A Measurement of Trust and Confidence in the Cloud

ID-100265392

A recent Gartner study predicts double-digit growth in all cloud sectors, reaching a total spend of $210 billion dollars by 2016. But as enterprise organizations continue to investigate the benefits to moving data and application management to third party cloud service providers, concern for data security and privacy remains the primary reason for a pause to full implementation. According to a 2014 global study from BT, data security and trust in cloud-based services is a cause for unease among IT decision makers within large organizations.  Almost half of respondents admitted that they are “very or extremely anxious” about the security implications surrounding the cloud. The question many IT decision makers are asking is; When relying on a cloud provider, how do you know what security protocols are in place and how well are they performing? As is the case with all partnerships, trust is paramount to a relationships success.

Prof. Edward Humphreys, Convenor of the ISO working group is responsible for information security management standards including ISO/IEC 27001, ISO/IEC 27002 and the cloud security standard ISO/IEC 27017. He believes that creating a climate of trust is the most important prerequisite when outsourcing IT. “Companies need to have assurance in the underlying cloud provider,’ Humphreys says,  “Many users may not understand that they need to select a cloud service provider that has good governance over the processing of personal data; and those that do know this may have difficulty knowing how to verify that good governance is in place. This situation can lead to increased risks for the protection of personal data.”  ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles for the public cloud computing environment.

Microsoft has announced that it is the first major cloud provider to adopt the first international cloud privacy standard developed by the International Organization for Standardization (ISO). Independent auditors at the British Standards Institute (BSI) have verified that Microsoft Azure, Office 365 and Dynamics CRM Online are all in compliance with the standard. “Adherence to ISO 27018 provides a number of important security safeguards,” said Microsoft executive vice president and general counsel Brad Smith, “It ensures that there are defined restrictions on how we handle personally identifiable information, including restrictions on its transmission over public networks, storage on transportable media and proper processes for data recovery and restoration efforts. In addition, the standard ensures that all of the people, including our own employees, who
process personally identifiable information, must be subject to a confidentiality obligation. The validation that we’ve adopted this standard is further evidence of our commitment to protect the privacy of our customers online.”

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

Is the Cloud about to Run Microsoft Aground?

ID-100125169

Marketers are facing a similar circumstance whether selling service based offerings or the latest product.  The storyline goes something like this; long standing market leader sees dominance in market challenged by new technology and competitors that under-cuts the existing marketers position, future profitability, viability and industry relevance.

Microsoft Corporation, not all that long ago, was the target of anti-trust legislation to curb what legislative proponents argued was unfair business tactics that limited competitor’s access to the huge business and personal software market that much of the computing world used to access the world of digital technology. Today the giant’s software sales market position is beginning to shrink as corporations and large organizations move their in-house computing functions out to the cloud. The migration has Microsoft initiating a shift from the old model of selling software to companies to install on their own computers to a cloud-based model where customers pay a regular subscription to share use of centralized computing servers. The course correction is generally viewed as a positive move for Microsoft but the transition to cloud based services is proving to be a bumpy ride for the behemoth.

Shares of the world’s largest software company fell more than 4 per cent after the company management forecast a drop in commercial licensing sales for the most recent past quarter. Microsoft’s cloud-based services revenue failed to make up for the loss over the same period. “The rotation from license to subscription is going to have pain points and they are starting to show,” said Colin Gillis, an analyst at BGC Partners.

Microsoft’s Chief Financial Officer, Amy Hood, expects sales from commercial licensing, which covers Windows, Office and server products for businesses, to be around $9.7 billion to $9.9 billion in the current quarter, a sequential dip from the $10.7 billion it reported for the last quarter, meanwhile Microsoft is forecasting only a modest growth in its emerging cloud-based businesses. “We view this softer guide as another indication of the near-term pain for long-term gain that CEO Satya Nadella and Microsoft must undergo as they make this cloud transition,” said Daniel Ives, an analyst at FBR Capital Markets.

