Skip to main content

Home/ WPPS C-Suite News/ Group items tagged Practice

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

What We're Watching in Cloud Computing - Harvard Business Review - 0 views

hbr.org/...2

cloud cybersecurity Compliance Best Practice

shared by sandy ingram on 14 Jun 10 - Cached
  • Yet those data centers, according to EPA figures cited by NIST, consume 1.5% of all electricity generated in the United States (compared with 0.6% worldwide in 2000). Globally, IT produces 2% of CO2 emissions.
  • Businesses that go with cloud computing could improve sustainability in two ways. First, companies maximize servers by sharing them, so fewer machines are chugging away. Second, on-demand usage means that firms needn’t consume way above their needs during slow times in order to be ready for busy times.
sandy ingram

McAfee Security Insights Blog » Blog Archive » Advanced Persistent Threat (APT) - 0 views

siblog.mcafee.com/...advanced-persistent-threat-apt

security privacy cybersecurity breach Fraud Best Practice mcafee Risk

shared by sandy ingram on 01 Jul 10 - Cached
  • APT is the new way attackers are breaking into systems.
  • APT is a sophisticated, mercurial way that advanced attackers can break into systems, not get caught, keeping long-term access to exfiltrate data at will. 
  • APT focuses on any organization, both government and non-government organizations.
  • ...11 more annotations...
  • While the threat is advanced once it gets into a network, the entry point with many attacks is focused on convincing a user to click on a link.
  • Advanced attacks are always changing, recompiling on the fly and utilizing encryption to avoid detection.
  • Advanced attacks are always changing, recompiling on the fly and utilizing encryption to avoid detection.
  • Today attacks are nonstop. The attackers are persistent and if an organization lets its guard down for any period of time, the chance of a compromise is very high.
  • Attackers want to take advantage of economy of scale and break into as many places as possible, as quickly as possible. 
  • Therefore the tool of choice of an attacker is automation. Automation is not only what causes the persistent nature of the threat, but it is also what allows attackers to break in very quickly.
  • Old school attacks were about giving the victim some visible indication of a compromise. Today it is all about not getting caught.
  • the problem with the APT is that it enters a network and looks just like legitimate traffic and users.
  • Based on the new threat vectors of the APT, the following are key things organizations can do to prevent against the threat:
  • APT is only going to increase in intensity over the next year, not go away.  Ignoring this problem just means there will be harm caused to your organization.
  • The ultimate way to make sure an organization is properly protected is to run simulated attacks (i.e. penetration testing, red teaming, ethical hacking) and see how vulnerable an organization is and, most importantly. how quickly you detected it.
  • sandy ingram on 01 Jul 10
     
    One of the main reasons organizations are broken into today is because they are fixing the wrong vulnerabilities. If you fix the threats of three years ago, you will lose. APT allows organizations to focus on the real threats that exist today. While APT is important, we need to clear the smoke and hype, focusing on why it is important and what it means to you. Instead of just using it as a buzz word, if we understand the core components of APT, we can use it to improve our security. In APT, threat drives the risk calculation. Only by understanding the offensive threat will an organization be able to fix the appropriate vulnerabilities.  What is APT?
sandy ingram

Deloitte | E-Discovery: Mitigating Risk Through Better Communication | Deloitte Discove... - 0 views

www.deloitte.com/...10VgnVCM200000bb42f00aRCRD.htm

Best Practice e-discovery deloitte legal

shared by sandy ingram on 27 Jul 10 - No Cached
  • The Deloitte Forensic Center’s analysis of the E-Discovery: Mitigating Risk Through Better Communication survey results1 identified three interrelated challenges. They are: Communication Awareness Readiness
  • At the heart of e-discovery are two corporate functions that historically have had little in common, and tend to speak their own technical languages: legal and IT
  • Neither can be truly effective in the e-discovery process without a clear understanding of the other, yet communication and coordination between these two departments appears to be unclear to many survey participants: More than one-third of respondents (36 percent) don’t know the answer to how their legal and IT departments communicate.
  • ...13 more annotations...
  • Deficient communication and a lack of coordination between departments can lead to an organizational lack of awareness about e-discovery.
  • Awareness Issues
  • Communication Hurdles
  • According to the survey, more than one-third of respondents, including C-suite, (36 percent) don’t know how committed their company’s C-suite is to finding a solution for e-discovery issues.
  • Only 20 percent of respondents think legal resources are appropriately allocated to e-discovery
  • Many companies also lack the resources and sophistication to manage e-discovery effectively.
  • For respondents that say their firms are challenged by e-discovery, the most common complaints are: a lack of funds to address e-discovery requirements (25 percent
  • Of those respondents with an opinion, 62 percent say their company is concerned about e-discovery challenges posed by social media web sites and blogs
  • Given the extensive use today of social media such as Facebook and Twitter during employees’ work and personal time, this suggests an e-discovery challenge that may require attention by many companies.
  • Three Years from Now
  • E-discovery is anticipated to become harder: 44 percent of respondents expect e-discovery challenges, along with government rules and regulations, to increase over the coming three years
  • Mismanaged e-discovery has led to many tales of litigation woe, involving sanctions, lost cases and fines. Improper ESI management, as the Sedona Conference points out, is simply bad business.
  • Five Areas of Potential Improvement
  • sandy ingram on 27 Jul 10
     
    "As the volume of electronically stored information (ESI) rises rapidly, improving the understanding among the C-suite, legal and IT functions is key to controlling costs and better managing e-discovery risks."
sandy ingram

House Cybersecurity Caucus Launches Website - 0 views

www.govinfosecurity.com/articles.php

cybersecurity Fraud compliance Best Practice

shared by sandy ingram on 03 Aug 10 - Cached
  • Content, for now, is meager. A list of tips for individuals to secure their personal computers is found in the website's resources page as well as links to Langevin's and McCaul's press releases regarding cybersecurity in the site's media center.
  • sandy ingram on 03 Aug 10
     
    The House Cybersecurity Caucus has established a website.
sandy ingram

17 Steps to Cloud Migration -- Federal Computer Week - 0 views

fcw.com/...17-steps-to-the-cloud.aspx

Best Practice cloud CEO Privacy Security compliance cybersecurity

shared by sandy ingram on 17 Aug 10 - Cached
  • “The trick is to determine which services, information, and processes are good candidates to reside in the Clouds, as well as which Cloud services should be abstracted within the existing or emerging SOA,” Linthicum said.
  • Do Your Homework Linthicum says to start with your Architecture and make sure you understand your organization’s business drivers, information already under management, existing services under management and your core business processes.
  • In that way you can begin to look where Cloud Computing is a fit according to Linthicum. You can look to migrate to the Cloud when:*The processes, applications, and data are largely independent.*The points of integration are well defined.*A lower level of security will work just fine. *The core internal enterprise architecture is healthy.*The Web is the desired platform.*Cost is an issue.*The applications are new.
  • ...6 more annotations...
  • not all computing resources should exist in the Clouds and that Cloud is not always cost effective. It shows you need to do your homework before making any move. So, Cloud may not be a fit when the opposite conditions exist:*The processes, applications, and data are largely coupled.*The points of integration are not well defined.*A high level of security is required. *The core internal enterprise architecture needs work.*The application requires a native interface.*The cost is an issue.*The application is legacy.
  • external Cloud services should function like any other enterprise application or infrastructure resource and Cloud resources should appear native.
  • It goes without saying that as with any purchase, you should evaluate Cloud providers using similar validation patterns as you do with new and existing Data Center resources. You know there is going to be hype, but Cloud is not rocket science. If you feel you need to, hire a consultant as a trusted advisor.
  • CSC’s Yogesh Khanna told Summit attendees to embrace the business models that Clouds offer. Security barriers are all addressable not only through technology but also through policies. 
  • Be wary of the fact that there are a lot of Clouds out there. Some of the Public Clouds (e.g. Google’s or SalesForce.com) are proprietary in nature. Because this landscape is changing so fast, it is very important to maintain a level of flexibility and don’t fall prey to “vendor lock-in”.
  • “Look for some level of transparency that allows you to be certain exactly where your data is and who is seeing it,” said Khanna. “Have the flexibility to see where your data is at any given point and be able to monitor the health of the Cloud that’s delivering those services to you.”
  • sandy ingram on 17 Aug 10
     
