Infrastructure / Opinions

As a 30-year road warrior, I’ve learned some security truths that seem wrong, but must be accepted if you really want to understand the threats you face.

It had been custom for organizations to think of cyber security in terms of an information technology (IT) problem best left to IT people to address and fix. However, as more prolific breaches were publicized exposing a variety of sensitive personal, financial, and intellectual property-related data, it became clear that this was a rather myopic view in today’s increasingly interconnected world.

In the age of big data, bring-your-own-devices and internet-connected supply chains, cybercrime is big business; and cyber security has never been higher on the C-suite agenda. Here are three steps CIOs can take in this environment.

Launched in October 2001, today (really) marks the end of support for the Windows XP operating system. As the 12+ year run of Windows XP comes to an end, it holds some curious lessons.

Make cybersecurity one of your top resolutions for 2014 - and stick to it, writes Anu Nayar, head of security, privacy and resilience at Deloitte NZ

Whether you're talking about your network, your company's building or your home, a perimeter approach to security is no longer adequate. As McAfee discussed at the RSA Conference, you can't provide physical or electronic security simply by trying to prevent authorized access - you have to rethink all types to security to protect data and lives.

Restoring trust in our information systems after Edward Snowden's NSA revelations will take years -- if it can be done at all.

Scammers are nothing if not innovative. It just goes to show that the best defense is an educated workforce.

Companies have to fully confront the privacy issues they face and rethink their policies from the bottom up.

Security incidents are a complete disruption of my normal day-to-day activities. I love them. I especially like it when they uncover systemic problems we might not otherwise have found out about. We had one of those this week.

I’ve been reading a lot recently about organisations undertaking major IT modernisation projects; ie, replacing legacy systems. Modernising a legacy environment is technologically challenging, but also culturally difficult. The changing nature of IT has and will continue to have a dramatic psychological impact on the enterprise’s greatest historical asset — its people.
Most organisations have a wide variety of applications in their portfolios. A substantial number of legacy applications were built or acquired over many years or decades. The mix is likely to include applications licensed from software vendors, along with solutions that were custom-developed by internal staff or third parties. Somewhat reflecting the various types of applications, application professionals often cluster into five dominant personas.

How much do you think a business system is worth? The usual answer to this question would be the purchase price minus any depreciation. Yet in my experience that is rarely a true reflection of the value of these applications to the business. These systems are embedded in the organisation. Processes flow from them. They are instinctively utilised by employees. They are frequently adapted to specific business requirements. If they stopped working tomorrow it would create havoc in many companies. The reality is they are worth considerably more than many executives appreciate.
Yet even the name given to established business systems highlights a certain lack of appreciation towards them. The term ‘legacy applications’ implies something old fashioned, inherited or long-in-the-tooth. Unfortunately in IT there can always be a temptation to confuse the new with the better. There is a lot to be said for a robust, dependable legacy application. You know it works and you know changing from it will bring significant disruption to the business. Replacing an application can require extensive staff training and modifications to work practices while, at the back of the mind, is the uncertainty as to whether you will be any better off in the long run.