Today the cloud market has many players but the market leader, Amazon, is writing the manual on how to take a lead and pull away from everyone else. If Amazon’s entire public cloud were a single computer, it would have five times more capacity than those of its next biggest 14 competitors, including second place Google, combined. Every day, one-third of those who use the internet will visit a site or use a cloud service that is running on Amazon’s cloud. It is doubtful, even just a few years ago, that the executive suite at Microsoft would have anticipated that their industry position would be diluted by the likes of Amazon and Google but the persistent and methodical advance of technology has a way of making once mega market players ill relevant. Can you say Kodak?

The market for cloud services is expected to grow considerably as concerns about security, integration challenges and information governance issues are adequately addressed. Small and mid-sized organizations are just now beginning to identify how cloud computing can benefit their operations and 56% of all enterprises are still identifying IT operations that may be candidates for future cloud hosting. The size of the cloud space will continue to grow for all competitors but in a computing service segment that sees market front runners navigating the space with the agility of jet skis a battleship like Microsoft will likely continue to struggle as it maneuvers deliberately among the competition.  As it continues to implement the change in course Microsoft may find itself running aground more often as it charts its new direction.

Image courtesy of olovedog at FreeDigitalPhotos.net

Colleges are Innovating to Connect Graduates with Prospective Employers

 

ID-100304541

Soon a new flock of college students will be facing the end of their educational experience and embark upon a journey to secure a job or a career of their choosing. Most, given the recent record of unemployed educated classes, are facing the challenge with more than just a little trepidation and uncertainty. Having spent significant sums of money, time and effort to acquire an opportunity at a job and career that repays them for their efforts and expense of acquiring a degree, many are feeling less that optimistic about their career prospects.

But the National Association of Colleges and Employers (NACE) 2015 Job Outlook Survey is providing some encouraging news for the class of 2015. According to the results of the survey, employers expect to hire 8.3 percent more new college graduates from the Class of 2015 for their U.S. operations than they did from the Class of 2014. Citing company growth and attrition, caused by retirements, as the main drivers behind the increased hiring employers are expecting to increase the number of new college graduates they bring on board. Most of the renewed interest is for new college graduates at the bachelor’s degree level in the business, engineering, and computer information sciences field. Among individual majors; finance, accounting, and computer science graduates are most sought-after by survey respondents. Approximately 36 percent of employers say they will hire more full-time, permanent staff in 2015, up 12 percentage points from 2014 and the best hiring outlook since 2006. With only 17 percent of May 2014 grads having jobs at graduation last year, connecting eager graduates with employers remains a challenging tasks for both sides of the hiring equation.

Large employers continue to dominate on-campus recruiting, seeking to connect to STEM students who are in the top 10 percent of their class with mostly liberal arts majors. However, small and medium-sized employers are driving the majority of the increased job growth. According to ADP’s monthly employment reports, nearly 75 percent of all new jobs filled in 2014 have been with companies of 500 employees or less. But due to the cost of on-campus recruiting these employers don’t interview on campus, making successful student/employer connections more challenging. Robert J. LaBombard, the CEO for GradStaff, Inc., says graduates miss out on opportunities because smaller companies don’t have the resources to recruit on campus, and college career counseling hasn’t kept up with an evolving job market.

The entry-level job market has changed in recent years but colleges have not adapted or kept pace with changes in the new grad job market. With many graduating seniors unprepared to find a job in a very competitive market, leading colleges and universities are reevaluating their efforts to provide effective career counseling and job search training to their graduating students and are looking to more innovative ways to bring the two wanting parties together.

One innovative approach to improve outreach to the small and midsized employer market is for colleges to partner, or outsource completely their job placement efforts, with experienced third party intermediaries who know how to identify students with desirable and transferable skills and who have the experience to connect them with hiring companies. With the right strategies, educators can position themselves to more positively impact the efforts of their job-seeking graduates.

