Saturday, May 23, 2015

CIOarena IT Security Inspiration 2015

I secured a last-minute invitation to CIOarena's San Francisco conference last week.  I had to skip the last day of Apps World North America but that turned out to be the right call.  The CIO types held forth on security policies that enterprises must address.  I did not see any signs worth photographing nest to my handwritten name badge, so forget that Alfidi Capital tradition this time.  Just imagine the InterContinental Mark Hopkins San Francisco in all its glory.  My thoughts below reflect what I learned from the speakers.

I get my normal fill of updates on advanced persistent threats (APTs) through military-related news.  The private sector tracks the same open sources.  IT gatekeepers should think hard about what they reveal on LinkedIn to avoid becoming social engineering targets.  The APT attack process is sufficiently well-defined that proactive IT people can monitor data exfiltration and shut down exposed portals that display abnormal usage spikes.  Machine learning means automated IT security audits should develop predictive abilities after some critical mass of iterations.

I love the term "managed services."  It ranks right up there with "paradigm shift" and "game changer" for scoring points in after-work drinking games.  Outsourcing routine IT ops means inexperienced contract managers can hand managed services over to high-cost outsiders.  Watch out when senior managers start using the term in strategic planning when they need to cut headcount.  Enterprises seem to have challenges maintaining a robust configuration management database (CMDB).  I don't see how any outsourcing makes that challenge easier to handle.

I noticed that no one at the Apps World talks I attended mentioned any preference for HTML 5 or Javascript.  They may be keeping some tactics close to the vest.  I did not discern a clear preference at CIOarena either.  The choice of one over the other is probably clearer after a Cloudonomics analysis.  Listen up, IT people.  Cloudonomics is to IT/cloud/mobile what modern portfolio theory is to finance.  It is the defining framework for making asset allocation decisions.  Cloud and mobile pros must prove they can do the math before settling on a favorite tech.  CIOs can earn credibility with CFOs by being more agnostic toward programming choices.

I have no elegant solution to identity management problems.  Managing identities with MS SharePoint was simple enough when I was a knowledge management officer several years ago.  I can only suggest a way forward.  Building a 2x2 matrix to optimize identity management for each business unit would be a start, with number of identities on one axis and number of devices on the other axis.  The SBUs in the quadrant with the most of each get the closest scrutiny.  I also have no elegant solution for data lifecycle management.  Industry standards for data lifecycles and analytics frameworks are widely available.  Lifecycles will compress as speed becomes the critical factor in processing huge Big Data volumes.  High performance computing (HPC) will be a growth industry, given the need for speed in more organizations handling Big Data.

CIOarena met its stated goal of furthering my educational needs.  I can't speak for the other attendees, who did not appear to be taking notes.  I'm usually the only person who takes notes at these things.  I have no idea why other humans have so little interest in documenting what they know for further reference.  Maybe some top corporate people think they can blow through their careers without ever applying what they are supposed to learn.  That is not my style.