AKIBIA'S PRACTICAL GUIDE TO ENTERPRISE TECHNOLOGY
Entries by Date: 2009
Monitoring Via the Cloud
Monday, December 07, 2009
Akibia has suggested before on this blog that many of the solutions that vendors bill as Cloud Computing offerings, fall short of the cloud in some way. There are three basic tenets to a cloud solution – infrastructure, application and access. Few cloud computing solutions on the market today actually achieve all three. Some that do are email and calendaring, CRM software as a service, and remote monitoring.
Sun Makes More Changes Amid Uncertainty
Tuesday, November 24, 2009
As we await the European Union’s ultimate decision on the Oracle acquisition of Sun, a number of questions exist making customers uncertain of buying new Sun products or maintaining existing Sun relationships. With Sun and Oracle unable to give clear answers regarding the acquisition close date, how the server group will be integrated in Oracle and what will happen to Sun’s support team, the outlook is murky. As a result many of the prospects Akibia speaks with are evaluating ways to migrate off of SUN platforms and to more stable server and storage environments. There is much speculation concerning which competitor will benefit the most from this move away from Sun – some say IBM and HP according to this Wall Street Journal update.
Sky High Cloud Chatter
Tuesday, November 03, 2009
Cloud Computing continues to be one of the top trends in terms of discussion and chatter in 2009. Many analyst firms are predicting that spending on cloud computing will far out pace spending in other IT sectors as the economy continues to recover. Forrester Research states that cloud computing should be on every enterprise’s three year roadmap. Not surprisingly, many IT vendors are announcing their own Cloud Computing solutions.
Improving Vulnerability and Patch Management
Thursday, October 15, 2009
If you are a resource administrator, then you probably spend too much time responding to new vulnerability reports and patching systems. For the security folks, you probably spend too much of your time tracking down the status on remediation and trying to qualify new vulnerability notifications. So how can we manage this better?
A Couple Quick and Easy Green IT Steps
Monday, October 12, 2009
Last week Akibia’s team was busy attending some of the premier industry events, including AFCOM’s Data Center World down in Orlando and an ASCDI event in New York City. Both were great events and featured a number of compelling topics for the data center – from cloud computing, to virtualization to strategies for green IT.
Don’t Put off Until Tomorrow…
Thursday, September 24, 2009
The third extension for MA CMR 17 has me thinking of one of my grandmother’s favorite sayings “don’t put off until tomorrow, what you can do today.” As we all know, Massachusetts again extended the deadline for CMR 17 compliance to March 1, 2010 from January. While it’s human nature to see the extension as an opportunity to table compliance projects until the New Year, I caution against that.
Boston’s Missing Email Case Has Many People Asking Questions about Digital Forensics
Wednesday, September 16, 2009
On September 14, Massachusetts Secretary of State William Galvin ordered the city of Boston to seize computers and software used by Mayor Menino’s aide, Michael J. Kineavy. Under question is whether Kineavy may have violated state law by deleting emails. According to the news articles, Kineavy deleted emails from his inbox and trash folder every day, possibly before the city’s systems made a backup. Alan N. Cote, head of the public records division in Galvin’s office, ordered the city to hire “a qualified independent and competent technology expert to employ all reasonable means of recovering and restoring the missing records”.
IT Needs Turbo Compliance
Thursday, September 03, 2009
IT executives are exhausted by the compliance challenge. Managing so many complex rules and requirements takes time, budget and resources, and even still executives can’t be sure they have done everything necessary to ensure compliance.
Take Full Advantage of System Monitoring
Thursday, August 20, 2009
According to analyst research the average hourly cost of downtime ranges from $28,000 in manufacturing to $2.5 million in banking and finance to $6.5 million in the brokerage industry. With uptime and data center performance of critical importance proactive systems monitoring needs to be a de facto element in any data center strategy. Yet, still companies are risking performance levels and business efficiency by not fully leveraging monitoring to improve their data centers.
Implement, educate and enforce strict Social Media usage policies – in that order
Thursday, August 06, 2009
For several years I have championed for organizations of all sizes and industries to review and update their IT security policies - while simultaneously imploring companies to implement policies when none exist. If the proliferation of compliance and regulatory requirements still has not convinced you to take IT policy and procedure seriously, then prepare for Web 2.0 to force it upon you!
