Tag: IT

Protecting yourself online

Keeping your home computer safe is pretty basic says Nuix’s Chief Information Security Officer, Chris Pogue

What can consumers do to protect themselves online? Nuix’s Chief Information Security Officer, Chris Pogue, believes it’s all about sticking to the basics.

“It’s honestly easier than you think. It’s basic IT hygiene.” “Just the basics – bad passwords, reutilisation of passwords. There’s password managers available for ten dollars a year. Don’t reuse passwords.

“Close your wi-fi, don’t broadcast your Wi-Fi SSID. Make your PSK password longer than normal. Just make sure that you’re being smart and you’re exercising due diligence and you can stop a lot of attacks.”

Pogue also points out no computer, or device, is unhackable. The point with security is to make your devices less attractive to opportunistic cybercrooks.

“If you make it a little bit harder, the attacker have an ROI for their time. It’s a business, a multi-billion dollar business. They’re not going to mess around with you if you’re messing up their gross margin. Just make it not cost effective.”

“Nothing is unhackable but you just make it so it takes too much time,” he says.

One useful resource for home users is the Australian Signals Directorate’s Top Security Tips for the Home User. While basic, that advice is well worth while for those looking at protecting their systems.

Paul travelled to Las Vegas for the Black Hat conference as a guest of Nuix

Burning the boxes

Employing technology staff may be a matter of burning, not ticking, the boxes.

“I cater to their crazy and the results are tremendous. Hire the crazy, because you need them. Those are the ones that don’t think outside the box, they burn the box and stomp on the ashes,” says Chris Pogue, Chief Information Security Officer at Nuix who I interviewed at the Black Hat conference at Las Vegas last week.

Chris was talking about hiring information security people and, as the attendees at the Black Hat and DefCon conferences show, show that philosophy is important in hiring good technology people who tend to be people who don’t recognise the boxes, let alone tick them.

That point though could be made for many occupations, many businesses that claim they value ‘creative thinking” should be thinking about burning the boxes.

In a much more competitive environment having management ‘thinking within the box’ may be one of the greatest disadvantages facing an organisation, not just in recruitment but also in identifying threats and opportunities.

Burning the boxes may well be one of the best things business leaders could do for their organisation in finding and cultivating the talent to compete in tomorrow’s economy.

Cracking open the black box

Cisco looks to life in the API economy

One of the things confronting technology vendors in the past five years has been the commoditization of hardware and the opening up of standards. As software has eaten the computer hardware industry, those companies are being forced to make their systems more open.

In that world of open systems, it’s the ecosystem of developers and products around platforms that drives success. The best example being the iPhone where the range of third party apps available made Apple’s product the most compelling on the market.

At Cisco Live in Melbourne last week Susie Wee, the company’s Vice President in charge of the company’s DevNet developer relations program, described how the networking company is opening their systems with Application Program Interfaces (APIs) to build an ecosystem.

“What we want to do is help people with this transition,” says Susie. “With the network, with the infrastructure and with the cloud we want people to get more out of it.”

Cisco, like most hardware companies, are finding the shift to opening their data streams to be wrenching. The business model of a decade ago involved mysterious black boxes running on proprietary software with the data dished out sparingly.

While the the ‘black boxes’ still remain, becoming a ‘platform’ and making data available to all comers is very much a cultural shift for once dominant hardware companies like Cisco.

The question for IT hardware companies is how long they can defend their proprietary software systems – the hardware side is already slowly declining as software defined equipment takes over – while establishing dominance with their software and data feeds.

Users too need to be treading carefully as those APIs and the data being fed through them is subject to the business imperatives of the

Cisco hopes they can achieve this through their current market power and business networks, it is a hard ask for them though. For the entire tech industry, the shift to an API driven marketplace is going to be testing.

Paul travelled to Cisco Live in Melbourne as a guest of Cisco

Bringing cybersecurity into the mainstream

The corporate world is taking security seriously says Cisco’s Chief Security and Trust Officer, John Stewart

“Cybersecurity is out of the dungeon and now selling itself as a business service,” says Cisco’s Chief Security and Trust Officer, John Stewart.

Stewart was discussing his company’s security challenges at a Cisco Live briefing at their Melbourne conference yesterday.

The shift to security as a business service follows the pattern of computerisation in business believes Stewart, “at first businesses said you can’t keep important documents on computers, then they said you could only keep important data on computers”

For Stewart, the fact c-level execs recognise the importance of cybersecurity is a positive sign that indicates organisations are taking IT and communications security seriously.

When asked what keeps him up at night, Stewart said it was worries about infrastructure security, the Ukrainian power network’s experience after an attack from a seriously motivated group of hackers indicates just how serious this is.

