Less than 50% of all organizations have policies in place that for vetting cloud computing applications for possible security risks before deploying them. The number of CIO saying that risks need to be assessed prior to cloud adoption is 10%.
IT managers have eagerly implemented cloud applications to reap its many benefits: lower hardware and energy costs, more flexibility, faster responsiveness to changing and new applications, and improved resiliency.
Ponemon has found that improvements in cloud security over the past two years have really only been incremental. Cloud security struggles to get past a grade of 50 percent when it comes to best practices, including the percentage of organizations that say they engage their security teams in determining the use of cloud services.
Interesting findings about cloud services and security are:
- 53% of CIOs are confident that SaaS applications are secure
- 49 % evaluate IaaS for security risks prior to deployment
- 46% have stopped or slowed adoption of cloud services due to security concerns — 45% have not and 9% are not sure
- 35% of CIOs do not evaluate SaaS application for security prior to deployment
- 22 % say that the responsibility for security of IaaS is with the cloud provider
- 22 % say that IaaS security is in the domain of IT itself — 35% say the cloud computing provider is responsibility of the providers — 31 % say that IaaS security is ultimately the responsibility of the end users
Cloud Outsourcing, Disaster Recovery, and Security Bundle
The bundle includes in editable Microsoft WORD and PDF formats:
- Practical Guide for Cloud Outsourcing includes a job descriptions for Manager Cloud applications, Cloud Computing Architect, sample contract, service level agreement, ISO 27001 – 27002 – 27031 security audit checklist, Business and IT Impact Questionnaire and much more.
- Disaster Recovery Plan (DRP) can be used in whole or in part to establish defined responsibilities, actions and procedures to recover the computer, communication and network environment in the event of an unexpected and unscheduled interruption. The template is IS0 27000 (27031) Series, COBIT, Sarbanes Oxley, PCI-DSS, and HIPAA compliant.
- Security Manual Template – (ISO CobiT SOX HIPAA Compliant) includes the Business Impact questionnaire and a Threat and Vulnerability Assessment Form (PDF and Excel). It is a complete Security Manual and can be used in whole or in part to comply with Sarbanes Oxley, define responsibilities, actions and procedures to manage the security of your computer, communication,
Failing to prepare for a natural disaster is not an option for businesses. That’s because 75 percent of companies without business continuity plans fail within three years of a disaster.
People’s response to natural events can also harm either themselves or the environment. Improper use of portable generators or supplemental heating devices can release deadly carbon monoxide. De-icing agents and ice melting compounds can pollute waterways. Exceptionally large amounts of debris can present serious disposal problems for state and local communities.
Janco Associates contends that if recent patterns continue, the U.S. is likely to experience anywhere from three to six major hurricanes a year and up to 1,000 tornadoes. Trends such as these, he thinks, make a disaster plan a necessity.
Janco also believes that companies that are nt able to resume operations within 10 days of a disaster are not likely to survive. According to data collected by his company, of those businesses that experience a disaster and have no emergency plan, 43 percent never reopen; of those that do reopen, only 29 percent are still operating two years later.
- A business should start by looking at its business continuity plan, and if it doesn’t have one, it should start one now. Its objective should be to organize, develop and administer a preparedness program.
- Coordinate the disaster recovery plan with the enterprise’s safety program
- Gather information about the hazards and risks presented by a disaster, which could be as simple as a fire or power outage.
- Classify the system components that could be impacted – data centers, network communications, facilities, and work at home impact
- Develop a preparedness plan that includes resource management, emergency response, crisis communication, business continuity, information technology, employee assistance, incident management and training.
- Create a crisis communication plan including social networking
- Test, exercise and evaluate the plan and identify what needs to be improved.
- The business should ensure that its employees are up to speed personally and encourage them to institute their own preparedness plan at home.
- Keep the telephone “communication chain” up to date
- Have emergency survival supplies in place and “current” and create a evacuation checklist
Employees who are prepared at their homes are employees who are able to come to work to get you back in business following a disaster.
Janco and NFIB agree hiring stalls
The National Federation of Independent Businesses (NFIB) data confirms the analysis presented by Janco Associates on April 7 that hiring has stalled. Their data shows that the share of firms that are planning to increase headcount minus the number of firms that are looking to decrease headcount is now zero. That is the lowest it has been in the past 12 months as it fell from 4% in the prior month.
