04
Dec 17

The Register – Seek ‘passion’ and tech skills will follow, say recruiting security chiefs

Plugging the infosec skills gap with expensive consultants or by trying to hire already skilled people won’t fix recruitment headaches, Thom Langford, CISO at Publicis Groupe, insisted at the #IRISSCERT conference in Dublin this week.

He argued that the industry should be looking for “passionate people and inspire them”, rather than people with CVs ticking the appropriate boxes.

“I’m not asking for people to take chances, rather give people opportunities” by looking beyond qualifications and experience and thinking about potential.

“We need to stop looking only for round pegs to go into round holes,” Langford said, adding that those with an IT background pick things up more quickly.

More of The Register post from John Leyden


29
Nov 17

Continuity Central – Common trends and weaknesses in crisis preparedness and business resilience

Victoria Cross, managing partner, Instinctif Partners’ Business Resilience team, discusses the top trends which have emerged from the company’s CrisisOptic and RecallOptic online diagnostic and benchmarking tools over the past year.

In the year since the CrisisOptic and RecallOptic tools have been available, we have helped over 50 businesses and organizations to quantify their business resilience. Three areas have emerged as common weaknesses in crisis preparedness and business resilience strategies and the following article looks at these in turn:

Post-incident review is a weak area

A score of 100 percent is the highest that can be achieved in each category measured, with the Review category (conducting and learning from a post-incident review) being identified as the most common area of weakness. Many of the companies obtained a low score in this area, with some even scoring zero. The average score was 50.7 per cent.

Interestingly, although overall it might be expected that larger companies would generally score more highly, size has not proved a clear indicator of preparedness. In fact, we have seen both global brands and small manufacturers scoring zero in this category.

More of the Continuity Central post


08
Nov 17

Baseline – Business Units Participate in Tech Buying Process

In today’s enterprises, line-of-business (LoB) departments are playing a bigger role in the technology buying process, especially when it concerns applications and services related to mobile and collaborative technologies. And increasingly, those two technologies are viewed as a single entity by most IT and business executives. Those findings highlight the “CDW Digital Workspace Solutions Report,” which is based on a survey of nearly 2,000 IT and non-IT executives who participate in their organization’s purchasing decisions for digital workspace solutions. This view aligns with CDW’s definition of digital workspace as the culmination of various technology silos coming together to seamlessly connect people and get work done effortlessly, anytime, anywhere and on any device. “The fact that our survey found 41 percent of digital workspace solutions are now selected by departments outside of IT shows how pervasive and integral voice, video and other collaboration technologies are becoming to organizations,” observed Nathan Coutinho, director of workspace solutions for CDW.

More of the Baseline slideshow from Eileen McCooey


07
Nov 17

ZDNet – SaaS, PaaS, and IaaS: Understand the differences

Understanding the cloud is critical to the future of business. Here’s a brief explanation of the three layers by which cloud services are delivered.

Cloud computing is one technology moving faster than almost all others toward becoming table stakes in enterprise IT. In 2017 alone, the public cloud services market is predicted to grow 18 percent, hitting a value of $246.8 billion, according to research firm Gartner.

Understanding the cloud can help business leaders make more strategic investments and remain competitive going forward. Cloud clarity starts with understanding the model itself.

As a service
According to 451 Research analyst Carl Brooks, for a technology solution to qualify as “as a Service,” it has to meet the National Institute of Standards and Technology (NIST) definition parameters, which he paraphrased as “self-service, paid on-demand, elastic, scalable, programmatically accessible (APIs), and available over the network.”

More of the ZDNet article from Conner Forest


30
Oct 17

ZDNet – Time to move on from DevOps and continuous delivery, says Google advocate

Continuous integration and continuous delivery (CI/CD) and DevOps may be on many peoples’ minds these days, but there’s nothing particularly new about the concept — software shops should have put these concepts into action years ago. Instead, technology leaders should be now worrying about the futures of their businesses.

building-observation-deck-world-trade-center-one-photo-by-joe-mckendrick.jpg
Photo: Joe McKendrick
That’s the view of Kelsey Hightower, staff developer advocate at Google Cloud Platform, who says too many IT leaders are debating how to manage IT operations and workflows, when their businesses are being hit with unprecedented disruption. “CI/CD is a done deal — like 10 years ago it was a done deal,” he said in a recent podcast with CTO Advisor’s Keith Townsend. “There is nothing to figure out in that domain. A lot of people talk about DevOps, and there may be some culture changes, in number of people who can do it or are allowed to do it. For me, that is the table stakes. CI/CD, DevOps; we have to say, listen, figure it out, or go work with another team outside this company to figure it out.”

