Tag Archives: Security


The Friday Update 7: Using the cloud to disrupt the business in a secure manner

First up this week are a couple of articles I had published in The Sunday Times for a Raconteur supplement on cloud computing. The first article – on disruptive business models – highlights how the cloud has reached a tipping point, as buying IT on demand has moved to the core of technology provision with organisations using it to transform their operations.

The features quotes a range of independent experts and CxOs who are using the cloud as a platform for change. One of these individuals is Alex Hamilton, co-founder and chief executive of Radiant Law, an innovative and high-tech commercial contracts firm that uses the cloud to communicate and collaborate with staff and clients:

“We’re continually looking for better ways to serve the needs of our clients. The cloud provides the base layer that allows us to run our firm effectively, but it also allows us to experiment. The future of our business is tightly linked to the cloud.”

The supplement also included an article on the top five unusual for the cloud, from keeping animals fed and happy to bringing the written word to life. Independent publisher Faber & Faber is using cloud platform Box to manage incoming manuscripts from draft to final approval. Jim Lindsay, integration specialist at Faber & Faber, says the system is helping the firm embrace the digital world:

“Content is central to what we do and cloud computing makes content easily accessible for all staff, no matter where they are located in the world.”

Moving to the cloud involves a careful consideration of information security. Yet another article by me for ZDNet this week suggests most businesses are badly prepared when it comes to dealing with cyber attacks. Despite almost constant warnings about security threats, most companies rate their cyber resilience as low, even though they spend a huge chunk of their IT budgets on security.

Focusing on risk management is crucial, says Colin Lees at BT Business, whose main aim is to ensure potential points of entry are locked down. People policies are also important and he says BT has a range of plans and procedures for key areas, including building security, system access, and worker behaviour, in terms of education and training:

“The key to success is risk management, with an appropriate level of spend. You have to be prepared to invest. When I speak to other CIOs in other sectors, I sometimes find there’s less investment in security than at BT. Being so network-oriented means it’s a crucial area of IT spend for us.”

As mentioned in my last update, I’ll be writing more skills-based articles for The Register in coming weeks. My next article will focus on the role of the CDO. If you have an angle or an idea, drop me a line. I’m also always keen to hear from CIOs and independent experts who have an opinion or responsibility for areas of Europe beyond the UK. Just drop me a line if you’d like to get involved at mark.samuels@gmail.com or mark@samuelsmedia.co.uk.

Ian Watmore on security, social media & citizen engagement

My interview with Ian Watmore for Guardian Government Computing, where the Cabinet Office permanent secretary talks about IT’s role in public sector projects, social media for citizen engagement and how the government is a hacking trophy:

Former government chief information officer (CIO) Ian Watmore might be new to the position of Cabinet Office permanent secretary, but he still recognises that digital technology presents a significant opportunity for the government to engage with citizens and shape the future of public services.

Watmore, who spent the last year or so operating as the chief operating officer for the government’s Efficiency and Reform Group, was recently appointed to his current role to help fill the leadership void following Sir Gus O’Donnell’s retirement from the role of cabinet secretary.

“The new generation of politicians really understand technology,” says Watmore. “It’s a business issue that is on the top table in every department in Whitehall.”

The elevated position of technology, according to Watmore, has been inspired by the increasing digital element of public policy and the growing desire of UK citizens to access public information online.

To read the rest of the feature, please click here.

Cloud security: Why CIOs must tighten their grip

Despite suggestions that the cloud would remove responsibilities from the shoulders of the CIO, the converse now looks to be true – here’s my latest article for silicon.com on the cloud:

“The CIO is dead,” screamed the headline to an article on silicon.com’s sister site, TechRepublic. The story suggested on-demand computing would quickly mean technology purchasing decisionscould be decentralised to line-of-business executives, rather than being made by a dedicated IT department.

