There is tremendous anxiety about security risks in the cloud. CIOs and CSOs worry whether they can trust their users (both internal and external to the enterprise) or need to implement additional internal controls in the private cloud, and whether third-party providers can provide adequate protection in multi-tenant environments that may also store competitor data.
There are ten data security challenges in the cloud:
- Protection of confidential business, government, or regulatory data
- Detection of data breaches
- Coordination with the enterprise record management for document retention and destruction
- Cloud service models with multiple tenants sharing the same infrastructure
- Viability of the service provider in case of a business disruption or financial failure
- Data mobility and legal issues relative to such government rules as the EU Data Privacy Directive
- Lack of standards about how cloud service providers securely recycle disk space and erase existing data
- Auditing, reporting, and compliance concerns
- Loss of visibility to key security and operational intelligence that no longer is available to feed enterprise IT security intelligence and risk management
- An insider who does not even work for your company, but may have control and visibility into your data
When you are in the process of doing trying to restore you operations you do now want to have things in your way that could make you fail. Google is one such thing that you may not want to have to deal with.
With Google’s latest Chrome upgrade did just that. Now only extensions or add-ons that originate from the Chrome Web Store, Google’s official distribution channel, can be installed. The new policy currently affects only users of the Windows version of Chrome.
Chrome automatically throws a “kill switch” on extensions that had been installed previously from sources other than the Chrome Web Store. Google called this a “hard-disable,” or one that prevents the user from re-enabling the add-on.
Now, if you have a mission critical application, and for whatever reason Google can kill the application. You now do not have complete control of your environment.
10 Hot New Jobs in IT
As technology changes new jobs titles are appearing in IT. The 10 hot new jobs that have high demand are:
- Chief Digital Officer – The Chief Digital (CDO) helps a company drive growth by converting traditional “analog” businesses to digital ones, and over sees operations in the rapidly changing digital sectors like mobile applications, social media and related applications, virtual goods, as well as web-based information management and marketing.
- Chief Mobile Officer – The Chief Mobility Officer (CMO) is responsible for overall direction of all mobility issues associated with Information Technology applications, communications (voice and data), and computing services within the enterprise.
- Manager Vendor Management – A Manager Vendor Management is a key player when it comes to an IT department’s interactions with its suppliers of hardware, software, and services. The Manager Vendor Management is the person that provides product and service purchasing guidance for the department.
- Manager Video and Web Content – The Manager Video and Website Content is responsible developing the voice for all aspects of the organization’s online presence. In addition to writing, editing, and proofreading site content, this person also works closely with the technical team to maintain site standards with regard to new development. The Manager Video and Website Content is responsible for crafting site promotions, email newsletters, and online outreach campaigns.
- Project Manager ERP – The Project Manager Enterprise Resource Planning (ERP) is responsible for overseeing the Enterprise Resource Planning (ERP) project team. This group is responsible for the enterprise database systems and transaction processing. This responsibility includes transaction processing security, resource monitoring and reporting, and the development of specialized programs. The Project Manager Enterprise Resource Planning (ERP) coordinates transaction processing software issues with other IT organizations including applications and operations.
- Supervisor BYOD Support – The Supervisor BYOD Support is responsible for the overall coordination, control and maintenance of personal mobile devices within the enterprise to insure compatibility and integration with enterprise strategies.
- BYOD Support Specialist – The BYOD Support Specialist is responsible for the overall coordination, control and maintenance of all BYODs within the enterprise to insure compatibility and integration with enterprise strategies.
- Cloud Computing Architect – The Cloud Computing Architect provides the technical leadership and direction in implementing virtualization related architectural projects and issues, working through the prioritization process with the appropriate groups.
- ERP Architect – The Enterprise Resource Planning (ERP) Architect provides the technical leadership and direction in implementing ERP – related architectural projects and issues, working through the prioritization process with the appropriate groups
- Audio Visual Technician – The Audio Visual Technician operates, schedules, and maintains audiovisual services for the enterprise. In addition the technician is responsible for the audio and visual aspects of the company’s external presence including company websites and blogs.
Top 10 interview best practices for recruiting
Top 10 best practices that every interviewer should follow — even in a bad employment market candidates still need to say yes when they are offer a position. It is up to the company and its recruiters to create a situation that will assure that when they provide an offer it is accepted. Here are the top 10 things that recruiters need to do when they are hiring.
- Make the right first impression — Job candidates know to put their best foot forward, but companies in hiring mode can forget to do the same. That includes everything from seeing that the office receptionist greets the candidate and treats them with respect, to company employees smiling and saying hello as the candidate walks to and from the interview. Creating a recruitment-friendly atmosphere is the job of the whole company. You should never underestimate how important a compelling company culture is to the overall hiring process.
- Have complete and accurate job description – If the position is not clear to the hiring manager, they will not be able to explain it to the candidate. The description should have a good summary that is posted or placed in the ad in addition to the full one which would be understood before the interview starts.
- Have the candidate review the job description before the interview – if the candidate knows the roles and responsibilities of the position they will be much more likely to provide a better picture of how they could fill the role.