Preparing for a Return to Growth? It’s Not Too Soon to Make Process Improvements
Monday, August 03, 2009
Recently my Gartner sales rep forwarded me a research note regarding steps to take to “Prepare for a Return to Business Growth.” Now, Gartner’s note (subscription required) falls short of Newsweek’s prediction that the recession is over, but they do make the good point that we must prepare for the time when delayed projects come off the shelf and back into our IT plans.
Death by A Thousand Processes: Getting Compliance Right Requires a Change in Thinking
Wednesday, July 08, 2009
It seems like every day we wake up to find a new compliance mandate staring us in the face. These mandates put pressure on our infrastructure, mind share and our budgets. Industry estimates show the cost for compliance can be anywhere from 8-12% of the IT budget of a Fortune 500 company to as much as 25% of the overall IT budget for a mid market company.
Wrest Control of Your Data Center Back From the OEM
Wednesday, July 01, 2009
In the past few weeks I've met with a number of really big, exceptionally successful companies. These companies are leading edge in nearly every way—innovative data centers that employ virtualization, and deliver high availability, mission critical services on a global scale, and yet in one specific way, they are not revolutionary at all. They are still being held hostage by the OEM when it comes to software support contracts – resulting in unrealized cost savings and under-performing service on servers and storage systems.
Getting Ready for Cloud Computing
Thursday, June 18, 2009
IBM's new announcement around its Blue Cloud offerings is an example of a vendor who is struggling to re-work its existing products into the cloud and provide new services on top of them, to capitalize on the market buzz.
A Letter to Ralph Szygenda, the CIO of General Motors
Wednesday, June 17, 2009
Dear Mr. Szygenda, I just finished reading the Q&A Mary Hayes Weir of Informationweek conducted with you regarding your responsibilities in leading GM's IT department through the bankruptcy and restructuring.
Lax Web Site Security: The Site Owner’s Responsibility
Tuesday, June 02, 2009
SQL Injection vulnerabilities have been around for a long time and web site managers are or should be very familiar with them. A SQL Injection is the insertion of malicious code that can exploit a vulnerability in the database layer of a web application. A thorough explanation of SQL Injections can be found on Wikipedia.
The Checklist Approach to IT Security is Failing You
Monday, May 18, 2009
In the past few weeks I have spoken to a number of companies about IT security, and a familiar theme has emerged – too many companies lack a sound framework for overall IT security. Instead many companies are overly focused on completing a check list – firewall, encryption, PCI compliance.
Financial Strength of Your Vendors…Show Me the Money!
Saturday, May 09, 2009
Regardless of the specific market conditions, it is always important to conduct adequate due diligence on the financial strength and performance of vendors you plan to rely on for core services. While Dunn & Bradstreet might be your first starting point for a financial review, it's best to go much deeper and get information direct from the vendor to ensure the thoroughness and accuracy you need to make effective decisions.
PCI DSS v1.2 and its Requirement from WEP to WPA Wireless Encryption
Wednesday, May 06, 2009
Although PCI SSC changed the wireless security standards 6 months ago with the release of PCI DSS v1.2, many merchants are still using WEP in the storage, processing or transmission of credit card information.
The Near-Term Impact of Oracle Buying Sun
Friday, April 24, 2009
Oracle's acquisition of Sun is a big deal in the IT industry as two big players come together. What is Oracle's intent? How will they leverage MySql? What will happen to Sun's hardware and storage device groups? There is speculation and chatter from the acquired company's employees, the competitors, pundits and of course from the customers.
On the Path to the Cloud… Walk Before You Run
Monday, April 13, 2009
Every now and then a new technology concept really takes off as marketing gurus at some of the largest companies put their collective mindshare and budget behind the next big idea. Web 2.0 was one such term, social media is another. Cloud Computing is the next big idea.
CIOs Need to Manage Up, Broadcast Successes
Thursday, April 09, 2009
This post in InformationWeek by Bob Evans struck a chord, "Global CIO: What CIOs Must Do To Survive The Recession." The article focuses on the downturn and anecdotal, but still scary, evidence that some companies are choosing not to hire CIOs during the recession—taking cost savings (salary) from an organization they view as a cost center.
Consolidate Support Vendors?
Monday, April 06, 2009
The inability to predict a specific end date for the recession puts major stress on already strapped IT budgets. In past downturns many companies hunkered down and just held back on purchases until the economy started moving again. That strategy will not work this time. This recession will require IT to tighten the belt and really do more with less.
A Potential Sun Acquisition - Impact on Service
Friday, March 27, 2009
Posts like Bill Snyder's Tech Bottom Line on IBM's potential acquisition of Sun, make a valid point: In the long run, this may be good for IT innovation, and it may give new life to the R&D department at Sun, allowing them to produce more of the quality technology we expect from Sun. But that's a topic for others to debate, and they are!