Interestingly Stewart remains focused on the risks of security breaches, as the Internet of Things rolls out it may well be the integrity of data streams becomes a far greater focus for system administrators and security officers.

Paul travelled to Cisco Live in Melbourne as a guest of Cisco

Designing and the IoT

The Internet of Things promises to change the world of design

A piece I wrote for IoT hub looks at how the design industry is changing as every day devices, even clothes, can start communicating with the world.

In researching the piece, it was interesting just how broad the possibilities are, particularly when we start considering main devices will be able to change their roles depending on the commands they receive or the environment they detect.

What’s clear is the design industry is facing a world of opportunities, and challenges, as not only do objects start talking to each other, but also new materials and manufacturing processes start changing how we think ordinary items should be made and used.

Tech and tax write offs

Last week’s expansion of depreciation allowances for Aussie businesses is an opportunity to refresh your company’s tech

In last week’s Federal budget the biggest news for business was the expansion of the accelerated depreciation limits where items up to $20,000 can be immediately claimed as a tax deduction.

While this was a reversal of the previous budget that slashed the previous allowance, it was welcome news for businesses looking at replacing older tools and equipment or investing in new technology.

One of the notable things about business technology is companies have a habit of holding onto older equipment long beyond what should have been its use by date.

The consequences of using old technology are real, the older equipment is often not as fast as the newer kit which affects productivity and unpatched software is often the way malware finds its way into a business.

Point of sale risks

Earlier this week computer security vendor Trend Micro held their Cybercrime 2015 breakfast in Sydney where the director of the company’s TrendLabs Research division, Myla Pilao, described some of the threats facing businesses.
One of the top risks were Point Of Sale systems (POS) where Trend Micro’s research had found over a third of US retailers had malware on their cash registers, in Australia it was six percent.

Most of those infected POS terminals would be older units with many of them being software running on out of date versions of Windows that haven’t been patched or upgraded since they were bought a decade ago.

Similar problems exist with older workstations, internet routers and even photocopiers where the technology has moved on and security holes discovered. Basically old equipment holds businesses back and exposes them to risks.
Now the carrot of an immediate tax deduction gives Australian businesses an opportunity to refresh their technology. So what is the technology, smart company managers and owners should be spending their money on?

Kick out your desktops

“If it ain’t broke, don’t fix it” is the mantra for most business IT and desktop computers are the best example of this. In most companies as long as the word processing software or accounting package works the PCs continue to be used.

With the withdrawal of support for the decade old Windows XP operating system last year, many older computers started being a liability in a business so now is the time to replace them.

Consider tablets

It may not be necessary to replace the old desktop computer with new ones, for many job roles a tablet computer is often a better choice. With cloud technologies increasingly being adopted there’s less of a need for a grunty PC sitting on each staff member’s desk.

Upgrade the router

One of the areas where businesses often compromise is with their internet access. Having an old, cheap router designed for home use is just not good enough for companies who rely upon being connected.

A new business grade router will improve office internet access along with resolving most of the security issues older equipment is notorious for.

Going mobile

If you’re struggling on old mobile phones, now might be the time to upgrade to the latest smartphone. Amongst other things this will improve your office productivity, particularly if you combine the investment with some of the cloud services that make working on the road a lot easier.

Cloud services are not part of the depreciation rules as they are usually subscription models and this shows the weakness in the Federal government’s thinking.

Indeed for those vulnerable Point of Sale systems, a cloud based service running on tablet computers is probably a better solution than most server and PC based packages.

A lack of vision

The ‘ladies and tradies’ theme of the budget shows the Federal government is stuck in with the vision that Australian businesses are mainly mom and pop service operations in the traditional trades and professions.

While the depreciation changes are welcome they do little to help startups or companies in emerging industries and for the economy in general will provide not much more than a GDP ‘sugar hit’ for retailers’ cash registers as we buy imported equipment for our businesses.

For the Australian economy in general, the move really only benefits Gerry Harvey who can buy a few more racehorses from his stores’ and his rich mates who can afford some more expensive wine fuelled brawls in Sydney waterside restaurants.

Australian businesses owners need to be demanding better thought out policies from a government that claims to be friendly to industry. The economy is changing and 1970s style tax benefit is not the way to prepare for a changing world.

In the meantime, enjoy your tax write offs.

 

How the cloud killed the CIO

Has the shift to cloud computing made the IT manager redundant?

In Technology Spectator today I have a piece on cloud services and how the promise of high reliability threatens the IT manager and Chief Information Officer.

This shift is the same change that’s affected the IT support industry, as technology becomes more standardised and a commodity the need for specialist support and management becomes unnecessary.

