good.
Let's look at some important points:
1. Cisco MXE. The MXE is a media transformation engine that allows you to format content to fit any glass. If I want to watch a recording of the company leaders I can view on a laptop or an iPhone. The MXE also adds written transcript to video sessions. If the video is two hours long but I just want to hear about a specific section I can search the transcript for a keyword and jump to that in the video. For corporate communications - impressive technology.
2. I know Cisco TPx is perceived as proprietary but that’s absolutely false. You should keep your existing Video Systems and when appropriate use TPx (telepresence) along with Cisco CUVA for integration to traditional Polycom and Tandberg systems. Start out with a small solution and grow into it. It is a significant investment, make sure the organization is going to utilize it and get the benefits.
3. I fully understand the investment in Avaya with many organizations. With the addition of Nortel one should expect some changes but the key to me is Microsoft integration. How will your existing systems integrate with the Microsoft investment you have. Cisco Telephony integrates very nicely and partners with Microsoft. If you have Cisco Call control you open up capabilities for integration to MOC as the softphone on the desktop and focal point for Presence. You can use Microsoft Exchange as the voicemail box with Cisco Call Control. Sharepoint is great internal sharing mechanism but doesn’t work external. WebEx should be considered for Interwise replacement and integration into Outlook for one click external meetings and collaboration. Cisco UC has a deep portfolio for SIP trunking to the carriers which will reduce PSTN costs at the remote facilities and utilize the MPLS network many companies are moving towards. Leverage your MS investment and toolsets that the users already use and know.
4. Building the network correctly will allow many companies to leverage the network and Call control to have single number reach, presence, location tracking, content recording, distribution and playback to any end point. I can use Cisco TPx to record a session and publish it out via DMS, Cisco Show and Share or placed in Sharepoint for viewing later. Proper design will help transform your company and allow them to drop barriers to collaboration, innovation and teamwork.
Take a second look at Cisco for your many voice, video and collaboration needs. They truly are a leader in this space.
Let's look at some important points:
1. Cisco MXE. The MXE is a media transformation engine that allows you to format content to fit any glass. If I want to watch a recording of the company leaders I can view on a laptop or an iPhone. The MXE also adds written transcript to video sessions. If the video is two hours long but I just want to hear about a specific section I can search the transcript for a keyword and jump to that in the video. For corporate communications - impressive technology.
2. I know Cisco TPx is perceived as proprietary but that’s absolutely false. You should keep your existing Video Systems and when appropriate use TPx (telepresence) along with Cisco CUVA for integration to traditional Polycom and Tandberg systems. Start out with a small solution and grow into it. It is a significant investment, make sure the organization is going to utilize it and get the benefits.
3. I fully understand the investment in Avaya with many organizations. With the addition of Nortel one should expect some changes but the key to me is Microsoft integration. How will your existing systems integrate with the Microsoft investment you have. Cisco Telephony integrates very nicely and partners with Microsoft. If you have Cisco Call control you open up capabilities for integration to MOC as the softphone on the desktop and focal point for Presence. You can use Microsoft Exchange as the voicemail box with Cisco Call Control. Sharepoint is great internal sharing mechanism but doesn’t work external. WebEx should be considered for Interwise replacement and integration into Outlook for one click external meetings and collaboration. Cisco UC has a deep portfolio for SIP trunking to the carriers which will reduce PSTN costs at the remote facilities and utilize the MPLS network many companies are moving towards. Leverage your MS investment and toolsets that the users already use and know.
4. Building the network correctly will allow many companies to leverage the network and Call control to have single number reach, presence, location tracking, content recording, distribution and playback to any end point. I can use Cisco TPx to record a session and publish it out via DMS, Cisco Show and Share or placed in Sharepoint for viewing later. Proper design will help transform your company and allow them to drop barriers to collaboration, innovation and teamwork.
Take a second look at Cisco for your many voice, video and collaboration needs. They truly are a leader in this space.
Tuesday, June 15, 2010
Google -vs- Microsoft
I am asked all the time my opinion on Google apps versus Microsoft Office Suite. I have to tell you, I like MS Office 2010. Has come a long way. There are many shops crying about the ongoing costs, but need the feature/function. Consider Microsoft can move these business critical workloads to the cloud (re: reduce TCO and complexity, evergreen by providing new versions w/in 60 days of release), provide cost sensitive services to “deskless workers” (re: shop floor workers), why in the world would you even consider Google. MS BPOS (in the cloud Exchange, SharePoint, and OCS) offering along with a blend of deskless worker SKU (re: browser delivered messaging, collaboration, and UC), MS is VERY cost competitive with Google. Also, they are not stopping the innovation train as it pertains to the Office suite/client. New stuff coming is very exciting!
