Welcome!

Open Source Authors: Carmen Gonzalez, Rex Morrow, Datical, Liz McMillan, Pat Romanski, Elizabeth White

Related Topics: Open Source, Cloud Expo

Open Source: Blog Post

Supporting CIO Strategies and Priorities from the Cloud

The modern CIO must transform from compiler of stacks to a broker of business needs

The biggest eye-opener in Gartner's recently-published study on the current agenda regarding the digital landscape for Chief Information Officers is that CIO’s recognize that cloud computing will not only be a significant part of the future, but that their own roles and behavior need to be updated to survive in the modern enterprise.

CIOs will have to develop new IT strategies and plans that go beyond the usual day-to-day maintenance of an enterprise IT infrastructure…. technologies provide a platform to achieve results, but only if CIOs adopt new roles and behaviors to find digital value.”

Most CIOs recognize that the future of enterprise IT lay not with sitting and writing code and patching servers, but rather one of strategic development and as an integrator of business goals: riding the sea change from a person plugging in cables to an analyst; from a compiler of stacks to a broker of business needs. For more, read my article Rethinking IT Using the Cloud as a Change Catalyst.

The Gartner survey of more than 2000 CIOs, was indeed fascinating -"Hunting and Harvesting in a Digital World: The 2013 CIO Agenda"- and one of the highlights was a wish list of Technology and Business Priorities for 2013. I, of course, was encouraged (yet not surprised) to see cloud computing, workflow, business intelligence and security on the list. Although they appear on separate wish lists, they represent the key transitions and challenges of the evolving paradigm CIOs must confront to keep their resources relevant and facilitate progress…it’s no leap that the successful achievement of any or all the items on the lists require a unification of technology, process and analysis.

Before you can say “Obvious Things, for $1000, Alex,” what I would like to do is highlight some specific tactics or advantages that integrate the Top Business Priorities with Top Technology Priorities. For this, I am advocating a holistic and unified security platform to demonstrate how a CIO can advance their agenda and ensure the smooth operation of their enterprise IT landscape.

First, the complete lists:

gartnerlist

Rather than giving you an example of each line item, I will combine several elements because a strong cloud-based security program unifies several technologies and provides the necessary business priorities. This is not to say other technologies within the purview of the CIO don’t apply, but as this is a security blog, I will keep it within the context to illustrate that the attainment of several goals can be correlated from the cloud. For that let’s look at some of the common threads that stitch together these “wish” lists.

Better visibility (analytics & business intelligence/collaboration/better operation results)-With better visibility comes better, faster decisions based on relevant data. If you can see the giant asteroid speeding towards the planet, better visibility provides the time and the layers of input to devise multiple options to prevent disaster! Yet as so much data criss-crosses the enterprise in so many forms, formats,  and shared ownerships; across so many applications for a multitude of purposes, it can be difficult (and resource-heavy) to monitor and fill vulnerability gaps. Many CIOs have invested in multiple technologies and processes to mitigate risk, however unless they are linked, or work collaboratively, it’s like hiring several children to plug dykes with their fingers. I’ve seen in too many companies that although they have the right intention, the left hand does not always know what the right is doing. There are simply too many devices, agendas, access opportunities and external and internal threats NOT to centralize and unify tools like SIEM, Log Management, single sign on and identity management. The idea here is that each controls a segment of enterprise security. By allowing them to leverage each other’s capabilities—to collaborate and communicate—under a centralized monitoring platform, you get contextual information that otherwise would take considerable more time and resourced expertise to compile, analyze and react.

Unification (centralization in real time), promotes three dimensional data (or 360 degree visibility) which, in turn, improves responsiveness and control. This allows you to deploy critical resources with pinpoint accuracy based on the full measure of intelligence and policy priorities. This is the key to better operational results.

Cost-effectiveness (efficiency/cloud computing/reducing enterprise costs). Security is not cheap. You should not nickel and dime costs when the smooth operation of your enterprise, your reputation amongst customers and partners, and the protection of your IP assets are at stake With that said, not only can security be affordable, but it can actually create ROI if deployed and managed intelligently. No one disputes the need to deploy something more than a firewall or password protection, but I understand that CIOs are now looking for better ROI on their existing poker hand. That’s where the cloud makes so much sense. By packaging (deployed and managed from the cloud) the 4 solution types mentioned in “better visibility,” CIOs avoid the dragging anchor of CapEx. In fact I have seen several case studies that show such an attachment strategy (adding pieces that are not currently an owned asset) operates at a savings that the subscription cost for the entire initiative is less than annual support and maintenance for on premise.  So if acquisition costs are significantly manageable, what you are left with is enterprise capabilities that increase your efficiency to resource quotient.

