Healthcare CIOs: At The Crossroads

In the course of my role here at EMC, I meet plenty of IT leadership teams that are in the throes of transformation.

But the CIOs of healthcare providers are clearly a breed apart: the transformational forces grinding upon them are truly exceptional to behold.

In geology, the only difference between a benign fault line and a massively destructive earthquake is simply about how fast things move.

And, for healthcare providers, things are starting to move very fast indeed.

An Industry In Transformation

One of the things that attracts so many bright, passionate people to the healthcare industry is that you're not just making a buck, you're doing good for others.  There's a distinct "higher calling" I can clearly see in just about everyone I meet from this sector.

It’s a wonderfully positive attribute.

Ultimately, though, the amount of good you can potentially do is directly constrained by finances and economics.

More resources available (or better use of existing ones) means more health care professionals, better technology, better protocols, better outcomes and everything that goes along.

In that regard, healthcare in the US is a business like every other business.

If you're a student of business history, you can reel off familiar industries that gone through gut-wrenching transformations: transportation, telecommunications, manufacturing, media, and many more.

You can point to defined windows where a particular industry entered a rapid period of restructuring and repositioning, and looked quite different at the other end of the process.

My core thesis?  That's exactly what's happening to healthcare providers here in the US.  Some of them clearly appear to recognize it and have good ideas about what should be done; others appear to be taking a more passive and reactive approach. To each their own.

I single out the all-important roles of CIO and the IT leadership team in this transformation for one reason and one reason only: they can either be the key enabler in this transformation, or a key roadblock.

And I've seen both.

Forces At Work

I could make a very long list of all the forces of change going on within US-based healthcare delivery, but it would take several pages for a complete enumeration.  And no one would read it, anyway.

In the interest of brevity, I tend to focus on three major forces that really seem to matter:

First, the payment model has started to shift from "pay for service" to "pay for results".  That means instead of getting reimbursed for a procedure, there's now a powerful incentive to prevent the need in the first place. 

It might sound like a minor change, but -- once fully appreciated -- the shift in incentives inevitably leads to a complete and thorough re-envisioning of our familiar healthcare system. All good, from my perspective.

Second, healthcare consumers (that's you and me) are starting to take an engaged and proactive role in consuming healthcare services -- much like we care about our finances, our children's educations, real estate purchases, careers, relationships and so on.

We've learned not to walk into a car dealer without doing our homework; we're learning to not walk into a healthcare provider without doing the same.

Third, there's so much at stake for us as a society and as individuals, the government keeps wanting to "help" in the form of increased regulations.  Without delving too much into political agendas, the historical record of government "help" is a mixed bag at best.

Should the government play some sort of role?  Certainly.  But exactly what that role should be continues to be one of the most divisive issues in US politics.  And, at least in the US, the political winds potentially shift every four years, making longer term decisions and strategies more difficult.

Yes, behind this, there's a very long list indeed of technological and societal forces in play, but these are the big ones I keep coming back to: supply, demand and regulation.

It must be the economist in me :)

The Strategic Opportunity?

The more you look closely at healthcare delivery, the more you start to see it as an information-based business.

For example, if you're a healthcare professional, here's what you're probably struggling with:

•     What do you really know about the patient -- and not just what's in the EMR?
•     What do you really know about the wide range of treatment options and protocols?
•     What do you really know about the likely risks, outcomes, and associated costs?
•     How can we use all the information available to gain new insights and new practices?

I'm starting to see a picture where continually better decisions can be made on healthcare delivery -- with the right information in the right hands at the right time.

Framed this way, one can approach the opportunity in terms of diverse information flow, aggregation points and economic incentives.

It's all about the information.

Yes, it's true that everyone in the entire healthcare delivery chain: therapy companies, insurers, providers, etc. -- have access to their own information bases.

But -- in the bigger picture -- each player has only a small slice of potentially useful data that is theoretically available.

If you believe -- as I do -- that "access to more, diverse sources of timely information" is directly correlated with "better healthcare outcomes", it's a fascinating question about how and where all these information sources will come together.

Put differently: who in the entire healthcare value chain has the economic motivation and "societal license" to amass as much information as possible around these important topics, and has clear economic incentive to correlate them for better outcomes?

Let's sort through the players quickly ...

Genomics and therapy companies only have access to comparatively small and less-than-diverse information bases, usually associated with the trials they run.  Many of them are starting to realize this, and are thinking about what they might do about it.  But I believe their options are somewhat limited.

Insurance payers of all varieties certainly have the economic motivation to do this, but not necessarily the societal license.  Do you tell your doctor everything?  Probably.  Do you tell your insurance provider everything?  Probably not.

And I personally shudder when someone says "well, the government should collect and distribute all that information".  I prefer not to live in that world, thank you -- and I am not alone.

Around the periphery, we have new-school social sites, a few flavors of electronic healthcare exchanges, and other interesting activity.  While it's all interesting, none of them appear to have the right formula or the required critical mass.

That leaves us with our future-state healthcare provider as perhaps the only interesting information aggregation and correlation point in the entire value chain.

They are motivated and empowered to  assemble all the information that's relevant to a patient's condition -- as well as gather forms of information no one else usually can. They sit at the junction of multiple, relevant information rivers.

No, healthcare providers are clearly not there today -- not by a long shot.

But things can change quickly.  I've become convinced that only future healthcare providers will have both the motivation and access to aggregate and correlate the massive disparate information bases needed for effective healthcare delivery.   In the long term, they win.

A few research-oriented healthcare delivery organizations (one of the leading edges of the industry) appear to have apparently reached a similar conclusion, and there's a ton of interesting projects brewing all around the central theme of assembling and correlating massive information bases.

Big data analytics that yield more powerful predictive models, to you and me.

And if someone has a better model or argument as to where these aggregation and correlation points will form in the near future, I'm certainly entertaining alternative scenarios.

The Tactical Challenges?

There's a very long road between where we are and where we're probably going.  And if someone brings a certain cynical perspective to this discussion, trust me -- I've heard it many times before.  But I’ve seen other industries make the transformation, and I believe strongly that healthcare providers can do the same.

But there are serious structural challenges to overcome.

For starters, IT in US-based healthcare delivery appears to be constructed one bounded application at a time.  The term "silo" doesn't really convey the extreme isolation and lack of integration between functional applications.

Maybe the term "walled fortresses" would be more appropriate.  Every sub-constituency in a healthcare provider setting has "their" application with "their" information.

We've all seen this malady before in other industries -- and it doesn't end well.

There's more.  Healthcare IT professionals are justifiably concerned about having a bad IT day.

We sometimes joke about life-and-death IT outages; in healthcare delivery it's really no joke.

Not to mention, you're handling really sensitive information about people, and -- HIPAA or whatever -- there's a powerful social contract in place to protect patient privacy.

Both concerns can make ambitious IT initiatives more difficult to consider.

Just getting basic core operations and workflows nailed down in a traditional healthcare provider is a major undertaking (think Epic, sort of the "SAP of healthcare providers"), let alone all the adjuncts and extensions needed to compete and thrive in this new world.

And, perhaps the most daunting, there's an inherent culture of deep expertise.  People work long and hard to become a licensed healthcare professional.  These professionals inevitably tend to see things through the lens of a particular discipline (e.g. radiology or pharmacology) as opposed to a larger "client wellness delivery system".

