Four Steps Public-Sector CIOs Should Take To Break Down Silos Impeding Innovation
Government agencies, almost by design, are large and slow-moving. When
something goes wrong, the response is often to add another policy and another
layer of approvals and reviews. This slows things down even more and
frustrates efforts by CIOs and other decision-makers to make informed and
timely choices. Further inhibiting—and complicating—operations, individual
mission centers facing bureaucratic barriers often create their own
duplicative capabilities, delivered quickly and effectively, but just for
their own use. These silos are especially common when it comes to information
technology and are given the pejorative label of “Shadow IT” by CIOs and
others at the enterprise level who want to assert control over all agency
technology. ... Don’t reinvent solutions just because that’s the way it’s been
done. Resist the urge to customize. Change your policies and practices, if you
can, so you can set and use standards that break down application, data and
user silos. Push back internally on those policies that exist for the lowest
common denominator. Challenge your technologists to leverage these standards
and build tools that can solve enterprise problems at speed and scale.
Italian Banking Association ready to trial Central Bank Digital Currency
In the announcement it read, " Italian banks are available to participate in
projects and experiments of a digital currency of the European Central Bank,
contributing, thanks to the skills acquired in the creation of infrastructure
and distributed governance, to speed up the implementation of a European-level
initiative in a first nation." A year ago the Association of Italian
Banks set up a working group dedicated to deepening the understanding related
to digital coins and crypto assets. From this group 10 recommenations were
announced that include: Monetary stability and full respect for the European
regulatory framework must be preserved as a matter of priority; Italian
banks are already operating on a Distributed ledger technology Dlt
infrastructure with the Spunta project. They intend to be part of the change
brought about by an important innovation such as digital coins; A
programmable digital currency represents an innovation in the financial field
capable of profoundly revolutionizing money and exchange. This is a
transformation capable of bringing significant potential added value, in
particular in terms of the efficiency of the operating and management
processes. ...
The next software disruption: How vendors must adapt to a new era
The rise of PaaS has changed what it takes to be a successful
enterprise-software vendor. As PaaS services become more sophisticated,
software application vendors have a tougher time justifying a price premium
for products that could be delivered with a thin user interface on top of
generic PaaS services. With PaaS tools giving attackers and customers
themselves the means to develop new applications quickly, software vendors
that do not innovate in kind will face increased risk. Software vendors need
to defend their share of the profit pool by taking a clear look at where they
have the best and most defendable opportunities to differentiate themselves.
Rather than going head-to-head with the Big Three, one strategy is to
specialize and tailor solutions to the needs of targeted verticals and use
cases. This strategy proved successful in the early 2010s, when SaaS
disruptors first entered the market. The legacy-software vendors that were
closest to the customer and had a high degree of industry and domain expertise
protected their market share and maintained their enterprise value-to-revenue
multiples while customers that stressed differentiation on the basis of their
technology were more vulnerable
How Manufacturers Can Address Cybercrime in the Ongoing Pandemic
Security has never been a top priority for manufacturers. Security features
and best practices are often not taken into account when new products are
purchased. With COVID-19 requiring companies across all industries to explore
remote workforce options, manufacturing companies prioritized, and invested
in, automation systems that make it easier for their employees to do their
jobs from the safety of their homes. Although it is encouraging to see
companies making investments to support their employees, many automation tools
are being purchased without considering their security features. Standard
security best practices such as checking for previous reported
vulnerabilities, changing factory settings and passwords, and training
employees in the secure ways to use the new solutions are not happening. With
fewer guards and controls in place, it's easy for industrial control systems
to be hacked simply through accident or user error. Despite the challenges
plaguing the industry -- outdated technology, a disconnect between safety and
security, and vulnerabilities associated with remote work operations -- there
are small steps that manufacturers can take to significantly improve their
security posture.
IoT Security Is a Mess. Privacy 'Nutrition' Labels Could Help
At the IEEE Symposium on Security & Privacy last month, researchers from
Carnegie Mellon University presented a prototype security and privacy label
they created based on interviews and surveys of people who own IoT devices, as
well as privacy and security experts. They also published a tool for
generating their labels. The idea is to shed light on a device's security
posture but also explain how it manages user data and what privacy controls it
has. For example, the labels highlight whether a device can get security
updates and how long a company has pledged to support it, as well as the types
of sensors present, the data they collect, and whether the company shares that
data with third parties. “In an IoT setting, the amount of sensors and
information you have about users is potentially invasive and ubiquitous," says
Yuvraj Agarwal, a networking and embedded systems researcher who worked on the
project. "It’s like trying to fix a leaky bucket. So transparency is the most
important part. This work shows and enumerates all the choices and factors for
consumers." Nutrition labels on packaged foods have a certain amount of
standardization around the world, but they're still more opaque than they
could be. And security and privacy issues are even less intuitive to most
people than soluble and insoluble fiber.