A Janco Associates survey of 97 chief information officers in North America finds that only 12% are looking to expand the size of their information technology departments.
“For the first time since the dot-com bust, Janco’s metrics show that hiring by CIOs is at a standstill — there is a high degree of uncertainty in the economic climate,” said Janco CEO Victor Janulaitis.
Just 5% of CIOs are looking to increase their IT staffs for new initiatives, a low level not seen since the dot-com bust began in March 2000, he told IBD.
10 actions that IT Pros can do to increase the chance of getting a raise
Growth of IT job market is slowing down and many companies are again reducing target raises
What are the ways that IT Professionals can get an increase in compensation? The easiest way it to get promoted to a senior management position, but many technologists do not want to do that. Unfortunately, that is often the only avenue in many companies.
But what if you enjoy the technical aspects of the job and don’t want to move away from that? Here are some things you can do to boost your salary in the position you’re already in:
- Stay ahead of the crowd with technology – Be aware of what is new and what is hot. If you are the first one there with a technology or solution you will show your value. However you want to be able to apply the technology to a business issue
- Get a certification – With a certification you typically gain addition skills which have value if that is an area that your CIO is moving
- Use the latest technology and tools – Do not depend on your employer for everything. When the new technology comes out get it and use it.
- Provide peers with insight and training on your area of expertise – Share with others your insight and knowledge. When your manager sees you doing that it only increases your value in their eyes.
- Fit into the organization as a team player– Do not be a loner join in with other IT staff members and go out after work and have a relationship that goes beyond the office
- Be a focal point in your area of technical expertise – Create an on-line presence. Soup up your Facebook, Twitter, LinkedIn and social media presence with affiliations with some prestigious companies and technical organizations. Create your own blog in which you write about technical issues that you are an expert in. Contribute to on-line tech publications and blogs.
- Market your skills – Create a blog. Blogs not only showcase your knowledge, but search engines like the frequent stream of fresh content. Give speeches. You can do this in tech organizations that you belong to. Send speech topics to event organizers and maybe they’ll take you up on one.
- Network with IT Pros in other organizations that have the same technical responsibilities – This is also a great way to learn what is hot and what is not. In addition this can lead to learning what others in your field are getting paid
- Make users love you – Many tech pros consider it a good day if they don’t have to interact with anyone. But if you’re willing to help end-users with the software (addressing problems but also training them how to use it), you become the go-to person and your name that floats into conversations most often. Being the company expert on an application does make you more important.
- Keep your ear to the ground and listen to where the CIO and company are moving – If a company is moving into unknown territory (like the Cloud and BYOD), management will want to learn everything they can. If you’ are the person who can answer all the questions, you’ll become prominent on the radar screens, and thereby raising your professional profile.
Read on … Order Now…
CIO worries — IT job market growth continues to slow from 9,800 jobs in January and 5,500 jobs in February to 5,400 in March – 78,900 jobs added in the last 12 months…
CIO confidence wanes — hiring slows
There was a net increase of 5,400 jobs in March which was slower than the 9,800 jobs added in January and 5,500 in February according to the latest BLS data. There was an improvement in computer systems design and related services accounted of 3,900 jobs; data processing and hosting related services lost 300 jobs; Telecommunications gained 1,800 jobs; and other information services lost 200 jobs. The three month moving average is continues to move up slightly.
The labor market participation rate fell to 63.5% – the participation rate remains at record low levels. In February another 130,000 individuals left the labor market. There are 3,000,000 fewer individuals working than in 2007.
The IT job market growth trend for IT Professionals is-slightly up — however these results may be skewed since the BLS continues to adjusted the employment numbers in these sector. See charts below.
At the same time Janco’s CIO Hiring Plan Forecast looks mixed in the short term with CIOs becoming more cautious in their hiring as the recovery stalls and taxes increase..
Disaster Recovery Back up data is not all that good
According to a recent survey of its Disaster Recovery and Data Recovery customers, a company found that while 60 percent of respondents had a backup solution in place at the time of data loss, the backup was not current or operating properly.
Additionally, the survey results indicated that external hard drive backup was still the most used and sought after approach to backing up both business and personal data. In fact, of those that utilized a backup solution, 60 percent used an external drive solution, while 15 percent leveraged the cloud and 15 percent backed up to tape.