And that's not going to be easy to transform.

The Multi-Industry Model Of Next-Gen Healthcare Providers

Imagine, just for a second, that there was a rapid and fundamental shift from "pay for service" to "pay for results", e.g. managed care, at-risk, ACOs, etc.

What would you -- as a healthcare provider -- need to get good at that you weren't good at today?  Maybe there aren't many examples in your specific industry, but there are plenty of examples elsewhere that you could learn from.

First, you'd have to be very good at assessing and managing risk, much like a health care insurance company does today.  Here's a fixed sum and fixed set of expectations with a client attached -- do you take the bet, or not?

That means -- if you’re going to compete in this next-gen healthcare world -- you're going to have to either build, buy, partner or rent what looks like today's healthcare insurance services.

Second, you'd have to be very good at capacity utilization.

Empty facilities, idle healthcare workers, under-utilized equipment -- all very damaging to your bottom line.  Perhaps you'd find some interesting lessons in manufacturing, or better yet the airline industry?

In particular, the airline industry -- despite how frustrating your last flight might have been -- cares about reasonably happy customers, effective capacity utilization as well as being very concerned about having a bad day of any sort.

Third, you're going to have to get very good at engaging with your clients (formerly patients!) well before they show up for an office visit -- if at all!

Remember, in this new model, you're being paid to keep people healthy, and not necessarily when they're in dire need of health services.  You're going to want to engage with them in their lives, and not yours.

You might want to think about retail, banking, financial advisers and other proficient high-touch B2C business models.

Fourth, you're going to be on a treadmill of continual process improvement: quality, efficiency, outcomes, etc.  You're going to become a big data analytics addict, just like manufacturing, retail, logistics, etc.

There's more, but hopefully by now I've been able to sketch a picture ...

I strongly believe that the next-gen healthcare provider will find many great lessons simply by studying other industries that have learned to get good at similar things.  Unfortunately, yhat tends to fly in the face of the familiar "inner circle" mentality of healthcare professionals today, but it's going to change before long.

It's inevitable, from where I sit.  Yes, you’re special.  Just like everyone else.

Back To The Healthcare CIO And The IT Function

So, what can we learn from other industries that are going through (or have gone through) transformational changes?  And how can we apply those lessons to the next wave of healthcare IT?

At a high level, the observed recipe is conceptually simple, but it's going to take a herculean effort to get there.

The starting point is the all-too-familiar IT transformation: reconstructing the core IT function to look more like a competitive IT service provider, and less like a traditional project-and-technology shop.

Every so often, I meet an organization that's going through fast changes: new leadership, new strategies, new priorities, new measurement systems, etc.  It's always indicative of an IT transformation discussion -- no exceptions.  I've observed this to be true across every industry -- including, of course, healthcare.

The IT transformation model -- in all its glory -- is pretty well understood here at EMC (plenty of reading available, if you're interested), but it's just now that I'm seeing it starting to be applied in larger and more progressive healthcare settings.

The bottom line -- in turbulent times, business leaders value agility above all else.

On top of the basic IT-as-a-service construct (and its associated business, talent and financial models), you'll need to create some key platform capabilities above basic ITaaS that are directly addressed at extremely likely aspects of your future business model.

Since there are no packaged end-to-end applications that are designed for your next-gen business model and evolving workflows, you'll inevitably be in the business of integrating your own from functional components already in the marketplace.

In my terms, you're going to need a fast "app factory" where you can specify, implement and deploy new functional integrations around new workflows very quickly and reliably.  You probably don't have that today.

But if you're going to compete in this new world, I can make a compelling case that you'll need one.

You should be desperately interested in any and every form of mobility.

Yes, for your knowledge workers and healthcare professionals, but more importantly for your patients (errr, clients!).

You're going to want to engage with your external clients frequently and deeply, across multiple channels and on devices of their choosing (game consoles, anyone?).

Put differently, your current "patient portal" isn't going to cut it in this new world for very long.

And -- at the top of the list -- you should be visualizing analytics platforms and capabilities you can point at each and every part of your business, and -- more importantly -- across your business.

Like any other competitive and progressive business, you'll want to support vast hoards of analytics junkies of all flavors and stripes.

Yes, it's a lot.

And it's going to have to happen relatively quickly.

A New Willingness To Consume IT Externally?

I'm sure that somewhere, more than one healthcare CIO has done a quick, back-of-the-napkin assessment and realized they've got a serious mismatch.

On one side, here's what the business is going to need from IT.  On the other side, here's the best case for the resources and people that can be marshaled to help get there.

There's a huge and intractable gap every time.  Very quickly, that CIO is going to start looking for outside IT services (not simply contractors!) to balance the ledger.

That's not the norm today.  There's sort of this default assumption that healthcare IT is so specialized, so important, so sensitive, etc. that it can only be done in-house.  Not only is that not true based on what I've seen, it's an unproductive mindset at a business level.

Using high-quality external IT services gets you speed, agility and expertise -- and you always retain the option to bring it in-house down the road if you're smart about how you do it.  Infrastructure.  Collaboration.  Mobile.  Departmental Applications.  Etc.

My best advice is to use your people to focus and integrate the pieces that are unique to you and your value proposition, and don't invest in re-inventing the wheel.  The faster you move your people up that value chain, the better.

Choices Remain

If you're a student of industry transformations like I am, you basically have three options: specialize, acquire-and-transform or be acquired.

There aren't really any other choices.

The first two clearly require a board-of-directors perspective of the overall IT strategy (and funding model) as an enabler to the business model. 

And -- like it or not -- healthcare CIOs are at the crossroads as a result.


By Chuck Hollis

Attack of the Phones: Combating Cyber Threats in the Era of Mobile Commerce

One of the hottest topics at this year’s Internet Retailer Conference and Expo was mobile commerce and, by extension, mobile payment technology. By lumping payment methods, loyalty cards, and coupons all into one location, services like Google Wallet, Passbook and ISIS™ make it easier than ever to shop online. Customers are now able to purchase just about anything with one tap on the screen of a smartphone or tablet.

Simply put: devices like smartphones and tablets have transformed the way businesses and consumers interact.  Not only are retail giants accommodating the growing mobile industry, but many are proactively tailoring their services to attract more of this business. The mobile commerce industry is expected to account for over $170 billion in sales by 2015, up from approximately $1 billion in 2009.  With hundreds of millions of smartphones being sold every year, businesses are wise to invest in their mobile sites, both in terms of user experience and consumer safety. The question is no longer how to integrate mobile commerce into customers’ daily routine, but how to protect them while they are browsing and using private information.

Who is at risk?

McAfee Labs’ Q1 Threat Report provides some unnerving data for those using smartphones. Some key points: The number of malware samples in McAfee’s database has shot up from less than 2,000 to more than 8,000 since 2011.

Nearly 7 out of 8 of attacks and malware are found on the Android platform, though Mac malware is clearly on the rise.

One key statistic of note is that almost none of these threats originated from the Android Market.  When launching your company’s mobile app, stick to well-established venues like the Android Market or the Apple App Store, reducing the risk of unwittingly exposing your customers to malware.

The Global Market:  How many phones are we talking about?

Data from the Q1 Report clearly shows that the most at-risk platform is Android.  If we look at a breakdown of the current market share for mobile phones from an International Data Corporation (IDC) report, Android also accounts for over 60% of smartphones globally.