Smart Devices: How Long Will Security Updates Be Issued?
Europe's automobile industry is bound by regulations for supporting vehicle
components to ensure consumers have access to critical parts, says Brad Ree,
CTO of ioXt and board member with the ioXt Alliance, which is a trade group
dedicated to securing IoT devices. But Ree says with connected devices, no
regulator has yet made the leap to ensure that the software is supported for
an extended period. "Right now, consumers really don't know how long the
product is going to be supported," Ree says. That's critical because smart
devices cost more than devices without software control features. The U.S. is
trying to nudge manufacturers in the right direction. Two years ago, the
National Telecommunications and Information Administration created a document
about what type of information companies should clearly communicate to
consumers before they buy a smart device. The voluntary recommendations
include describing whether and how a device receives security updates and the
anticipated timeline for the end of security support.
Why the open source DBaaS market is hot
"The good news is that there's a lot of open source database choice for
organizations," said James Curtis, senior research analyst at S&P Global.
"The bad news is that there's a lot open source choice and that can cause some
confusion." While a growing number of vendors support open source database
products, the public cloud vendors also offer versions of many popular open
source databases, Curtis noted. For example, AWS boasts a managed Cassandra
service, as well as support for MySQL and PostgreSQL with its Relational
Database Service (RDS). When they get ready to decide on which route to take,
Curtis said that organizations need to choose a vendor that provides the
support they are looking for. For open source database vendors, DBaaS might
also represent a threat as it has the potential to replace or cannibalize
existing on-premises deployments. Among DBaaS benefits, one of the most
important is reducing the time organizations need to spend managing the
infrastructure. "What will happen in the future is that database workloads
will gravitate to the right environment in which it makes sense to run that
workload," Curtis said. "Some workloads are best suited to run on premises and
perhaps always will."
Organizations Must Reset Expectations to Spring Back from Pandemic
The first step is identifying an organization’s critical assets and the
missions they support. The SEI's foundational process improvement approach to
operational resilience management, the CERT Resilience Management Model
(CERT-RMM), defines four asset types: people, facilities, technology, and
information. "The COVID-19 crisis has impaired our people and our facilities,
so it’s akin to a natural disaster," said Butkovic. However, most disaster
plans did not anticipate that the event would affect everyone, everywhere.
"Typically, you don’t have fires at all of your facilities at the same time,
with little notion of when they’ll be put out. In that way, there are lessons
to be learned from cyber events, which can affect all locations
simultaneously." During a cyber attack, an organization might keep its
technology assets out of harm's way by modifying firewall rules. During the
COVID-19 pandemic, most human assets are keeping out of harm’s way by staying
away from the workplace. But not all safeguards can remain in place
forever.
The Future of Work: Best Managed with Agility, Diversity, Resilience
While the future is uncertain, one clear trend is that remote work will play
a larger role during and after the pandemic. After experiencing several
weeks of office closures, organizational leaders are questioning the wisdom
of maintaining the same amount of office space because in most cases,
employees have proved they can be productive and collaborate effectively
while working remotely. On the flip side, some employees have discovered
they prefer working at home, at least part-time. To affect social distancing
in the short-term, employers must rethink space utilization. Interestingly,
they may find they've stumbled upon their longer-term strategy, which is
some version of a partly remote, partly on-site workforce. With digital
transformation, more tasks and processes are aided or facilitated by
software. Meanwhile, the organizations' tech stacks are becoming
increasingly virtual (cloud-based), intelligent (machine learning and AI),
and diverse (including IoT). However, digital transformation isn't just
about technology implementation, it's also about cultural transformation
which reflects greater diversity and cross-departmental collaboration.
Building Resiliency in the Age of Disruption and Uncertainty
Attendees discussed how risk needs to be managed holistically. James Fong,
Regional Business Director at RSA, highlighted the need to view risk in the
context of four pillars namely, operations, workforce, supply chain and
cybersecurity. Fong said that “Operational risk management, IT and security
risk management, regulatory and corporate compliance, business resiliency,
third party governance and audit management, need to be part of an
integrated risk management plan.” Fong continued “Risk data needs to be
shared on customised dashboards for executives, CISOs and others. The data
needs to give a clear understanding of the monetary cost associated with the
risk. For example, how much is a risk worth? What is the cost of the
threat?” Importantly, organisations need to understand the risk associated
with third party suppliers. A more common view expressed is that no matter
how much you prepare yourself, there will always be instances when
organisations need to react to situational change. For example, incoming
threats that can choke or change content in the media industry.
Quote for the day:
