Open IT

April 12, 2007

Top CIO Security Priorities

Eganpicture In the Open IT Security Project, I have served in the role as the "thought leader," providing guidance to the member CIOs and their staffs on enterprise information security issues. I am pleased to say that our Security Project Team has made a significant step forward in demonstrating the methodology of Open IT by successfully completing a baseline assessment of security readiness and using it to establish working priorities for the coming year.

The process of initiating and executing a project within Open IT is pretty much the same for all areas of information technology. It starts with a baseline assessment. The assessment, or framework, is structured so that CIOs self assess their readiness and can derive a numeric score from the results. Their scores, like a report card from school, can give them an overall assessment that allows them to compare their status with those of their peers, both today and as they improve over time. They also contain detailed scores in a variety of areas about people, processes, and technology, so that the CIOs can identify areas of common weakness and prioritize activities that could benefit from collaboration while fitting into their budgetary plans. Once the priorities are set, roadmaps of tasks are planned and implemented, producing IP that ranges from code to product evaluations to policies.

In the case of the Security Project, the baseline assessment was derived from the book I wrote with Tim Mather, "The Executive Guide to Information Security: Threats, Challenges, and Solutions."  The scorecard includes detailed questions in 50 areas, but it was designed to be completed in under an hour. The results from our member companies, which were disguised to ensure anonymity, ranged from a low of 47 to a high of 81. But there were clearly areas in which all of the companies fell below satisfactory scores.

The initial review of the scorecard established three top priority areas for work this year: Vulnerability Analysis and Management, including white hat security techniques, penetration testing, and server hardening, Authentication, Authorization, and Accounting (AAA), including identity management, directory services, coordination between multiple enterprise departments, and management of contractors and temporary employees, Security Training Programs, which reflects the requirement that all employees, administrators, and managers need to be trained on security issues; a collaborative evaluation of web-based training programs would allow the companies to divide and conquer using common evaluation criteria.

I am looking forward to working with the group on planning the specific tasks to accomplish these objectives and I will report back from time to time on their progress. In the meantime, I would be delighted to hear comments from readers about what their top security problems are and hear their ideas on how collaborative work can help them solve those problems.

If you would like to have your company's security readiness assessed using this methodology, Open IT Works stands ready to process it anonymously and share with you the summarized results from all the other companies. Contact Hal Jespersen, CTO, hal.jespersen@openitworks.com.

Mark Egan of the Stratafusion Group is the former CIO of Symantec.

Posted by CollabWorks on April 12, 2007 at 08:38 AM | | Comments (0) | TrackBack (0)

April 10, 2007

Open IT Founders Forum & Open Solutions Alliance

Takamoto Barry Klawans, CTO of Jaspersoft, was kind enough to give our members an overview of a new organization, The Open Solutions Alliance. The OSA is a consortium of Open Source companies who are aiming to spread the use of Open Source Software. What's good to see is their pragmatic business approach to improving adoption and the recognition that CIOs want solutions and don't really care if something is Open Source or not as long as it gives them a low TCO and a solid ROI. They hope to create standards for interoperability and make implementing solutions much easier.

The OSA is interested in working with our membership in coming out with standards for deploying solutions. I think this approach bears merit and what better group to collaborate with than our Open IT Forum members. See the rest of Barry's slide presentation on our collaboration site here, or you can check out Barry's blog. If you would like a password for our collaboration site, e-mail me, and I'll be happy to get you one.

Posted by CollabWorks on April 10, 2007 at 09:06 AM | | Comments (0) | TrackBack (0)

April 09, 2007

Open IT Founders Forum, From Here to Sustainability

Takamoto We were lucky enough to have Joel Makower, generally regarded as the "Guru of Green", speak to us. Joel gave us a great overview of the Green movement in industry as it worked its way from a corporate "nice-to-be-a-good-citizen" stage to now, where green is about making financial sense.

Joel gave us some great stories about how Tyson, yes the chicken company, is literally turning its waste into energy, and how Ford and DuPont formed a new partnership based around the number of cars painted, rather than paint bought and often wasted as it was sprayed into the air. Now they collaborate together to find more efficient ways of painting and recovering lost paint, and DuPont is paid based on what Ford really wants, painted cars.

My favorite example was Coca-Cola's analysis of their own carbon footprint. The largest cause of emissions was not in the manufacturing process, nor even in the transportation fleet. To find out what it was, see Joel's slides on our collaboration site. If you would like a password for our collaboration site, e-mail me, and I'll be happy to get you one.

You can find more about Green by visiting Joels Site: www.makower.com.