Regardless of backup solution used, there are common scenarios where backups are unsuccessful and therefore not reliable after a data loss:
- External drive only connected on an occasional basis; backup not automated and instead performed on demand;
- Computer not on during scheduled backup and not configured to perform at a different time;
- Backup software failed;
- Backup ran out of destination space;
- Backup profile did not cover all of the devices requiring backup;
- File lost before scheduled backup.
Cyber war pushes need for more security
The recent cyber war between Spamhaus and Cyberbunker with commercial Denial of Service Attack (DDoS) pushed the Internet to the brink of failure impacting more than the two companies.
This cyber war shows how easy it can be for any organization to originate an attack, to be attacked, and how difficult it is to defend against an attack.
The first step that CIOs need to take is to implement clear Security policies and procedures as defined both by ISO compliance standards and Janco Security Manual Template.
Add to this the recent attacks on the US infrastructure by the Chinese military, the issues faced by corporations that depend on the Internet are great.
The HIPAA final rule is comprised of the following four items:
The HIPAA final rule (as reported in the Federal Retister Vol 78 No 17) is comprised of the following four items:
- Final modifications to theHIPAA Privacy, Security, and Enforcement Rules mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act, and certain other modifications to improve the Rules, which were issued as a proposed rule on July 14, 2010. These modifications:
- Make business associates of covered entities directly liable for compliance with certain of the HIPAA Privacy and Security Rules’ requirements.\
- Strengthen the limitations on the use and disclosure of protected health information for marketing and fundraising purposes, and prohibit the sale of protected health information without individual authorization.
- Expand individuals’ rights to receive electronic copies of their health information and to restrict disclosures to a health plan concerning treatment for which the individual has paid out of pocket in full.
- Require modifications to, and redistribution of, a covered entity’s notice of privacy practice.
- Modify the individual authorization and other requirements to facilitate research and disclosure of child immunization proof to schools, and to enable access to decedent information by family members or others.
- Adopt the additional HITECH Act enhancements to the Enforcement Rule not previously adopted, such as the provisions addressing enforcement of noncompliance with the HIPAA Rules due to willful neglect.
- Final rule adopting changes to the HIPAA Enforcement Rule to incorporate the increased and tiered civil money penalty structure provided by the HITECH Act.
- Final rule on Breach Notification for Unsecured Protected Health Information under the HITECH Act, which replaces the breach notification rule’s ”harm” threshold with a more objective standard.
- Final rule modifying the HIPAA Privacy Rule as required by the Genetic Information Nondiscrimination Act (GINA) to prohibit most health plans from using or disclosing genetic information for underwriting purposes.
Converging forces in Mobility, Big Data, Social Media, & Cloud Computing & their disruptive impact to the global IT ecosystem
The amount of digital information in our world has been exploding while the speed of business is accelerating. There is an unprecedented convergence in the ability to collect and work with big data, simulate, model and predict with game changing fidelity, and previously unimaginable access to information and markets with billions of people communicating and trading through mobility and social media channels. As enterprises attempt to capture and take action on trillions of bytes of data “real-time” about their customers, suppliers, and operations from millions of people, devices, and embedded sensors which are now connected by digital networks throughout the physical world, the result is a convergence of technology forces that is disrupting the global IT ecosystem. Like other critical components of production such as hard assets and human capital, today’s economic activity, innovation, and growth could not take place without the information provided by these persistent and converging forces in mobility, big data, social media and cloud computing.
The business and economic opportunities created by each of these forces are significant, but so are the complexities associated with the global deployment of scarce IT resources. Many executives responsible for these visible initiatives are reassessing their global IT sourcing strategies in order to achieve the right balance of knowledge, quality, risk management, and time to market.
Sequester impacts IT spending plans — slightly
Automatic IT spending cuts are being driven by sequester. Starting March 1 IT spending is supposed to take effect. However, spending will be slightly higher than last year and will increase by 6.2% according to a major research firm. On top of that US IT spending will increase more in the US than other countries.
- Global IT Spending estimate to be $2.09 trillion
- IT spending by IT segment
- Software 26%
- Hardware 19.9%
- Consulting Services 19.4%
- IT Outsourcing 19.0%
- Network and Communication Hardware 15.7%
- IT Markets by Country
- US $829 billion
- Japan $251.3 billion
- China $114 billion
- UK $91 billion
- Germany $85.2 billion
- France $77.5 billion
- Canada $61.6 billion
- Australia $48.6 billion
- Brazil $46.3 billion