In many respects this is similar to a hundred years ago where most factories had their own power plants providing electricity, steam or bel power to drive the machinery.

As mains power became common and reliable, businesses no longer needed specialist staff to ensure the power flowed.

While much of today’s commentary focuses on the CIO role evolving, it may well be the position is redundant.

The high cost of distrust

A lack of trust in data is going to cost the world’s economy over a trillion dollars forecast a Cisco panel

A lack of trust in technology’s security could be costing the global economy over a trillion dollars a panel at the Australian Cisco Live in Melbourne heard yesterday.

The panel “how do we create trust?” featured some of Cisco’s executives including John Stewart, the company’s Security and Trust lead, along with Mike Burgess, Telstra’s Chief Information Security Officer and Gary Blair, the CEO of the Australian Cyber Security Research Institute.

Blair sees trust in technology being split into two aspects; “do I as an individual trust an organisation to keep my data secure; safe from harm, safe from breaches and so forth?” He asks, “the second is will they be transparent in using my data and will I have control of my data.”

In turn Stewart sees security as being a big data problem rather than rules, patches and security software; “data driven security is the way forward.” He states, “we are constantly studying data to find out what our current risk profile is, what situations are we facing and what hacks we are facing.”

This was the thrust of last year’s Splunk conference where the CISO of NASDAQ, Mark Graff, described how data analytics were now the front line of information security as threats are so diverse and systems so complex that it’s necessary to watch for abnormal activity rather than try to build fortresses.

The stakes are high for both individual businesses and the economy as technology is now embedded in almost every activity.

“If you suddenly lack confidence in going to online sites, what would happen?” Asks Stewart. “You start using the phone, you go into the bank branch to check your account.”

“We have to get many of these things correct, because going backwards takes us to a place where we don’t know how to get back to.”

Gary Blair described how the Boston Consulting Group forecast digital economy would be worth between 1.5 and 2.5 trillion dollars across the G20 economies by 2016.

“The difference between the two numbers was trust. That’s how large a problem is in economic terms.”

As we move into the internet of things, that trust is going to extend to the integrity of the sensors telling us the state of our crops, transport and energy systems.

The stakes are only going to get higher and the issues more complex which in turn is going to demand well designed robust systems to retain the trust of businesses and users.

Ending the era of the IT manager

Is it now the turn of the CIO to go the way of the tea lady

Once every workplace had a tea lady; usually a happy friendly woman who cheefully dispensed tea, buscuits and office gossip around an organisation.

During the 1980s the company tea lady vanished as companies cut costs and changing workplaces made the role redundant, is it now the turn of the CIO to go the way of the tea lady?

Yesterday research company company Frost and Sullivan hosted in a lunch in Sydney outlining their views on the growth of cloud computing based upon their 2014 State Of The Cloud report.

The report itself had few surprises with a forecast of the cloud market growing 30% each year over the next five years, a statistic that won’t surprise many watching how users are moving away from desktop applications.

Shifting procurement

One of the key trends though is how cloud services change the procurement process and lock IT managers and Chief Information Officers out of decision making. As the report says;

Half of all organisations feel that the decision making process is shifting from that of the CIO and IT department to the individual business unit for implementation or updates of cloud applications such as HR, payroll, collaboration and conferencing.

While the report puts a positive spin on what it describes as the “evolving role of IT within organisations”, Mark Dougan – Frost & Sullivan’s Managing Director for Australia and New Zealand – mentioned that often the decision to adopt a cloud service were made by executive management and then the CIO was told to implement the technology.

This illustrates how CIOs’ already tenuous grip on being a senior management role has slipped. With the rise of cloud services, it’s become easier for executives to make choices without considering the technological consequences.

Probably the business that best illustrates this shift has been Salesforce where many corporations find they have dozens of subscriptions being charged to sales managers’ credit cards, much to the chagrin of company accountants and IT managers.  Salesforce and similar businesses have driven the trend so far that many consulting firms predict marketing departments will control more technology spending than IT managers in the near future.

That shift predates the coining of the word ‘cloud’, the term “port 80 and a credit card” was used to describe the Salesforce model of sales people signing up to what was then described as Software As A Service (SaaS) earlier in the century.

Does IT matter?

In 2003, writer Nicholas Carr predicted IT as a discipline would cease to matter within most organisations as technology became ubiquitous and taken for granted, just as electric power and railways did in the nineteenth and twentieth centuries.

The electricity and railway industries remain huge employers and are essential to modern business but most for most companies the products are taken for granted – few companies have a Chief Electricity Officer sitting on their executive team despite power being an essential service.

For those IT managers hoping for a senior c-level position or even a seat on the board, the move to the cloud is terrible news. Rather than getting the corner office, the CIO could be heading the way of the tea lady.