Posted by CollabWorks on April 09, 2007 at 02:44 PM | | Comments (0) | TrackBack (0)

Open IT Founders Forum, John Muir on the IT Security Industry

JespersenblogThe second speaker I'll describe from our April 3 Open IT Founders Forum is John Muir. No, no, although we're definitely into eco-friendly, sustainable, Green IT, we did not raise the great California environmentalist from the dead. This is John Muir, managing partner of Trusted Strategies, a consultant on IT security issues.

John presented an interesting overview of the North American IT Security industry. He has identified over a thousand companies that are selling into 70 differentiated product categories. Only about 10% of these are public companies, although they generate about 85% of industry revenue, and he foresees a great consolidation to come, both because of limited capital availability to keep the smaller companies operating and because customers prefer to deal with larger, more established brands.

He offered an overview of the main technology categories and some of the prominent players in each. The categories were encryption, packet inspection and filtering, identity authentication and management, intrusion detection and prevention, threat analysis and monitoring, forensics, access control, security management, and code management.

The topic that I found most interesting was "The Collapsing Security Perimeter," which tracked the progress of enterprise approaches to security from the fixed perimeters of the mid-80s to the emerging environment in which mobile devices are the primary platforms for accessing corporate data from anywhere. The final stage in this progression is that data will flow freely and will have to have its own security perimeter, irrespective of devices and network connections.

Posted by Hal Jespersen on April 09, 2007 at 11:45 AM | | Comments (0) | TrackBack (0)

Open IT Founders Forum, Mark Monroe on Sustainability

Jespersenblog_2 We just finished our April 3 member meeting, one of the events around which we center much of our planning and many of our activities, the Open IT Founders Forum meeting in San Carlos, California. (The Founders Forum is the original group of company members of Open IT Works. Most are high technology companies in the Silicon Valley area. In the future we will be creating other Forums, which are member organizations that can collect enterprises in geographic or vertical industry segments.)

We had four interesting guest speakers at this event, in addition to the normal project coordination and member collaboration activities. Mike Takamoto and I are going to tag team to describe each of the presentations briefly in the next four blog postings. If you would like to get more information about the meeting agenda and see the slide presentations for most of the speakers, contact Mike.

Mark Monroe is the Director of Sustainable Computing at Sun Microsystems, a company that is placing a lot of emphasis on what we call "Green IT." He gave a provocative presentation that included the challenges of e-waste and data center power consumption. Servers are becoming so voracious that within the 2010-2015 timeframe, the cost to power a rack of servers will exceed the purchase price of the hardware. The depressing aspect of this power usage is that for every hundred watts going into the data center, only 30 are being used to power the servers directly, and since server utilization is generally low, only 3 to 6 watts are being used for useful computation. All of the rest are going to air conditioning, power distribution inefficiencies, room lighting, etc. He showed some initial results of surveys of data center usage within Sun in which improving the EPA rating for the buildings housing them could make dramatic cost reductions possible; he projected $8 million savings per year for 26 buildings in the survey.

Posted by Hal Jespersen on April 09, 2007 at 11:23 AM | | Comments (0) | TrackBack (0)

March 19, 2007

Collaboration Event

Takamoto Our next Open IT Forum is on April 3rd, in San Carlos, California

We're having the event at Piacere Ristorante  at 727 Laurel Street, San Carlos, CA 94070-3113

If you are interested in attending, please RSVP here.

I wanted to tell you a little bit more about our speakers we have lined up. We've talked a bit about what "Going Green" might mean, and we have two experts with interesting perspectives: Vladimir Mioushev of 3Tera, and Joel Makower of GreenBiz.com.

Vladimir Mioushev, President and CEO of 3Tera
www.3tera.com

Ask several IT professionals to define virtualization and you might get as many definitions as people you ask. In this case, we're asking Vlad Mioushev, who is approaching virtualization from the point of view of a grid. While traditionally grid technology has been reserved for super-computing number-crunching activities such as weather forecasting or protein-folding simulations, Vladimir has made this technology available to transactional web-applications.

Find out more what this technology means for IT organizations from a management and deployment point of view, and how other CIOs are using it.

PS. 3Tera's AppLogic was just named 2007 Category Breaker by Network World Magazine

Joel Makower, Founder of GreenBiz.com
www.makower.com

Green is red-hot! We are very fortunate to have "the guru of green business practices" as a speaker. Joel will share his perspectives on how CIOs can not only be environmentally friendly, but at the same time, put more green in a company's coffers. Joel has been speaking for 20 years about sustainable business practices. He has worked with a wide range of major companies on corporate environmental strategy and practices -- including Gap, General Electric, General Motors, Hewlett Packard, Levi Strauss, Nike, and Procter & Gamble -- as well as with more than a dozen early-stage companies focusing on environmentally sustainable products and services. Joel will also give examples of collaboration between companies that are saving money and the planet at the same time.