    What the government IT manager needs when getting ready to embark on their migration to the Cloud is a good template; one that defines a proven roadmap to follow.What Cloud Computing Summit attendees learned (and now you) is that help is on the way. Cloud and SOA expert Dave Linthicum has developed a step-by-step plan to help you scale the heights. He goes through them meticulously in his new book Cloud Computing and SOA Convergence In Your Enterprise: A Step-by-Step Guide. At the Summit, Linthicum outlined the plan. Afterwards he told 1105 Custom Media you can consider Cloud Computing the extension of SOA out to Cloud-delivered resources, such as storage-as-a-service, data-as-a-service, and platform-as-a-service.
sandy ingram

FTC Delays Enforcement of Red Flags Rule Fifth Time at the request of Congress - 0 views

www.hipaa.com/...-ftc-red-flags-rule-fifth-time

compliance FTC Red Flags Rule

shared by sandy ingram on 17 Sep 10 - No Cached
  • “The Commission urges Congress to act quickly to pass legislation that will resolve any questions as to which entities are covered by the Rule and obviate the need for further enforcement delays.  If Congress passes legislation limiting the scope of the Red Flags Rule with an effective date earlier than December 31, 2010, the Commission will begin enforcement as of that effective date.”
  • The issue regarding the delays in FTC enforcement relates to “scope of entities covered by the Rule,” as indicated in the FTC news release.  Congress is taking action[2]:
  • “House lawmakers in October [2009] passed H.R. 3763[3], which would exclude from the Red Flags guidelines meaning of ‘creditor’ any healthcare, accounting, or legal practice with 20 or fewer employees, as well as any other business which the FTC determines knows all its customers or clients individually; only performs services in or around the residences of its customers; or hasn’t experienced incidents of ID theft, and identity theft is rare for businesses of that type.  An identical bill, S.3416 was introduced in the Senate on May 25 [2010].” A lawsuit was filed in federal court on May 21, 2010, to accomplish a similar objective of narrowing scope of entities covered by the Rule. 
  • sandy ingram on 17 Sep 10
     
    "At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the 'Red Flags' Rule through December 31, 2010, while Congress considers legislation that would affect the scope of entities covered by the Rule.  Today's announcement and the release of an Enforcement Policy Statement do not affect other federal agencies' enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance….
sandy ingram

Outgunned: How Security Tech Is Failing Us -- InformationWeek - 0 views

www.informationweek.com/...showArticle.jhtml

Security Privacy compliance cybersecurity Best Practice

shared by sandy ingram on 11 Oct 10 - No Cached
  • Thing is, the pitch is less believable these days, and the atmosphere is becoming downright hostile. We face more and larger breaches, increased costs, more advanced adversaries, and a growing number of public control failures.
  • -U.S. businesses continue to hemorrhage credit card numbers and personally identifiable information. The tab for the Heartland Payment Systems breach, which compromised 130 million card numbers, is reportedly at $144 million and counting. The Stuxnet worm, a cunning and highly targeted piece of cyberweaponry, just left a trail of tens of thousands of infected PCs. Earlier this month, the FBI announced the arrest of individuals who used the Zeus Trojan to pilfer $70 million from U.S. banks. Zeus is in year three of its reign of terror, impervious to law enforcement, government agencies, and the sophisticated information security teams of the largest financial services firms on the planet.
  • sandy ingram on 11 Oct 10
     