The U.S. Market

A February Nielsen report states that approximately 50% of U.S. mobile subscribers own a smartphone, and of those smartphones, 48% are running on Android.

According to these numbers, Android users make up a significant portion of the smartphone market. Thieves are following the money as mobile commerce becomes a larger force, only increasing the dangers to Android and other smartphone users over time.

As customers are increasingly aware of the existing threats, many are hesitant to hand over their credit card information directly to websites. The task for retailers now becomes twofold. How can retailers both protect consumers from the inside, but also help them feel at ease about sharing their private data?

What it all boils down to:

 Vulnerability scanning options like McAfee SECURE™ service can help protect against malware threats and vulnerabilities and help organizations meet PCI compliance requirements. Additionally, the placement of a security seal shows visitors that their sensitive information will be handled responsibly – ultimately turning security-savvy shoppers into buyers.  Especially in regards to the booming mobile market, security measures are essential. McAfee SECURE service offers what businesses and consumers need to stay safe against data breaches and loss of personal data.

For more information on how McAfee can help your business, visit the McAfee SECURE website and follow us on Twitter @McAfeeSECURE for the latest on eCommerce news, events, and resources.

By Nancy Levin

Using Tech Support to Set Up Your New Devices

There are some things in life that require a “professional” to get the job done properly. You wouldn’t let your cousin Larry who’s a landscaper reset a broken bone in your hand right? You can certainly go to a hardware store and buy all the wood to build a deck, but just because you know how to swing a hammer doesn’t mean the deck will be safe, or even up to code.

Frankly, I’m a big time “DIY” or Do it Yourselfer” and take on most tasks myself. However, some things I know are beyond my expertise and I usually hire someone to do those tasks. So even though painting my house is a relatively simple task, I hire someone because they often get it done faster, better and cheaper than I can do it myself.

With technology I hire out for many tasks because some things can be done much better and more efficiently by a recognized expert. When I first started computing in the early 90’s I was on the phone with tech support all the time and learned an awful lot from these experts. Just figuring out how to use your new device can be challenging. So why not leave the process of getting your new devices to work with your existing ones, setting up connections, printers, etc. to someone else?

Consider getting help with tedious tasks such as:

•     Configuring your device out of the box
•     Customizing your desktop, screensaver, icons, profile picture, folders and tasks
•     Setting up your browser, homepage, bookmarks, and optimize the security settings
•     Creating user accounts
•     Installing all your software
•     Setting up printers and scanners
•     Configuring your email

One thing I learned is that even though I have a general working knowledge of technology, like painting, sometimes it’s easier to have the experts do the job. You’ll save yourself a ton of time and reduce headaches over the life of the device if you hire a professional to walk you through setting it up. Check out McAfee TechMaster Services which can help you with all this and more!

By Robert Siciliano

Unprotected Computers and Kids: A Potentially Explosive Combo

In my previous blog I discussed the findings of a McAfee study that revealed India ranking 10th among least protected PC users globally. This means many of us are pretty careless or might I say clueless, when it comes to computer and smartphone protection. Why is this so?

I think it stems from a lack of collective knowledge, which is the result of learning derived from society’s experiences over time. For example, we have learnt the hard way that it is not safe to keep valuables at home, whether in a cupboard or in a hole dug in the kitchen corner. It’s best to insure them and keep them in banks. But it has happened gradually and several thefts to make people realize this.

Similarly, many people ignore basic safety measures till they themselves face difficulty or danger. But by then, it might be too late.

According to the survey, some common reasons behind lack of security are:

•     Many PCs come with pre-installed software. Some users are not aware that this free software is offered for limited trial periods. They may also therefore be inexperienced in installing their own anti-virus
•     Sometimes users disable their security protection to access unsafe sites or play online games
•     Some mistakenly believe that they don’t need protection if they  follow safe surfing policies

So what happens if your PC does not have even basic protection?

•     Your PC may get hacked
•     Malware may enter your system, helping cyber criminals to steal your data, crash your system or turn it into a zombie
•     Data loss — Data loss would include personal ID, bank and credit card information, user name and passwords for different accounts. What a rich harvest field for a criminal

What is the effect on kids who use the net?

As McAfee Cybermum India, my main concern is children. You can’t even begin to imagine the dangers an unprotected computer or laptop or smartphone can pose to your kids. Kids are vulnerable and you have to have constant dialogues with them to keep them aware of the dangers online. Also you need to supervise them when they go online, for sometimes they might be too embarrassed, too scared or too troubled to confide in you.

Some of the dangers that kids may face when they surf on an unprotected system:

•     Accidental exposure to inappropriate sites, content, videos, and language: Most software screens sites and opens only safe URLs. This will not happen if the PC is not protected
•     Paedophiles and other cyber criminals will find it a piece of cake to approach kids networking from an unprotected PC
•     They might inadvertently open links and videos sent by friends or strangers which might lead Trojans and other viruses to enter your computer
•     They might be bullied or groomed online but in the absence of an advanced security software, you would not be aware of this. Isn’t that scary!
•     Scammers find it easier to trick kids than adults who are generally more wary

You know the remedies. Install security software now or update the existing one. Ensure it offers total family protection that allows you to limit internet timings and sites for individual kids. Last but most important, be your child’s friend. Keep communication channels open so that they can fearlessly bring their problems to you.

Safe surfing folks!

By Anindita Mishra

The Role Of The CIO In Big Data Analytics

I've now had the experience about a dozen times.

I'm in front of an IT leadership group.  We get to talking about big data analytics.

They stop me and say "We get it.  What the hell should we be doing?"

Fair question.

Since I haven't seen any good advice on the subject to date, I thought I'd share what I've been telling them.

Feel free to add your own thoughts in the comment sections, if you'd like.

The Dual Role Of The CIO -- Which Are You?

Is the role of the CIO (or IT organizations in general) to save money, or make money?  Or perhaps a bit of both?

There's plenty of discussion around the former topic: saving money.
Here's a business process we understand well, let's apply some technology to automate it, and make it more efficient.  Or, perhaps, we're spending a lot on IT, how can we be more efficient in our spend?

Life is a never-ending treadmill of improved efficiency, improved automation and improved utilization.

Indeed, one can certainly make a good career as an IT leader by simply showing people how to save money through the judicious and intelligent use of IT.  Plenty of demand for that particular skill set, based on what I've observed.

But what happens when the focus shifts to making money?  Identifying new sources of revenue and competitive insight?  Creating entirely new capabilities for the organization that might be put to use in creative and unexpected ways?  Dare I say -- innovation?

And that's the first intellectual hurdle for the CIO or any IT leader -- is this about saving money, or making money?

The discussion is a particular relevant one.  Given that most IT organizations work for the CFOs -- and that most CFOs tend to focus on saving money -- your audience for this particular proposition might not be your boss.

It might be a set of stakeholders elsewhere in the business.

Understanding The Big Deal About Big Data Analytics

Here's the deal, plain and simple.

Business leaders in competitive industries are waking up to the amazing power of big data analytics and the predictive models they generate.  The race is now on to build these capabilities, and begin to harness their compelling insights.

Progressive IT organizations often have a choice to make: do they simply react to the new demands when presented, or do they lead the charge?