Here are ten things to tell them before they bet the business on Google Apps:
1. Google Docs doesn’t preserve all document formatting.
Google claims to support industry standards for document formatting, but when users upload documents, Google converts all content to HTML. As a result, basic formatting such as font types and document layout are permanently altered. What’s more, the experience changes for every browser Google supports.
Did you know? Office Web Applications preserve all of a document’s layout and graphics—including complex watermarks—so users can be confident that document formatting will remain intact.
2. Mobile device users will lose valuable functionality.
Google licenses Microsoft technology but doesn’t fully implement it. For example, Google has not fully implemented core ActiveSync features such as e-mail synchronization. As a result, users won’t have all content available on their mobile devices, and security policies can’t be consistently enforced and deployed.
Did you know? ActiveSync works great with Exchange, so users can have confidence that the data on their PCs will match the data on their mobile devices. Setup and deployment is consistent for everyone.
3. Google Docs misses on the basics.
Google Docs lacks basic functions such as Cut/Copy/Paste across applications; automatic spell-check; protection of cells, sheets, and workbooks; picture editing; offline editing; grammar check; review/track changes; and many more. Customers should ask whether they can ‟close the books” using Google Spreadsheets, or whether Google Presentations will help the Sales Department outshine the competition.
Did you know? 20% of user clicks in Office are Cut/Copy/Paste? Office Web Apps extends the rich Office desktop experience to the cloud, so users can continue working in the same way they always have.
4. Google Apps requires a fast, consistent connection to be useful.
Using Google Apps offline is like a view-only experience. Users working offline can’t create new documents or calendar appointments, edit spreadsheets or presentations, or access contacts or tasks.
Did you know? Office 2010, which includes Office Web Apps, provides a rich experience regardless of Internet connectivity.
5. Google Apps doesn’t support Information Rights Management.
Without Information Rights Management, users can’t specify what recipients can do with e-mail or documents, such as ‟don’t forward” or ‟view only.” As a result, sensitive or private information can be leaked or inadvertently shared.
Did you know? Office provides rich support for Digital Signatures, Information Rights Management, and advanced security policies to help secure both personal data and corporate assets.
6. Google’s support model and service-level agreement are not enterprise-ready.
End users must get help through user groups and forums. Phone support for Google Apps is limited to one administrator, who may wait up to 48 hours for assistance. Also, Google claims to have a financially-backed service-level agreement (SLA), when in reality it’s based on credits. If customers are down for two hours, Google provides an extra hour of service. Also, Google releases the majority of new features to Google Labs, which isn’t covered by the Google Apps SLA—a way of pushing risk onto the customer to ‟see what sticks.”
Did you know? As of November 2009, Google Apps has experienced service outages in 8 of the past 13 months. Microsoft Online provides a 24x7, 99.9% SLA that is financially backed. If MS doesn't meet their uptime commitment, they refund the customer’s money.
7. Google Apps does not fully support Outlook.
Google says they support Outlook trough MAPI, but it’s a minimal implementation so many Outlook features don’t work. Assistants can’t delegate Inboxes, and Follow-up flags set in Outlook will not appear in Google Apps. Public Folders and Distribution Lists aren’t supported, and Calendar Sharing, calendar attachments, optional attendees, multiple calendars, and accepting new meeting time proposals don’t work.
Did you know? Regardless of whether a customer uses Exchange or Exchange Online, Outlook will work as intended.
8. Security and compliance is questionable.
With Google Apps, Secure Sockets Layer (SSL) is turned off by default for all users. Also, Google won’t tell you where the data resides, which presents regulatory and compliance issues related to data location and privacy.
Did you know? More than 40 security experts have issued an open letter to Google’s CEO about this. Privacy watchdog groups have demonstrated how ‘auto save’ and Chrome create increased risks.
9. Google Apps overcharges for basic users and underdelivers for power users.
As a single offering, Google Apps isn’t tailored to the needs of information workers or task-based workers. For example, task workers who don’t need IM and 25GB inboxes are better served by MS Online Deskless Worker Suite, which costs about 40% less than Google Apps. And because of its limited functionality, Google Apps isn’t rich enough to meet the needs of information workers.
Did you know? The MS Online Suite with Office includes SKUs designed for both information workers and task workers, enabling companies to pay for only those features that each type of worker needs.
10. Google Apps doesn’t provide the tools and flexibility to manage risk.
Google Apps has one policy for all users. Administrators have no way to access or control user data in case of termination, inappropriate content, HR/legal issues, and so on. Similarly, Google Apps does not support data retention policies or provide tools to help ensure compliance with regulations and/or internal policies.
Did you know? With MS Online, Administrators have the tools and flexibility to manage business risk—for example, they can set data retention policies, mailbox sizes, and custom filtering for different groups of users.
I don't think Google Apps is ready for the enterprise, nor a repalcement for MS Office Suite.