    Information security professionals face mounting threats, hoping some mix of technology, education, and hard work will keep their companies and organizations safe. But lately, the specter of failure is looming larger. "Pay no attention to the exploit behind the curtain" is the message from product vendors as they roll out the next iteration of their all-powerful, dynamically updating, self-defending, threat-intelligent, risk-mitigating, compliance-ensuring, nth-generation security technologies. Just pony up the money and the manpower and you'll be safe from what goes bump in the night.
sandy ingram

Three Things That Every CEO Should Know About Cyber Security Spending - The Firewall - ... - 0 views

blogs.forbes.com/...-about-cyber-security-spending

cybersecurity Best Practice c-level

shared by sandy ingram on 15 Nov 10 - No Cached
  • ONE: If your enterprise isn’t in energy, defense, or finance, it’s not a high priority target so don’t spend money like it is.
  • TWO: If you do lead a company in one of those 3 sectors, there’s nothing on the market today that will stop an adversary from stealing your most valuable data. The best that you can hope for is to raise the cost to an adversary to mount a successful attack against you, which means he’ll target a less well-protected company instead. This is known as the You-Don’t-Have-To-Outrun-The-Bear School of Security.
  • THREE: Your IT department’s job is not to protect you. It’s to protect the enterprise’s network. That makes you and your C-level colleagues the “10 ring” of the target.
  • ...2 more annotations...
  • Most C-level executives are inundated with far more material then they could ever read, so this post will be short and to the point. If you’re a CEO, CIO, or other C-level executive, here are three things that you need to know to avoid over-spending on cyber security:
  • I’m giving a free webinar at 10am (Pacific time) this morning for UBS and their clients on the evolving state of cyber warfare in general and risks to C-level executives in particular. In addition to surveying the threats, I’ll offer some advice on how executives can defend themselves. Here’s the information you’ll need to join the call: Participant Toll-free: 800-768-5109 Toll: 212-231-2909 Code: 21488152
  • sandy ingram on 15 Nov 10
     
    "Most C-level executives are inundated with far more material then they could ever read, so this post will be short and to the point. If you're a CEO, CIO, or other C-level executive, here are three things that you need to know to avoid over-spending on cyber security:"
sandy ingram

5 Steps to Secure a Mobile Workforce #infosec #grc - 0 views

www.businessweek.com/...secure_a_mobile_workforce.html

mobile security Best Practice Privacy compliance cybersecurity

shared by sandy ingram on 30 Nov 10 - No Cached
  • Here are five steps your company can implement quickly and cost-effectively.
  • 1. Deploy comprehensive endpoint security to check endpoint devices for spyware and malware.
  • 2. Ensure that user devices adhere to defined corporate security policies before, during, and after network connection.
  • ...3 more annotations...
  • 3. Encrypt sensitive data and log file access to ensure that data is not compromised if a mobile device is lost or stolen.
  • 4. Automatically filter and delete SMS spam by setting up pre-defined, configurable settings on mobile devices.
  • 5. Restrict network access by noncompliant or potentially infected devices.
  • sandy ingram on 30 Nov 10
     
    "Some 2.8 million Americans now work permanently from home offices and a full 38 million (37 percent of the total U.S. workforce) telecommute at least once a month. For the most part, the mainstreaming of telecommuting and the arrival of the virtual or mobile office has been a positive development, both in terms of employee productivity and cost reduction. However, one of the challenges of the proliferating mobile workforce is for companies to ensure that their most-sensitive customer and corporate information is truly secure."
sandy ingram