Image courtesy of bluebay at FreeDigitalPhotos.net

Moving the Help Desk IT Function Back On-Shore and in the Neighborhood

ID-100213927

The help desk function is a people-intensive operation that has been a target for efficiency and cost cutting in small to large organizations for years. Comprising nearly 10 percent of the typical IT staff, the functions are often seen as a prime target for commoditization and ripe for third party outsourcing. In the past many companies jumped on the cost-cutting, outsourcing band wagon and eliminated internal IT help desk services altogether in favor of off-shore resources. But recently many organizations are reevaluating the practice of moving their help desk staffs over-seas due to concerns for service quality, data security and industry specific compliance requirements such as; healthcare, accounting and finance organizations that face significant financial penalties for failing to meet regulatory and information proprietary handling standards.

Initially offshoring of repetitive IT functions was seen as an opportunity to take advantage of lower hourly rates for employees who performed repetitive and routine help desk functions.  Soon it was discovered that lower up-front costs didn’t always translate into lower, more effective cost at delivery and the level of experience that off-shore help desk talent suffered in comparison to domestically outsourced services or retaining in-house staffs.

Some of the most dramatic challenges are based on understanding specific markets and cultural differences. Liz Herbert, principal analyst at Forrester Research says, “If Walmart is outsourcing a business process to a service provider in Kansas, they don’t have to train them on how Walmart operates.  I’ve been to labs in India where they have to explain what a Walmart is and why people go there.”

Most societies around the world have demonstrated advanced proficiencies in understanding and speaking second languages than the vast majority of Americans. But many English speaking-only American consumers, who sought help in a time of technical need, discovered that understanding the English spoken in a foreign land was considerably more difficult to comprehend than that which is spoken and understood in the land of the languages origin. Companies soon experienced an increase in frustrated consumers who were unable to receive the level of service they expected. In addition, political uncertainty abroad, rising wages, difficulties of overseas travel, and time zone differences are motivating many company executives to rethink their help desk service strategy.

The off-shore model is quickly giving way to increased interest in “domestic sourcing”; small, lower-cost rural, urban, and semi-urban IT services firms located in the United States and Canada. These firms can offer outsourcing contracts that are priced based on business outcomes rather than number of calls filled, which result in not only lower costs but improved customer service quality. Determining the best and most cost effective approach is always dependent on evaluating the needs and goals of the individual industry and company but, for many, bringing the help desk IT functions back home and keeping them in the neighborhood is proving to be a winning strategy.

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

There is Future Growth Opportunities in the Cloud

ID-100198179

In the past half-decade cloud computing, typically defined as a type of computing that relies on sharing computing resources, has progressed from an unfamiliar emerging technology to an important business tool used to manage an organizations growing IT infrastructure. The ability to share expensive infrastructure resources over a common network is leading many organizations to achieve lower costs, greater flexibility and less complex systems while providing increased opportunities to better focus on their core competencies and key business initiatives.

David Cearley, vice president and Gartner Fellow says, “Cloud computing has a significant potential impact on every aspect of IT and how users access applications, information and business services.” The Cloud has been a is a major game changer in the management and utilization of organizations IT infrastructure over the past several years but fears over losing control of proprietary data and security issues have dampened many organizations enthusiasm for adopting the budding technology.

“Most surveys still show that a vast majority of workloads are not running in the cloud yet,” said Richard Seroter, director of product management for CenturyLink Cloud. “There is still room for the cloud to grow in enterprise usage.” As with most new technology discoveries, their future success and impact on a market lies not only with the advent of the technology, but also with emerging enterprises that evolve around its deployment.  In order to facilitate, develop and manage expanding cloud applications the need for Cloud Services Brokerage (CSB) will grow over the next several years as new users contemplate the prospective benefits and seek to navigate the challenges to implementing the technology.

Acting as a third party, a CSB will add value to the cloud consumer by ensuring the service is specific to the company, assist in integration and migration to the cloud and enhance the overall process of managing cloud operations and activities.  For small to mid-sized organizations, who are generally unable to support dedicated in-house IT, bringing in an outside professional IT service consultant is essential in order to identify the proper type of cloud service to gain the full economic benefits from cloud computing.