The whole concept of efficiency is more than just saving money and getting more bang for your buck on a cloud computing solution. If the security protocols and processes are configured using a combination of internal resources and security-as-a-service expertise, you expand your sphere of effectiveness and “protect” more virtual territory using less resources. Efficiency is about doing things better while expounding a minimum of resources. The idea of on-demand scalability (to expand or contract immediately based on business needs and not budget dictates) is another resource, cost savings concept that cloud security offers that makes your initiative right-sized. Too often initiatives are weighed down by bloated costs like investments in hardware/servers, unused licenses and lost protection time while trying to develop and deploy more complex versions.

Core competency focus (enterprise growth, legacy modernization, innovation) This is about working smarter. The reality of maintaining security across your enterprise is that the skills required to monitor, protect, update, respond, report and comply does not exist within one dedicated person, but 1/10th of 10 different people. Within a tenuous economy it is not a stretch to say IT has been the focus of a great deal of job fusion as many companies are forced to pare down staffs.

Many companies without the means to hire a large and experienced staff have found that outsourcing to an MSP (managed service provider) is a sound management decision. Taking this one step further, when you consider outsourcing features such as security-as-a-service or policy-as-a-service options, you create new benefits of security expertise (continuous tribal knowledge) without additional man hours or expense. Not only does this allow precision budgeting, but more importantly allows you to prioritize and focus on your company’s core competency.  As CIO, your job transforms from resetting passwords and patching updates to applications to finding and supporting new ways to expand your business through technology.

Improved automation:  (customer retention, Improving IT applications and infrastructure)Unified cloud based security makes it easier to manage users. Through automated provisioning and multi-level authentication, not only is it easier for your customers to do business with you, but you maintain their ongoing trust by being a proper steward of their private and sensitive information. More so are the behind-the-scenes policies and procedures enforced by a system that is looking at information) in real time) beyond log ins or passwords. By leveraging various aspects of identity and access management with that of SIEM’s intrusion detection and Log Management’s historical archiving, a unified system can automatically understand behavior patterns (adaptive risk) of users. Just because a log in has the right user name and password (which could have been stolen from a malware implant that records keystrokes) doesn’t mean it is the user. Using situational context, the system “sees” that the last 100 log ins came from an IP address in Provo, Utah…but this one is coming from overseas at 3am and is trying to access information not often viewed. The improved automated policy now sends an alert to the analyst who can put a block in place and shut down the incursion.

But automation keeps your infrastructure in good working order too. Not only does it help maintain whichever industry compliance regulation you company is required to follow, but through automatic provisioning controls what your internal users can do and see. Joe gets hired as a sales exec. As soon as he is added to Active Directory or LDAP and his role is identified, he is given a certain view of the network. And the reverse happens immediately once he leaves the company; removing the threat of sabotage or data theft or an access vulnerability left open to exploit.

Facilitating productivity (Legacy modernization, mobile tech, retaining workforce) The highest goal for any CIO is to find ways to make the enterprise more resilient, stronger and to fulfill its needs. Going back to mapping behavior patterns (as discussed above), another benefit of unified cloud based security is that it allows a CIO to see not just the negative tendencies (and vulnerabilities that keep you up at night), but the way employees work. Using technology, how can the CIO improve productivity? Tablets, phones and other personal devices? The best applications and solutions? The trick is to examine the needs and then broker the best way to facilitate the need without compromising security.

In the case of new applications, a variety of solutions can be designated across the enterprise and directed at specific users through rule and responsibility-based provisioning. This way access is controlled to only those who need to see certain features and the data is secure from unauthorized sources. In terms of BYOD, each company must make a decision on what these devices are allowed to access—from email to ERP data—and what is the policy on securing the individual devices.

Some analysts see 2013 as a tipping point in terms of technologies. This includes mobile, analytics, big data, social and cloud technologies. The CIO needs to be ready for this paradigm change.

One of the more salient points from the Gartner survey stems from the fact that only 43% of technology’s true business potential is being exploited to give companies a competitive edge. This, Gartner says, can’t continue, and if IT is to remain relevant in an increasingly digital world then there will have to be a substantial increase in this percentage.

