Business | Bach Seat

Tag Archive for Business

RB | November 8, 2013

Comments Off

Microsoft Develops Shortlist for New CEO

The Grand Pooh-Bahs in Redmond have developed a shortlist of candidates to replace outgoing CEO Steve Ballmer. Reuters says the list includes internal candidates. Reported on the list is former Skype CEO Tony Bates, who is now in charge of business development at Microsoft (MSFT). Another internal candidate is Satya Nadella, the company’s cloud, and enterprise chief.

Sources told Reuters that Ford Motor Company (F) CEO Alan Mulally and former Nokia (NOK) CEO Stephen Elop are also contenders. While I am sure they are all worthy successors to Steve. I wonder if Mr. Mulally has his own rant ready for his interview Taurus’s … Taurus’s … Taurus’s (rb- do these jobs really have interviews?)

Here’s a remix from DevelopersDevelopers.com (Oldie but goodie)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2013, Alan Mulally, Business, F, Ford Motor Company, Microsoft, MSFT, NOK, Nokia, Satya Nadella, Stephen Elop, Steve Ballmer, Tony Bates

RB | October 31, 2013

Comments Off

IT Departments Gone in 5 Years

IT departments will be done in the enterprise within the next five years according to a group of CEOs and VPs. They predict that consumerization of IT and self-service trends will lead to a restructuring of today’s IT shop, leaving behind a hybrid model consisting of tech consultants and integrators. Brandon Porco, chief technologist & solutions architect at Northrop Grumman recently told a group at the CITE Conference and Expo.

The business itself will be the IT department. [Technologists] will simply be the enabler

Computerworld reports that Kathleen Schaub, VP of research firm IDCs CMO Advisory Practice, echoed Mr. Porco. She said many corporate IT organizations now report to the head of the business unit it is assigned to. “The premise is that wherever IT sits in an organization will dictate what they care about,” she said. “If they’re in finance, they’ll care about cost-cutting. If they’re in operations, they’ll care about process management. If [the company] decides it wants to focus on the customer, they’ll put it in marketing.”

John Mancini, CEO of the Association for Information and Image Management (AIIM), agreed with Mr. Porco, saying that in the consumer technology era, it’s the business side that has all the tools, so it will be able to trump IT’s desire to control who uses what and how.

While the business can dictate the service or technology it wants, IT can influence the decision. Nathan McBride, VP of IT & chief cloud architect at AMAG Pharmaceuticals told Computerworld, “We’re not trying to be ahead of the technology curve and we don’t’ want to be behind, but we’re trying to maintain pace to know what they’re going to ask for next before they ask for it.”

Help Net Security points out a recent IDC study that found 61% of enterprise technology projects are now funded by the business and not the IT department. IDC says IT spending driven by the functional business areas will outpace IT’s own spending. Today’s business executives who are more tech-savvy, have easier access to technology through the Cloud, and are under pressure to quickly implement new technology initiatives are driving this change. The Help Net Security article states that today’s line of business employees are looking more and more like an extension of the IT department as, on average, 8% are technical staff.

Another concern raised is whether IT is losing control as consumer technology becomes part and parcel of everyone’s work in the enterprise, and the data center is left behind. AMAG’s McBride told the audience, that in five years, companies will have to make sure they’re matching their enabling technology to the demographic of that time. He said 75 Fortune 100 companies now use Google (GOOG) Apps along with most Ivy League schools, meaning that the next generation of workers won’t be users of Microsoft (MSFT) Exchange or Office.

While the CIO position will likely stay in an enterprise, his or her role will morph into a technology forecaster and strategist, and not a technology implementer, according to Northrop Grumman’s Porco.

rb-

This sounds like a solid case for training technical staff in project principles and increasing the number of IT project managers. There have to be clear two-way communications between the business owner and the implementers.

Proper and detailed scope definition is one of the most critical steps for the success of any project. The business team, implementation team, and operations team must get together before the work starts to check the proposed solution and work through all the questions, concerns, and gotchas before the project even starts. This way problems can be discovered. Once the requirements are defined and the scope is complete and everyone agrees, then the project can be signed off and a formal kick-off meeting can be held.

In IT projects, it is important to look beyond the defined project to ensure success. Does the plan consider impacts on end-users?

