Smart Grid – Make It Secure And Compliant

Critics of Smart Grid argue that it is not secure enough to be rolled out yet. They may even paint a doomsday picture similar to ‘Die Hard 4’, with hackers breaking into the grid and controlling the nation’s power system. That kind of extreme scenario is shocking — in essence launching a denial of service (DOS) attack that can imperil critical infrastructure. This year’s Black Hat conferenceplans to showcase similar security threats that can impact smart meters and devices. NIST has put out a 270 page roadmap of Smart Grid standards and protocols that address various aspects of controls, including security. These guidelines can help utility companies, manufacturers, technology vendors, and service integrators to streamline controls when rolling out Smart Grid. However, the implementation of this approach is missing to date.   

Read more

Please Fill Out These Forms...The SEC Will See You Now

Chris McClean

Is regulatory oversight more or less invasive than oral surgery? Sure, both are necessary sometimes. But however you feel about the current level of corporate scrutiny, it’s clearly increasing, and that means the jobs of corporate governance, risk management, and compliance professionals are going to get even tougher.

The last month has seen some dramatic news related to corporate disclosure, most notably a bill approved by the House Financial Services committee that would require public companies to explain executive and employee compensation packages, and to write rules that would prohibit any compensation that could have a substantial, negative effect on financial markets. Lawmakers expect that this bill, if approved, will be rolled up with other legislation.

Read more

Cloud DR Services Are Real

Stephanie Balaouras

There is a lot of hype surrounding cloud and I'm usually not one to join the hype but in the case of cloud-based backup and disaster recovery services (I'm trying to use the IT service continuity but it hasn't caught on yet), these service are available today and they address major pain points in IT operations and organizations of all sizes can leverage these services, not just small and medium businesses.

Storage-as-a-Service is relatively new. Today the main value proposition is as a cloud target for on-premise deployments of backup and archiving software. If you have a need to retain data for extended periods of time (1 year plus in most cases) tape is still the more cost effective option given it's low capital acquisition cost and removability. If you have long term data retention needs and you want to eliminate tape, that's where a cloud storage target comes in. Electronically vault that data to a storage-as-service provider who can store that data at cents per GB. You just can't beat the economies of scale these providers are able to achieve.

If you're a small business and you don't have the staff to implement and manage a backup solution or if you're an enterprise and you're looking for a PC backup or a remote office backup solution, I think it's worthwhile to compare the three year total cost of ownership of an on-premise solution versus backup-as-a-service.

Read more

What's In a Name? Announcing Truth in Labeling

Andrew Jaquith

A few days ago, my colleague Chris McClean asked the excellent question, "Is Risk Management Compatible with ERM?" I saw the headline come across my RSS reader and I thought, "Cool! I'd love to read what Chris thinks about enterprise rights management," a technology that I cover as part of my data security coverage. I'd advise you to read his post, which is excellent.

Read more

Is IT Risk Management Compatible With ERM?

Chris McClean

Every month or so, news events (attacks on government sites, massive privacy breaches, etc.) provide a ‘wake-up call’... a proof point used by vendors and practitioners alike that protecting our national and corporate information assets has never been more critical. On occasion we even see these incidents yield promises of action, for example the anticipated appointment of a US Cybersecurity Czar, which my colleague Khalid Kark discusses here

But in spite of these warnings, my conversations with enterprise risk and IT risk professionals still reveal many disconnects, including that IT risks are not measured consistently with other enterprise risks. In addition, many IT risk professionals do not see their biggest risks showing up on the corporate risk register.

Read more

Cisco’s Smart Connected Communities – Are They Securely Connected As Well?

I attended a Cisco Systems briefing early this week about its Smart Connected Communities initiative. Once again Cisco demonstrated its forward thinking by bringing together various government initiatives under the umbrella of what they call Smart Connected Communities.  A Smart Connected Community is built on IP-based infrastructure. This means that all of the critical components of a city infrastructure like utility, transportation, healthcare, commercial buildings, and emergency response systems connect via an IP-based network.

Overall, it was a good update briefing. But I was surprised to hear just how confident Cisco is that securing this networked infrastructure is a no brainier. When I asked the presenter: “Given that network infrastructure is not nearly as robust and secure in some emerging geographies, how are you planning to ramp up the backbone and make the network secure enough end-to-end to run smart services?”

Read more

Categories:

Cybersecurity Czar – Where art Thou?

Khalid Kark


Bill Brenner at CSO recently wrote an interesting piece highlighting the urgency of having a cybersecurity leader. Although I do not agree with him that the simple DDOS attacks on government Websites could have been prevented by having a Cybersecurity Czar, I do agree with him that we need a cybersecurity leader – now!  


We all rejoiced when President Obama ordered a 60 day cybersecurity review shortly after taking office. We were all excited when, on May 29th, a report summarizing the findings of the cybersecurity review was released and the president declared cybersecurity as a national security priority for his administration, and a personal goal for him.

Read more

Securing Google's Chrome OS

Deduplication Market Undergoes Rapid Changes

Stephanie Balaouras In May, I blogged about NetApp's announced acquisition of deduplication pionneer, Data Domain. The announcement triggered an unsolicted counter-offer from EMC, followed by another counter from NetApp. But after a month of offers, counter-offers and regulatory reviews, EMC ultimately outbid NetApp with an all cash offer of $2.1 billion. I believe that Data Domain would have been a better fit in the current NetApp portfolio; it would have been easier for NetApp to reposition its current VTL as a better fit for large enterprises that still planned to leverage tape. It's also said that more than half of Data Domain's current employees are former NetApp employees so there would have been a clear cultural fit as well.

 

For $2.1 billion, EMC gets Data Domain's more than 3000 customers and 8000 installs but it also gets a product that in my opinion, overlaps with its current Quantum-based disk libraries, the DL1500 and DL3000. In Forrester inquiries and current consulting engagements, Data Domain is regularly up against the EMC DL1500 and DL3000. EMC will need to quickly explain to customers how it plans to position its new Data Domain offerings with its current DL family, both the Quantum- and Falconstor-based DLs as well as its broader data protection portoflio that includes Networker and Avamar - which also offer deduplication.

Read more

Categories:

Free Webinar Assessing And Transforming IT Operations In 2010

Stephanie Balaouras

2009 was the year we focused on virtualization and consolidation of IT infrastructure to drive down costs. Virtualization and consolidation will remain top initiatives in the second half of 2009 as IT organizations strive to save more by expanding virtualization and driving up the ratio of virtual machine to physical server. But what’s next? For one, virtualization is changing IT management, processes, and roles but most organizations have yet to adapt. Second, a lot of initiatives were put on hold in 2009 to focus on projects that had an immediate return on investment. As a result, many organizations put off infrastructure upgrades, postponed ITIL process adoption, and stepped back from process automation. But in order to achieve the next level of IT operational efficiency we’ll need to reprioritize these initiatives. And by doing so, we’ll be in a better position to selectively leverage web, cloud, and outsourcing services to eliminate some costs completely.

If you want to learn more about these topics, please join my complimentary Webinar, "Transforming IT Infrastructure And Operations in 2010" on July 16th at 11AM EST. You can register for the session by visiting: www.forrester.com/ioassessmentwebinar.

By Stephanie Balaouras

Check out Stephanie's research