Chief Technology Officer Tools (CTO)

Latest News

Improving eMail Security

04/29/2012 -

Several companies, including Google, Facebook, Microsoft, Yahoo, PayPal are working jointly work on a standard for blocking phishing e-mails by verifying that they come from legitimate companies

DMARC.org - or the Domain-based Message Authentication, Reporting, and Conformance - is a new white-list system will be available for use across the Internet.

The other companies in the DMARC working group are AOL, Bank of America, Fidelity Investments, American Greetings, LinkedIn, and e-mail security providers Agari, Cloudmark, eCert, Return Path, and Trusted Domain Project.

- more information

Post Interview thank you notes

04/13/2012 -

In today's frenetic world of cyber-communication, many job seekers struggle with this basic question. Is it better to go with the flow - and thank your interviewer via e-mail, a quicker, but less formal means of communication? Or are you better off standing out from the crowd by sending a hand-written thank-you note?

Hand-written notes are more personal, more effective, and leave a more lasting impression on the interviewer. They also provide a great chance for you to let your personality shine through-more than you could do in an e-mail.

But e-mailed notes are faster to send and arrive faster; they are more likely to get read than snail mail; and the interviewer can easily respond to you if he or she feels like it.

- more information

Mobile devices put confidential data at risk

04/02/2012 -

The average cost to an organization every time a corporate secret is revealed to unauthorized parties, especially agents and their competitors, is
$1.3 million. Forty three percent of CIOs believe this occurs about once every month and 29 percent believe it happens annually. Eighty percent believe that the organization would not discover the wrongful interception of a smartphone conversation that revealed valuable corporate secrets.

Other vulnerabilities these devices face include attacks by viruses, spyware, malicious downloads, phishing and spam. It also has been found that Androids and iPhones have emerged as popular platforms for attack. There also has been a consistent degree of evolution in the sophistication and execution of these threats.

Every organization needs to identify and develop mobile security policies to be deployed which will provide adequate protection. The level of protection has to be aligned with the level of risk that your organization is willing to accept. These policies should ensure that the many regulatory or compliance concerns that might be applicable are addressed. The mobile security policy should be integrated within your overall information security policy framework.

- more information

Loss of BOYDs puts companies at risk

03/13/2012 -

According to a recent study by security software vendors, people who lose their smartphones or other mobile devices in public have less than a 50 percent chance of ever getting them back. And even if the device is returned, the person who found the phone most likely browsed the contents.

The theft or accidental loss of a Bring Your Own Device (BYOD) can expose businesses and individuals to loss of any data stored on the device, as well as data residing in corporate systems or cloud applications to which the device might have direct connections. The use of BYODs within a corporate environment further complicates the issue of data protection, as information may flow onto or through devices that are not fully controlled by the business.

- more information

Congress tries to let states to charge sales tax on Internet transactions

03/01/2012 -

Three bills have been introduced in Congress that would tax internet sales: the Mainstreet Fairness Act, the Marketplace Fairness Act, and the Marketplace Equity Act.

The first two bills allow states to demand sales tax on purchases from large online and mail-order retailers if those states join the Streamlined Sales Tax and Use Agreement (SSUTA), a project created by some of the states to standardize the tax system. After the Supreme Court's Quill decision, these states agreed to try to simplify and unify their laws to "convince Congress to enact federal legislation that would overturn the Quill case.

Under the SSUTA, state and local jurisdictions each have one tax rate, or possibly two. All the states must define products, like candy, the same way. For instance, states that adhere to the SSUTA do not collect sales tax on cereal bars that contain flour, because they all define that product as "food."

The SSUTA requires each state to offer one central database or location for companies to file their taxes, to lower business expenses. The agreement also offers an exemption for small retailers that make $500,000 or less in national remote sales per year.

As of 2012, only 24 states have signed onto the project. Absent are the largest states, including New York, California, Illinois, Texas, and Florida.

Under the Marketplace Fairness Act, states that decline to join the SSUTA can also require sales tax collection on remote purchases if they simplify their taxation policies according to the bill's standards.

The third bill, the Marketplace Equity Act, also attempts to streamline sales-tax collection but remains independent of the SSUTA. Each of the proposed laws would make an exemption for small retailers, though the Mainstreet Fairness Act and the Marketplace Equity Act leave room for the states to define what's Â“small.Â” The Marketplace Fairness Act requires companies to make $500,000 or less from remote sales to qualify as small.

- more information

Over 30% of all enterprise data resides remotely

02/25/2012 -

Remote or branch offices are increasingly at the front lines of business - they have the closest contact with customers and business partners and therefore can have a dramatic impact on the success of the business. Analysts estimate that there are more than four million remote offices in the United States alone.