If you're tempted to simply wait until someone comes knocking on IT's door with a nice set of requirements, consider that -- in many industries -- a completely separate IT function has been created to support this type of work.  And it doesn't report to corporate IT.  Or they go outside and use external IT service providers.

As one well-known example, in oil & gas, you'll typically find two distinct IT functions: upstream and downstream.  In big pharma, the same sort of thing.  The same is true in many large financial investment firms.  The pattern is the same: they couldn't get what they needed from mainstream IT, so they did their own thing.

If instead you're biasing towards "leading the charge", here's what you need to think about.

Step #1 -- Understand How Big Data Analytics Is Different Than Traditional Reporting And Analysis

We all have data warehouses.  We all have reporting tools.  We all have legions of business analysts who generate reports and fill up our mailboxes.

How is this different?

While this sort of activity isn't any less important going forward, it's not big data analytics, and it's not data science.

We're talking about a new capability built on the foundations of an older one.  Just like social collaboration ain't email, big data analytics isn't your father's BI.

    Traditional BI focuses on "what happened".  Data science and big data analytics focuses on "what will happen".

    Traditional BI uses limited data sets, cleansed data and simple models.  Big data analytics uses many diverse and uncorrelated data sets, prefers raw data and uses mind-bendingly complex predictive models.

    Traditional BI supports causation: what happened, and why do we think it happened?  Big data analytics is mostly about correlation: by using multiple unrelated data sources, we've found a wonderful new insight we can't entirely explain.

Becoming a good business analyst in the traditional BI world can be accomplished by many.  Becoming a good researcher in a world of big data analytics is very, very difficult indeed.

Data science is quickly becoming a unique and wonderful skill set.

Step #2 -- Go Find Your Sponsors

You're looking for a critical set of business processes that could really move the needle for the business.  And you're looking for an empowered executive that is motivated to innovate and invest around those business processes.  You'll need the combination of both.  Having a good candidate is table stakes, if you can find two or more so much the better.

Focus On Generating Customer Insights 4x3McKinsey has provided an excellent survey of where big data analytics is being used today, and in the near future.

It's a good starting point to look across your own organization, and see if there's a fit.

The pitch to the sponsors is simple: the power of big data analytics is amazing, we in IT would like to get ahead of this, and we'd like to work with you to do so.

We're not quite sure about what the long-term costs or outcomes will be, but we'd like to invest enough to find out what might be possible.  We'll need your help.  Are you in or out?

If you find yourself selling too hard, it might be because (a) they aren't quite ready yet, (b) you've picked the wrong people or processes, or -- potentially -- (c) they're up to something important and have decided not to engage with corporate IT resources.  Ouch.

Step #3 -- Start Thinking Platform
Big data analytics doesn't thrive unless wildly diverse data sources are really easy to discover, source, manipulate, experiment with, etc.

And that's not really what your data warehouse is doing today; in this world, it's just another source of data.

Most organizations realize that they need a new kind of platform to encourage these new uses of data, something you'll hear described as BI-as-a-service, or (more properly) analytics-as-a-service.

The key difference between one of these BIaaS models is subtle yet incredibly important: it's all about making data easy to consume and experiment with.  It's built around the analytic user's needs, and not IT's traditional concerns.

That turns out to be harder than it looks in most situations.

I've included a graphic showing how EMC IT is constructing its BI-as-a-service capability.  Note the top-level services -- discovery, visualization, collaboration.  Those are the aspects that are most important to the consumers of the service.  And it's not a traditional focus in most data warehouse or business reporting environments.

Hint: the EMC IT team has a natural advantage here: they've already reconstructed IT production and delivery to look more like a competitive IT service provider, and less like a traditional IT organization.  We also have advanced techonology in-house (e.g. Greenplum UAP) so we didn't have to spend a lot of time debating that aspect :)

For them, they could think in terms of "another service, constructed from existing ones" vs. standing up yet another functional silo within IT.

Step #4 -- You'll Need A Few Magicians

Much has been written about data science and data scientists -- who they are, what they do, and how they're very different from traditional business analysts.

At some point, you'll need access to these rather rare and precious skills, preferrably after (a) there are some interesting business questions to be answered, (b) the data and resources are really easy to get to via your platform, and (c) there's a motivation to actually do something with the insights they inevitably find.

Don't assume have to hire these people as employees -- although we're finding having a few on staff is an incredibly useful thing.  Indeed, some of the most amazing stories in data science comes from people who have absolutely no background whatsoever in whatever the topic might be.

They just let the data do the talking :)

Step #5 -- Don't Forget Chargeback

Anecdotal evidence points strongly that these platforms often turn out to be many orders of magnitude more popular than anyone thought.  Any resources assigned to the project tend to be instantly and permanently oversubscribed.

Extreme frustration by the business community inevitably results.

Even if you're not doing chargeback in your broader IT environment, consider it a mandatory for BI-as-a-service or analytics-as-a-service.  Otherwise, you'll end up rationing the service to interested and motivated users, and that's not a good place to be in.  There has to be a funding construct baked into your thinking sooner, rather than later.

Step #6 -- Create A New Governance Function -- And Be Prepared To Use It

If you think about it, in this model you're using information in entirely new ways.  You're sourcing it from unexpected places, combining it in interesting ways, and creating powerful insights that are both extremely useful and extremely ticklish.

The focus is different as well.  We're accustomed to looking at individual data sets, and not what can happen when they're combined in new and interesting ways.

Saltpeter is pretty innocuous stuff.  So is charcoal, and sulfur.  Combine them in the right proportion, add a spark -- and you've got a nice little explosion on your hands.

Whatever you're doing today in data governance or information management won't be suited to these new behaviors and use cases.  Recognize the challenge up front, and get ahead of it.

A good, lightweight governance function doesn't slow anything down; instead, I've seen many situations where it accelerates adoption as it creates the broad confidence to do things in new ways, knowing that someone is looking out for you.

Step #7 -- Be Prepared To Invest In Learning

Based on the cases I've studies, these exercises end up being prolonged learning experiences for everyone involved: the IT team, the business team, the executive team, and so on.

There's no way to exactly predict how things will turn out.  There will be iteration upon iteration.  Mistakes will inevitably be made, and valuable lessons learned.

Make sure that everyone on the extended team understands that this is a journey, and not a fixed project deliverable.  And don't fall into the ROI trap.

Are You Up For It?

Maybe yes, maybe no.  Everyone's situation is different.

But -- as a leader of your company -- I think you owe it to yourself and your team to ask the question: is this something we should be investing in?

And, if you do a bit of homework, and decide "no, that's not for us quite yet" -- I think we've all done our duty.  Next topic, please.

But maybe -- just maybe -- you'll find the conditions ripe in your organization for a strategic investment in big data analytics proficiency.

Interoperability + Collaboration = The Key to Any or All

Today’s work environment – yours, mine, and everyone else’s — is becoming more mobile, social, visual, and virtual. And there is no one magical tool that covers every situation.  We need choice and flexibility for the way we each work.

Any-to-Any collaboration with an easy-to-use consistent experience is the reality of today’s user requirements. However, many solutions available today are brought together with the use of band aids and chewing gum, making it a nightmare to troubleshoot across the various stitched-together call-control systems.