More of the ZDNet article from Joe McKendrick


13
Sep 17

Fast Company – RIP, Jerry Pournelle, a pioneer of tech journalism for the non-geeky

In 1980, anyone who used a PC was, by definition, something of a nerd. But Byte, the leading computer magazine of the time, saw a need for a column that emphasized the benefits of the machines rather than their innards. It found its author in celebrated science-fiction author Jerry Pournelle, whose Byte writings–best known by the name “Chaos Manor”–were not very technical; profoundly first person-y and opinionated; focused what you could do with a PC; and prone to going off on extended tangents that were as defining an aspect of the columns as the parts that more obviously belonged in a publication called Byte.

More of the Fast Company article


06
Sep 17

IT Business Edge – Clouds Vie for Critical Workloads

Editors note: Like the Skytap illustration in the article, Expedient clients are using public and private cloud services RIGHT NOW to improve application performance, reduce maintenance workloads, and improve uptime. These organizations don’t have the luxury of waiting for their development teams or primary software vendors to rewrite their mission critical apps from the ground up.

It seems that cloud providers are no longer fooling around when it comes to getting enterprise workloads. With new migration packages and services optimized for mission-critical data and applications, CSPs large and small are eager for your business.

The question for most enterprises, however, is whether to stick with the hyperscale providers like Amazon and Microsoft, or go with a not-so-large firm that may have a bit more flexibility when it comes to matching infrastructure with customized user needs.

Skytap, for one, is hoping that the one-size-fits-all approach will not be enough for most enterprises as they embrace crucial service offerings like Big Data and the IoT. CEO Thor Culverhouse argues that the cloud giants are overlooking key market segments like the legions of mission-critical apps that are stuck on legacy systems but will have to move to hybrid infrastructure in order to keep up with the speed of business activity. His plan is to offer specialized infrastructure optimized for the 75 percent of the enterprise workload that is not likely to become cloud-native any time soon.

More of the IT Business Edge article from Arthur Cole


02
Aug 17

IT World – 7 things your IT disaster recovery plan should cover

Enterprise networks and data access can be knocked out without warning, thanks to natural and man-made disasters. You can’t stop them all from happening, of course, but with a good disaster recovery plan you can be better prepared for the unexpected.

Hurricanes. Tornadoes. Earthquakes. Fires. Floods. Terrorist attacks. Cyberattacks. You know any of these could happen to your business at any time. And you’ve probably got a disaster recovery (DR) plan in place to protect your enterprise’s data, employees and business.

But how thorough is your DR plan? When was it last updated and tested? Have you taken into account new technologies and services that can make it easier to recover from disaster? The following are 7 things your IT disaster recovery plan should include.

1. An analysis of all potential threats and possible reactions to them

Your DR plan should take into account the complete spectrum of “potential interrupters” to your business, advises Phil Goodwin, research director of data protection, availability and recovery for research firm IDC. (IDC is part of IDG, which publishes CSO.)

More of the IT World post from James A Martin


14
Jul 17

Continuity Central – Reasons to Eliminate the Business Impact Analysis

Adaptive BC, a website established to develop and promote a new approach to business continuity, has been calling for the elimination of the BIA. In this article David Lindstedt, one of the founders of Adaptive BC, explains why.

The business impact analysis (BIA) has been a staple of business continuity for decades. In that time, the BIA has grown, expanded, and become rather nebulous in its scope, objectives, and value. By exploring both its initial purpose and current implementation, we can conclude that early benefits gained from the BIA no longer outweigh the disadvantages, and that practitioners ought to eliminate the use of the BIA as much and as soon as feasible.

Part one: genesis

What was the BIA when it came into use? The original intent of the BIA was to estimate the impact that a significant incident would have on the business. More accurately, it was to estimate the different types of impact that a significant incident would have on different parts of the business. As the BCI DRJ Glossary states, even today the BIA is defined simply as the, “Process of analyzing activities and the effect that a business disruption might have on them.”

More of the Continuity Central article


13
Jul 17

Continuity Central – DNS attacks are posing an increasing threat to businesses

EfficientIP has published the results of a survey that was conducted for its 2017 Global DNS Threat Survey Report. It explored the technical and behavioural causes for the rise in DNS threats and their potential effects on businesses across the world.

Major issues highlighted by the study, now in its third year, include a lack of awareness as to the variety of attacks; a failure to adapt security solutions to protect DNS; and poor responses to vulnerability notifications. These concerns will not only be subject to regulatory changes, but also create a higher risk of data loss, downtime or compromised reputation.

According to the report, carried out among 1,000 respondents across APAC, Europe and North America, 94 percent of respondents claim that DNS security is critical for this business. Yet, 76 percent of organizations have been subjected to a DNS attack in last 12 months and 28 percent suffered data theft.

More of the Continuity Central post