Obama Appoints IT Security Czar

Posted on February 16, 2009 by Sam Conforti

Michael Markulec, COO of Lumeta Corporation, writes in CIO Update that the Obama Administration has appointed Melisa Hathaway as Advisor to the President on National Cyber Security. For a more comprehensive review of the appointee and her relationship to the Bush Administration see Siobhan Gorman’s article in the Wall Street Journal, Hathaway to Head Cybersecurity Post. Markulec is all for the newly created position. He points to the disconnect between the federal government and the private sector when it comes to our infrastructure and the necessary control systems in these most important industries. He states the obvious that their connection to the internet leaves us open to a cyber-attack. He also touts Hathaway’s concern that simple hand-held devices can be used to conduct foreign and industrial espionage.

I’m sorry but I just don’t see anything new or any quantum leap towards more effective cyber security from this newly created position. But one only needs to read further and the newness becomes apparent. Markulec predicts, and I agree with him, that new regulations are on the way. He compares the coming new regulations for the IT community and the CIO to the Sarbanes-Oxley legislation aimed at corporate CFO’s. Well, I guess we all know how that went. Do we really need more regulations or do we just need enforcement of the existing laws? If we are using our latest string of financial debacles as our guide, I guess arguments can be made for both sides. Some might say if the Congress didn’t block the creation of regulations for Freddie Mac and Fannie Mae we might not have had the subprime mortgage meltdown. Others might argue if the SEC had only investigated and enforced its own existing regulations the Bernie Madoff Ponzi Scheme would have been discovered much sooner with less devastating financial losses for investors.

I think the Obama Administration may have tipped their hand at what may or may not be coming down the pike as it relates to cyber security, and that I am afraid is more of the same. Gorman reports that James Jones, National Security Advisor, has requested a further study on cyber security. Hathaway is tasked with conducting this 60 day study. And so the end result will be a study that will collect and discuss issues that are apparently known. Will the ends justify the means? Will we have tougher regulations for CIO’s as Markulec predicts, and if we do, will they be enforced and make any difference? That remains to be seen.

Tags: , , , , , , , , , , , , , , ,

Should You Outsource Your Infrastructure: 10 Points to Consider When Choosing a Service Provider

Posted on November 10, 2008 by Sam Conforti

 

Due to the current economic conditions, IT departments are coming under increasing pressure to do more with less.  However, over the last few years upper level management has become leery of divesting themselves of the servers and network to a service provider.  In prior postings to this Blog I have provided reasons why outsourcing can benefit the enterprise, 10 Reasons to Outsource, and also a comprehensive checklist to consider prior to making the decision, Checklist Before Outsourcing Your IT.  In an effort to continually update this topic as events evolve, this posting is another in this series and concentrates on the concerns one might have regarding the Service Provider.  To get the full detail underlying the following points to consider when evaluating which Service Provider is best for your enterprise read Outsourcing Your Infrastructure: Ten Points to Consider When Making the Move.  Here is a brief summary of those ten points:

 

·         Uptime:  Greater reliance on the internet makes “On” the only option.  The global marketplace makes this a necessity.  The options could be straight hosting, managed service, or SaaS.

·         Redundancy and Business Continuity:    loss of customer call center could result in lost orders.

·         Data Restoration:  eDiscovery Laws require a significant and competent back-up plan.

·         Response Time and Site Performance: providers have high-performance servers and high-speed access, but do they have only one location.

·         Scalability to meet growth: Can the Service Provider add capacity quickly to meet the rapid increase in demand, in other words, does the Service Provider have the financial capital available to rapidly add more servers.

·         Customer Support:  This is the “value-add” dimension that differentiates one Service Provider from the other.

·         Security:  Must be able to adhere to the Data Privacy laws such as Sarbanes-Oxley, and Gramm-Leach-Bliley.

·         Cost Reduction and One-Stop Billing:  Abandon the ala carte approach to IT infrastructure.  Bundled services are discounted.

·         Optimized IT resources i.e. dedicated servers:  Allows IT staff to redirect their efforts to delivering their own services.  Plus services on demand priced on usage is better offered from a service provider’s business model.

·         Financial improvements:  Eliminates the need for cash oulay for hardware and turn the cost into an operational expense as the enterprise pays for a service.

 

 

Tags: , , , , , , , , , , , ,