Because of our collaboration architecture, Cisco can connect iPads, Macs, and PCs with Cisco Jabber to our multipurpose Telepresence systems, our immersive, and even third-party standards-based video endpoints.  Let’s be clear: It is not about choosing one or the other, it is about using any or all. The great news is that at Cisco, standards-based interoperability is key and we make the pieces all work together—whether they were made by Cisco or not.  Architecture matters.

Another point I’d like to make, is that I don’t believe in “one-size-fits all” or that any one device will rule over others and take the world. I do believe in the flexibility of Bring Your Own Device, or BYOD. I believe in mobility with a choice of using my iPhone and my PC. And I believe in high-immersive Telepresence. But I also believe that there is a time and place for each.

When I am traveling, I depend on my PC and my iPhone to stay connected. If I need to attend a staff meeting while travelling,  a mobile device from a hotel room does the job.  But if I need to meet with the operating committee remotely, I will use an immersive Telepresence system so that they can see and feel my presence in the room. An immersive TelePresence experience is the next best thing than being there in-person.

At Cisco we have an extensive portfolio to enable collaboration. It’s purpose-built for human engagement and to fit the task at hand, all with the flexibility of choice – and better yet, all integrated and working together.

Most important, we must understand that it is not about the device. It is about the people. It’s how people make use of these technologies, how people can use technology to improve their own performance, and how they can use technology to make their companies more productive.

By OJ Winge

How To Stay Safe And Get Your Sanity Back With Mobile Banking

I don’t think there is anything quite as traumatic as having your card ‘declined’ at the supermarket. Not only have you spent vast amounts of energy selecting & pushing your trolley around but you have a captive audience.

‘Sorry mam – you card is declined!’

Well – the first time it happened to me, I walked off (beetroot faced) whilst muttering something about my employer not paying me on time which for the record wasn’t true. I was just saving face in front of my very attentive audience!

However, just last week – it happened again. So, instead of concocting some dramatic story and appearing somewhat insane, I simply asked for a minute whilst I transferred some cash from my emergency account using my BlackBerry. Hallelujah for Mobile Banking!!

Mobile Banking allows you to access and manage your money using your smartphone. And it is no surprise that Australians are quickly catching on with Westpac, one of Australia’s biggest banks, revealing that it has one million smartphone users.

While many Aussies are jumping on the bandwagon, studies show some potential users are avoiding mobile banking due to concerns around the lack of mobile security.

So, what can you do to protect yourself whilst still enjoying the convenience of mobile banking?

•     Download your bank’s mobile application so you can ensure you are visiting the real bank every time, and not a copycat site.
•     If you are using Wi-Fi, never use an unsecured wireless network (usually found in a hotel or café) to access your accounts.
•     Always have a password on your device and set it to auto-lock after a period of time. And remember that using a password such as 1111 or 1234 is not a secure password to have if you want to protect your personal information. For some tips on setting a strong password go to http://home.mcafee.com/advicecenter/Default.aspx?id=ad_sos_tfsp
•     Do not disclose your bank card number or password to anyone.
•     Do not save your bank card details and its password in the same place. Better yet, use a password you can remember rather than having to write it down or save it anywhere.
•     Frequently check your financial statements for any anomalies.
•     Consider using a service such as McAfee® Mobile Security, which allows you to remotely lock your device and delete all personal information in the case of theft or loss, as well as locate the device via GPS. It also provides mobile antivirus and safe search protection.

So next time you are ‘caught’ at the supermarket, don’t despair. Simply reach for your smartphone, transfer some funds and all will be well again in the world. Although your audience might be a little disappointed there was no show!

By Cybermum Australia

How Does Jailbreaking Or Rooting Affect My Mobile Device Security?

You may have heard the term jailbreaking or rooting in regards to your mobile phone, but what is this and what does it really mean for you?

Jailbreaking is the process of removing the limitations imposed by Apple and associated carriers on devices running the iOS operating system. To “jailbreak” means to allow the phone’s owner to gain full access to the root of the operating system and access all the features. Similar to jailbreaking, “rooting” is the term for the process of removing the limitations on a mobile or tablet running the Android operating system.

Jailbroken phones came into the mainstream when Apple first released their iPhone and it was only on AT&T’s network. Users who wanted to use an iPhone with other carriers were not able to unless they had a jailbroken iPhone.

By hacking your device, you can potentially open security holes that may have not been readily apparent, or undermine the device’s built-in security measures. Jailbroken and rooted phones are much more susceptible to viruses and malware because users can avoid Apple and Google application vetting processes that help ensure users download virus-free apps.

It is inevitable that over the next few years, as millions of smartphones replace handhelds, laptops, and desktop PCs, and billions of applications are downloaded—risks of mobile crime will rise. Not only do you need to stay educated about the latest threat and scams, you should also make sure you have comprehensive mobile security installed on your mobile device.

And remember, jailbreaking or rooting your mobile device can open you up to security risks that don’t make it worth doing so.

By Robert Siciliano

Is There A Risk With Using My Personal Device For Work?

The day after you get your shiny new mobile or tablet, chances are you’ll take it right to work and request the IT department to set it up with your work email and allow access to the company network. “Bring your own device” (BYOD) has become widely adopted to refer to workers bringing their personal mobile devices, such as smartphones, tablets and PDAs, into the workplace for use and connectivity.

Many of us need a mobile device for work and personal use and don’t want to carry two separate devices, but this can cause security challenges for the company. If you lose your mobile device while on vacation, let your kid download an app which infects your phone and starts spamming your address book, or someone accesses your company email while you’re using a public Wi-Fi connection, this can have big implications for your company in terms of a data breach, loss of intellectual property, public embarrassment and annoyance.

That’s why mobile security should be a priority for both you and your employer. As an increasing number of companies agree to this, they are also requiring you to agree to their terms as well. So you should expect to have to comply with some things like:

•     You may required to download and install a security and monitoring app that can’t be removed. This app may have a certificate authenticating you and the device to connect to the company network and run company programs.
•     The installed app will likely provide your company with the ability to remotely control your mobile at some level. I wouldn’t be concerned about this unless of course you’re not abiding by the agreement you signed.
•     At a minimum, expect the application to have the ability to locate your mobile via the phone’s GPS if it’s lost or stolen, as well as an autolock functionality requiring you to lock your phone locally after 1-5 minutes of downtime. Also, your employer will likely be able to wipe your mobile of any and all data..

Because your employer is liable for potentially lost data, if you BYOD, plan on giving up some liberties.

By Robert Siciliano

Even C-Student Hackers Will Succeed When Obvious Security Vulnerabilities Are Overlooked

About 2 months ago, the public got wind of what is thus far one of the largest US data breaches in 2012– and possibly the worst ever suffered by the state of Utah. The state’s Department of Technology Services had some 800,000 personal records (and 280,000 Social Security numbers) compromised in an attack that is believed to have originated somewhere in Eastern Europe.

With all the talk of sophisticated hacks and advanced persistent threats (APTs) these days, it would be perfectly natural to think that this breach might have been planned and executed by a crack team of highly-skilled cyber-criminals. Though it’s not clear exactly how adept the perpetrators were, that detail is pretty much irrelevant when you consider that the breach succeeded because of gaping security holes created in the wake of a few, very easily avoided security management missteps. In other words, someone who snoozed their way through Hacking 101 class could probably have found their way to the organization’s sensitive data.