- Communicate to the candidate what the interview will entail – Let the candidate know that they will be spending x time in the interview. If there is any testing of any sort they should be aware of that especially if there is a personality or physiological testing process.
- Be prompt – if the interview is scheduled for 3:00, start it at that time. Have a replacement interviewer ready in case the scheduled recruiter is called away for any reason.
- Allow no interruptions – Focus on the candidate. Turn off your cell phone and email notifications. Put your office line on Do Not Disturb. Do not have anything between you and the candidate like a computer display.
- Prepare for the interview – Know who the candidate is and have a set of questions ready to be asked.
- Have materials to be provided to the candidate available – If the recruiter is going to provide any materials see that it is on hand. Put a post-it note on the materials with the candidate’s name on the materials. That will show the candidate that they were important enough to cause the company to have materials pre-prepared.
- Be enthusiastic – The recruiter should be positive and enthusiastic not only about the job that is being filled but also about the company.
- Provide a set of next steps at the end of the interview – Tell the candidate what will happen next and when. Do not take too long to make a decision and or schedule a follow-up interview.
Cyber security is a myth in many companies
When an internal information breach happens, the perception maybe it’s the fault of lower-level staff ; yet senior managers, who have access to sensitive, unencrypted information, are often more likely to accidentally share information outside the boundaries of a company’s firewall.
Here are some interesting facts from a recent survey by Stroz Friedberg:
- 87% of senior managers (versus 75% of all workers) upload sensitive data to personal email or cloud accounts
- 37% say they do they do this because they prefer using their own PC
- 14% say it is too much work to bring their work computer home
- 73% of all office workers are concerned that a hacker could steal their personal or company sensitive information
- 6% were not concerned at all
- 61% think that their companies deserve a C grade or less for cyber security
- 58% of senior managers (versus 25% of all workers) has accidentally send sensitive information to the wrong person
- 51% of senior managers take files with them when they leave a company
- 11% of workers who do not send work files through personal accounts are aware of company policies against doing so
- 37% have had mobile device security training
- 42% have received information sharing training
- 54% of lower ranking employees think that cyber security is an IT problem versus the senior management team.
- 45% of senior management think they are primarily responsible for protect their company form a cyber-attack
Disaster Recovery Plan Template
Disaster recovery plan template is an easy way to protect your company’s assets.
Baseline for best practices defined in Janco’s Disaster Recovery Business Continuity Template
As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help them plan, design, and implement disaster recovery strategies that can meet those needs.
- Analyze single points of failure
- Keep Updated notification trees
- Be aware of current events
- Plan for worst-case scenarios
- Clearly document recovery processes
- Centralize information – Have a printed copy available
- Create test plans and scripts
- Retest regularly
- Perform comprehensive recovery and business continuity test
- Define metrics and create score cards
Text Messaging Sensitive and Confidential Information Policy released by Janco
Janco has added a critical security component to its CIO IT Infrastructure Policy Bundle with a policy that focuses on how to send secure sensitive data text messages via mobile devices
Janco Associates has developed a policy for managing security and compliance for clear text messages being sent via email or messaging apps that contain sensitive and confidential enterprise information. In addition, this new policy has been added to Janco’s CIO IT Infrastructure Policy Bundle to complete the set of policies that every CIO needs to have in place to meet the expanding compliance and security requirements of today.
The CEO of Janco, Victor Janulaitis said, “Leakage of data is an issue that everyone is aware of, be it accidental or intentional. Policies need to be put in place so everyone minimizes the risks that organizations face as the points of potential security breaches expand outside of the traditional office environment.” The CEO added, “As the more people work outside of the confines of an office, use mobile devices, communicate via social networks, and compliance requirements expand, organizations are faced with a dilemma. How can they balance security and compliance needs with the requirement of users to have both sensitive and confidential information away from the office and at their fingertips. That is why we have developed this complete set of rules that minimize the risks that organizations are facing. ”
The Text Messaging Sensitive and Confidential Information Policy as well as the other 16 policies in the CIO IT Infrastructure Policy Bundle are provided in MS WORD and PDF formats. The policies in the bundle are: Backup and Backup Retention Policy; Blog and Personal Web Site Policy; BYOD Access and Use Policy; Google Glass Policy; Incident Communication Plan Policy ; Internet, Email, Social Networking, Mobile Device, and Electronic Communication Policy; Mobile Device Access and Use Policy; Outsourcing Policy; Patch Management Policy; Physical and Virtual Server Security Policy; Record Management, Retention, and Disposition Policy; Sensitive Information Policy; Service Level Agreement Policy; Social Networking Policy; Telecommuting Policy; Text Messaging Sensitive and Confidential Policy; and, Travel, Laptop, PDA and Off-Site Meeting Policy.
All of Janco’s products are delivered electronically for more information go to:
Job Descriptions – http://www.e-janco.com/Job_Book.htm
10 Backup Best Practices – Rules of the Road for CIOs and DR/BC Managers
Top 10 Backup Best Practices – Many CIOs want to improve their ability to recover from system failures and data loss, especially to protect themselves from natural and man made disasters like a terrorist attack. The cloud can supplement an enterprises backup disaster recovery and business continuity backup solutions. Here are 10 backup best practices that most world class CIOs have implemented according to Janco Associates.