Will Sony ever learn its security lessons?

Once again Sony remind us of the importance of IT security.

For the last week the gossip and tech industry websites have been full of revelations gleaned from a massive hack into the network of entertainment company Sony.

Sadly it isn’t surprising that Sony that targeted in that hack, 2011 was described by this site as the ‘year of the hack’ and at the time I wondered when corporate managers would start taking IT security seriously.

As the most recent security breach shows, Sony’s managers certainly weren’t taking their information security seriously as alleged North Korean hackers gleefully disabled systems and downloaded confidential documents.

While Sony’s woes are deeply damaging to the company, not least for the executives caught out gossiping about movie stars, the stakes are far higher for other companies.

In Turkey its alleged a 2008 oil pipeline explosion was caused by Russian hackers while in the US, Palestinian sympathisers are accused of causing massive damage to the IT systems of the Sands Casino group.

Sony may be one of the most digitally incompetent business in history – at least in respect to IT security – but it’s important for every business to making sure their information systems and critical business systems are hardened against attacks.

IT becomes the plumbing

As the internet of everything and cloud computing takes over, IT is becoming just like the plumbing. This is a good thing.

One of the things that jumped out of last week’s smart city tour in Barcelona is that Nicholas Carr’s IT Doesn’t Matter is coming true — IT is now the plumbing.

That’s not to depreciate IT, it means the technology is now becoming so embedded in society and business that people no longer notice.

Like roads, electricity and water people assume it will be available but don’t notice the massive effort or investment required to make sure these services work.

With cloud computing, pervasive internet and connected devices, most business never need to see an IT worker.

For telco executives, IT managers and tech support people this is a blow to their egos as they always wanted their industries to be more than utilities.

In one way being a utility legitimises IT as it makes the industry more important than just a bunch of geeks playing with computers.

That also means that things have to work, ‘best effort’ services no longer cut it when you’re a utility and things have to work 99.99% of the time. Just like in plumbing.

Becoming the plumbing could be the best thing that happened to the IT industry.

Google, Facebook and the Silicon Valley paradox

The paradox of Silicon Valley is cloud and social media companies want us to use the products they won’t use themselves.

One of the great advertising campaigns of the 1980s featured entrepreneur and Remington Shaver CEO Victor Kiam telling the world “I liked the product so much I bought the company”.

The modern equivalent of Victor Kiam’s slogan is “eating your own dogfood” where businesses use their own products in day to day operations. It’s a great way of discovering weaknesses in your offerings.

One of the paradoxes of modern tech companies is how they don’t always eat their own dogfood when it comes to their business philosphies – they expect their customers to take risks and do things they deem unacceptable in their own businesses and social lives.

The best example of this are the social media services where founders and senior executives take great pains to hide their personal information, a phenomenon well illustrated by Mark Zuckerberg buying his neighbours’ houses to guarantee his privacy.

Just as noteworthy  are the policies of Google’s IT department, for past five years most tech evangelists – including myself – have been expounding the benefits of business trends like cloud computing and Bring Your Own Device (BYOD) policies.

Now it turns out that Google doesn’t trust BYOD, Windows computers or the Cloud, as the company’s Chief Information Officer, Ben Fried tells All Things D of his reasoning of banning file storage service Dropbox;

The important thing to understand about Dropbox,” Fried said, “is that when your users use it in a corporate context, your corporate data is being held in someone else’s data center.”

This is exactly the objection made by IT departments around the world about using Google’s services. It certainly doesn’t help those Google resellers trying to sell cloud based applications.

Fried’s view of BYOD also echoes that of many conservative IT managers;

“We still want to buy you a corporate laptop, get the benefits of our corporate discounts, and so on. But even more importantly: Control,” Fried said. “We make sure we know how secure that machine is that we know and control, when it was patched, who else is using that computer, things like that that’s really important to us. I don’t believe in BYOD when it comes to the laptop yet.”

Despite these restrictions on Google’s users, Fried doesn’t see himself or his department as being controlling types.

“But the important part,” Fried said, “is that we view our role as empowerment, and not standard-setting or constraining or dictating or something like that. We define our role as an IT department in helping people get their work done better than they could without us. Empowerment means allowing people to develop the ways in which they can work best.”

Fine words indeed when you don’t let people use their own equipment or ask for a business case before you can use Microsoft Office or Apple iWork.

That Google doesn’t give its staff access to many cloud services while Facebook’s managers restrict their information on social media shows the paradox of Silicon Valley – they want us to use the products they won’t use themselves.

Back in the 1980s, Victor Kiam liked what he saw so much that he bought the company. You’d have to wonder if Victor would buy Google or Facebook today.