Posted by Nick Robak on

Hactivism or Hacks of Terrorism

Hactivism or Hacks of Terrorism

There is a fine line between Hactivism and Hacks of Terrorism. Consider this article recently published by The Register which states that “58% of all data stolen last year can be attributed to hacktivism.”

Hactivism is defined as “hacking to advance political and social objectives”. Terrorism is, “the use of violence and threats to intimidate or coerce, especially for political purposes”. A hack of terrorism is a combination of both, “hacking to instigate violence and threats to intimidate or coerce, especially for political purposes.”

The fine line is a cross between perception and the reality of associated violence and one can beget the other.

Organizations often struggle with internal security challenges and associated government regulations such as PCI/DSS, MiFID, SEPA, Basel II, EDPD, SOX, IFRS, FACTA, etc. Combine this with organizations pushing internal IT development shops to deliver products and services more quickly to compete effectively with other organizations and you wind up with a recipe for a prime landing spot for hacktivists.

Whether you are the DOD or Wikileaks, an organization’s approach to security can vary greatly. A pragmatic approach is to determine the “cost” of security approaches to an organization, from extremely restrictive to wide open and somewhere in between. The cost is the financial impact from a security approach. When performing a financial impact analysis to a security approach, two items to consider are: 1) revenue impact through delays of product deployment due to a complex security approach, and 2) revenue impact of a compromised infrastructure, especially public perception and impact to future revenue or the cost of fixing a compromised infrastructure. This approach can effectively be used for government organizations, non-profits, SMB’s, and large enterprises. After completing a financial analysis, choose the policy that minimizes financial impact and implement protocols and tooling that supports the security policy. Ensure that as your organization changes, that the policy and financial impact is reevaluated.

Posted by Nick Robak on

Don’t let the process get you down

Don’t let the process get you down

What do you feel when you hear the word “process”?  So often, clients tell me things such as cumbersome, slow, overhead or necessary evil.  When probed, their explanation is often well justified by specific experiential examples in their organizations.

Service Management best practices (such as ITIL®, MOF, USMBOKTM) are filled with recommendations for using processes to ensure efficient, effective service delivery quality for a business.    However, reconciling how processes help achieve that is often a big hurdle for technologists whose experiences tell them otherwise.   Do organizations set out to develop slow, cumbersome processes that will seize an organization’s progress?  I hope not!

So, what differentiates those organizations that find utility in processes and collectively endorse them to achieve more desirable business results from those that are felt overrun with process and deem it overhead, and merely a necessary evil?   Here are a few key success factors:

Clear purpose:  Answer the questions, why use this process?  What do we specifically gain from using it? Is service delivery getting better, faster, and/or cheaper as a result?

Metrics-driven:  Focus on a handful of key measurements that demonstrate the achievement of the clear purpose.  Set goals, report them and discuss progress or adjustment on a regular basis.

Lean Process Design:  Limit overhead activities that show little value; “less is more” in process design.

Automation: Organizations BIG or small benefit from the automation of a lean process.  It will significantly improve the adoption and success of the process.

Training:  Train and re-enforce not just merely as you roll out but integrate into employees on boarding process  and yearly refreshers.

Adoption:  Champion and make part of everyday operations so it becomes part of the normal conversation.

Continuous improvement:  Build in feedback mechanisms and review checkpoints that provide an ongoing opportunity to ensure the process continues to meet its purpose through market and organizational changes.

Process leadership:  Probably the single most important factor is leadership that understands, supports and participates in the sometimes difficult decisions and conversations needed to ensure organizational commitment.

Test each of these factors to gauge your organization’s processes and modify your approach accordingly to get process value back for your operations.

Posted by russ@bintelligence.com on

IT Information Overlord

IT Information Overlord

We are all familiar with information overload – a term popularized by Alvin Toffler in his book Future Shock referring to the difficulty a person can have understanding an issue and making decisions that can be caused by the presence of too much information. So how can one progress to an “Information Overlord” state? Information Overlord is the concept of rationalizing data into a manageable and consumable state for the purpose of clear and effective decision making.

IT professionals often utilize consulting agencies to help rationalize data into decisions. However, many consulting organizations take inexperienced IT professionals, boilerplate templates, and a one size fits all approach that lacks application of the specific needs of the company. Their lack of practical experience and specialization actually creates a deeper future innovation gap for the organization.

The Bridgeview Partners difference attributes high value to practical experience with proven results, creativity, and extensive industry knowledge. We know what it is like to spend a day in the trenches. Our experts process the excessive data that impedes decision making into manageable and valuable knowledge that empowers IT leadership. Client priorities, experience and application of relevant industry best practices, result in customized, specific and measurable prescriptive roadmaps for your organization.

Bridgeview Partners, from information overload to Information Overlord.

Posted by Nick Robak on

Careful with your next cut, it may be to the bone

Careful with your next cut, it may be to the bone

Each year as companies go through their budget planning, there is a stir of disappointment and pressure with the IT folks as more of the operating budget is consumed by IT.  In most organizations executives are still asking…  “What is the value they bring?” “Does it really need to cost that much?” “How do we go to the Cloud?”

There are several reasons for this but primarily enterprise-level systems have become a complex mix of unrelated but “working” systems.  This complexity was built over the last few generations of tech cycles leading to a large amount of single threaded SMEs for all of the “one-off” systems, and drives a 24/7 working environment of scrambling from one reactive emergency to another… simply to keep the lights on.

So, taking on the yearly budget discussion creates high-anxiety among IT management and a dysfunctional conversation with finance and the rest of the business.  Too often the conclusion is a budget cut in the form of a “flat tax” directive that is applied across the board.  Without the proper understanding of each component of IT and its burden on the operations this exercise is futile and further hurts the organization.  The cycle continues creating higher stress, low morale, and poor systems performance thus deepening the Business/IT divide.  Stop!  Stop the cycle before these budget cuts take IT to the bone.

IT leadership needs to demonstrate the transparent business view of their systems:  1) what they cost, 2) the value they bring, and 3) how they rate among their peers.  This can be accomplished in short form through the right firm that can appropriately assess via a business / IT methodology that maps directly to similar firms and their correlating IT costs.

However, this is particularly important for the run-the-business functions in IT Infrastructure.  IT Infrastructure has a set of distinctly different functions that are most often put into the same bucket. IT Infrastructure = Server, Storage, Network, Security, Telephony, Support, Disaster Recovery with 5 of the 10 IT dollars represented here. Therefore, knowing the cost of each function is critically important to making the right business decision to optimize IT and comply with the financial constraints.  For example, knowing that one wayward function is causing the entire IT ship to sink is important to addressing the issue.  A budget cut across all functions at the same level is not well-informed and is dangerous for the company as a whole.