For starters, servers configured to house some of those highly sensitive records went through an upgrade process outside of the department’s firewall. Furthermore, the passwords that were part of the default configuration were never even changed!

What would have greatly helped avoid such a debacle would have been the security program’s inclusion (and enforcement) of processes to consistently check for known security weaknesses and mitigate risks throughout any upgrades or changes to systems and endpoint configurations. This can be exceptionally challenging in larger organizations, which often see their IT environments go through major change on a routine basis, but familiar vulnerabilities are bound to resurface.

That being said, vulnerability assessment is an indispensable component to any organization’s security program. There are literally thousands of known vulnerabilities inherent to servers, databases, etc., and many of these– weak or default passwords, for example– are obvious and easily remediated. However, given the sheer number of possible exploits, automating the process of database and server hardening is critical, and should be done on a regular basis.

From a strategic perspective, an organization’s approach to security needs to be multi-layered; this is the only way to really dial down the risk of a data breach. In the case of Utah’s Department of Technology Services, the database server might have been adequately protected had it been placed behind a firewall, but in the event that perimeter security falls short, those hundreds of thousands of sensitive records would still be secure if the server were vulnerability-hardened, and the database hardened and fully protected by a dedicated database security solution.

McAfee offers powerful vulnerability assessment capabilities that can be leveraged across an organization’s many endpoints, and even has a dedicated database research team that is constantly testing the major database management systems for possible security weaknesses that the bad guys out there might try to exploit. McAfee Vulnerability Manager for Databases also enables the automation and highly efficient management of this process through the ePolicy Orchestrator console, and generates actionable reports on what to fix in keeping critical, sensitive information secure. Organizations can also build a last line of defense for their sensitive databases with McAfee’s database security solution, which protects against threats across all vectors in real-time.

By Sean Roth

Don’t Let Your Network Be Compromised by ’Just Spam’

It’s remarkable how frequently I engage with a customer about how they are protecting their intellectual property and learn that email protection isn’t even part of their network security plans. It’s not that they are overlooking it, it’s that society now believes that email threats are ‘just spam,’ when the reality is that email continues to be a primary method for bad actors to initiate contact with consumers and employees.

In a recent discussion with a customer, I learned that one of their employees had connected to a fake hotspot and, thanks to the art of social engineering, was fooled into providing some of their colleagues’ email addresses in order to get free Internet access. What he didn’t know was that bad actors sent spear phishing emails to these colleagues, which then fooled them into downloading malware and unwittingly contributing to a network security breach.

What most people don’t realize is that email doesn’t just open the door to unsavory advertising – it is in fact a tried and true method used by hackers to circumvent your network security.  In fact, McAfee just released its Quarterly Threats Report, which shows that malware growth in Q1 2012 is the highest it has been in the past four years. Further, while global spam levels are down, spear phishing continues to be a serious problem, with an average of 2,200 new phishing URLs per day – proof that threats are increasing in their sophistication. Botnet infections also continue to rise, with email being a primary means of luring unsuspecting victims.

So what does this mean to you? When you are looking at your security architecture, ensure that email is part of the picture. Don’t think of email threats as simply spam. Unfortunately, the lack of adequate email protection is a primary factor in the increase in threats worldwide. Ask your security vendor what they are doing to help protect your entire online environment – including email – and make sure they have made the necessary investment in network security to identify and protect your users and your corporate assets.

By Pat Calhoun

Safe Searching on Your Mobile Device

The web and especially the mobile web can be a minefield of malicious links luring you to click, so bad guys can infect your device. Search engines do their best to filter these sites out but nefarious criminals have found ways to get their scammy pages to the top of search through a process called “Blackhat search engine optimization.”

Criminals create fake websites and then use the same techniques as legitimate online businesses regarding search engine optimization, marketing, and online advertising. They use keywords to boost rankings on Internet search engines, causing their spoofed websites to appear alongside legitimate websites.

It is also much harder to tell if a URL is legitimate since due to the limited screen space, mobile browsers often truncate web addresses. Also, if you’re clicking on a link to a site from an email you received, it’s hard to see the full email sender’s email address making it hard for you to know if it’s coming from a fake person or company.

That’s why going it alone in search isn’t a good idea. Just like it is essential to have antivirus, antispyware, antiphishing and a firewall on your PC, it is equally essential to have protection on your mobile. McAfee Mobile Security provides comprehensive mobile security that includes antivirus, anti-theft, app protection, web protection and call and text filtering.

Web protection comes with McAfee Mobile Security and protects you from potential phishing sites, browser exploits, malicious links within text messages, email, social networking sites, and QR codes. WithMcAfee blocking risky links at the places you visit, you now can click, search and surf worry free. These site ratings are based on tests conducted by McAfee using an army of computers that look for all kinds of threats. ―

To help yourself stay protected you should:

1.     Always double-check the web address of a site when doing a search on your mobile phone
2.     Never click on a link in an unsolicited email or text message
3.     If you land on a site that contains poor grammar, misspellings, and low-resolution pictures be
4.     very suspicious
5.     Rather than doing a search for your bank’s website, type in the correct address to avoid running
6.     into any phony sites, or use your bank’s official app
7.     Monitor your monthly bills to make sure there are no suspicious charges
8.     Use comprehensive mobile security like McAfee Mobile Security

Of course, just using common sense and taking the time to closely check the links and messages you receive will go a long way in increasing your mobile security. Remember, if something doesn’t feel right proceed with caution.

By Robert Siciliano

Backup Security Best Practices

Network and mobile data breaches get much of the publicity today, but there’s another less publicized avenue susceptible to both insider and outsider attacks: backup. In early April, for example, Emory Healthcare in Atlanta lost the personal information of 315,000 patients when it discovered that 10 backup discs were missing.

Threats to backups come from external hackers, company insiders, loss or theft of backup data and media in transit, and the employees of services you entrust your backup data and media to. Threats are not just about data theft, but inattention to proper procedures, and intentional destruction of backup media and data that suddenly become critical in the event of a disaster. Threats can also come from unregulated personal backups, including the use of personal file storage services.

That’s why your organization should make sure that its security professionals, not just the storage folks, are involved in crafting and monitoring backup strategies and procedures. For the storage folks, the focus is likely to be on convenience and speedy recovery, perhaps sometimes at the expense of security. Here are some important security best practices to consider when crafting a backup strategy.

1.     Perform a security risk assessment of your entire backup process. Examine every step for vulnerabilities and remedies.
2.     Run a comprehensive risk analysis of the data you back up regularly to determine its sensitivity and appropriate measures to protect it. Some data might need a lot of protection and have compliance implications while other data is public anyway and doesn’t need much security.
3.     Make sure you set up your backup software so the backup client and server authenticate each other before a backup is performed. You don’t want a thief setting up a rogue backup server and initiating his or her own backup. The same goes for recovery.
4.     Encrypt sensitive backup data in transit and at rest to prevent prying eyes in the event of man in the middle attacks or media theft. Encryption can affect performance and backup volume, which is why you want to encrypt only the data that needs it and why it’s important to perform Step 2.
5.     Make sure your backup software offers lots of granularity in assigning administrator roles, so one administrator does not have access to all your data. Ensure that sensitive data can only be accessed by those who absolutely need it, and that they have the trust and authority to do so. Make sure backup configuration files are only accessible to authorized users.
6.     Keep track of known backup software security flaws and updates.
7.     Make more than one copy of your backup data and assign different staff to perform and manage each backup.
8.     Institute a tracking and chain of custody system for backup media to ensure you’re always aware of its location and any media that should be destroyed
9.     Evaluate and track security aspects of any off site location or service used to store backups. Make sure physical access is carefully regulated and facilities are secured appropriately. Verify that your contract allows you to perform security audits and perform them periodically
10.     Make sure the service and any transport service you use conducts stringent background checks on all staff. Have procedures in place to identify positively anyone who picks up your backup media for transit. All media should be transported in locked containers. If you can back up to an offsite location within your organization, do so.
11.     Destroy obsolete media in a secure, timely fashion in accordance with your risk assessment in step 2.
12.     Educate your business staff on backup security issues and their importance. Evaluate and create policies addressing personal online and cloud backup and storage services.
13.     Back up mobile devices centrally over secure VPN’s.
14.     Make sure all backup operations are logged so incidents can be traced to their source.
15.     Test the process periodically to ensure that it remains secure.