Image courtesy of hyena reality at
FreeDigitalPhotos.net

IT Professionals in Demand for 2015 and Beyond

ID-100273107

IT jobs continue to make the top of the ‘most in demand’ lists of jobs and careers and is expected to continue to outpace overall job growth in the coming year after U.S. employers added an average of 17,633 IT jobs during September, October, and November of 2014. Foote Partners co-founder David Foote, says “We see that momentum continuing into 2015.” The U.S. Labor Department is also expecting growth to continue, sighting U.S. Bureau of Labor Statistics that projects growth in the IT workforce of a little less than 4 percent a year through 2020, a rate triple that predicted for the economy as a whole.

With cybersecurity breaches reaching overload status it should be no surprise that security is leading the “in demand” race for IT professionals as companies continue to beef-up their in house security teams. But there are plenty of other tech skills which are expected to be in demand including, Java; enterprise architects; data architects; and software engineers. Five security-related certifications: GIAC Certified Forensics Analyst, CyberSecurity Forensic Analyst, CWNP Certified Wireless Security Professional, EC-Council Certified Ethical Hacker, and EC-Council Computer Hacking Forensic Investigator lead the “necessary to have” list for 2015. But for many job seekers, IT jobs like enterprise architecture, Cloudera software, data management, JavaFX, user interface design, and project management do not demand advanced certifications, and are likely to be hot prospects.

As new technologies continue to be introduced into businesses new skills and IT roles will begin to come into vogue. John Reed executive director of Robert Half says, “The computing environment continues to get more and more complex. There’s more technologies, there’s more tools and things that are being introduced into the IT environment for most companies. They need people to not only maximize the efficiency of those tools, but help them actually use it and support them as they’re trying to get comfortable with integrating that technology into their day-to-day work life.”

The IT professional of the future will learn to be more versatile and have a more diverse set of skills in order to achieve “most valuable” status. Being able to understand and competently maneuver effectively across multiple areas of technical expertise will provide the most opportunity for IT professionals to advance their careers this coming year and beyond.

Image courtesy of Stuart Miles at
FreeDigitalPhotos.net

Weary IT Security Professionals Need to Stay the Course

 

ID-100129143

The year 2014 was the busiest and most challenging year for IT professionals who found themselves inundated with unrelenting attacks from malicious hackers, intent on breaching even the most secure data systems and imposing mayhem on companies large and small. While retailers took the most noted blows, breaches were reported by virtually all sectors of commerce. The healthcare industry realized that they were far from being immune when millions of private personal medical records, health insurance information and personal payment and social security data were stolen from once thought to be impregnable security systems.  Titans of finance and entertainment recorded record infiltrations of proprietary data and while many sectors of the employment market remained stagnate, the need for IT security professionals continued to out-pace the supply.

As the busiest shopping season of the year approached, retailers were warned of the likely hood that malicious attacks on consumer data, through their point of sale (POS) systems, posed an increased risk to both the retailer and their customers. But the holiday season failed to live up to the warnings of a hacking frenzy. Apparently many cyber-criminals chose to take a break from their illegal activities and took the time to shop and celebrate in the festivities of the season.  An IBM review of the time before Black Friday and after Cyber Monday indicated a significant drop in attacks against retailers, but the lower total volume of attacks during this period offers little good news for retailers going into 2015. Considerable effort will need to be directed to better protecting vulnerable POS systems unless the industry wants to continue to be at the top of the most hacked list in the coming year.

The use of a layered security system that has antivirus and antimalware software, filters and firewalls, as well as encryption, is necessary to ward-off a breach. Retailers are being encouraged to identify potential unauthorized infiltration by company insiders and partners who account for an increasing number of system breaches over the last two years. Cyber security specialists are also recommending that retailers double their encryption efforts and intensify the use of SSL certificates. Regularly testing of security measures is needed to become routine in order to guarantee their functionality.

