1. Mobility: It's time to think about application development with the mobile device as the primary client. The company's top executives and sales force would be using their mobiles as their primary way of staying in touch with the company. The customers are more likely to respond to offers made via mobile messages.
2. Social networks: This is something that is going to be the most talked about phenomenon. Communication with employees, customers and other stakeholders would be much prominent through social media.
3. Cloud and virtualization. Cloud computing and Virtualization is many a times confused with cost cutting. However, cloud computing also offers a way for companies to quickly provision technology infrastructure for startups within their own company.
4. Company's IT infrastructure. In most companies, the majority of their IT budget still goes into keeping the lights on and the servers running. Reducing those costs is where you free up capital. The new part is you have a wider range of hosted services to look at than even a year earlier
Tuesday, June 1, 2010
ISO 27001
ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for the original document, BS7799-2. It is intended to provide the foundation for third party audit, and is 'harmonized' with other management standards, such as ISO 9001 and ISO 14001.
Omnitech is in the process of acquiring this certificate.
ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following:
■use within organizations to formulate security requirements and objectives;
■use within organizations as a way to ensure that security risks are cost effectively managed;
■use within organizations to ensure compliance with laws and regulations;
■use within an organization as a process framework for the implementation and management of controls to ensure that the specific security objectives of an organization are met;
■definition of new information security management processes;
■identification and clarification of existing information security management processes;
■use by the management of organizations to determine the status of information security management activities;
■use by the internal and external auditors of organizations to determine the degree of compliance with the policies, directives and standards adopted by an organization;
■use by organizations to provide relevant information about information security policies, directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons;
■implementation of business-enabling information security;
■use by organizations to provide relevant information about information security to customers.
Omnitech is in the process of acquiring this certificate.
ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following:
■use within organizations to formulate security requirements and objectives;
■use within organizations as a way to ensure that security risks are cost effectively managed;
■use within organizations to ensure compliance with laws and regulations;
■use within an organization as a process framework for the implementation and management of controls to ensure that the specific security objectives of an organization are met;
■definition of new information security management processes;
■identification and clarification of existing information security management processes;
■use by the management of organizations to determine the status of information security management activities;
■use by the internal and external auditors of organizations to determine the degree of compliance with the policies, directives and standards adopted by an organization;
■use by organizations to provide relevant information about information security policies, directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons;
■implementation of business-enabling information security;
■use by organizations to provide relevant information about information security to customers.
Monday, May 31, 2010
Security concerns in Cloud computing II
Continuing with few more concerns as per a Gartner report:
4) Data in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but isn't a cure-all. "Find out what is done to segregate data at rest," Gartner advises. The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists. Encryption accidents can make data totally unusable, and even normal encryption can complicate availability
5) Even if you don't know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster. Any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to a total failure
6) You must be sure your data will remain available even after an event in which the provider goes bankrupt. Ask potential providers how you would get your data back and if it would be in a format that you could import into a replacement application.
4) Data in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but isn't a cure-all. "Find out what is done to segregate data at rest," Gartner advises. The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists. Encryption accidents can make data totally unusable, and even normal encryption can complicate availability
5) Even if you don't know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster. Any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to a total failure
6) You must be sure your data will remain available even after an event in which the provider goes bankrupt. Ask potential providers how you would get your data back and if it would be in a format that you could import into a replacement application.
Security concerns in Cloud Computing- I
There is a perception that cloud computing removes data compliance pains, however it should be clear that the data owner is still fully responsible for compliance.Cloud computing is not necessarily more secure; applications with years of expert development still contain undiscovered vulnerabilities that can be a risk to data security.
Gartner report helps us understand certain security concerns of Cloud Computing.Some of them are:
1) Sensitive data processed outside the enterprise brings with it an inherent level of risk, because outsourced services bypass the "physical, logical and personnel controls" IT shops exert over in-house programs. Get as much information as you can about the people who manage your data. "Ask providers to supply specific information on the hiring and oversight of privileged administrators, and the controls over their access
2) Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider. Traditional service providers are subjected to external audits and security certifications. Cloud computing providers who refuse to undergo this scrutiny are "signaling that customers can only use them for the most trivial functions
3)When you use the cloud, you probably won't know exactly where your data is hosted. In fact, you might not even know what country it will be stored in. Ask providers if they will commit to storing and processing data in specific jurisdictions, and whether they will make a contractual commitment to obey local privacy requirements on behalf of their customers
Few more risks in the next post...
