The information security profession is built on three fundamental tenets, those of confidentiality, availability, and integrity. Increasingly, however, I see two things happening:
- Organizations are reprioritising these to reflect their significance within their organization, with confidentiality often trailing to availability and integrity; or
- Additional aspects such as authentication, authorization, non-repudiation etc. are supplementing the CIA triad.
It seems that there may be a growing group of S&R professionals who are dissatisfied with these concepts, feeling that they are ambiguous or incomplete, and some find it troublesome that they lack standard units of measurement.
It was with interest, therefore, that I noted a competition issued by the O-ISM3 Consortium, an organization that focuses on fostering alignment between security objectives and business goals. Their challenge lays out a use case for participants to navigate. It involves a mock audit on a travel company and presents entrants with the audit findings. The participants are then challenged to create a set of audit questions that would lead to these responses, but they have to choose one of two alternative paths – either their questions must all include references to C, I, and A, or none of them may.
When computers were invented 60 years ago, nobody would have thought that gazillions of 0 and 1s would soon rule the world. After all, that’s all there is in any computer memory, be it a laptop, a mobile phone, or a supercomputer like Watson; if you could open memory up and visualize the smallest elementary unit, you would “see” only an infinite sequence of 0s and 1s, something that would look like this:
Interestingly, that has not changed. Computers are still processing 1s and 0s. What has changed is that we live in an age of digital disruption, an age where software applications run and rule our business more and more. To be successful, those applications need to be engaging and entertaining so that consumers enjoy and are delighted by them; they also have to be mobile and accessible anywhere and at anytime, and they have to leverage tons of information, no matter if it comes from a database, a tweet, or Facebook.
IBM recently kicked off its big data market planning for 2014 and released a white paper that discusses how analytics create new business value for end user organizations. The major differences compared with last year’s event:
Organizational change. IBM has assigned a new big data practice leader for China, similar to what it’s done for other new technologies including mobile, social, and cloud. IBM can integrate resources from infrastructure (IBM STG), software (IBM SWG), and services (IBM GBS/GTS) teams, although the team members do not report directly to them.
A new analytics platform powered by Watson technology. The Watson Foundation platform has three new functions. It can be deployed on SoftLayer; it extends IBM’s big data analysis capabilities to social, mobile, and cloud; and it offers enterprises the power and ease of use of Watson analysis.
Measurable benefits from customer insights analysis. Chinese organizations have started to buy into the value of analytics and would like to invest in technology tools to optimize customer insights. AmorePacific, a Hong Kong-based skin care and cosmetics company, is using IBM’s SPSS predictive analytics solution to craft tailored messages to its customers and has improved its response rate by more than 30%. It primarily analyzes point-of-sale data, demographic information from its loyalty program, and market data such as property values in the neighborhoods where customers live.
The entire cloud ecosystem in China is undergoing significant change. End users are getting more serious about adopting cloud solutions and ISVs are working with telecom carriers and partners to deliver mission-critical business applications in the cloud. My latest report, “Brief: Major Players Are Targeting The Chinese Cloud Market For Core Business Apps,” summarizes the overall trends of cloud adoption in China, looks at each vendor’s solution, and provides high-level suggestions. Specifically, I discuss:
General trends in SaaS adoption in China. Timing is very critical for market penetration. The survey results I share in this report show a dramatic increase in decision-maker interest in cloud-based offerings. This is probably the last chance for companies that want significant market share, but do not yet have it, to enter the Chinese SaaS market.
All of the major multinational vendors are moving. Global players have been closely watching the cloud market in China for years, and in 2013 they have made strategic moves. SAP, Oracle, Microsoft, and Infor have adopted different strategies in China based on the strengths and capabilities of their core product and solution offerings, technology stack, and partners. The report will tell you how each of these companies is working to address the Chinese market.
Local market leader practices. Large multinational vendors are not the only ones with skin in the game. Major local players in enterprise management software, such as Yonyou and Kingdee, are also working hard and have achieved significant progress in this space. The report will tell you what advantages their global peers need to have and which shortcomings they need to improve upon.
I know, more control is an axiom! But the above statement is more often true. When we're talking about configuration control in the public cloud it can be especially true, as control over the configuration of your application can put control in the hands of someone who knows less about the given platform and thus is more likely to get the configuration wrong. Have I fired you up yet? Then you're going to love (or loathe) my latest report, published today.
Let's look at the facts. Your base configuration of an application deployed to the cloud is likely a single VM in a single availability zone without load balancing, redundancy, DR, or a performance guarantee. That's why you demand configuration control so you can address these shortcomings. But how well do you know the cloud platform you are using? Is it better to use their autoscaling service (if they have one) or to bring your own virtual load balancers? How many instances of your VM, in which zones, is best for availability? Would it be better to configure your own database cluster or use their database as a service solution? One answer probably isn't correct — mirroring the configuration of the application as deployed in your corporate virtualization environment. Starting to see my point?