Where this Gartner survey refers to cloud computing in general, this blog could apply to virtually any cloud-supported strategy.  It’s a big fluffy cloud out their and the 21st century needs to take full advantage of the agility and manageability the cloud provides. Move beyond the hype. Go beyond the buzzwords and the flavors of the month and see how a virtualized strategy improves your productivity, vision-to-reality proposals and your bottom line. To this,  I am saying that cloud-based security needs to be incorporated as part of this sea-change so that any sized company in any industry may realize the long term benefits of achieving the priorities noted on the Gartner lists. The features, functions, capabilities and reliability have matured to where they can easily and effectively support the vision of any forward-thinking CIO.

Kevin Nikkhoo
www.cloudaccess.com

If you want a PDF of this article, feel free to get it HERE. This is a direct d/l!

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
BSQUARE is a global leader of embedded software solutions. We enable smart connected systems at the device level and beyond that millions use every day and provide actionable data solutions for the growing Internet of Things (IoT) market. We empower our world-class customers with our products, services and solutions to achieve innovation and success. For more information, visit www.bsquare.com.
Almost everyone sees the potential of Internet of Things but how can businesses truly unlock that potential. The key will be in the ability to discover business insight in the midst of an ocean of Big Data generated from billions of embedded devices via Systems of Discover. Businesses will also need to ensure that they can sustain that insight by leveraging the cloud for global reach, scale and elasticity.
SYS-CON Events announced today that Red Hat, the world's leading provider of open source solutions, will exhibit at Internet of @ThingsExpo, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Red Hat is the world's leading provider of open source software solutions, using a community-powered approach to reliable and high-performing cloud, Linux, middleware, storage and virtualization technologies. Red Hat also offers award-winning support, training, and consulting services. As the connective hub in a global network of enterprises, partners, a...
SYS-CON Events announced today that SOA Software, an API management leader, will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. SOA Software is a leading provider of API Management and SOA Governance products that equip business to deliver APIs and SOA together to drive their company to meet its business strategy quickly and effectively. SOA Software’s technology helps businesses to accelerate their digital channels with APIs, drive partner adoption, monetize their assets, and achieve a...
From a software development perspective IoT is about programming "things," about connecting them with each other or integrating them with existing applications. In his session at @ThingsExpo, Yakov Fain, co-founder of Farata Systems and SuranceBay, will show you how small IoT-enabled devices from multiple manufacturers can be integrated into the workflow of an enterprise application. This is a practical demo of building a framework and components in HTML/Java/Mobile technologies to serve as a platform that can integrate new devices as they become available on the market.
SYS-CON Events announced today that Utimaco will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Utimaco is a leading manufacturer of hardware based security solutions that provide the root of trust to keep cryptographic keys safe, secure critical digital infrastructures and protect high value data assets. Only Utimaco delivers a general-purpose hardware security module (HSM) as a customizable platform to easily integrate into existing software solutions, embed business logic and build s...
How do APIs and IoT relate? The answer is not as simple as merely adding an API on top of a dumb device, but rather about understanding the architectural patterns for implementing an IoT fabric. There are typically two or three trends: Exposing the device to a management framework Exposing that management framework to a business centric logic • Exposing that business layer and data to end users. This last trend is the IoT stack, which involves a new shift in the separation of what stuff happens, where data lives and where the interface lies. For instance, it’s a mix of architectural style...
Connected devices are changing the way we go about our everyday life, from wearables to driverless cars, to smart grids and entire industries revolutionizing business opportunities through smart objects, capable of two-way communication. But what happens when objects are given an IP-address, and we rely on that connection, sometimes with our lives? How do we secure those vast data infrastructures and safe-keep the privacy of sensitive information? This session will outline how each and every connected device can uphold a core root of trust via a unique cryptographic signature – a “bir...
SYS-CON Events announced today that Matrix.org has been named “Silver Sponsor” of Internet of @ThingsExpo, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Matrix is an ambitious new open standard for open, distributed, real-time communication over IP. It defines a new approach for interoperable Instant Messaging and VoIP based on pragmatic HTTP APIs and WebRTC, and provides open source reference implementations to showcase and bootstrap the new standard. Our focus is on simplicity, security, and supporting the fullest feature set.
Internet of @ThingsExpo Silicon Valley announced on Thursday its first 12 all-star speakers and sessions for its upcoming event, which will take place November 4-6, 2014, at the Santa Clara Convention Center in California. @ThingsExpo, the first and largest IoT event in the world, debuted at the Javits Center in New York City in June 10-12, 2014 with over 6,000 delegates attending the conference. Among the first 12 announced world class speakers, IBM will present two highly popular IoT sessions, which will take place November 4-6, 2014 at the Santa Clara Convention Center in Santa Clara, Calif...
P2P RTC will impact the landscape of communications, shifting from traditional telephony style communications models to OTT (Over-The-Top) cloud assisted & PaaS (Platform as a Service) communication services. The P2P shift will impact many areas of our lives, from mobile communication, human interactive web services, RTC and telephony infrastructure, user federation, security and privacy implications, business costs, and scalability. In his session at Internet of @ThingsExpo, Robin Raymond, Chief Architect at Hookflash Inc., will walk through the shifting landscape of traditional telephone a...
WebRTC defines no default signaling protocol, causing fragmentation between WebRTC silos. SIP and XMPP provide possibilities, but come with considerable complexity and are not designed for use in a web environment. In his session at Internet of @ThingsExpo, Matthew Hodgson, technical co-founder of the Matrix.org, will discuss how Matrix is a new non-profit Open Source Project that defines both a new HTTP-based standard for VoIP & IM signaling and provides reference implementations.