Here are ten things to tell them before they bet the business on Google Apps:
1. Google Docs doesn’t preserve all document formatting.
Google claims to support industry standards for document formatting, but when users upload documents, Google converts all content to HTML. As a result, basic formatting such as font types and document layout are permanently altered. What’s more, the experience changes for every browser Google supports.
Did you know? Office Web Applications preserve all of a document’s layout and graphics—including complex watermarks—so users can be confident that document formatting will remain intact.
2. Mobile device users will lose valuable functionality.
Google licenses Microsoft technology but doesn’t fully implement it. For example, Google has not fully implemented core ActiveSync features such as e-mail synchronization. As a result, users won’t have all content available on their mobile devices, and security policies can’t be consistently enforced and deployed.
Did you know? ActiveSync works great with Exchange, so users can have confidence that the data on their PCs will match the data on their mobile devices. Setup and deployment is consistent for everyone.
3. Google Docs misses on the basics.
Google Docs lacks basic functions such as Cut/Copy/Paste across applications; automatic spell-check; protection of cells, sheets, and workbooks; picture editing; offline editing; grammar check; review/track changes; and many more. Customers should ask whether they can ‟close the books” using Google Spreadsheets, or whether Google Presentations will help the Sales Department outshine the competition.
Did you know? 20% of user clicks in Office are Cut/Copy/Paste? Office Web Apps extends the rich Office desktop experience to the cloud, so users can continue working in the same way they always have.
4. Google Apps requires a fast, consistent connection to be useful.
Using Google Apps offline is like a view-only experience. Users working offline can’t create new documents or calendar appointments, edit spreadsheets or presentations, or access contacts or tasks.
Did you know? Office 2010, which includes Office Web Apps, provides a rich experience regardless of Internet connectivity.
5. Google Apps doesn’t support Information Rights Management.
Without Information Rights Management, users can’t specify what recipients can do with e-mail or documents, such as ‟don’t forward” or ‟view only.” As a result, sensitive or private information can be leaked or inadvertently shared.
Did you know? Office provides rich support for Digital Signatures, Information Rights Management, and advanced security policies to help secure both personal data and corporate assets.
6. Google’s support model and service-level agreement are not enterprise-ready.
End users must get help through user groups and forums. Phone support for Google Apps is limited to one administrator, who may wait up to 48 hours for assistance. Also, Google claims to have a financially-backed service-level agreement (SLA), when in reality it’s based on credits. If customers are down for two hours, Google provides an extra hour of service. Also, Google releases the majority of new features to Google Labs, which isn’t covered by the Google Apps SLA—a way of pushing risk onto the customer to ‟see what sticks.”
Did you know? As of November 2009, Google Apps has experienced service outages in 8 of the past 13 months. Microsoft Online provides a 24x7, 99.9% SLA that is financially backed. If MS doesn't meet their uptime commitment, they refund the customer’s money.
7. Google Apps does not fully support Outlook.
Google says they support Outlook trough MAPI, but it’s a minimal implementation so many Outlook features don’t work. Assistants can’t delegate Inboxes, and Follow-up flags set in Outlook will not appear in Google Apps. Public Folders and Distribution Lists aren’t supported, and Calendar Sharing, calendar attachments, optional attendees, multiple calendars, and accepting new meeting time proposals don’t work.
Did you know? Regardless of whether a customer uses Exchange or Exchange Online, Outlook will work as intended.
8. Security and compliance is questionable.
With Google Apps, Secure Sockets Layer (SSL) is turned off by default for all users. Also, Google won’t tell you where the data resides, which presents regulatory and compliance issues related to data location and privacy.
Did you know? More than 40 security experts have issued an open letter to Google’s CEO about this. Privacy watchdog groups have demonstrated how ‘auto save’ and Chrome create increased risks.
9. Google Apps overcharges for basic users and underdelivers for power users.
As a single offering, Google Apps isn’t tailored to the needs of information workers or task-based workers. For example, task workers who don’t need IM and 25GB inboxes are better served by MS Online Deskless Worker Suite, which costs about 40% less than Google Apps. And because of its limited functionality, Google Apps isn’t rich enough to meet the needs of information workers.
Did you know? The MS Online Suite with Office includes SKUs designed for both information workers and task workers, enabling companies to pay for only those features that each type of worker needs.
10. Google Apps doesn’t provide the tools and flexibility to manage risk.
Google Apps has one policy for all users. Administrators have no way to access or control user data in case of termination, inappropriate content, HR/legal issues, and so on. Similarly, Google Apps does not support data retention policies or provide tools to help ensure compliance with regulations and/or internal policies.
Did you know? With MS Online, Administrators have the tools and flexibility to manage business risk—for example, they can set data retention policies, mailbox sizes, and custom filtering for different groups of users.
I don't think Google Apps is ready for the enterprise, nor a repalcement for MS Office Suite.
Monday, June 14, 2010
Data Leak Prevention - Worth The Hassle?