Gartner report helps us understand certain security concerns of Cloud Computing.Some of them are:
1) Sensitive data processed outside the enterprise brings with it an inherent level of risk, because outsourced services bypass the "physical, logical and personnel controls" IT shops exert over in-house programs. Get as much information as you can about the people who manage your data. "Ask providers to supply specific information on the hiring and oversight of privileged administrators, and the controls over their access
2) Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider. Traditional service providers are subjected to external audits and security certifications. Cloud computing providers who refuse to undergo this scrutiny are "signaling that customers can only use them for the most trivial functions
3)When you use the cloud, you probably won't know exactly where your data is hosted. In fact, you might not even know what country it will be stored in. Ask providers if they will commit to storing and processing data in specific jurisdictions, and whether they will make a contractual commitment to obey local privacy requirements on behalf of their customers
Few more risks in the next post...
Data Security
In simple terms, data security is the practice of keeping data protected from corruption and unauthorized access. The focus behind data security is to ensure privacy while protecting personal or corporate data.Data could be anything of interest that can be read or otherwise interpreted in human form.
However, some of this information is highly confidential and isn't intended to leave the system. The unauthorized access of this data could lead to numerous problems for the larger corporation or even the personal home user. Imagine, someone robbing your valuables from the safe or in more technical terms, someone deleting data from database.
Due to internet, emphasis on data security has gone up leaps and bounds. There are a number of options for locking down your data from software solutions to hardware mechanisms. Computer users are certainly more conscious these days, and some idea can be got through the following methods of Data security:
Encryption
Encryption has become a critical security feature for thriving networks and active home users alike. This security mechanism uses mathematical schemes and algorithms to scramble data into unreadable text. It can only by decoded or decrypted by the party that possesses the associated key.
(FDE) Full-disk encryption offers some of the best protection available. This technology enables you to encrypt every piece of data on a disk or hard disk drive. Full disk encryption is even more powerful when hardware solutions are used in conjunction with software components. This combination is often referred to as end-based or end-point full disk encryption.
Strong User Authentication
Authentication is another part of data security that we encounter with everyday computer usage. Just think about when you log into your email or blog account. That single sign-on process is a form authentication that allows you to log into applications, files, folders and even an entire computer system. Once logged in, you have various given privileges until logging out. Some systems will cancel a session if your machine has been idle for a certain amount of time, requiring that you prove authentication once again to re-enter.
The single sign-on scheme is also implemented into strong user authentication systems. However, it requires individuals to login using multiple factors of authentication. This may include a password, a one-time password, a smart card or even a fingerprint.
Backup Solutions
Data security wouldn't be complete without a solution to backup your critical information. Though it may appear secure while confined away in a machine, there is always a chance that your data can be compromised. You could suddenly be hit with a malware infection where a virus destroys all of your files. Someone could enter your computer and thieve data by sliding through a security hole in the operating system. Perhaps it was an inside job that caused your business to lose those sensitive reports. If all else fails, a reliable backup solution will allow you to restore your data instead of starting completely from scratch.
However, some of this information is highly confidential and isn't intended to leave the system. The unauthorized access of this data could lead to numerous problems for the larger corporation or even the personal home user. Imagine, someone robbing your valuables from the safe or in more technical terms, someone deleting data from database.
Due to internet, emphasis on data security has gone up leaps and bounds. There are a number of options for locking down your data from software solutions to hardware mechanisms. Computer users are certainly more conscious these days, and some idea can be got through the following methods of Data security:
Encryption
Encryption has become a critical security feature for thriving networks and active home users alike. This security mechanism uses mathematical schemes and algorithms to scramble data into unreadable text. It can only by decoded or decrypted by the party that possesses the associated key.
(FDE) Full-disk encryption offers some of the best protection available. This technology enables you to encrypt every piece of data on a disk or hard disk drive. Full disk encryption is even more powerful when hardware solutions are used in conjunction with software components. This combination is often referred to as end-based or end-point full disk encryption.
Strong User Authentication
Authentication is another part of data security that we encounter with everyday computer usage. Just think about when you log into your email or blog account. That single sign-on process is a form authentication that allows you to log into applications, files, folders and even an entire computer system. Once logged in, you have various given privileges until logging out. Some systems will cancel a session if your machine has been idle for a certain amount of time, requiring that you prove authentication once again to re-enter.