The lull in the number of attacks during the holidays should not be reason to become complacent. Nothing suggests that the number or significance of cyber-attacks will subside anytime soon. As the New Year gets underway IT security professionals, and those who employ their talents, need to resolve to be more proactive in prevention and response to what promises to be another year of malicious attacks from hackers intent on causing havoc.

Image courtesy of Stuart Miles at
FreeDigitalPhotos.net

Sony Breach; Changing the Dynamics of Cybersecurity

ID-100263209

Prior to the cyberattack on Sony the focus of data breaches centered on protecting consumers personal information that was entrusted to retailers, banks and healthcare providers. And while the attack on Sony impacted 47,000 records, previous assaults this year garnered villains many multiple levels of bounty.  J.P. Morgan lost more than 83 million records, Home Depot managed to lose control over 109 million customer records and an intrusion at eBay affected more than 145 million users.   So why is the attack on Sony being touted as “unprecedented?”

It could be that this breach absconded with far more valuable takings than just internally embarrassing emails and impacted the corporate boardroom in ways far more devastating than just increasing the company’s cybersecurity expense column. In addition to the intruders making-off with the juicy gossip they also managed to capture the script of a forthcoming James Bond film along with internal Sony P&Ls, and actual expense compilations, for movie productions.  Such intellectual property (IP) is far more valuable than routine customer social security or credit card information. And the fact that the breach lead Sony to withdraw a scheduled holiday movie release indicates a new level of threat has emerged; one that not only makes commercial activities more expensive but one that threatens the very free practice of commerce. This time a movie release, next time a classified weapon design or a bottler’s secret formula?

There has been, for some time, ample warning to industry and government that the increased capabilities and frequency of attacks by state sponsored hackers from opposing nation states was most likely a precursor to more damaging efforts to come. While the intensity of efforts to tighten the reigns of security around company data systems has increased recently, the Sony breach is hard evidence that not only does more need to be done more quickly, but perhaps the opposition to merging corporate security efforts with government cybersecurity strategies and tactics should be revisited.

The major cybersecurity public policy issue in 2014 was whether threat information should be shared between the private sector and government. The Cybersecurity Information Sharing Act (CISA”), a proposed threat sharing, by creating public records release and antitrust exemptions, failed in the U.S. Senate.

Companies must always be held responsible for enacting effective security measures to protect their consumers personal data from those who seek to steal it for personal gain, but when the attack originates from a nation state, bent on inflicting political change on another nation state, the effort becomes a shared responsibility between the company and those entrusted with protecting a nation in time of war, cyber or other-wise. Even the most robust capabilities available in private sector data protection are likely insufficient to guard a company’s data systems in a cyberwar.

Image courtesy of cooldesign at FreeDigitalPhotos.net

The Most Sought-After Human Resource Skill in the Digital Age

ID-100228737

In this highly disrupted labor environment there are few certainties and nearly no true absolutes.  Ask any displaced veteran of the “knowledge is job security philosophy” and they will tell you that all those predictions that computers would never replace the demand for their unique and valuable skills and they will lament just how misguided the predictions were. With the accelerated introduction of new technologies and the increased intensity of their impact on a once stable and predictable workforce, many former, current and future workers are looking to develop some credible insights into what personal skills-set will be best suited to survive the continued onset of technologies that could someday threaten to displace them in a future career path. The once reliable truism that job security is wholly dependent on our own ability to perform is raising the question; perform what?

Many thinkers and policymakers are struggling to identify even a single qualification that will open up a pathway for current and future workers to maintain or achieve the middle-class lifestyle and standard of living they aspire to achieve. The digital revolution is evolving the job market into one that requires fewer workers even in career fields that where once thought to be naturally resistant to the danger of obsolescence. So what skill is most likely to lead to job security in a high-tech environment?