Does the project need new policies or procedures? If something falls through the cracks, they blame your project.
Does the PC fleet meet requirements? Do they need more RAM? If they have to upgrade, they blame your project.
Does it work with your current server OS? If they have to upgrade, they blame your project.
What about the software? Are you locked into IE only? Do you need a specific level of .NET? Does it work on iOS and Android? If they don’t have the right software, they blame your project.
How much bandwidth does the new project require? Will it try to send a graphical interface to a remote office on a slow link? If it loads slow they blame your project.
Training? If the end-users can work the program, they blame your project.

IT morphs as tech and users change (networkworld.com)

Category: Uncategorized | Tags: 2013, AIIM, apps, Business, Consumerization, Exchange, GOOG, Google, Google Apps, Management, Microsoft, MSFT, Northrop Grumman, Plan, Project

RB | October 15, 2013

Comments Off

Need Cyber Insurance?

Standard business insurance does not cover data breaches or almost any other loss involving data. Standard insurance covers tangible losses and damage. Data isn’t tangible says Network World. The ruling that data is not tangible goes back to a 2000 ruling by a U.S. District Court. The article explains the ruling arose from an Arizona case, American Guarantee & Liability Insurance Co. vs. Ingram Micro Inc.. In that case, the court said that a computer outage caused by a power problem constituted physical damage within the meaning of the policy Ingram Micro had purchased from American Guarantee.

“After that, the insurance firms changed their policies to state that data is not considered tangible property,” Kevin Kalinich, national managing director for network risk at Aon Risk Solutions told Network World. The upshot is that an enterprise needs special cyber insurance to cover data-related issues. The problem is that the field is new and there is no such thing as standard coverage with a standard price.

Larry Ponemon, chairman of the Ponemon Institute, told Network World that the resulting complexity is a major source of push-back by potential buyers. “The policies have limitations and constraints similar to home policies with act-of-God provisions, and that has created a lot of uncertainty about what is covered, and what the risks are.” Mr. Ponemon told the author, “Those who are nevertheless purchasing cyber insurance are typically very selective about what coverage they want.”

Network World describes the types of cyber coverage available.

Data breach coverage: This pays for expenses that result from a data breach. Covered expenses typically include notification of the victims, setting up a call center, credit monitoring, and credit restoration services for the victims, and other crisis management services, Ken Goldstein, vice president at the Chubb Group, told Network World. “You might want to hire forensic experts, independent attorneys for guidance concerning the multiple state (data breach notification) laws, and public relations experts.”

Regulatory civil action coverage: Pays in cases where the insured is facing fines from a state attorney general after a data breach, or from the federal government after a violation of the Health Insurance Portability and Accountability Act (HIPAA) or similar regulations. Some policies only cover the cost of defending against the action, while others may pay the fine as well, says Steven Haase, head of INSUREtrust, an Atlanta-based specialty insurance provider.

Cyber extortion coverage: For cases where a hacker steals data from the policyholder and then tries to sell it back, or someone plants a logic bomb in the policy holder’s system and demands payment to disable it. Among other things, the policy should cover the cost of a negotiator, and the cost of offering a reward leading to the arrest of the perpetrator, Chubb’s Goldstein says.

Virus liability: Pays in cases where the policyholder is sued by someone who claims to have gotten a virus from the policy holder’s system.

Content liability: Covers lawsuits filed by people angered over something posted on the Web site of the policyholder. Such coverage should also cover copyright claims and domain name disputes, INSUREtrust’s Haase told Network World.

Lost income coverage: Replaces revenue lost while the policy holder’s computer system or Web site is down. But Aon’s Kalinich notes that insurers often apply minimum downtimes of 12 or 24 hours, or require proof of actual losses, “They’ll say that, after all, the customers who did not get through (during the outage) could have come back later.”

Loss of data coverage: Pays for the cost of replacing the policy holder’s data in case of loss, “Backup policies are not always effective, and accidents and sabotage happen,” Mr. Haase says.

Errors and omissions coverage: Otherwise known as O&M policies, this type of coverage predates cyber insurance, but is increasingly added to cyber policies to cover alleged failures by the policy holder’s software, Haase says.

As for what coverage costs, Aon’s Kalinich told Network World that firms smaller than $100 million in annual revenue can expect to pay $5,000 to $15,000 per million of coverage, while larger firms would pay $10,000 to $25,000. For those over a billion, the price can be in the $20,000 to $50,000 range. Robert Parisi, senior vice president with Marsh, an insurance broker, and risk advisory firm put it simpler, saying the cost is between $7,000 and $35,000 per million. Of course, the lower ranges are for buyers who look like better risks — and deciding who is a better risk is another factor that makes cyber insurance a complex topic.