Posted by CollabWorks on March 19, 2007 at 02:03 PM | | Comments (0) | TrackBack (0)

March 16, 2007

Collaboration Environments

Jespersen_2 One of the challenges of facilitating Open IT projects was the selection of proper collaboration software. There has been an explosion of Web 2.0-style collaboration systems and selecting the appropriate tools for Open IT Works took a focused set of requirements and a lot of experimentation. We got some invaluable help from Ismael Ghalimi, CEO of Intalio, and one of the advisors to Open IT Works.

We had a number of unique requirements to deal with. Our users include enterprise CIOs, people who are unlikely to spend a lot of time at a web-based user interface themselves, but also developers and managers who needed a rich set of project management features for developing new intellectual property on a collaborative basis. For the CIOs, our requirements were that the interfaces had to be easy to use and they had to have rich connections through e-mail; we knew the CIOs would prefer to see project status and announcements, and to deal with action items and milestones, as part of their daily e-mail stream. For everyone else, we wanted an intuitive, powerful interface that included document management, collaborative editing of simple documents in the Wiki style, discussion forums, customization for our company look and feel, and project management features such as tasks, milestones, and calendars. It had to be economical for a startup company with a growing number of users. And since we are big advocates of the Software as a Service (SaaS) trend, we wanted to engage a fully hosted service, not build or operate it ourselves. 

We found that the tools in this space are divided into broad categories: online replacements for Microsoft Office features (Desktop 2.0); Wikis; IM-based; more traditional (and quite powerful) project management packages. We investigated about 30 different products or services. Some of the more interesting hosted services included: Atlassian, Celoxis, Foldera, Intensil Wikiflow, Zimbra, and Zoho Virtual Office. But we finally selected Central Desktop, which includes all of the features we wanted at a reasonable price. It has the strength of intuitive integration with e-mail, Wiki-style document collaboration (although they use HTML instead of one of the more traditional styles of Wiki source code underneath the GUI), document management, and simple project management features. We are using the system only for private-access member collaboration at the moment, but it has the capability of fully public Wiki interaction, which we may take advantage of in the future. I have been impressed with the responsiveness of Central Desktop support and their rapid implementation of new features. 

There are many other factors to consider in providing useful facilitation of collaborative projects, beyond the selection of an online service. I will be exploring some of those factors in future postings. If you have any comments about these online services, however, I'd love to start a dialogue with you, using the comments at the bottom of the blog.

Posted by Hal Jespersen on March 16, 2007 at 11:12 AM | | Comments (2) | TrackBack (0)

March 15, 2007

Welcome to Open IT

Grove It is my pleasure to welcome you to the Open IT Works blog where I, Mike Takamoto, Hal Jespersen, our thought leaders and advisers, and our CIO members will share our thoughts with you and welcome your comments. Several of us will post as least once per month. We hope you find the dialog informative and provocative.
   
We started Open IT Works to solve two related problems—duplicative problem solving and a huge lack of truly innovative IT projects. Most would agree that 80% of the problems solved by one IT organization are solved others. This duplication is a waste. It benefits only vendors and consultants and also leads to talk about why CIOs are needed—Why not simply outsource IT? The concept of Open IT will reduce duplicative problem solving by making it easy for IT organizations to collaborate on shared problems. The goal is to save maintenance costs and plow those resources into innovative projects that can really make a difference for the business.
   
When I spoke last week with Henry Chesbrough, Cal Berkeley professor and author of Open Innovations, he applauded our efforts as an example of an Open Business Model (his new book title). Our collaborative model leverages the resources and skill strengths of our members as they solve problems via defined projects. The value chain includes both users and vendors and the more that participate the better it gets for all the participants. Remember Metcalfe's Law, or the Network Effect?
   
After listening to Tony Perkins at the Open Source Think Tank last week, I believe Open IT Works is an early adopter example of what he calls the Enterprise 2.0 model. Anything called 2.0 is doomed to hype, VC bubbles, and selling media and events. But it also can identify the next disruptive model. Enterprise 2.0 is not just blogging, Wikis, and Ajax-driven web experiences. It is a change in behavior from strict hierarchies and predefined processes to more free-flowing collaboration with trusted sources. Users, not suppliers, will dominate Enterprise 2.0. Business models that rapidly adapt to shift value chains (supplier-channel/community-users) and more efficiently leverage these value chains will win over traditional niche and differentiating models. Whether it be Moore's Law or Metcalfe's Law, it is all about leverage. More for less. Faster and better. Welcome to our Open IT world.
 
 
 

Posted by Michael Grove on March 15, 2007 at 04:35 PM | | Comments (0) | TrackBack (0)