April 14 is Decision Day for Those Running Microsoft Exchange 2003
Thursday, March 19, 2009
April 14 is not just the day before tax day, it has an ominous meaning of its own. It's the day Microsoft Exchange 2003 goes off mainstream support. Most Microsoft-based shops face a big decision: migrate to Exchange 2007 or buy a Premium Support Contract to extend the life of their Exchange 2003 investment.
HIPAA Revitalized in 2009 and Beyond
Friday, March 13, 2009
It’s been a few years since the Health Insurance Portability and Accountability Act of 1996 (HIPAA) came into effect and since then there seems to have been a “gliding along” approach. Many health organizations are now either compliant or at least feel like they have a grasp on HIPPA privacy and security safeguards and what they all mean. The challenge for organizations has always been “how to” protect Personally Identifiable Information (PII) in both paper and electronic form. HIPAA has often been labeled somewhat ambiguous and enforcement is not always forthcoming. HIPAA has also been overshadowed somewhat by other compliance and regulatory advances by the government and private industry.
Ten Steps for the Mass Data Security Law
Wednesday, March 04, 2009
Massachusetts recently pushed back the implementation date of the Massachusetts Data Security law, formally known as 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH. This law, which was scheduled to take effect on January 1, 2009, was originally delayed to May 1, 2009 and then delayed again to January 1, 2010. While there are no guarantees that the law will not be pushed back a third time as we approach the end of 2009, prudent organizations should not count on this and should take the opportunity provided by this extension to get in compliance.
Tightening Budgets and Their Impact on IT Security
Tuesday, February 24, 2009
In an earlier post I mentioned the recent credit card security breaches. I want to encourage businesses everywhere, not just retailers to take this news as a reminder of the importance of strong, well-managed security strategy and policy. The business community at large and not just retailers, online merchants and banks, need to ensure that their security infrastructure is sound. As I go out and speak with Medium and Large Enterprise customers, I often hear that IT budgets will remain flat or decrease due to the state of the economy. There are those that are increasing their IT spend however they seem to be in the minority. IT departments are struggling to prioritize their shrinking IT dollars across important projects.
Recent Breaches Remind us to Focus on Security
Tuesday, February 24, 2009
As Wired notes, two major security breaches have been reported in the past month alone at large credit card processors putting millions of MasterCard and Visa cardholders at risk of having their information stolen. Today there is an increased level of criminal activity that takes place in the Cyber world. Identity theft and credit card theft are two of the most prevalent in addition to the phishing that occurs as criminals attempt to redirect consumers to non-legitimate sites posing as their bank or retailer.
The Training You Need Vs. The Training You Receive
Monday, February 23, 2009
Being certified on a technology may be a nice to have, but if your are certified on a technology but cant support it in the unique setting which is your specific IT infrastructure, then the certification does not really amount to much.
Emphasizing Virtualization Security
Wednesday, February 18, 2009
Perhaps companies figure so much attention has been given to virtualization that if it was not secure they'd hear about it in the press. Because it appears that at many organizations virtualization security has been "back-burnered."
DNS Audits: A Practical Guide
Friday, February 13, 2009
DNS is gaining more attention as companies add VOIP and wireless networking to their enterprise. These advancements have put greater strain on DNS and in turn require more sophisticated solutions. As a result, we've been doing a lot more DNS audits for customers. Here are a few things that are critical to a good DNS strategy that most companies do not think about.
Practical Green IT
Wednesday, February 11, 2009
As many companies have pushed its benefits, and positioned their solutions as helping to achieve "Green IT", the topic has come to represent many things to many different people. It is certainly one of the most hyped IT terms of the past two years. It offers important environmental benefits such as reduced footprint and carbon emissions, and it saps less of the energy supply. Green IT initiatives can help improve an organization's relationship with its community. While many would argue these reasons are important enough to address on their own, there is another reason that has made Green IT so attractive to the public and private sector alike: It reduces costs, and it can increase efficiencies.
“Practical Use” Fills the Gap Between Idea and Implementation
Monday, February 02, 2009
It’s no longer a question of if you will deploy virtualized environments but when you will deploy them. In fact there are many technologies at this same point somewhere between idea and implementation, including WAN optimization, security consolidation technologies, Microsoft initiatives and contract administration consolidation. These solutions will cross the chasm into main stream deployment mainly because they reduce costs and increase efficiencies.