Many of these offices run autonomously from headquarters andare responsible for managing their own operations - including protecting and retaining the electronic information that they generate. Ignoring the recovery needs of this remotely storeddata is simply not an option. As companies expand operations into new markets, the percent-age of total corporate data in remote offices is increasing - the industry average is now 31%. However, many companies may not be adequately protecting these assets to ensure fast, reli-able recoverability.

- more information

CIOs not valued by CFos

02/16/2012 -

The Financial Executives Research foundation in a survey found out that finance chiefs alone authorize 26% of all IT investments, while chief information officers approve only 5%. This makes sense: in tough economic times finance inevitably asserts itself and casts a gimlet eye on spending. In fact, an October 2011 report by CDW, one of the world's largest technology resellers, said that only 40% of IT decision-makers expect their budgets to rise this winter, down 8% from last year and the lowest level of IT investment increase since October 2009.

Given the oft-unequal CFO-CIO relationship and constrained IT spending, it's not surprising that the techies seemed more downcast than usual in another poll, CIO magazine's 2011 "State of the CIO" survey. Only 33% of CIOs believe they're seen as a "trusted partner or business peer," and even fewer (31%) see themselves viewed as a "valued service provider." Only 11% think IT is providing competitive differentiation - again not a surprise, given how cloud computing is propelling IT toward a utility model.

The fact that two out of three CIOs don't believe that they're seen as a trusted partner is not good news for CFOs. That's because to remain competitive, businesses need their top finance and IT managers to maintain a productive relationship.

- more information

Security threats are on the rise and they are costly

02/12/2012 -

Companies as well as individuals need well defined security policies and procedures to combat secruity threats.

In a report that was recently published it was estimated that breaches cost companies between $90 and $305 per lost record. This includes notifying customers, hiring contractors to fix computer systems, fines and lost business. In addition, over 95 percent of network attacks are entirely financially motivated. This is different than two or three years ago where it may have been a college student who wanted to crash your computer. Threats today burrow deep in computers and hide. They are a lot less visible today.

Indeed, the new threats are much more sophisticated than those security experts had foiled in the past. The easy things - viruses, Trojans and worms - are generally stoppable by most firewalls or certainly inline intrusion prevention. But now, hackers and the organizations that fund them have upped the ante for gateway and network security.

- more information

Will IT spending go up?

01/20/2012 -

IT spending is expected to increase in 2012. After years of budgets crimped by a bum economy, there is significant pent-up demand at companies around the globe to drop some extra cash for the products and services they have been waiting for to drive business forward. But we have heard this song before.

Gartner was bullish on IT spending last year, saying that it could rise somewhat significantly in 2012, yet in its latest report the research firm acknowledges that its estimates might have been too optimistic. Global spending on IT spending will still be up, the company says, but do not expect it to rise too quickly.

- more information

CIO success is driven by relationships

01/08/2012 -

Relationships are critical for a CIOs success. A poor relationship with superiors and staff is the number one reason for failure of CIO. Relationships are critical to communications and without them common goals cannot be achieved.

CIO and employees who understand each other have preferred styles .better understand how to communicate and work together effectively. Factors that strongly predict the compatibility between a CIO and their teams are self-assurance, self-reliance, conformity, optimism, decisiveness, objectivity, and approach to learning. Assessing a CIO relationships with team members allows the CIO to use objective information about themselves and their teams so that they can work more effectively toward a common goal.

A poor relationship with one's boss is the number one reason for failure at work. Two common flashpoints adversely affect performance:

The employee is unclear about the CIO's expectations - Goals should cascade down from the CIO to team members so that everyone understands how they contribute to the objectives of both the team and the organization. If an employee does not understand the goals given,or if they have not been given goals at all, the onus is on the employee to seek clarity. Asking a simple question such as, "What are the top three priorities in my role that you would like me to focus on?" can help everyone on the team gain clarity. Employees should also ask, "Why is this so important?" as the answer will give them a lot of good clues for developing the relationship with their CIO.
CIOs fail to adapt their styles to the employees' preferred styles - Every employee/CIO relationship is unique and requires a different management approach. For example, the approach taken by highly decisive boss working with a highly decisive employee should be significantly different from the approach taken by this same boss when working with a less-decisive employee. The decisive employee thrives on quick decisions, while the other employee will be more methodical in thier decision-making approach. The less-decisive employee will potentially enter into conflict with the faster-paced CIO.