Security awareness: Helping employees really 'get' company policy - CSO Online - Securi... - 0 views

www.csoonline.com/...yees-really-get-company-policy

security awareness Privacy Best Practice employees training

shared by sandy ingram on 30 Nov 10 - Cached
  • Employee awareness of their companies' security policies is high—if you ask the employees. In a survey of 2,000 office workers, software security company Clearswift found almost three quarters, 74 percent, felt 'confident' that they understand their employers' Internet security policies. That is, policy designed to safeguard data and IT security, as well as maintain productivity.
  • But the confidence is misplaced, Clearswift suggests in their summary of the findings, because a third of those surveyed have not received any training on IT security since joining their firm. And more than two thirds of those who have not had recent training joined their organization more than five years ago—a 'technological lifetime,' notes Clearswift.
  • "When security is kept in the shadows and not discussed openly, and only referred to when things go wrong, it is all too easy for office 'folk-law' to become perceived as official policy very quickly. If employees are not aware of when they have broken policies—in some cases because the policy is not even enforced—it can lead to a false sense of security or a belief that what they are doing is actually in line with the corporate policy."
  • ...1 more annotation...
  • The research raises a question that is frequently discussed, but very rarely measured, among organizations: What kind of awareness training is effective? Is it regular and incremental? Is it most effective when done through courses, formal sessions or informal discussions? And how does an organization gauge its effectiveness?
  • sandy ingram on 30 Nov 10
     
    "Research finds while most employees believe they understand their company's security policies, a large number have never received any formal policy education or training. How can an organization really ensure people understand risk?"
sandy ingram

Integrating Ethics and Compliance Into the Entire Organization - 0 views

tfoxlaw.wordpress.com/...e-into-the-entire-organization

Privacy Security compliance ethics integrating SMB Best Practice

shared by sandy ingram on 28 Nov 10 - No Cached
  • There’s no point investing in and implementing an ethics and compliance program unless the time is spent integrating the program into every aspect of an organization. The need for companies to develop effective ethics and compliance programs has been acknowledged by several government agencies- examples are the SEC in the US and the government in the United Kingdom. Both groups have recently passed legislation or made amendments to existing guidelines, focusing heavily on the importance of ethics and compliance at all levels of an organization- especially at the top.
  • Employees at each level contribute to the success of a company’s ethics and compliance program. Integrating ethics and compliance at each level helps ensure the message from the top makes it all the way down to the lower levels of the organization. Training, messages and other ethics and compliance initiatives must be developed to evolve with employees as they move through the company. That being said, employees at various levels need to be prepared to address different ethical issues they may encounter based on the role they play in the organization.
  • Integrating Ethics in the Middle  In many companies, employees report that the middle level is where ethics and compliance commitments break down. Since many of the lower level employees report directly to those in the middle, a commitment to ethics and compliance from middle managers is equally as important as it is at the top.
  • ...4 more annotations...
  • Top level managers can use a number of techniques to assist mid-level managers in understanding the role they play in creating an ethical workplace.
  • Integrating Ethics at Lower Levels Lower level employees are usually the ones on the frontlines acting as ambassadors for a company/brand. Ensuring the commitment to ethics and compliance is as strong at the bottom as it is at the top is critical to the success of a fully integrated ethics and compliance program.
  • One of the easiest ways to begin implementing ethics and compliance within lower levels is to provide new hires with extensive training on company expectations and ethics and compliance. During the interview process, ask questions related to ethical situations and decision making. This can be used as a way to ensure new hires are a proper fit with the existing corporate culture.
  • It’s important to remember that ethics training and implementation doesn’t stop here- this is just the beginning.
  • sandy ingram on 28 Nov 10
     
    "One of the easiest ways to begin implementing ethics and compliance within lower levels is to provide new hires with extensive training on company expectations and ethics and compliance"
sandy ingram

VIDEO The Business Center Is Your Link to #compliance Law - 0 views

business.ftc.gov/...ss-center-your-link-to-the-law

Law business center CEO Best Practice

shared by sandy ingram on 23 Nov 10 - No Cached
  • sandy ingram on 23 Nov 10
     
    "The Business Center Is Your Link to the Law The Business Center is your link to the law. It gives you and your employees the tools you need to comply. Learn how you can use the free resources to enhance compliance and build your customers' trust."
sandy ingram

