Three CIOs discuss how a successful business continuity plan requires prioritization, awareness and testing
Prioritize What You Protect
Michael Rosello, SVP & CIO, Alliance Data: To really assess the effectiveness of a business continuity and disaster recovery plan, you’d need to invoke it, but you’d never want to do that. We’ve spent a lot of time over the past five years crafting every aspect of our plan–from making the process, methodology and technology investments that support business continuity to testing it in mock exercises.
As a mid-market company, we have established many partnerships, and our partners have their own business continuity and disaster recovery processes, so we are continually revamping our plans to work with theirs. Our partners are just as critical to our continuity processes as our own business units. Ultimately, a plan is only as good as all the people who go along with it.
We conduct a business impact analysis on our environment to prioritize the most critical components and test those. When you work with multibillion-dollar enterprises that have lots of moving parts spread over the country, you can’t test everything.
More of the CIO.com post
You have heard it said that “rock and roll is dead.” The same could soon be said about your IT department.
External pressures are driving an extinction of the IT department. Today’s business users are becoming more and more savvy, growing up with all kinds of technology in both the home and the office. Desk-side computing is dying off quickly, being left behind by technologies—like tablets, smart phones, and even wearable technology like eyeglasses and wristwatches—that make your employees more mobile and agile. This type of technology doesn’t typically need desk-side support, and when users are frustrated enough to need “human” help, they look for services such as Kindle’s Mayday for instant assistance that’s specific to the device/service that they are experiencing issues with.
The movement toward mobility and agility naturally drives organizations toward more cloud-based services, and software as a service (SaaS) rather than customized applications. This means that as time goes on, storage infrastructure, compute infrastructure, network infrastructure, and the data center will become less and less relevant.
Today’s business managers need to move at the speed of technology, and often consider the IT department a hindrance more than anything else. So how do you reverse that trend?
More of the VMware blog post
Is it reasonable to assume that if you’re buying a safe for all our valuables that you’d buy the one that is the best combination of security and cost. This combination of security and cost would be driven by your budget and the value (intrinsic or sentimental) of your precious items. I would guess that the same principle of budget vs. value would apply to protecting your IT environments.
So many places to look, so many holes to patch
The normal enterprise IT environment is filled with hundreds of applications. In most cases each of these applications is supported by unique design at the hardware and software level, if not also at the network layer. The fact that there is so much uniqueness about our IT environments means we expend inordinate amounts of time dealing with common problems in 100 unique ways. Maintaining these environments has become the bane of enterprise IT groups. By now, we’ve all heard the story of how keeping the lights on comprises 70-80% of the IT budget leaving only a small amount for much needed innovation.
Keeping the lights on has several meanings, including the mundane but critical “general maintenance and support” of each environment. However, keeping the lights on could also mean avoiding outages. Generically speaking, all of us in IT attempt to build and maintain environments with the highest possible availability (within budget and available resources). The problem is that we’re often spending too much time fighting fires of “maintenance & support” and not enough time solving the underlying issues that cause many of the fires or in this case cause many of the outages (same as a fire only worse). Where should IT focus its attention relative to avoiding outages and or reducing the number of fires?
More of the SwitchScribe post
Did you know that, to quote an angry hacker:
The Internet from every angle has always been a house of cards held together with defective duct tape. It’s a miracle that anything works at all. Those who understand a lot of the technology involved generally hate it, but at the same time are astounded that for end users, things seem to usually work rather well.
Today I want to talk about all of the egregious security disasters across the Internet over the last few months, but as Inigo Montoya once said: “No, there is too much. Let me sum up.” Alas, even an incomplete summary is a lengthy litany of catastrophe. Let’s see:
Apple:”Oh dear. “It’s as bad as you could imagine, that’s all I can say.”
Oh, and separately, their OpenSSL implementation is broken.
Linux: “Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping.”(1)
Microsoft Word: “Zero-day vulnerability under active attack.“
Yahoo: “Remote Command Execution Vulnerability.”
Credit cards: Target. Nieman Marcus. California’s DMV. Etcetera
More of the TechCrunch post
Stuart Rance posted an interesting blog about What Is Change Management For?. Then we had an excellent discussion about it on Google+, where some great stuff came up that I want to capture here in my IP repository (or “blog” for short). Tell me what you think:
I’m working in the heart of [change management] right now. I agree with every single word, except for one thought:
This article talks of my favourite dilemma – To Protect and Serve. They are often contradictory. If some part of the business – or some development team – wants to go faster than is safe for the organisational IT assets, then Change’s primary role is protection. There are lots of cogs in the machine that move change along, there is only one devoted to mitigating the risk. Where a conflict emerges between Protect and Serve for the Change function, Protect wins.