“You cannot get good insurance unless you have good security practices,” VP Kalinich says. “Due diligence underwriting has become more streamlined as the insurers have learned what to look for. They will typically benchmark you against other members of your industry.”

15% of the premium goes to commissions INSUREtrust’s Haase explained the cyber insurance purchase process to the author, “This is a complex purchase and you need a professional helping you. Most policies are highly customizable, and there are a lot of endorsements.” Typically the buyer goes to their local agent, and the local agent uses a specialist, Haase says. Both the local agent and the specialist get commissions ranging from 7.5% to 10% so that 15% to 10% of the premium goes to commissions.

Finally, Toby Merrill, vice president of insurer Ace Professional Risk cautions that cyber insurance buyers must understand that if they are outsourcing their data handling, they are not at the same time outsourcing their liability if there is a data breach. The onus of the various breach notification laws is on the organization that gathered the data, not on the organization that was storing it when it was exposed, he notes.

“Cyber insurance is not there to replace sound risk management,” VP Merrill told Network World, “It is there to supplement it.”

Why Target’s 100-Million Dollar Cyber Liability Policy is Worthless (securestate.com)

Category: Data protection | Tags: 2013, Breach, Business, Cyber, Data, HIPAA, Insurance, Protection

RB | October 3, 2013

Comments Off

BYOD Could Land Employees in Jail

Agreeing to a BYOD policy could land an employee in jail. Courts can go after employee personal phones in litigation involving companies. Michael Kassner, an information security consultant told FierceMobileIT that employees could be dragged into civil or criminal litigation.

Employees could be required to give up their personal device to the courts or even have all the data on the device searched, with possible legal ramifications for the owner. According to Mr. Kassner, “There is legal precedence involving e-discovery and plain-view doctrine that allows the seizure of evidence whether it is related to the case under investigation or not.” There are three possible legal scenarios involving BYOD, says Mr. Kassner who consulted with Tyler Pitchford, with the law firm of Brannock and Humphries.

The first scenario outlined in the article involves an employee who has signed a BYOD end-user license agreement, having his personal data wiped along with the corporate data. If the end-user agreement includes the clause enabling the wiping of all data on the personal device, the employee is out of luck.

“In the above scenario we’re talking about a legal contract, which means if the employee signed the contract, he agreed to its terms, granting his employer the right to reset the employee’s phone,” comments lawyer Pitchford.

In the second scenario, the enterprise becomes involved in a civil lawsuit and a subpoena is issued for the employee’s smartphone. During the legal discovery process, sensitive personal information is publicly disclosed.

“Since the employee co-mingled work and personal data, she has turned her smartphone into discoverable evidence …The employee can seek an order quashing the subpoena or an order sealing the discovered information, but that’s unlikely in this circumstance,” Mr. Pitchford observes.

In the third scenario brought up in the article, the employee’s company does business with a firm that is the subject of a criminal proceeding. Authorities issue a warrant for the employee’s phone because the employee has done work for the targeted firm. Incriminating evidence is found on the employee’s phone and the employee is now under criminal investigation.

“Assuming the warrant is valid, then anything the government located in plain view within the scope of the warrant is admissible against the employee in another proceeding,” Mr. Pitchford notes.

Mr. Kassner concludes: “Until case-law or new technologies decide which way the legal winds are blowing about BYOD, it might be in your best interest to avoid BYOD and its alluring convenience.”

rb-

I am not a lawyer and you should consult your own legal counsel but as I have said this before – ummm Acceptable Use Policy?

BYOD: Like inviting your boss into your house when you’re not home (zdnet.com)

Category: Uncategorized | Tags: 2013, AUP, Business, BYOD, Device, Employment, Law, Mobile, PII, Security

RB | September 27, 2013

Comments Off

Farewell to Steve

Now that Microsoft’s (MSFT) CEO Steve Ballmer is on his farewell tour. GigaOM has an article “In Defense of Steve Ballmer” it’s an interesting read. However, I plan to commemorate Farmington Hills’ own Steve’s departure from MSFT in his own way.

Category: Uncategorized | Tags: 2013, Business, Farmington Hills, Michigan, Microsoft, MSFT, Steve Ballmer, Windows

« Older Entries Recent Entries »

S	M	T	W	T	F	S
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31

Bach Seat

Tag Archive for Business

Microsoft Develops Shortlist for New CEO

IT Departments Gone in 5 Years

Related articles

Need Cyber Insurance?

Related articles

BYOD Could Land Employees in Jail

Related articles

Farewell to Steve

Meta