Strong Growth And Innovation Seen For IaaS In 2011 - "dramatically improved data security" - 0 views

blogs.forrester.com/...formation_as_a_service_in_2011

compliance IaaS Privacy Security data forrester research Best Practice

shared by sandy ingram on 27 Nov 10 - No Cached
  • Even smaller and moderately sized companies will start to look at IaaS. So far, most of the IaaS deployments have been concentrated around very large $1B+ companies; however, we are now seeing that even smaller and moderate sized organizations are very interested in IaaS to help them overcome their data challenges. As a result, in 2011 and beyond we are likely to see small mission-critical IaaS deployments in these organizations to support various types of use cases, ranging from single-version-of-the-truth to BI to searching and compliance reporting. 
  • sandy ingram on 27 Nov 10
     
    6. "More organizations will realize IaaS's security potential. During various inquiry calls this year, some customers mentioned to us that they dramatically improved data security by using an IaaS framework, centralizing the authentication, authorization, and access control of critical data - as a result disallowing direct access to data sources. This not only improves compliance audits for various organizations but also ensures that only authorized users can access sensitive data. We expect that more organizations, especially those that have hundreds and thousands of sources, will adopt an IaaS framework just to improve data security and compliance. "
sandy ingram

THE INSIDE THREAT: Financial firms focus on internal threats, employee errors - 0 views

searchfinancialsecurity.techtarget.com/...9142,sid185_gci1347604,00.html

Security Internal Threat Human Error Employees

shared by sandy ingram on 12 Feb 09 - Cached
  • Mark Steinhoff, head of Deloitte's financial services security and privacy practices, said an organization's biggest mistake would be to let its guard down
  • "The number of breaches that are occurring are really at the hands of insiders and organizations are understanding that there is a real threat of malicious attacks and exposure of personal information by insiders," Steinhoff said.
    • sandy ingram
      sandy ingram on 12 Feb 09
       
      The failing economy may be driving the increased concern over insider threats
    • sandy ingram
      sandy ingram on 12 Feb 09
       
      "We are seeing the layoffs and other forms of downsizing. Frankly with limited budget and less than satisfied employees, it really raises the parameter on that threat."
    • sandy ingram
      sandy ingram on 12 Feb 09
       
      Human error is the leading cause of information systems failure, and is likely to be the main cause of security attacks in the near future, according to 86% of those surveyed
  • sandy ingram on 12 Feb 09
     
    Banks and financial firms are placing more emphasis on internal threats to cut the flow of data leakage as a result of employee mistakes or workers disgruntled with layoffs and downsizing during the economic crisis, according to a recent survey.
sandy ingram

Health care providers anticipate new audit program - 0 views

www.finance-commerce.com/...allenges-as-scrutiny-increases

Health Care Audit

shared by sandy ingram on 05 Jan 09 - Cached
  • New audit program
  • Another development affecting hospitals will be the nationwide implementation of the Medicare Recovery Audit Contractor (RAC) Audit program, Jesson noted. After testing the program in three states over the past three years, RAC auditors will begin auditing hospitals in Minnesota and other states for Medicare or Medicare fraud.
  • The federal government recently offered additional incentives to states that adopt laws that parallel the False Claims Act.
  • ...8 more annotations...
  • Data privacy is another hot-button issue for health care consumers, providers and regulators
  • a Minneapolis attorney, expects to see stepped up reinforcement of so-called “red flag rules” under the Health Insurance Portability and Accountability Act to prevent identity theft from health care providers and their patients.
  • health care organizations need to address three primary areas
  • making sure they have ID-theft prevention programs in place;
  • requirements relating to credit reports;
  • requirements related to the use of debit cards, credit cards and “smart” cards.
  • expects to see greater enforcement and “stiffening” of Medicare and Medicaid reimbursement:
  • As the current economic downturn continues, DeLoss also foresees another trend which should keep health law attorneys occupied in the coming year: more consolidation among medical practices.
  • sandy ingram on 05 Jan 09
     
    Another development affecting hospitals will be the nationwide implementation of the Medicare Recovery Audit Contractor (RAC) Audit program, Jesson noted. After testing the program in three states over the past three years, RAC auditors will begin auditing hospitals in Minnesota and other states for Medicare or Medicare fraud.
sandy ingram