SUNNYVALE, Calif., Oct. 20, 2014 /PRNewswire/ -- Spansion Inc. (NYSE: CODE), a global leader in embedded systems, today added 96 new products to the Spansion® FM4 Family of flexible microcontrollers (MCUs). Based on the ARM® Cortex®-M4F core, the new MCUs boast a 200 MHz operating frequency and support a diverse set of on-chip peripherals for enhanced human machine interfaces (HMIs) and machine-to-machine (M2M) communications. The rich set of periphera...

SYS-CON Events announced today that Aria Systems, the recurring revenue expert, has been named "Bronze Sponsor" of SYS-CON's 15th International Cloud Expo®, which will take place on November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Aria Systems helps leading businesses connect their customers with the products and services they love. Industry leaders like Pitney Bowes, Experian, AAA NCNU, VMware, HootSuite and many others choose Aria to power their recurring revenue business and deliver exceptional experiences to their customers.
The Internet of Things (IoT) is going to require a new way of thinking and of developing software for speed, security and innovation. This requires IT leaders to balance business as usual while anticipating for the next market and technology trends. Cloud provides the right IT asset portfolio to help today’s IT leaders manage the old and prepare for the new. Today the cloud conversation is evolving from private and public to hybrid. This session will provide use cases and insights to reinforce the value of the network in helping organizations to maximize their company’s cloud experience.
The Internet of Things (IoT) is making everything it touches smarter – smart devices, smart cars and smart cities. And lucky us, we’re just beginning to reap the benefits as we work toward a networked society. However, this technology-driven innovation is impacting more than just individuals. The IoT has an environmental impact as well, which brings us to the theme of this month’s #IoTuesday Twitter chat. The ability to remove inefficiencies through connected objects is driving change throughout every sector, including waste management. BigBelly Solar, located just outside of Boston, is trans...
SYS-CON Events announced today that Matrix.org has been named “Silver Sponsor” of Internet of @ThingsExpo, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Matrix is an ambitious new open standard for open, distributed, real-time communication over IP. It defines a new approach for interoperable Instant Messaging and VoIP based on pragmatic HTTP APIs and WebRTC, and provides open source reference implementations to showcase and bootstrap the new standard. Our focus is on simplicity, security, and supporting the fullest feature set.
Predicted by Gartner to add $1.9 trillion to the global economy by 2020, the Internet of Everything (IoE) is based on the idea that devices, systems and services will connect in simple, transparent ways, enabling seamless interactions among devices across brands and sectors. As this vision unfolds, it is clear that no single company can accomplish the level of interoperability required to support the horizontal aspects of the IoE. The AllSeen Alliance, announced in December 2013, was formed with the goal to advance IoE adoption and innovation in the connected home, healthcare, education, aut...
SYS-CON Events announced today that Red Hat, the world's leading provider of open source solutions, will exhibit at Internet of @ThingsExpo, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Red Hat is the world's leading provider of open source software solutions, using a community-powered approach to reliable and high-performing cloud, Linux, middleware, storage and virtualization technologies. Red Hat also offers award-winning support, training, and consulting services. As the connective hub in a global network of enterprises, partners, a...
The only place to be June 9-11 is Cloud Expo & @ThingsExpo 2015 East at the Javits Center in New York City. Join us there as delegates from all over the world come to listen to and engage with speakers & sponsors from the leading Cloud Computing, IoT & Big Data companies. Cloud Expo & @ThingsExpo are the leading events covering the booming market of Cloud Computing, IoT & Big Data for the enterprise. Speakers from all over the world will be hand-picked for their ability to explore the economic strategies that utility/cloud computing provides. Whether public, private, or in a hybrid form, clo...