The single sign-on scheme is also implemented into strong user authentication systems. However, it requires individuals to login using multiple factors of authentication. This may include a password, a one-time password, a smart card or even a fingerprint.
Backup Solutions
Data security wouldn't be complete without a solution to backup your critical information. Though it may appear secure while confined away in a machine, there is always a chance that your data can be compromised. You could suddenly be hit with a malware infection where a virus destroys all of your files. Someone could enter your computer and thieve data by sliding through a security hole in the operating system. Perhaps it was an inside job that caused your business to lose those sensitive reports. If all else fails, a reliable backup solution will allow you to restore your data instead of starting completely from scratch.
Trends in Technology 2010
Below are 8 trends that are sure to catch the fancy of IT world. While the full impact of these trends may not appear this year, but executives need to act now so that they can exploit the trends for their competitive advantage
Trend 1- Business Continuity responsibility
• The onus will lie on the senior management to ensure that there is no ambiguity in the ownership of responsibility of a BCP. There would be a dedicated team for ensuring business continuity. This team should have representatives from all the critical functions. Senior management must bestow the responsibility for business continuity with the business and not any of the support functions.
Trend 2- Cloud computing purchase
• The actual purchase of cloud-based services has an interesting trend lined up . On the face of it, using pay-as-you-go IT services should be highly attractive from a procurement standpoint, moving payment and authorization processes from capital expenditure to operating costs. The procurement of cloud computing, and the whole concept of what an enterprise agreement looks like in a cloud environment, are sticking points that will need to be looked at in future.
Trend 3- Content management
• Storage and the network bandwidth to store and access information is growing much faster than computing causing an explosion in content creation. This will make content management one of the most important information technologies and new technologies will emerge to automatically find, organize, verify and visualize content.Content and content management will increasingly be delivered in two main forms - appliances and on-line services. Extremely simple, purpose-built physical appliances for household and office use will capture and organize documents, photos, music and video. Software appliances, configured as virtual machines for specific tasks, will be downloaded from the internet to generic hardware that will come in sizes Small, Medium or Large.
Trend 4- Mash-up technology
• On-line collaborative and content services will extend from Web 2.0 to the community developing sites and user experience with open source accelerating their rate of evolution. Mash-up technology will replace web services and will blur services as it blends internal and external services. Services will start to spill over into the physical world as shops and delivery become more integrated into requests from the internet
Trend 5- Mobile computing and communication
• Business computing will shift significantly from PCs to mobile devices as Blackberry-size devices capture more business activities and form factors improve. Ubiquitous internet access and informality espoused by blogs and instant messaging will lead to simpler forms of communication. Content will be consumed on something probably closer to a Playstation Portable and your very thin mobile phone
Trend 6- Soft design
• A new revolution in user interface design is just beginning as designers move from physical to soft design. Gesture control will make its way into handheld and notepad devices. User interfaces will move from 2D to 3D as gamers influence work habits and we may see the first holographic interfaces. Avatars will begin to replace dialogs as the request-response metaphor and we may see practical voice recognition and language understanding.
Trend 7- IT infrastructure as service
• By 2011, early technology adopters will forgo capital expenditures and instead purchase 40 per cent of their IT infrastructure as a service. Increased high-speed bandwidth makes it practical to locate infrastructure at other sites and still receive the same response times. Enterprises believe that as service oriented architecture (SOA) becomes common, “cloud computing” will take off, thus untying applications from specific infrastructure. This trend to accepting commodity infrastructure could end the traditional “lock-in” with a single supplier and lower the costs of switching suppliers. It means that IT buyers should strengthen their purchasing and sourcing departments to evaluate offerings. They will have to develop and use new criteria for evaluation and selection and phase out traditional criteria
Trend 8- Green sourcing
• By 2011, suppliers to large global enterprises will need to prove their green credentials via an audited process to retain preferred supplier status. Those organizations with strong brands are helping to forge the first wave of green sourcing policies and initiatives. These policies go well beyond minimizing direct carbon emissions or requiring suppliers to comply with local environmental regulations. For example, Timberland has launched a “Green Index” environmental rating for its shoes and boots. Home Depot is working on evaluation and audit criteria for assessing supplier submissions for its new EcoOptions product line.
