Welcome!

Open Source Cloud Authors: Elizabeth White, Kevin Benedict, Abdul Jaleel Kavungal Kunnumpurath, David H Deans, Yeshim Deniz

Related Topics: Open Source Cloud, @CloudExpo

Open Source Cloud: Blog Post

Supporting CIO Strategies and Priorities from the Cloud

The modern CIO must transform from compiler of stacks to a broker of business needs

The biggest eye-opener in Gartner's recently-published study on the current agenda regarding the digital landscape for Chief Information Officers is that CIO’s recognize that cloud computing will not only be a significant part of the future, but that their own roles and behavior need to be updated to survive in the modern enterprise.

CIOs will have to develop new IT strategies and plans that go beyond the usual day-to-day maintenance of an enterprise IT infrastructure…. technologies provide a platform to achieve results, but only if CIOs adopt new roles and behaviors to find digital value.”

Most CIOs recognize that the future of enterprise IT lay not with sitting and writing code and patching servers, but rather one of strategic development and as an integrator of business goals: riding the sea change from a person plugging in cables to an analyst; from a compiler of stacks to a broker of business needs. For more, read my article Rethinking IT Using the Cloud as a Change Catalyst.

The Gartner survey of more than 2000 CIOs, was indeed fascinating -"Hunting and Harvesting in a Digital World: The 2013 CIO Agenda"- and one of the highlights was a wish list of Technology and Business Priorities for 2013. I, of course, was encouraged (yet not surprised) to see cloud computing, workflow, business intelligence and security on the list. Although they appear on separate wish lists, they represent the key transitions and challenges of the evolving paradigm CIOs must confront to keep their resources relevant and facilitate progress…it’s no leap that the successful achievement of any or all the items on the lists require a unification of technology, process and analysis.

Before you can say “Obvious Things, for $1000, Alex,” what I would like to do is highlight some specific tactics or advantages that integrate the Top Business Priorities with Top Technology Priorities. For this, I am advocating a holistic and unified security platform to demonstrate how a CIO can advance their agenda and ensure the smooth operation of their enterprise IT landscape.

First, the complete lists:

gartnerlist

Rather than giving you an example of each line item, I will combine several elements because a strong cloud-based security program unifies several technologies and provides the necessary business priorities. This is not to say other technologies within the purview of the CIO don’t apply, but as this is a security blog, I will keep it within the context to illustrate that the attainment of several goals can be correlated from the cloud. For that let’s look at some of the common threads that stitch together these “wish” lists.

Better visibility (analytics & business intelligence/collaboration/better operation results)-With better visibility comes better, faster decisions based on relevant data. If you can see the giant asteroid speeding towards the planet, better visibility provides the time and the layers of input to devise multiple options to prevent disaster! Yet as so much data criss-crosses the enterprise in so many forms, formats,  and shared ownerships; across so many applications for a multitude of purposes, it can be difficult (and resource-heavy) to monitor and fill vulnerability gaps. Many CIOs have invested in multiple technologies and processes to mitigate risk, however unless they are linked, or work collaboratively, it’s like hiring several children to plug dykes with their fingers. I’ve seen in too many companies that although they have the right intention, the left hand does not always know what the right is doing. There are simply too many devices, agendas, access opportunities and external and internal threats NOT to centralize and unify tools like SIEM, Log Management, single sign on and identity management. The idea here is that each controls a segment of enterprise security. By allowing them to leverage each other’s capabilities—to collaborate and communicate—under a centralized monitoring platform, you get contextual information that otherwise would take considerable more time and resourced expertise to compile, analyze and react.

Unification (centralization in real time), promotes three dimensional data (or 360 degree visibility) which, in turn, improves responsiveness and control. This allows you to deploy critical resources with pinpoint accuracy based on the full measure of intelligence and policy priorities. This is the key to better operational results.

Cost-effectiveness (efficiency/cloud computing/reducing enterprise costs). Security is not cheap. You should not nickel and dime costs when the smooth operation of your enterprise, your reputation amongst customers and partners, and the protection of your IP assets are at stake With that said, not only can security be affordable, but it can actually create ROI if deployed and managed intelligently. No one disputes the need to deploy something more than a firewall or password protection, but I understand that CIOs are now looking for better ROI on their existing poker hand. That’s where the cloud makes so much sense. By packaging (deployed and managed from the cloud) the 4 solution types mentioned in “better visibility,” CIOs avoid the dragging anchor of CapEx. In fact I have seen several case studies that show such an attachment strategy (adding pieces that are not currently an owned asset) operates at a savings that the subscription cost for the entire initiative is less than annual support and maintenance for on premise.  So if acquisition costs are significantly manageable, what you are left with is enterprise capabilities that increase your efficiency to resource quotient.