Economist Martin Baily of the Brookings Institution recently identified conceptualizers as “the people who can take advantage of technology” and are the ones most likely to get ahead in the digital economy. Conceptualizers is defined as those who have the ability to see how the elements of an abstract whole fit together and to identify problems that need to be addressed before others do. In short, they are those individuals who have a seemingly innate capability to recognize potentially unforeseen problems and develop creative solutions to them.  Baily says, “You have to be able to express yourself and explain, what‘s the problem we’re trying to deal with here? It’s a scarce skill that is highly valued in our society.”

It is not as simple as being able to see the forest for the trees, but rather the ability to see the forest and the trees and envision how many challenges and opportunities their existence can affect the environment and the societies around them.  Conceptualizers are able to recognize technology as a tool to be more productive and competitive rather than a threat to their job and it is not necessarily a skill restricted to upper level careers. The ability to adapt, anticipate and work-around unpredictable barriers is as beneficial to the construction trades, marketers and healthcare workers as it is to IT, engineers or financial analysts.

Virtually every employer is actively seeking employees who have the skill but very few know how to identify those who have it. It is not taught as a major of study in college or university, unless it is the University of Hard Knocks and Experience, and rarely is it a requirement found in the myriad of job descriptions; nor is it a major career title. Perhaps it is most interesting that in a highly automated and technical world where every question seems to have a digital machine solution, employers seeking a human with conceptual skills will only know it when they experience it and be very happy to employ those with it. Now, if only all of us who want and desperately need it just knew how to get it.

Image courtesy of kasahasa at
FreeDigitalPhotos.net

The Hacker’s Gift That Just Keeps on Giving

ID-100109805

The massive breach of customer data at retail giant Target during last year’s holiday shopping season is a gift of bad news that just keeps on giving. The malware that was introduced to Target’s POS system between November and December 2013 affected more than 70 million customers and is forecasted to cost the retail giant more than $148 million. But the costs associated with the historic breach are about to increase if a ruling by Judge Paul A. Magnuson of the Minnesota District Court survives appeal.  The judge ruled that Target was negligent in the massive 2013 holiday shopping season data breach and clears the way for banks and other financial institutions to pursue compensation via class-action lawsuits. The Minnesota court decision clears the legal pathway for pending lawsuits by banks and credit unions looking to recover billions of dollars it incurred for replacing customer credit cards.

The decision is a breakthrough for credit and debit card issuers, which traditionally bear the brunt of costs arising from hacker attacks on retailers, because issuers have to replace cards and respond to customers’ concerns. Industry analyst have previously predicted that Target and other retailers will eventually find themselves liable for stolen identities and bank fraud stemming from the high-profile point-of-sale (POS) breaches.

Credit Union National Association president and CEO Jim Nussle says, “As we have documented in two surveys this year, data breaches at retailers have cost credit unions and their members a minimum of $90 million—and those are the costs only for breaches at Target, for $30 million, and Home Depot, at nearly $60 million.”

There has been a considerable increase of retail security breaches in 2014 and this decision opens the possibility that other retailers such as; Kmart, Dairy Queen, Home Depot and Neiman Marcus could now experience similar claims of liability. Financial damage from security breaches has increased 12 to14 percent over last year with 94 percent of companies reporting a cyber-security issue in 2014.

The attack at Target is some-what unique and was made possible by their poor network sequestration and the big-box giants failure to respond to an early-warning system that was in place to protect the system from just such an attack. “Although the third-party hackers’ activities caused harm, Target played a key role in allowing the harm to occur,” Magnuson wrote in his ruling. “Indeed, Plaintiffs’ allegation that Target purposely disabled one of the security features that would have prevented the harm is itself sufficient to plead a direct negligence case.”

The implication of the ruling for both large and smaller retailers is obvious for those businesses that fail to take the collection of sensitive information, such as credit cards or social security numbers, seriously.  It is imperative that retailers implement the strictest security standards and heed warning signs of possible intrusions when they occur in order to avoid possible liability and financial devastating. The lump of coal delivered by hackers to Target last Christmas is likely to continue to burn holes in their profits for years to come.

Image courtesy of Stuart Miles at FreeDigitalPhotos.net