Visit Omnitech website "Downloads" section to get the article.
Trend 1- Business Continuity responsibility
• The onus will lie on the senior management to ensure that there is no ambiguity in the ownership of responsibility of a BCP. There would be a dedicated team for ensuring business continuity. This team should have representatives from all the critical functions. Senior management must bestow the responsibility for business continuity with the business and not any of the support functions.
Trend 2- Cloud computing purchase
• The actual purchase of cloud-based services has an interesting trend lined up . On the face of it, using pay-as-you-go IT services should be highly attractive from a procurement standpoint, moving payment and authorization processes from capital expenditure to operating costs. The procurement of cloud computing, and the whole concept of what an enterprise agreement looks like in a cloud environment, are sticking points that will need to be looked at in future.
Trend 3- Content management
• Storage and the network bandwidth to store and access information is growing much faster than computing causing an explosion in content creation. This will make content management one of the most important information technologies and new technologies will emerge to automatically find, organize, verify and visualize content.Content and content management will increasingly be delivered in two main forms - appliances and on-line services. Extremely simple, purpose-built physical appliances for household and office use will capture and organize documents, photos, music and video. Software appliances, configured as virtual machines for specific tasks, will be downloaded from the internet to generic hardware that will come in sizes Small, Medium or Large.
Trend 4- Mash-up technology
• On-line collaborative and content services will extend from Web 2.0 to the community developing sites and user experience with open source accelerating their rate of evolution. Mash-up technology will replace web services and will blur services as it blends internal and external services. Services will start to spill over into the physical world as shops and delivery become more integrated into requests from the internet
Trend 5- Mobile computing and communication
• Business computing will shift significantly from PCs to mobile devices as Blackberry-size devices capture more business activities and form factors improve. Ubiquitous internet access and informality espoused by blogs and instant messaging will lead to simpler forms of communication. Content will be consumed on something probably closer to a Playstation Portable and your very thin mobile phone
Trend 6- Soft design
• A new revolution in user interface design is just beginning as designers move from physical to soft design. Gesture control will make its way into handheld and notepad devices. User interfaces will move from 2D to 3D as gamers influence work habits and we may see the first holographic interfaces. Avatars will begin to replace dialogs as the request-response metaphor and we may see practical voice recognition and language understanding.
Trend 7- IT infrastructure as service
• By 2011, early technology adopters will forgo capital expenditures and instead purchase 40 per cent of their IT infrastructure as a service. Increased high-speed bandwidth makes it practical to locate infrastructure at other sites and still receive the same response times. Enterprises believe that as service oriented architecture (SOA) becomes common, “cloud computing” will take off, thus untying applications from specific infrastructure. This trend to accepting commodity infrastructure could end the traditional “lock-in” with a single supplier and lower the costs of switching suppliers. It means that IT buyers should strengthen their purchasing and sourcing departments to evaluate offerings. They will have to develop and use new criteria for evaluation and selection and phase out traditional criteria
Trend 8- Green sourcing
• By 2011, suppliers to large global enterprises will need to prove their green credentials via an audited process to retain preferred supplier status. Those organizations with strong brands are helping to forge the first wave of green sourcing policies and initiatives. These policies go well beyond minimizing direct carbon emissions or requiring suppliers to comply with local environmental regulations. For example, Timberland has launched a “Green Index” environmental rating for its shoes and boots. Home Depot is working on evaluation and audit criteria for assessing supplier submissions for its new EcoOptions product line.
Visit Omnitech website "Downloads" section to get the article.
Managed Data Center: An introduction
The Managed Data Center is a core part of the overall Managed Services concept for many organizations. The service offering Managed Data Center supports IT supervisors in all their tasks be it operation of servers, storage systems or networks. With ever increasing volumes of data , backup and recovery of data becomes really important although there is a risk of even the backup and recovery systems exceeding their capacities. Thus the main challenge then is to maintain cost efficiency and at the same time not hinder the innovations in business processes. This increases the demands placed on data center performance. So, in come the “Managed data centers” to the rescue.
Main providers of Managed Data centers: Fujitsu Technology Solutions, EMC, HDS and NetApp
Main providers of Managed Data centers: Fujitsu Technology Solutions, EMC, HDS and NetApp
Subscribe to:
Comments (Atom)