- more information

Burnout of key employees

12/17/2011 -

In these troubled times employee burn-out is a reality. There are a number of impacts on the employees that negatively impact the organization that they work for. They are:

Withdrawal - Employees want to avoid what discomforts them, and those organizational conditions that can cause burnout are certainly discomforting. Signs to watch for are that employees leave work early, arrive at work late, take long breaks, and stay away from the workplace as much as possible.
Interpersonal friction - Employees strike back at what they do not like. Signs are employees begin being cynical and callous toward others, small differences lead to monumental arguments, work assignments begin to seem like insurmountable challenges, and friends begin to look like foes.
Performance declines - When employees are not happy they do not perform well. The quantity of the employeeÂ’s may not be reduced, but the quality will. Signs are clients say that service quality is poor and interrelationships been the burned out employee, their peers, their customers is a low point. There are few smiles and jokes - it is all work and no play.
Family life and personal space negative - Just as burnout leads to behaviors that have a negative impact on the quality of one's work life, it can also lead to behaviors that cause a deterioration of the quality of home life and personal space. Burned out individuals are often described by their wives as coming home tense, anxious, upset, angry, and complaining about the problems they faced at work. These individuals are also more withdrawn at home -preferring to be left alone, instead of sharing time with their families.
Declining health and gaining weight - Burnout often leads to health-related problems. Burnout victims are more likely to suffer from insomnia, excessive drinking or smoking, and to use medications of various kinds.

- more information

Top priorities for 2012

11/07/2011 -

Five projects to tackle in the short term will make you a hero to upper management while enabling the organization to move forward:

Streamline company data storage and access
Master mobile devices to meet
Become a efficient development organization
Implement crisis management response processess
Gain control of social media

- more information

Facebook most popular social network

10/27/2011 -

Facebook is leading all social networks in U.S. mobile traffic. While access through the browser still trumps application access, apps are gaining.

More than 72.2 million Americans, or nearly one-third of the country, accessed Facebook, LinkedIn, Twitter, or some other social network or blog from a mobile device in August, up 37 percent from the same time last year.

Nearly 40 million of those U.S. mobile users access these sites almost every day, according to new research from comScore. Smartphone users proved to be the heaviest social media users, with 3 in 5 of those users using social media software every month.

Facebook, which claims it has over 200 million mobile users, enjoyed more than 57 million mobile users in August, up 50 percent from the previous year. Twitter and LinkedIn have far fewer mobile users. Twitter's mobile audience rose 75 percent to 13.4 million people, while LinkedIn's audience grew 69 percent to 5.5 million users.

- more information

Backup service providers an expanding DRP resource

10/16/2011 -

Online backup and recovery service providers have emerged from different market spaces and have different product focuses and business drivers. These providers can be grouped into three categories:

Service providers leveraging existing core business resources to expand into adjacent markets to look for new revenue opportunities
Service providers concentrating on server backup in niche markets: backup and recovery only, single verticals, regional boundaries
Service providers whose backup and recovery service forms an integral part of a broader spectrum of information management and data protection services

The scope, strengths, and weaknesses of each type of online backup and recovery service provider are characterized with respect to the current and forward-looking requirements of companies looking to protect their server data. Such requirements range from full system (versus data only) backup and restore to comprehensive business continuity best practices and support. Understanding these strengths and weaknesses can help businesses clarify their server protection requirements and better align their selection criteria and focus with their business goals.

- more information

New technique offers enhanced security for sensitive data in cloud computing

10/10/2011 -

Researchers from North Carolina State University and IBM have developed a new, experimental, technique to better protect sensitive information in cloud computing - without significantly affecting the system's overall performance.

Under the cloud-computing paradigm, hypervisors are programs that create the virtual workspace that allows different operating systems to run in isolation from one another - even though each of these systems is using computing power and storage capability on the same computer. A longstanding concern in cloud computing is that attackers could take advantage of vulnerabilities in a hypervisor to steal or corrupt confidential data from other users in the cloud.

The NC State research team has developed a new approach to cloud security, which builds upon existing hardware and firmware functionality to isolate sensitive information and workload from the rest of the functions performed by a hypervisor. The new technique, called strongly isolated computing environment (SICE), demonstrates the introduction of a different layer of protection.

"We have significantly reduced the 'surface' that can be attacked by malicious software," says a professor of computer science at NC State. "For example, our approach relies on a software foundation called the Trusted Computing Base, or TCB, that has approximately 300 lines of code, meaning that only these 300 lines of code need to be trusted in order to ensure the isolation offered by our approach. Previous techniques have exposed thousands of lines of code to potential attacks. We have a smaller attack surface to protect."

SICE also lets programmers dedicate specific cores on widely-available multi-core processors to the sensitive workload - allowing the other cores to perform all other functions normally. A core is the 'brain' of a computer chip, and many computers now use chips that have between two and eight cores. By confining the sensitive workload to one or a few cores with strong isolation, and allowing other functions to operate separately, SICE is able to provide both high assurance for the sensitive workload and efficient resource sharing in a cloud.