By Leon Erlanger

Are CMOs the New CIOs?

A thought-provoking title to an article appeared in Forbes last week, and it got me to thinking once again about newer IT consumption patterns, and how they differ from more familiar ones.

The author used a spate of recent tech acquisitions to make the case that the Chief Marketing Officer (CMO) is now driving more than their fair share of IT spend.

Do I think that CMOs are becoming CIOs?  No -- I believe the required skill set is very different.

But I can make a strong case that smart CIOs might want to start to think of the CMO as their new best friend ...

What's Happening Here?

IT organizations have been around for many decades. 

From a historical perspective, their primary mission has usually been quite simple to understand: to automate processes that are well understood in the physical world to reduce costs, improve efficiency, etc. 

Here's something we used to do with paper and people; let's use technology to do more with less of each.

Since many such "automatable business processes" have been owned by finance, most IT organizations have traditionally reported to the Chief Financial Officer, or CFO as a shared service for the rest of the organization.

Personally, I think this historical CFO alignment is ultimately responsible for much of the ethos one usually finds in traditional IT settings: the need to continually reduce expenses, the importance of justifying every investment in terms of ROI and payback period, and so on. 

That's the sort of stuff the CIO's boss cares about, so that's what IT ends up caring about.

But what happens when the focus shifts to using IT to generating revenue vs. increasing operational efficiency?

Welcome To The Split IT Function

Within several industries, you'll usually find two distinct IT groups: one focused on operational efficiency, and a completely separate one focused on revenue generation activities.

If you're familiar with oil & gas, you'll recognize the pattern.  There's a "downstream" IT group that runs the email, the ERP and the business systems -- and a completely separate "upstream" IT group that supports the team that's helping the geophysicists to find new revenue sources.

The same pattern can be found in pharma and biotech as well: a traditional IT group running the normal business functions, and a complete separate IT group supporting the researchers who are trying to find the next drug or therapy.

Historically at EMC -- like most tech companies -- we had two distinct classes of IT functions: a centralized function that supported the general business operations, and a constellation of engineering-focused IT functions that supported the people creating the new EMC products.  Thanks to our in-house ITaaS approach, that chasm has been largely bridged, but you can understand the motivations.

There are more examples if you go looking, but the point is clear: when revenue-generating activities required a different form of IT, the propensity was to split away from the CFO-centric style of IT, and build something for the task at hand. 

We can debate the pros and cons of this divide-and-conquer from a historical perspective, but -- more importantly -- what will the future likely bring?

Enter The Digital Business Model

I make no apologies for being an adherent of Dr. Peter Weill at MIT.  He makes the powerful assertion that most businesses will need to invest in a "digital business model" going forward, or suffer at the hands of their competitors who do. 

According to Dr. Weill, a digital business model has three essential components: an engaging experience for consumers, rich content to interact with, and a platform that supports it all.

If you think about it, building and leveraging a digital business model is rather straightforward for the high-profile web-based businesses that were "born digital": Google, eBay, Facebook, LinkedIn, Amazon, et. al. 

Their corporate culture understands at a fundamental level the digital nature of their business. 

Is it any surprise that we get a continual stream of interesting technology stories from this group?

Or that valuing their worth becomes difficult because we have no tools at hand to easily quantify the worth of their digital assets?

Collectively, they're pushing the bounds of what's possible in the digital world: new customer experiences, digital marketing, big data analytics and more.  And I think there's an uneasy suspicion that their somewhat unique reality today will be the rest of our collective reality tomorrow.

Unfortunately, 99% of our existing business models were born in the physical world, and not the digital one. 

Apple, in particular, is a fascinating example of a company that made a wildly successful transition from success in the physical world (e.g building computers and other devices) by painstakingly crafting a unique digital business model around experience, content and platform.  The results speak for themselves.

But for businesses that don't have a Steve Jobs-like character at the helm, this means that the IT function ends up with two primary (and somewhat conflicting) roles: providing operational IT support for the existing business model, while providing strategic support and leadership for the next (digital) one.

The funding models are different.  The skill sets are different.  The technology priorities are different.  Is it any surprise that you rarely find an IT organization doing a good job at both?

Which leaves us with an interesting question: who will be the executive business leader who realizes that their task might be to create the new digital business model from the ashes of the physical one?

The job may likely fall to the CMO -- the Chief Marketing Officer.

Being A CMO In The Digital Age

The best CMOs I meet are passionate about creating an engaging and differentiated experience for customers, partners and employees alike.  They care greatly about building rich, engaging experiences for all -- preferably on a mobile device.  They care about a having a wealth of rich content -- some created by the company, but with more being created by the community itself. 

And they desperately want the notion of a 'single platform' (or even a reasonable collection of isolated platforms) to help create the experiences, manage and monetize the content, drive key workflows -- and no shortage of powerful analytics that help them detect and predict future opportunities. 

They want the proverbial "digital business platform" (although they may not use those exact words) -- and are prepared to invest substantial amounts of resources to achieve it.

These same business leaders look to their traditional IT functions, and maybe aren't finding much in place that can help them do this today. 

So, like any business leader whose needs are unmet by IT, they go shopping for applications, vendors and service providers who help them build what they most desperately need.

Maybe these new capabilities are brokered by IT.  Maybe not.  Maybe all the workloads go to a handful of external service providers.  Maybe not.  Maybe the CMO ends up creating a substantial and powerful revenue-oriented IT function completely separate and independent from the established one.  Maybe not.

It all boils down to the magnitude of the mismatch between the aspirations of the CMO (or other executive similarly empowered), and the engagement with the traditional in-house IT organization.

Will CMOs Be The New CIOs?

The newer breed of CMOs appear to be hell-bent on constructing their new digital business models in an increasingly competitive world.  Time is not their friend; a sense of urgency pervades. 

They want to use IT, and not necessarily own or run it.  Only as a last resort would they consider building their own IT function, but many may be forced to do something along those lines.

I think the opportunity (or challenge) squarely lies with IT leadership: do they recognize the strategic power shift that is becoming evermore evident?  Is there a clear understanding of the differences between using IT to save money -- and using IT to make money?

And are they prepared to invest in the latter?


By Chuck Hollis

Your Security Checklist: Home, Car, Health – But What About Your PC?