The whole concept of efficiency is more than just saving money and getting more bang for your buck on a cloud computing solution. If the security protocols and processes are configured using a combination of internal resources and security-as-a-service expertise, you expand your sphere of effectiveness and “protect” more virtual territory using less resources. Efficiency is about doing things better while expounding a minimum of resources. The idea of on-demand scalability (to expand or contract immediately based on business needs and not budget dictates) is another resource, cost savings concept that cloud security offers that makes your initiative right-sized. Too often initiatives are weighed down by bloated costs like investments in hardware/servers, unused licenses and lost protection time while trying to develop and deploy more complex versions.

Core competency focus (enterprise growth, legacy modernization, innovation) This is about working smarter. The reality of maintaining security across your enterprise is that the skills required to monitor, protect, update, respond, report and comply does not exist within one dedicated person, but 1/10th of 10 different people. Within a tenuous economy it is not a stretch to say IT has been the focus of a great deal of job fusion as many companies are forced to pare down staffs.

Many companies without the means to hire a large and experienced staff have found that outsourcing to an MSP (managed service provider) is a sound management decision. Taking this one step further, when you consider outsourcing features such as security-as-a-service or policy-as-a-service options, you create new benefits of security expertise (continuous tribal knowledge) without additional man hours or expense. Not only does this allow precision budgeting, but more importantly allows you to prioritize and focus on your company’s core competency.  As CIO, your job transforms from resetting passwords and patching updates to applications to finding and supporting new ways to expand your business through technology.

Improved automation:  (customer retention, Improving IT applications and infrastructure)Unified cloud based security makes it easier to manage users. Through automated provisioning and multi-level authentication, not only is it easier for your customers to do business with you, but you maintain their ongoing trust by being a proper steward of their private and sensitive information. More so are the behind-the-scenes policies and procedures enforced by a system that is looking at information) in real time) beyond log ins or passwords. By leveraging various aspects of identity and access management with that of SIEM’s intrusion detection and Log Management’s historical archiving, a unified system can automatically understand behavior patterns (adaptive risk) of users. Just because a log in has the right user name and password (which could have been stolen from a malware implant that records keystrokes) doesn’t mean it is the user. Using situational context, the system “sees” that the last 100 log ins came from an IP address in Provo, Utah…but this one is coming from overseas at 3am and is trying to access information not often viewed. The improved automated policy now sends an alert to the analyst who can put a block in place and shut down the incursion.

But automation keeps your infrastructure in good working order too. Not only does it help maintain whichever industry compliance regulation you company is required to follow, but through automatic provisioning controls what your internal users can do and see. Joe gets hired as a sales exec. As soon as he is added to Active Directory or LDAP and his role is identified, he is given a certain view of the network. And the reverse happens immediately once he leaves the company; removing the threat of sabotage or data theft or an access vulnerability left open to exploit.

Facilitating productivity (Legacy modernization, mobile tech, retaining workforce) The highest goal for any CIO is to find ways to make the enterprise more resilient, stronger and to fulfill its needs. Going back to mapping behavior patterns (as discussed above), another benefit of unified cloud based security is that it allows a CIO to see not just the negative tendencies (and vulnerabilities that keep you up at night), but the way employees work. Using technology, how can the CIO improve productivity? Tablets, phones and other personal devices? The best applications and solutions? The trick is to examine the needs and then broker the best way to facilitate the need without compromising security.

In the case of new applications, a variety of solutions can be designated across the enterprise and directed at specific users through rule and responsibility-based provisioning. This way access is controlled to only those who need to see certain features and the data is secure from unauthorized sources. In terms of BYOD, each company must make a decision on what these devices are allowed to access—from email to ERP data—and what is the policy on securing the individual devices.

Some analysts see 2013 as a tipping point in terms of technologies. This includes mobile, analytics, big data, social and cloud technologies. The CIO needs to be ready for this paradigm change.