Two years later, the cloud remains a work in progress and the management reality behind on-demand IT has hit home. Someone, somewhere simply must be responsible for the policies and strategies associated to the use of the cloud – and that person is still the CIO.

As the executive charged with making the most of internal and external technology resources, the IT chief has to steer the organisation towards secure on-demand computing. And that remains a tricky path.

To read the rest of the article, please click here.

Cloud security: Problems may lie closer to home

Lock-in, data security, compliance and lack of control all feature on CIOs’ lists of cloud issues, but this feature by me for silicon.com shows how bigger problems may be sitting on the IT leader’s doorstep:

The biggest inhibitors to the cloud are well known and usually include issues such as data security, regulatory compliance and vendor lock-in. These barriers usually involve external factors, including the stability of suppliers and the influence of regulatory bodies.

Such concerns are crucial, but is there too much focus on external factors at the expense of internal processes? Are CIOs worrying too much about on-demand factors beyond their control and not paying enough attention to the last mile of the network?

IT leaders can spend time and money establishing strong partnerships with suppliers that meet tight demands on information security and data access. But any agreement with external partners, and the potential to use technology on demand, is only as valuable as the supporting internal structure.

To read the rest of the feature, click here.

Can mobile working set new standards of security?

Some CIOs curse mobile working because of the security implications, but could flexible working actually be a route to better, rather than slacker, security? Here’s my latest feature for silicon.com:

“CIOs simply must get the business used to working remotely because employees increasingly live and work in a mobile environment,” says Vodafone CTO Jeni Mundy, an IT leader who speaks as someone who has created and implemented strategies to increase flexibility.

It’s a call to action that reflects the mobile nature of modern business – but is it realistic, especially given the continued security concerns that surround flexible working? After all, as many as 38 per cent of CIOs still view improved security as a business priority for 2010, according to research by Opinion Matters on behalf of Vodafone.

And while improved workflow, employee engagement and staff retention are identified by the research as the major benefits of flexible working, potential improvements to security do not figure in the list of top achievements.

To read the rest of the feature, click here.

CISOs: Does your firm need a security tsar?

Here’s another piece I’ve recently had published on silicon.com, this time about the importance of data security and the potential requirement for a chief information security officer:

Mike Newman is an IT leader who is one step ahead of some of his executive peers. The CIO of Towergate, Europe’s largest independently-owned insurance intermediary, appointed a full-time head of IT security 18 months ago as part of a higher-level strategy to prioritise the integrity of information.

“Data security simply has to be fundamental,” says Newman of the decision to hire a head of information security. “As a services-based organisation, the key asset is your customer – you have a real duty to look after your assets. We need smart security guys to stop the potential exposure of data and to make sure that the corporate use of information follows best practice.”

The good news is that, for the most part, technology workers recognise the importance of employing a dedicated security leader. As many as 62 per cent of IT professionals believe the most valuable governance measure an organisation can undertake with regards to data security is the appointment of a chief information security officer (CISO) or other high-level security leader, according to research from the Ponemon Institute.

To read the full article, please click here.

Will auditors allow your data to reside in the cloud?

While I was away on paternity leave, Computer Weekly published my feature on cloud computing, security and audit trails. Here’s the intro, with a link to the full article below:

“Do you fear the auditor more or the attacker?” asks Peter Bassill, chief information security officer at gambling giant Gala Coral Group.

It is a key question for IT leaders thinking of dabbling in on-demand computing provision through the cloud. For Bassill, there is only one answer, particularly for firms operating in highly regulated sectors: “A lot of companies fear the auditor more. If you hold data internally, you can show the auditor your controls, but the cloud makes such demonstrations more difficult.”

The resulting complications mean many businesses still shy away from on-demand IT. About 40% of UK companies use cloud computing systems, according to the Information Systems Audit and Control Association. This represents a significant proportion of British organisations, but implementation levels – certainly with regards to large-scale enterprise systems – are nowhere near matching the cacophonous intensity of supplier hype.

For the full feature, click here.