- Local back-up is good but cloud is better – As Catarina and Sandy proved when it comes to having a backup and recovery process that works, the most cost effective and often best performance is delivered by using resources local to the systems and data being restored. However in an extended outage like a hurricane when power is out and the data center is down you need the cloud based solution.
- Know the systems and the dependencies when the data center is down – You should know which servers and data that organization’s day-to-day operations will need when the data center is down.
- Utilize replication backups – Consider the ability to use replication technologies to provide continuous data protection locally and in the cloud.
- Prioritize backups and the restoration process – Backing up the system and all the storage will protect everything on that OS instance, which is perfect for when you need to restore the entire. Know ahead of time what you might need to restore then validate that you are backing up in a manner to meet those objectives.
- Backup may not be enough - If a virtual server fails, all VMs on that server are at risk.
- Minimize long-term backup cost – Maintaining long-term backups or archiving old or infrequently used files in the cloud
- Manage the security of cloud based data – Securing your organization’s data is a major verify the security used in the solution – for example, the physical security of the public cloud locations, encryption of data at rest on the storage, and logical separation of your organization’s data from other organizations using the same public cloud backup provider.
- Run the recovery directly in the cloud – Look at options to run your systems in virtual environments in cloud virtual machine hosting solutions using the systems and data backed up in the public cloud. This approach allows your operations to be up and running again even without your own data center.
- Implement a unified backup and management process- Most organizations that leverage a cloud for solution that supports a hybrid model and enables a unified management approach.
- RED TAG key components of the enterprise’s operation and est the processes. The best solutions in the world will fail if you don’t know how to use them correctly – and if you don’t perform regular tests to ensure restore processes work and the data protected is valid. Get into the habit of performing regular tests
10 questions on disaster planning every CIO should have answers for
When the CIO is in the hot seat, will they have the answers to the questions C-Level management and the Board of Directors are asking? Everyone in an enterprise counts on the success of the disaster recovery (DR)plan when it’s needed. The CIO is intimately involved in the technical nuances of the enterprise’s technologies and vendors and a successful plan requires total company buy-in.
When the C-level executives and Board of Directors ask about your company’s DR plan, they want to be confident that the business will continue to be successful and secure, no matter what.
Questions they will want answers for are:
- What risks are faced if core applications go down for a day, a week, or longer?
- What are the Recovery Time Objectives (RTO) by fac1lity and application?
- How are facilities and applications currently protected and are they all protected the same way?
- How is security of enterprise data going to be protected during the event and the recovery processes?
- Who are the key decision makers in the recovery process?
- Does the recovery plan meet all compliance objectives?
- What will happen to key data in the event of a disaster?
- Against which types of disasters are we guarding?
- What was the scope of the last test of the recovery processes?
- What were the results of our latest full recovery test?
IT Job Market Reflects a True Unemployment Rate that is Closer to 12% than 6.7%
As the economy meanders into an ever so slow recovery CIOs are reluctant to expand staff size or implement new applications. That with the added impact of increased costs associated with the Affordable Care Act and ever increasing uncertainty about the state of recovery does not bode well for IT Pros.
Until the participation rate begins to improve, no real recovery can take place. And with that the IT job market will remain at the state that it is in today.
IT Job Market Shows Few Signs of Growth
The latest BLS unemployment rate has gone down, but so has the job participation rate which fell to 62.8%. In addition the data paints a bleak picture for the IT job market. 3.200 IT jobs were added in November and in the last 12 months 74,900 jobs were created. The CEO of Janco Associates, Mr. Victor Janulaitis said, “The employment data is not as good as the fall in the national unemployment rate suggests and it seems to be worse for IT Pros. If you factor in the participation rate, the true national unemployment rate would be around 12%. Janulaitis added, “That data is causing many companies to consider wither they should expand IT staffs. Based recent interviews of 102 CIOs in the last two weeks, we see that CIOs have become more cautious as have their companies. Janulaitis said, “Add to the employment data the upcoming January 1st sequester cuts and the uncertainties caused by the status of the recovery it is easy to understand the reasons why prospects for an improved job market are not great.”
The three month moving average shows a continuing downtrend in the number of jobs added. From a review of the latest BLS data, Janco has found that there was a net increase of 15,900 jobs in the last three months.
The labor market participation rate fell back to a 30 year low of 62.8%. There are 3,300,000 fewer individuals working than in 2007. The CEO said, “The over-all labor participation rate continues to be lower this year than and other prior year. This alone will make it a very difficult process and does not bode well for IT expansion and hiring.
Health Care vs. Financial Services Job Growth
The health care job market continues to be a bright spot on the overall US labor market and is one area where IT Pros can go with the flow and find job opportunities. The implementation of Electronic Patient Records is one of the driving forces in the increased opportunities in this area. The chart below depicts the total labor market in this sector.
Janco is an international consulting firm that follows issues that concerns CIOs and CFOs and publishes a series of IT and business infrastructure HandiGuides® and Templates including a Disaster Recovery/Business Continuity Template, Security Template and IT Salary Survey.