One of the more salient points from the Gartner survey stems from the fact that only 43% of technology’s true business potential is being exploited to give companies a competitive edge. This, Gartner says, can’t continue, and if IT is to remain relevant in an increasingly digital world then there will have to be a substantial increase in this percentage.

Where this Gartner survey refers to cloud computing in general, this blog could apply to virtually any cloud-supported strategy.  It’s a big fluffy cloud out their and the 21st century needs to take full advantage of the agility and manageability the cloud provides. Move beyond the hype. Go beyond the buzzwords and the flavors of the month and see how a virtualized strategy improves your productivity, vision-to-reality proposals and your bottom line. To this,  I am saying that cloud-based security needs to be incorporated as part of this sea-change so that any sized company in any industry may realize the long term benefits of achieving the priorities noted on the Gartner lists. The features, functions, capabilities and reliability have matured to where they can easily and effectively support the vision of any forward-thinking CIO.

Kevin Nikkhoo
www.cloudaccess.com

If you want a PDF of this article, feel free to get it HERE. This is a direct d/l!

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
SYS-CON Events announced today that Enzu will exhibit at SYS-CON's 21st Int\ernational Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to focus on the core of their ...
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), provided an overview of various initiatives to certify the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldwide re...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
IoT solutions exploit operational data generated by Internet-connected smart “things” for the purpose of gaining operational insight and producing “better outcomes” (for example, create new business models, eliminate unscheduled maintenance, etc.). The explosive proliferation of IoT solutions will result in an exponential growth in the volume of IoT data, precipitating significant Information Governance issues: who owns the IoT data, what are the rights/duties of IoT solutions adopters towards t...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...
When growing capacity and power in the data center, the architectural trade-offs between server scale-up vs. scale-out continue to be debated. Both approaches are valid: scale-out adds multiple, smaller servers running in a distributed computing model, while scale-up adds fewer, more powerful servers that are capable of running larger workloads. It’s worth noting that there are additional, unique advantages that scale-up architectures offer. One big advantage is large memory and compute capacity...
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interoute, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
The Internet giants are fully embracing AI. All the services they offer to their customers are aimed at drawing a map of the world with the data they get. The AIs from these companies are used to build disruptive approaches that cannot be used by established enterprises, which are threatened by these disruptions. However, most leaders underestimate the effect this will have on their businesses. In his session at 21st Cloud Expo, Rene Buest, Director Market Research & Technology Evangelism at Ara...
SYS-CON Events announced today that Silicon India has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Published in Silicon Valley, Silicon India magazine is the premiere platform for CIOs to discuss their innovative enterprise solutions and allows IT vendors to learn about new solutions that can help grow their business.
Amazon started as an online bookseller 20 years ago. Since then, it has evolved into a technology juggernaut that has disrupted multiple markets and industries and touches many aspects of our lives. It is a relentless technology and business model innovator driving disruption throughout numerous ecosystems. Amazon’s AWS revenues alone are approaching $16B a year making it one of the largest IT companies in the world. With dominant offerings in Cloud, IoT, eCommerce, Big Data, AI, Digital Assista...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
"MobiDev is a Ukraine-based software development company. We do mobile development, and we're specialists in that. But we do full stack software development for entrepreneurs, for emerging companies, and for enterprise ventures," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that TMC has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo and Big Data at Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Global buyers rely on TMC’s content-driven marketplaces to make purchase decisions and navigate markets. Learn how we can help you reach your marketing goals.
SYS-CON Events announced today that TechTarget has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TechTarget storage websites are the best online information resource for news, tips and expert advice for the storage, backup and disaster recovery markets.
SYS-CON Events announced today that Telecom Reseller has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
SYS-CON Events announced today that Ayehu will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara California. Ayehu provides IT Process Automation & Orchestration solutions for IT and Security professionals to identify and resolve critical incidents and enable rapid containment, eradication, and recovery from cyber security breaches. Ayehu provides customers greater control over IT infras...
Artificial intelligence, machine learning, neural networks. We’re in the midst of a wave of excitement around AI such as hasn’t been seen for a few decades. But those previous periods of inflated expectations led to troughs of disappointment. Will this time be different? Most likely. Applications of AI such as predictive analytics are already decreasing costs and improving reliability of industrial machinery. Furthermore, the funding and research going into AI now comes from a wide range of com...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex software systems for startups and enterprises. Since 2009 it has grown from a small group of passionate engineers and business...