Do you feel data leak prevention and monitoring is worth the hassle? What about web based mail and social sites being allowed access from your work place? Appropriate?
The Role of the Network in Cloud-based Service Delivery
Cloud computing has generated intense excitement and buzz in the IT industry over the last few years, being touted as a new IT/application service delivery model that will dramatically transform IT procurement and consumption practices by providing scalable and dynamic "buy vs. build" access to infrastructure and applications. Enterprises are beginning to seriously explore adoption of cloud-based models for a range of IT infrastructure, business applications, and corporate communications functions. However, the network -- an element key to the success of enterprise cloud strategies -- quite often gets overlooked amid the talk about servers, storage, and software-as-a-service. Do we have a network design, performance, and redundancy to support these initiatives?
My opinion is that the CIO needs to be at the table with the business leaders when discussing procurement of cloud-based services outside of IT. Governance is still a requirement and can not be viewed as a way to bypass IT to get what the business wants. There is still a need for a solid, secure, reliable and appropriate network to deliver Cloud-based Services.
My opinion is that the CIO needs to be at the table with the business leaders when discussing procurement of cloud-based services outside of IT. Governance is still a requirement and can not be viewed as a way to bypass IT to get what the business wants. There is still a need for a solid, secure, reliable and appropriate network to deliver Cloud-based Services.
How to enforce your email signature policy?
There are ways through Exchange group policy, what about the organizations that have hybrid systems? We have visited several companies that use their own login scripts and batch files to generate their branded corporate signatures. However there are always caveats to a home grown solutions, such as UNICODE compliance for world wide offices, additional imagary or qualification lines, different office addresses/contact details, etc to take into consideration.
This business critical issue is sometimes not given the time it deserves but you should consider that email from your staff will be seen by everyone (including clients and peers) so enforcing your email signature policy should probably be up there with the enforcement of your email policy.
I would recommend a relativley inexpensive tool allowing you to take control of your email signatures centrally whilst being flexible enough for for individuals to add their own "approved" touches.
The tool allows you to generate unicode compliant plain text, rtf and html signatures which can be managed centrally.
Check this site out:
http://www.iphelion.com/Product/SignatureCreator.aspx
This business critical issue is sometimes not given the time it deserves but you should consider that email from your staff will be seen by everyone (including clients and peers) so enforcing your email signature policy should probably be up there with the enforcement of your email policy.
I would recommend a relativley inexpensive tool allowing you to take control of your email signatures centrally whilst being flexible enough for for individuals to add their own "approved" touches.
The tool allows you to generate unicode compliant plain text, rtf and html signatures which can be managed centrally.
Check this site out:
http://www.iphelion.com/Product/SignatureCreator.aspx
What is your organization doing for Data Protection & Rapid Recovery Compliance?
What is your organization doing for Data Protection & Rapid Recovery Compliance?
While the largest firms can afford to invest in redundant data centers, real-time failover technologies, and the staff to support them, these approaches are impractical (and the investments unaffordable) for most businesses. So the vast majority of firms have been left with laborious, sequential rebuilding of failed servers after a crash. Hardware repair or replacement is followed by reinstallation of the OS, patches and updates, and each critical application. System settings, registry entries, and passwords all must be configured to the prior state. Only then—typically a day or more after the failure—can recovery of user data from backup tapes or disk archives begin.
Further, an increasing number of organizations now use different operating systems (Windows, Linux, Solaris, Novell, Macintosh, etc.) within their IT infrastructure. In these environments, the complexity and time required for full recovery grows dramatically. Seldom if ever is a business back to normal functionality in an acceptable timeframe. With e-commerce and Web-based customer connections exploding, these historical approaches simply won’t deliver acceptable recovery any longer.
You may have regulatory and compliance requirements around your data protection, and the ability to recover. What is your plan?
While the largest firms can afford to invest in redundant data centers, real-time failover technologies, and the staff to support them, these approaches are impractical (and the investments unaffordable) for most businesses. So the vast majority of firms have been left with laborious, sequential rebuilding of failed servers after a crash. Hardware repair or replacement is followed by reinstallation of the OS, patches and updates, and each critical application. System settings, registry entries, and passwords all must be configured to the prior state. Only then—typically a day or more after the failure—can recovery of user data from backup tapes or disk archives begin.
Further, an increasing number of organizations now use different operating systems (Windows, Linux, Solaris, Novell, Macintosh, etc.) within their IT infrastructure. In these environments, the complexity and time required for full recovery grows dramatically. Seldom if ever is a business back to normal functionality in an acceptable timeframe. With e-commerce and Web-based customer connections exploding, these historical approaches simply won’t deliver acceptable recovery any longer.
You may have regulatory and compliance requirements around your data protection, and the ability to recover. What is your plan?
Subscribe to:
Posts (Atom)