Thanks for the comment +Rob England. I have some sympathy for your position. As you say the issue is trying to get the balance right, but I have very rarely seen IT change management that is too focussed on agility and too little on protection.
What I see all too often is IT that thinks it understands business risk better than the people who should be owning that risk.
More of the IT Skeptic post
As organizations continue expanding their adoption of the public cloud, many IT and security professionals are beginning to see that they need improved cloud-monitoring and cloud-auditing capabilities. By cloud monitoring, I’m referring to the process of identifying cloud use within an organization and then evaluating if there are data privacy and/or compliance risks that need to be mitigated. Cloud monitoring includes the idea of fully understanding what clouds are being used and how employees are accessing and updating information, from where and when. This becomes more complicated with the proliferation of BYOD policies as well as the growing trend of Shadow IT groups within corporations that assist business units in deploying clouds without “Official” IT knowing about it. But steps can still be taken to manage the operational and legal risks associated with sending sensitive data outside of the corporation’s firewall while simultaneously enabling operating units to use the cloud as required to drive business results.
More of the Cloud Computing Journal article
Nothing delivers a rush of business adrenaline like the appearance of a new competitor. When Google bought Nest a few months ago, for example, every CEO with a stake in “smart home” products or the residential energy business took immediate notice.
When FedEx CEO Fred Smith was quizzed about the possibility of Amazon.com competing with his enormous transportation network by using drones to deliver packages, he dismissed the idea as “almost amusing.”
Yet as Managing Editor Kim S. Nash points out in her cover story (” Battle of the Archrivals”), some of the most effective competitive moves happening today in social, mobile, analytics and cloud technologies weren’t on anyone’s threat horizon until recently.
Given that reality, we wondered how and where IT was making a difference in three of the fiercest corporate rivalries: Home Depot vs. Lowe’s, Ford vs. General Motors, FedEx vs. UPS. “Technology boasts permeate the marketing and investment strategies for these companies,” Nash writes.
More of the CIO.com article
It’s time to take a step back and look at the data center model that’s impacting today’s business, . It’s time to see just how far this platform has come and exactly where it’s going. It’s time to say hello to the truly agnostic data center. Almost every new technology is being pushed through some type of data center model.
Inside of your current data center model – what do you have under the hood?
Storage, Networking, Compute
Power, Cooling, Environmental Controls
Rack and Cable Management
Building and Infrastructure Security
Although some of these underlying components have stayed the same. Requirements from the workloads that live on top have drastically evolved. Through it all, we’ve also seen an evolution of the physical aspect of the data center. We’re creating powerful multi-tenant, high-density platforms capable of handling users and the new data-on-demand generation. With all of these new technologies and demands, the modern data center has truly become a distributed node infrastructure.
More of the Data Center Knowledge article
To better understand the immediate future of enterprise mobility, CIO Insight recently spoke separately with Chris Hazelton, research director of mobile and wireless technologies at 451 Research, and Chris Marsh, a principal analyst of enterprise mobility at Yankee Group. The pair discussed mobility trends, device vendors, mobile ROI, and related developments for the enterprise in 2014 and beyond. Here is an edited version of the one-on-one interviews with Hazelton and Marsh.
What are the most important trends affecting how IT handles mobility today?
Chris Hazelton: The two biggest trends driving the way that IT handles mobility are the limited ability to control the devices that employees are using and the increasing amount of corporate data that is going across these devices. This dynamic means IT must control a growing use of corporate data in an environment in which it is steadily losing control.
As IT has ceded ground to users in terms of the devices that are used, the invasion of mobile apps will need to be a rallying point for organizations to regain control of mobile by managing the enterprise data, apps and work environments on mobile devices. Users can control the device, but IT will need to be the gatekeeper for data.
More of the CIO Insight article
Former Secretary of Defense Robert Gates used this phrase in his memoir, Duty: Memoirs of a Secretary at War. In his case, he was mainly referring to his dealings with Congress and the press, but it’s excellent advice for anyone interested in preserving their credibility, relationships and personal effectiveness.
I’ve had the taste of my foot in my mouth often enough to know that it’s hard to do when the lips are pressed tightly together. While it may be obvious, it’s easy miss chances to shut up when we’re fired by passion for our position or our product, or even when we’re trying to help someone else. Common opportunities to shut up include:
More of the CustomerThink post