Fact is, more configuration control may just be a bad thing.
Over the last 12 years, I've seen – and helped drive – a lot of change in the BPM market. First, I watched BPM move from a heavy focus on integration to a greater focus on collaboration and social interaction. And then, BPM expanded from highly structured and ‘automate-able’ processes to address unstructured, more dynamic business processes. It is safe to say that over the last decade, demand for BPM was driven by key characteristics of the "Information Age" - a relentless drive towards improving the flow and sharing of information across people and systems.
Now, the most compelling business cases powering fresh demand for BPM focus on characteristics of the new age we are moving into - what Forrester calls the "Age Of The Customer." If you look closely at most of today’s BPM initiatives, they tend to hide behind an imaginary firewall that separates what external customers experience and what internal business operations feel they need to be efficient. In this new age, business leaders are waking up to the realization that they can no longer divorce process improvement from the people and systems that touch customers, partners, and customer-facing employees.
The fact that the world is becoming digital is no longer really newsworthy. It’s a boardroom topic for most firms. As it should be. You only have to open your eyes to see the impact that digital touchpoints have on business. As I sit here writing this blog, I am in the departure lounge of Brussels Airport en route to Stockholm for the last leg of a presentation roadshow. I’m surrounded by travelers on smartphones, tablets, and a few laptops. Almost everyone (with the exception of a sole individual filling in a crossword) is using a digital device.
Firms are beginning to acknowledge this digital-first culture. We’ve been presenting to audiences in cities all around Europe, talking about Transforming Into A Digital Business In The Face Of Disruption. The overwhelming feedback from these presentations has been that firms are beginning to realize that digital is critical to their future success (and in some cases, their very survival). This spans B2C and B2B. But in many cases, the executives we speak to say their firms don’t have a digital strategy, and even if they do, they doubt their capability to deliver it.
It’s clear — companies need help to make sense of what digital means to them.
In this age of the customer, there is nothing more important than the effective and safe operation of the global financial system. Trillions of dollars move around the world because of a well-oiled financial services system. Most consumers take our financial services system for granted. They get paid, have the money direct deposited into their account, pay bills, use their ATM card to get cash, and put family valuables in the safety deposit box. The consumer’s assumption is that their cash, investments and valuables are safe.
Symantec’s 2014 CyberWar Games set out to prove or disprove how correct are these assumptions. Symantec’s cyberwar event is the brainchild of Samir Kapuria, a Symantec vice president within the Information Security Group. Symantec structures the event as a series of playoff events. Teams form and compete, earning points for creating and discovering exploits. Out of this process, the ten best teams travel to Symantec’s Mountain View, California headquarters to compete in the finals.
Asia Pacific (AP) organizations have historically been slower to outsource critical information security functions, largely due to concerns that letting external parties access internal networks and manage IT security operations exposes them to too much risk. They have also not fully understood the real business benefits of outsourcing partnerships from a security perspective. However, this trend has recently started to reverse. I have just published a report that outlines the key factors contributing to this change:
Skill shortages are leading to higher risk exposure. Scarce internal security skills and a dearth of deep technical specialists in the labor pool are ongoing challenges for organizations around the world. This not only raises the cost of staffing and severely restricts efficiency, it may also increase the costs of security breaches by giving cybercriminals more time to carry out attacks undetected; at least one study indicates that the majority of reported breaches are not discovered for months or even years. The early adopters of managed security services in AP tell us that external service providers’ staff have more technical knowledge and skill than their internal employees.
Back in July 2012, I authored a post about Pitney Bowes and the company’s focus on reinventing itself. At that time, the company had a great portfolio of software assets and a good overall market message — but its market approach was fragmented, its solutions were not integrated, and it was a difficult company to figure out from the perspective of a customer or prospect. About 15 months ago, Pitney Bowes appointed Marc Lautenbach as its new CEO to address these issues.
Fast forward to today. Last week I had the opportunity to spend some time with Marc while he was in Sydney. In his brief time with the company, he has sorted out a number of the challenges I was referring to — including giving the firm a laser-sharp focus on a few key areas, bringing traditional assets into the digital world, refining its sales model, and leveraging those areas in which it has competitive advantage.
Marc sees PB’s main opportunities in the following areas:
eCommerce. PB has the ability to classify assets for all types of commerce providers and ship them anywhere around the globe.
Location-based solutions. Not only does PB have great mapping information, but it can also integrate data from any domain and apply its own algorithms to make that data valuable.
Printers, sorters, meters, and inserters. This isn’t a fast-growing business, but it’s a big one — and one that’s still important to many companies. It’s also a segment in which PB has some unique capabilities.