Futureofprivacy.org - Group hopes to shape nation's privacy policy - 0 views

www.sfgate.com/...article.cgi

att privacy experts

shared by sandy ingram on 17 Nov 08 - Cached
  • Businesses, regulators and consumers are all confused about online privacy, yet technology keeps advancing, said the group's other co-founder, Christopher Wolf, who chairs the Privacy and Data Security Practice Group for Washington law firm Proskauer Rose LLP.
  • sandy ingram on 17 Nov 08
     
    Group hopes to shape nation's privacy policy
sandy ingram

Information Security Clauses and Certifications - Part 1 : Info Law Group - 0 views

www.infolawgroup.com/...uses-and-certifications-part-1

Privacy Security Best Practice

shared by sandy ingram on 21 Jan 10 - Cached
  • What contractual information security provisions should you consider, as a customer or as a vendor or business partner, when the contract contemplates the exchange of protected information? What do security standards and audits entail for a vendor, and what do they offer for a customer?
  • With heightened liability and compliance risks associated with handling protected categories of data, it is becoming more common to see contractual requirements holding vendors accountable for information security or requiring them to conform to a specified information security standard
  • sandy ingram on 21 Jan 10
     
    Outsourcing business and IT functions often means outsourcing compliance and liability risks as well. When a service contract involves protected categories of personal information, both parties need to understand the security requirements and risks. The contract should allocate responsibilities to prevent and respond to security breaches. The contract may also set expectations more precisely by incorporating a written security policy or referring to a widely accepted information security standard, sometimes accompanied by a requirement for a third-party security audit or assessment
sandy ingram

20% of Businesses Will Get Rid of All IT Assets As They Move to Cloud, Gartner Predicts - 0 views

www.cio.com/...Move_to_Cloud_Gartner_Predicts

infomration seucitry Best Practice

shared by sandy ingram on 22 Jan 10 - Cached
  • But it's not just cloud computing that is driving a movement toward "decreased IT hardware assets," in Gartner's words. Virtualization and employees running personal desktops and laptops on corporate networks are also reducing the need for company-owned hardware.
  • Gartner's prediction was part of a release Wednesday that highlights nine key predictions that will affect IT organizations and users this year and beyond.
  • sandy ingram on 22 Jan 10
     
    The shift toward cloud services hosted outside the enterprise's firewall will necessitate a major shift in the IT hardware markets, and shrink IT staff, Gartner said. "The need for computing hardware, either in a data center or on an employee's desk, will not go away," Gartner said. "However, if the ownership of hardware shifts to third parties, then there will be major shifts throughout every facet of the IT hardware industry. For example, enterprise IT budgets will either be shrunk or reallocated to more-strategic projects; enterprise IT staff will either be reduced or reskilled to meet new requirements, and/or hardware distribution will have to change radically to meet the requirements of the new IT hardware buying points."
sandy ingram

Before You Choose a Cloud Computing Vendor: 8 Questions - 0 views

www.networkworld.com/...before-you-choose-a-cloud.html

cloud CEO cybersecurity Best Practice Compliance security privacy

shared by sandy ingram on 28 Apr 10 - Cached
  • "A manufacturing company isn't going to have the same checklist as a service company or retailer," Golden says. "They're too different. But there is a consistent set of things to look at. Some of them are specific to cloud providers; a lot of them are the same kinds of things you had to look at in outsourcing or any other service provider contract.
  • How responsive is the cloud company?
  • Some providers may be more responsive at the beginning of a relationship than later, so checking with other customers on that point is important as well, Golden says.
  • ...1 more annotation...
  • How transparent is the cloud service?
  • sandy ingram on 28 Apr 10
     
    How do you find the right cloud provider? There's not a consistent checklist either small or large companies can go through to make the selection
‹ Previous 21 - 40 of 58 Next ›
Showing 20 items per page