In testing, the SICE framework generally took up approximately three percent of the system's performance overhead on multi-core processors for workloads that do not require direct network access. "That is a fairly modest price to pay for the enhanced security," the professor says. "However, more research is needed to further speed up the workloads that require interactions with the network."

- more information

Mobile devices change the way companies infrastructure

10/01/2011 -

Mobile devices and new user interfaces change everything. Leading edge enterprise managers have been using mobile devices for phone, e-mail, and Web communications since the inception of these products. Further, laptop devices have enabled employees to travel and to manage how employees or sell to customers.

However, consumers' rapid adoption of the Apple iPhone, iPad, and Android-based personal digital assistants (PDAs) and tablet PCs is causing lending IT innovators to quickly create new capabilities that will transform most enterprisesÂ’ interactions with their customers. An excellent example is an iPhone application for consumer automobile lending where a customer can compare car prices, apply for a car loan, and receive onsite loan approval at a car dealer.

A tablet device is never going to fit into a jeans pocket like a smartphone, but it is still mobile and its screen size add new usability and utility of its apps over a mobile phone. For example, in many retail operations will eventually use a table PC to replace the clipboard, pencil, and paper forms for one-time electronic information capture.

- more information

Disaster Plan - Business Continuity Template Meets Sarbanes-Oxley Mandated Requirements

09/12/2011 -

The Disaster Recovery / Business Continuity Template version 4.3 has just been released. Janco contiues to update its templates to meet the ever changing requirements of the business environment.

With this new version a fully indexed PDF copy of the template is now provided in addition to the two versions of WORD (2003 and 2007).

The updates to the template included:

1. Defined generic metrics for DR/BC success

2. Business & IT Impact Analysis Questionnaire Updated

3. Updated references to DRP card

4. Updated formatting to meet WORD 2007 requirements

The version history for updates to template can be seen at http://www.e-janco.com/drpversion.htm and the full Table of Contents with sample pages can be downloaded at http://www.e-janco.com/Register_drp.asp .

- more information

Compliance Management

09/05/2011 - Regulatory requirements have made log management & analysis one of the two fastest growing areas of security. In fact, nearly every major regulation affecting cyber security now demands or implies the need for continuous logging and effective log management HIPAA, SOX, ISO 27001, COBIT. Even the Payment Card Industry (PCI) standard appears to demand it. And regulations governing information security technology are evolving as fast as the technology itself. - more information

Internet may be a source of future tax revenue

08/30/2011 -

As local municipalities and states seek to find additional revenue in this down economy, they now have their sights on the emerging market of cloud computing. As more companies use cloud services, the traditional rules of taxation based on physical presence no longer fit.

IT Infrastructure For example, a New York-based company may purchase server space and cloud-based software from a Texas-based company. That's relatively straightforward, except that the Texas company may have servers in North Carolina and California, while the New York company may have satellite offices in Illinois, Florida, and Kentucky that use the server space. Who gets the tax bill, and who gets the revenue? Good luck with that one.

States recognize the shift in buying patterns from boxed software and hardware to computing services delivered over the Internet. Thus, they want to position or reposition tax laws to make sure they get their traditional share as purchases shift venues.

Amazon and others are supporting a bill that would impose a streamlined national sales tax for e-commerce, avoiding the complexity of figuring out hodgepodge of state and local tax rates. As online sales have grown dramatically, states have challenged the catalog sales-based exemption, some imposing sales taxes.

Many established interests want to shape this movement. Accountants, lawyers, state tax officials, and companies such as Google, Apple, and NetSuite are looking to develop new guidelines for taxing the use of cloud computing. Amazon.com has exited more than a dozen states that changed their laws to consider such affiliates as equivalent to taxable physical presence for distributors. Instead, Amazon is pulling affiliate arrangements to avoid collecting taxes and trying to get a ballot initiative in front of voters to exempt it from a recent decision to tax online retailers' in-state sales.

Now the federal government is chiming in with federal legislation that would limit the states' ability to tax "digital goods and services." As you may recall, this was the same type of law that limited the taxation of the then-emerging Internet-based e-commerce industry in the 1990s, and it's based on an old Supreme Court decision that exempts catalog sales from having to collect sales taxes when the customers are in a different state than the retailer.

- more information

Backup and Retention a DRP issue

08/14/2011 -

Traditional storage environments have many of the same problems as distributed server farms: applications are tied to physical devices, making any response to changing needs both disruptive and time-consuming; capacity utilization is low; and many maintenance activities require application downtime. The simple and straightforward solution is storage virtualization, which decouples applications and data from the underlying physical devices. Storage virtualization simplifies storage management, as only a single set of tools are required for a given virtualized set of similar devices, such as managing a set of disk systems.

For IT departments charged with delivering greater business value in the face of unprecedented data growth, storage virtualization is a very attractive way to control costs, improve performance and maximize resource utilization.

- more information