Home and car insurance, home alarm system, deadlocks on windows and doors, income protection, health insurance … these are all things that we automatically have in place to protect ourselves and make our lives more secure. But what about our cyber lives? Are your PC, tablet and mobile protected?

According to a recent study by McAfee, 17 per cent of all PCs worldwide still either have no anti-virus installed or the installed software was disabled. The study, which was conducted in 24 countries, analysed data from up to 28 million PCs per month – so clearly it was comprehensive!

The study also looked at the trends within individual countries. And guess which country is the most protected? Finland – with just 10 per cent of its population unprotected.

And while Australia didn’t perform too badly coming in at number 8 out of 22, there is still absolutely room for improvement. According to the survey, nearly 16 per cent of Aussies are at risk of contracting a virus on unprotected PCs, losing their data or being a victim of identity theft.

So, what can you do to make sure you are protected?

1.     If you don’t have any security software then PLEASE make sure you get some.
2.     If you already have security software, PLEASE make sure it is turned on and not disabled!
3.     Don’t use the same password across all your devices. If a scammer discovers your password, they will have access to all of your accounts.
4.     Be wary of professional looking ‘pop-ups’ that say you must download software in order to protect your computer. Malware (aka malicious software) can be hidden in software so beware!

And remember while criminals may have many obstacles in the offline world – including locked doors and alarm systems – the Internet has no such defenses.  Being careful where you click helps, but if you are one of the 17% remember that security software is consumers’ first and, in many cases, only defense against cybercrime.

By Cybermum Australia

17 Percent of PCs Are Exposed

Exposed as in streaking through life naked without a stitch of security. There are things I do and things I don’t do, and no security isn’t on my “do” list. Come on, people!

McAfee used its Windows-based Security Scan Plus scan an average of 17 million PCs per month in 24 different countries. This was the first industry study of its kind, thought to be the most accurate snapshot of consumer PC protection to date.

83% of computers scanned were found to be protected with the basics. Basic security protection includes working antivirus software, anti-spyware protection, and firewalls. That leaves 17% with no or essentially no protection from malware and other threats.

Other key findings include:

•     Finland is the most protected country with only 9.7% of PCs lacking any security protection
•     Singapore ranked at the bottom with 21.75% of consumer PCs completely unprotected
•      11.75% of Singapore’s PCs have security software installed, but it is disabled
•     Spain had the highest percentage of PCs without any installed basic security protection at 16.33%
•     The United States is the 5th least protected country, with 19.32% of Americans browsing the Internet without any protection; 12.25% of consumers have zero security protection installed; 7.07% have security software installed but it is disabled

If you are part of the 17% without security software installed, listen up: there are millions of viruses out there that will ravage your PC to death. Some can make your PC completely inoperable, while others allow criminals to control your PC remotely, making it part of a “botnet,” used for nefarious ends by a criminal network. But worst of all are viruses that allow criminals to access your data in order to steal your identity.

So please, protect your PC with comprehensive security software that includes antivirus, anti-spyware, anti-spam, anti-phishing and firewall protection, and save us all the discomfort of having to look at your naked PC.

By Robert Siciliano

The Audacity of Cloud for Critical Infrastructure

Earlier this year I was given the opportunity of presenting the concept of cloud computing to delegates from the Chemical industry.   I remember when I put the title slide up, and then made the bold claim that – Cloud computing, and in particular public Cloud Service Providers should be considered for ALL sectors even those securing industrial control systems and the broader ‘Critical Infrastructure’ industry.

I don’t think I was universally liked at that moment.

Perhaps I should try and explain before I alienate all readers, by no means am I saying that all data must be moved into a public cloud, nor am I saying that no data should be moved to the public cloud.  The first thing that needs to be considered is the concept of legal and regulatory obligations.  There may be some data that needs to sit within certain geographical boundaries, and if you cannot assure where the data will ultimately reside then it may not be possible to work with certain service providers.

Of course the next point becomes key; ‘Risk Appetite’.  Of course this concept is not new, but ultimately how much risk are you willing to tolerate?  Of course this will vary on the type of data you have, and the potential impact of such data being unavailable, losing its integrity, or being publicly disclosed.  The presentation I delivered fundamentally focused on this concept, whereby there will be many data sets within an organisation that could be managed by third parties, but equally certain data sets that demand the level of transparency required when hosted internally.

In 2009, when I worked with the European Network Information Security Agency (ENISA), on the paper entitled ‘Cloud Computing Risk Assessment’ we considered the use case of cloud computing within an e-Health context.  We then followed up in 2011 the paper ‘Security and Resilience in Governmental Clouds where we identified that there were “major weaknesses of a public cloud solution for governmental organizations are related to the lack of governance, the large number of tenants (users) in the cloud and to the strong negotiating power of the cloud provider in the definition of the contract”.

However we have begun to see public sector organisations beginning to leverage public cloud computing, and in particular utilising Data Loss Prevention in ensuring that only data that they ‘allow’ to use the public cloud traverses the internet.  This approach maximises the IT budget by applying the right level of security to data, and assuring that highly classified documents remain in security zones that meet the risk appetite of the organisation.

Of course by the end of the presentation the feedback I received was positive, and in general from a Critical infrastructure perspective such a concept of security zones is well understood.  Next time I think it may be best to start with a joke!

In the meantime, we have an upcoming podcast on this very topic, so be sure to tune in.

By Raj Samani

BYOD, Social Media and New Cloud Consumption Models

Bringing You the Workplace Revolution

Kids get sick, cars malfunction, pipes break, bad-hair days occur, and the list goes on. Life simply happens.  But thanks to technology, it no longer means the end of the world for that work day. With a rapidly growing change in workplace ideologies like BYOD (Bring your own device), and technologies like TelePresence, Jabber and WebEx, I have the ability to work almost anywhere at any time, even if things prevent me from getting to the office that day.

Given the explosion of social media technologies in the past few years, it only makes sense that BYOD is taking off like a firestorm—even among small businesses—as covered in two recent blogs,  ‘Business Ready: On the Go and in the Clouds’ and ‘Supersizing Your Small Business.’  In fact, the Cisco Connected World Technology Report found that two of five college students and young employees would accept a lower-paying job that had more flexibility with BYOD, social media access, and mobility than a higher-paying job with less flexibility. So what about those at companies with very little flexibility when it comes to devices? Seven out of ten employees knowingly break IT policies on a regular basis, and three out of five believe that it is not their responsibility to keep the company secure. The bottom line: the workplace revolution is happening (and it’s being video streamed on your mobile device).

And as we become more and more reliant on mobile devices, cloud is becoming more of a focus area. In ‘the old days,’ we could only store our data and apps in physical servers in the company’s data center. But today, the data and apps can be stored and accessed additionally from public clouds, giving us more flexibility and agility. Think about a business developing a new product.  They will have likely built a private cloud in their datacenter. Should their product become an overnight success when it goes to market, it’s good to know that they can offload compute to public clouds to help handle the load.  These emerging trends may cause your company to implement new policies and train IT and staff, but in the end, the employees will be happier and productivity will be higher—and that has impact on customers, as well.

If you’d like to hear more about mobility, cloud and social media, check out the 2012 Time to Thrive Small Business Tour, in various cities throughout the United States over the next few months. Or, simply raise a glass and toast to the workplace revolution—and celebrate Cinco de Mayo, from any place, with any device.

By Marie Hattar