The state of mobile computing risk management
Enterprise Strategy Group senior analyst, Jon Oltsik, says that mobile computing risk management is something that CISOs should be concerned with. Oltsik cites ESG research that pinpoints data, application and a strong organizational model as key vectors to securing mobile devices. When it comes to data protection, ESG research shows that 43% of respondents were concerned about protecting data confidentiality and integrity when sensitive data is accessed by a mobile device over the network. At the same time, 42% of enterprise organizations surveyed are developing a "significant amount" of mobile applications and 38% are developing a "modest amount." The worrisome aspect? Oltsik says that fewer than half of these organizations have included best practices for secure application development.
The workforce includes more than millennials
Current Analysis blogger Tim Banting explains that while there is a lot of talk about how to deal with millennials changing the way business gets done in the work environment, it is important to remember that there are three generations that comprise the modern day workforce. Millennials, those who were born in the 1980s; Generation X, those born since 1965; and baby boomers, those born since 1946, are all working together. Banting says that it's important to find ways to collaborate with everyone in the workforce in order to remain productive as well as design and create products that are usable by everyone. After all, he writes, a product that is easy for everyone to use will be more valuable than one that is only understandable to a portion of users.
Security and the software-defined data center
VirtualizedGeek blogger and analyst Keith Townsend points to an interesting trend about security driving the creation of software-defined data centers (SDDC). Townsend cites the Target breaches as a direct example of a data security issue. The problem, says Townsend, is that the traditional data center model makes it difficult to approach the security issue holistically. Townsend gives two approaches to redefining the data center: either protecting it at the network, where vendors provide the ability to inspect packets and traffic to identify unauthorized access; or protecting it from the host, by tagging and identifying sensitive data. Both approaches, however, have their limitations. One answer, Townsend writes, might come from VMware, whose Goldilocks initiative focuses on using the hypervisor for security controls. Townsend says that VMware is still in the early stages of creating this security option, but it may be on to something really valuable.
The importance of incident reporting
PacketPushers analyst Andrew Gallo explains why it is important to create incident reports after an outage occurs. While having the time to write up an incident report is a luxury that most IT shops don't have, it is important to educate the IT community about the incident in question to prevent the same problem from happening twice. Gallo says an incident report should contain the following elements: direct cause, in other words, what lead immediately to the incident; contributing cause, that is, individual causes that would not have led to the problem, but made the situation worse and the root cause, or, the underlying issue that caused the problem. While admitting flaws might be difficult, it's better to share knowledge gained from overcoming a problem than to risk future incidents.