Home > Blogs > VMware Accelerate Advisory Services > Tag Archives: Gene Likins

Tag Archives: Gene Likins

Evolving Cyber Security – Lessons from the Thalys Train Attack in France

Gene LikinsBy Gene Likins

Earlier this year, I was privileged to facilitate a round table for forty seven IT executives representing sixteen companies in the financial services industry.  As expected for a gathering of FSI IT executives, one of the primary topics on the docket was security.

The discussion started with a candid listing of threats, gaps, hackers and the challenges these pose for all in the room.  The list was quite daunting.  The conversation turned to the attempted terrorist attack on the Thalys high speed international train, traveling from Amsterdam to Paris.  A heavily armed gunman had boarded the train with an arsenal of weapons and was preparing to fire on passengers.  Luckily, several passengers managed to subdue the gunman and prevent any deaths

Immediately following the incident, the public began to question the security measures surrounding the train and the transit system in general.  Many recommended instituting airport style security measures, including presentation of identity papers, metal detectors, bag searches and controlled entry points

Given the enormous cost and the already strained police resources running at capacity, some are now calling for a different perspective on security.  As former interior minister of France Claude Gueant said,

“I do not doubt the vigilance of the security forces, but what we need now is for the whole nation to be in a state of vigilance.

As IT professionals, this should sound familiar.   So what can we glean from this incident and apply it to cyber security?

  1. Share the burden of vigilance with customers.
    72% of online customers welcome advice on how to better protect their online accounts (Source: Telesign).  One way to share the burden with customers is to recommend or require the use of security features such as Two Factor Authentication (2FA).  Sending texts of recent credit card transactions is an example of a “passive” way of putting the burden on the customer.  The customer is asked to determine if the charge is real and notify the card issuer if it’s not.  Companies should begin testing the waters of just how much customers are willing to do to protect their data.  They may be surprised.
  2. Avoid accidentally letting the bad guys in. 
    One of the common ways that online security is breached is by employees unknowingly opening emails which contain information such as “know what your peers make” or “learn about the new stock that’s about to double in price”. IT groups should continually inform their internal constituents on the nature of threats so we can all stay vigilant and look out for “suspicious characters”.
  3. Contain the inevitable breaches.
    It’s not a matter of “if”, it’s a matter of “when”. Network virtualization capabilities, such as micro‐segmentation, bring security inside the data center with automated, fine‐grained policies tied to individual workloads.  Micro‐segmentation effectively eliminates the lateral movement of threats inside the data center and greatly reduces the total attack surface.  This also buys security team’s time to detect and respond to malicious activities before they get out-of-hand.

Cyber SecurityBuilding a comprehensive security strategy should be on the agenda of all CIOs in 2016.  Cyber criminals are constantly creating new methods of threatening security, and technology is changing daily to counteract them.

VMware NSX, VMware’s network virtualization platform, enables IT to virtualize not just individual servers or applications but the entire network, including all of the associated security and other settings and rules.  This technology enables micro-segmentation and can move your security capabilities forward by leaps and bounds, but it’s only part of a holistic strategy for preventing security breaches.

To remain ahead of the threats, it requires a constant evolution of people, processes and governance, along with technology, to continuously identify and address security concerns for your organization and your customers.  For help building your security strategy, contact the experts at VMware Accelerate Advisory Services

========

Gene Likins is the Americas Director of Accelerate Transformation Services for VMware and is based in Atlanta, GA.

2014 in Review: Avoiding 3 Potential Potholes on the Road to ITaaS

 

Gene Likins bio portrait pic 2

 

 

By Gene Likins

Focus on outcomes, not technology

As the New Year approaches, I find myself thinking about some of the lessons learned from 2014. Of course, IT executives are perennially interested in lowering costs, increasing security and control, and achieving superior service delivery—and 2014 was no exception.  However, the emergence of public clouds has given “rogue IT” new life and forced IT organizations to think about how to compete.   As a result, IT organizations are revisiting a concept that has been around for several years – Information Technology as a Service (ITaaS) to drive broad, deep IT transformation within their companies.

Urgency is a critical ingredient to change and transformation. Best practices almost always point to executive sponsorship, planning ahead, setting realistic expectations and getting a firm grasp of current state.  But when IT transformations fail or stall, what are some common culprits? Here are three to avoid if ITaaS is on your radar for 2015:

1. Resist the temptation to lead with organizational changes. When we see the potential advantages of ITaaS, many organizations want to move very quickly. Demands for speed and efficiency are driving near-universal experimentation with IT operating models and organizational designs. There are plenty of theoretical, future-state organizational models available from the various research companies.

However, proceed with caution. The CEB published a study around a new model for IT service delivery, which reported that:

  • Nine out of 10 CIOs have recently changed their model or structure or have plans to do so
  • The changes affect all IT sub-functions, with more than 70 percent of EA, infrastructure, security, and PMO groups undergoing or recently completing a redesign

GLikins 1

 

Source: CEB CIO Executive Board: The New Model for IT Service Delivery

That’s why it’s critical to take the time to build a framework around service definitions and establish an operating model for how services will be delivered. For example:

  • How will processes change and how will the operations look on “day two”?
  • Are you embracing a new technology and/or solution only to attempt to retrofit it into your current operational model?

Once you have developed a solid plan for these issues, the organizational structure and the detailed titles, roles, and skill sets will be quite obvious.

2. Reduce friction between service management and infrastructure. More and more frequently we’re seeing a lack of coordination in this regard. For example, does this sound familiar?

The infrastructure group develops a service and publishes it into the service catalogue. The service management team reviews it and determines it doesn’t meet the criteria of a service. Perhaps it’s not customer facing enough. Perhaps it’s not a robust enough service. Either way, it represents wasted time and frustration for both groups.

It’s important to understand what services are going to be offered and what resources are available to support them—and to ensure that all the parties are aligned in support of the service catalog. Service management and infrastructure are both a part of IT, it helps if there is greater communication and collaboration between the two functions.

3. Aggressively market and communicate IT success.  As IT takes a larger responsibility for high-level business outcomes, it’s more important than ever to build a formal IT marketing and communication plan with customized messages to sell BUs and other users on your services.

Alex Salicrup, VMware Transformation Architect, noted in his recent blog on IT Marketing that, “it’s very important that IT staff understand a unified vision/message. They should become active ambassadors of the IT brand and the services the team provides.”

The vision must be both ambitious and “strategically feasible.” Don’t be afraid to act like marketers with videos, go-live parties, prizes for focus groups, etc. It’s better to err on the side of being a little “corny” and gaining awareness rather than quietly being unnoticed.

Stay on the leading edge of ITaaS

As the concept of IT transformation moves beyond the “early adopter” stage and gains traction with a wider cross-section of companies, these red flags and best practices will continue to change and evolve. Stay tuned to this blog to find out what we identify as the year unfolds.

For more insight on the subject right now, refer to these posts:


Gene Likins is the Americas Director for VMware’s Accelerate Advisory Services